Authentication

The Cisco SD-WAN Manager API and Cisco Secure Access API require that you use valid API key credentials to create your access tokens. Create your API keys in Cisco Security Cloud Control (SCC) and then generate an access token using your API credentials.

Cisco SD-WAN Manager API

The Cisco SD-WAN Manager API is a RESTful application programming interface (API). You can interact with the Cisco SD-WAN Manager API to configure secure internet and secure private access profiles and manage and monitor the Cisco SD-WAN sites and devices provisioned in the organization’s SD-WAN fabric.

To get started with the Cisco SD-WAN Manager API, sign in to Cisco Security Cloud Control (SCC) and navigate to the SD-WAN Manager app. Create your API key and access token for the Cisco SD-WAN Manager API.

Cisco Secure Access API

The Cisco Secure Access API is a RESTful API. To manage and monitor Network Tunnel Groups and the deployments of network tunnels, create a Cisco Secure Access API key with the deployments and reports API key scopes.

To get started with the Cisco Secure Access API, sign in to Cisco Security Cloud Control and navigate to the SASE Management app. Create your Cisco Secure Access API key and secret with the required API key scopes. With your Secure Access API key, you can manage the Network Tunnel Groups and IPsec tunnels deployed in Cisco SASE Management and monitor the state of the network tunnels in your organization.

About Cisco Security Cloud Control

• Overview of Cisco Security Cloud Control
• Set Up Your Secure Cloud Sign On Account
• Getting Started Workflow with Cisco Security Cloud Control
• Claim a Subscription

Prerequisites

• Sign in to Security Cloud Control and claim your subscription for Cisco SD-WAN Manager and SASE Management.
• The Admin role in Security Cloud Control.

Create Your SD-WAN Manager API Credentials

Sign in to Cisco Security Cloud Control, identify the name of your organization, and create your SD-WAN Manager API key credentials.

Sign in to Cisco Security Cloud Control

1. Sign into Cisco Security Cloud Control (SCC).
   • https://security.cisco.com/dashboard
2. In SCC, navigate to Products and click Catalyst SD-WAN Dashboard. SCC launches the SD-WAN Manager app.
3. Click on your name in the top right corner and click on your profile.
   • Confirm that you signed into SCC with your account and organization.

Get Your SD-WAN Organization Name

Get the name of your SCC organization.

1. In SD-WAN Manager, navigate to Administration > Settings.
2. Navigate to System, and then click Organization Name.
3. Copy and save the name of your organization.

Generate Your SD-WAN Manager API Token

1. In SD-WAN Manager, navigate to Administration > Settings.
2. Navigate to the top right-hand side of the SD-WAN Manager.
3. Click on your username and then click My Profile.
4. Navigate to API token.
5. Click Generate. The SD-WAN Manager generates your access token.
6. In the table, navigate to the Actions column and copy or download your Catalyst SD-WAN API access token to your environment.
7. Click the trash can icon (Delete) to remove the generated SD-WAN Manager access token.

Create Your Secure Access API Key Credentials

Sign in to Cisco Security Cloud Control and create your Secure Access API key credentials.

1. Sign into Cisco Security Cloud Control (SCC).
   • https://security.cisco.com/dashboard
2. In SCC, navigate to Products and click SASE Management. SCC launches the SASE Management app.
3. Click on your name in the top right corner and click on your profile.
   • Confirm that you signed into SCC with your account and organization.

Create Your Secure Access API Key and Secret

Create a Secure Access API key: client ID and secret. When you create your API key, choose these API key scopes for the API key: deployments and reports.

1. Navigate to Admin > API Keys.
2. Click API Keys and then click Add.
   • The number of expired API keys appears next to the red triangle.
   • The number of API keys that expire within 30 days appears next to the yellow triangle.
3. Enter a name and description for the key. A name must contain fewer than 256 characters. The key description is optional.
4. Check the key scopes and expand a key scope to view the scope categories. Check each scope category in a key scope to enable access to the API endpoints.
   • Create the key with the Deployments > Network Tunnel Groups scope. You can choose Read Only for this scope.
   • Create the key with the Reporting > Granular Events scope. You can choose Read Only for this scope.
5. Choose Read Only or Read / Write for the selected scope and resource.
6. For Expiry Date, choose the expiration date for the key, or choose Never expire.
7. (Optional) For Network Restrictions, enter a comma-separated list of public IP addresses or CIDRs, then click Add. Click on the X to remove a network address.
   • Note: You can add up to ten networks to your API key. You can only use your API key to authenticate requests for clients on the selected networks.
8. Click Create Key.
9. Copy and save your API Key and Key Secret.
10. Click Accept and Close.