Authorization

The Cisco SD-WAN Manager API and Cisco Secure Access API require that you provide a valid access token with each API operation.

Create your SD-WAN Manager API token in Security Cloud Control (SCC). You'll use your SD-WAN Manager API token to get your SD-WAN Manager API gateway URL and then generate your SD-WAN Manager API cross-site request forgery (CSRF) token.

Create your Secure Access API key credentials in Security Cloud Control (SCC). Then generate an access token that enables to you interact with the Secure Access resources.

For information about creating your SD-WAN Manager API token or Secure Access API key, see SASE Authentication.

Create the URL for the SD-WAN API Gateway

To create the SD-WAN Manager API Gateway URL, use the API token that you generated in Security Cloud Control (SCC) for SD-WAN Manager and the name of your SD-WAN organization.

POST https://ssp.sdwan.cisco.com/ssp/api/v6/apigw/info/

Prerequisites

  • Name of SD-WAN organization: The name of your SD-WAN organization.
  • Your SD-WAN API token: The value of your SD-WAN Manager API token.

Request

curl --request POST \
  --url https://ssp.sdwan.cisco.com/ssp/api/v6/apigw/info/ \
  --header 'Content-Type: application/json' \
  --data '{
    "org": "{Name of SD-WAN organization}",
    "apikey": "{Your SD-WAN API token}",
    "is_redirect": false
  }'

Response

{
    "gateway_url": "Your Generated Gateway URL",
    "org": "Your organization Name"
}

Get Your SD-WAN Manager API CSRF Token

With your URL for the SD-WAN Manager API Gateway, get the cross-site request forgery (CSRF) token for the Cisco SD-WAN Manager API. Use your access token with each SD-WAN Manager API request.

GET https://{gateway_url}/dataservice/client/token

Prerequisites

  • gateway_url: The URL of the SD-WAN API gateway.
  • Your API token: The value of your SD-WAN Manager API token.

Request

In an API request, set the values of the Cisco SD-WAN Manager API Gateway URL and Cisco SD-WAN Manager API token.

curl --request GET \
  --url https://{gateway_url}/dataservice/client/token \
  --header 'Authorization: Bearer {Your API token}' \
  --header 'Content-Type: application/json'

Response

The system returns the Cross-Site Request Forgery access token as a sequence of characters.

xxxxxx

Create Your Access Token for Secure Access

Create a short-lived access token for the Secure Access API, which expires in one hour.

POST https://api.sse.cisco.com/auth/v2/token

Prerequisites

  • client_id: The ID of your Secure Access API key.
  • client_secret: The secret for your Secure Access API key.

Request

Run the curl command with the required options.

curl --user '{client_id}:{client_secret}' --request POST --url 'https://api.sse.cisco.com/auth/v2/token' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials'

Response

{
   "token_type": "bearer",
   "access_token": "xxxxxx",
   "expires_in": 3600
}