SD-WAN Secure Private Access Profiles
| Endpoint | Description |
|---|---|
| https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa | List Secure Private Access Profiles |
| https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa | Create Secure Private Access Profile |
| https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa/{spa_profile_id}/spa-configuration | Add Settings in Secure Private Access Profile |
| https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa/{spa_profile_id}/spa-configuration | Get Secure Private Access Profile |
For information about generating your SD-WAN Manager API Gateway URL and SD-WAN Manager Cross-Site Request Forgery (CSRF) access token, see SASE Authorization.
To get the Cisco regions for the SD-WAN organization, see SD-WAN Regions.
List Secure Private Access Profiles
List the Secure Private Access profiles in the SASE Management organization.
GET https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa
Prerequisites
- gateway_url: The URL of the SD-WAN Manager API gateway.
- apikey: The API key for the SD-WAN Manager organization.
- xsrf_token: The SD-WAN Manager CSRF access token.
Request
curl --request GET \
--url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa \
--header 'Authorization: Bearer {apikey}' \
--header 'Content-Type: application/json' \
--header 'X-xsrf-token: {xsrf_token}'
Response
[
{
"profileId": "cfe69079-20f6-445b-8bdf-28edfd1ee26f",
"profileName": "SPA_settings",
"solution": "sdwan",
"profileType": "sse-spa",
"createdBy": "user@cisco.com",
"lastUpdatedBy": "user@cisco.com",
"createdOn": 1771543715940,
"description": "",
"origin": "user",
"lastUpdatedOn": 1771543716430
}
]
Create Secure Private Access Profile
Create a Secure Private Access profile in the SD-WAN Manager organization.
POST https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa
Prerequisites
- gateway_url: The URL of the SD-WAN Manager API gateway.
- apikey: The API key for the SD-WAN Manager organization.
- xsrf_token: The SD-WAN Manager CSRF access token.
Required Fields in Request Body
- name: The name of the Secure Private Access profile.
- description: The description for the Secure Private Access profile.
Request
curl --request POST \
--url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa \
--header 'Authorization: Bearer {apikey}' \
--header 'Content-Type: application/json' \
--header 'X-xsrf-token: {xsrf_token}' \
--data '{
"name": "API_SPA2T",
"description": "API Demo"
}'
Response
{
"id": "92797c31-0589-4d9e-9726-71566a694fcc"
}
Add Settings in Secure Private Access Profile
Add the configuration settings in the Secure Private Access profile.
POST https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa/{spa_Profile_Id}/spa-configuration
Prerequisites
- gateway_url: The URL of the SD-WAN Manager API gateway.
- apikey: The API key for the SD-WAN Manager organization.
- xsrf_token: The SD-WAN Manager CSRF access token.
- spa_Profile_Id: The ID of the Secure Private Access profile.
- To get the identifiers of the Secure Private Access profiles in the organization, see List Secure Private Access Profiles.
Required Fields in Request Body
In the body of the API request, add all fields as shown in the sample.
Substitute the values of the profile's name and description.
- name: The name of the Secure Private Access profile.
- description: The description for the Secure Private Access profile.
We recommend that you provide two interface objects:
- An interface that connects to the primary data center.
- An interface that connects to the secondary (backup) data center.
To add additional interface objects, copy the interface pairs (IPsec tunnels with primary and secondary data centers) in the sample. Create a new name and description for the new interfaces.
You can add up to 16 interface objects in the list: eight primary IPsec tunnel interfaces and eight backup IPsec tunnel interfaces.
For the tunnelDcPreference field in the interface object, set the optionType field to global and the value field to one of the data center types.
For the primary data center, set the value field to primary-dc.
For example:
"tunnelDcPreference": {
"optionType": "global",
"value": "primary-dc"
}
For the backup data center, set the value field to secondary-dc.
For example:
"tunnelDcPreference": {
"optionType": "global",
"value": "secondary-dc"
}
For the ifName field in the interface object, set optionType to global and set value to the name of the IPsec tunnel interface.
"ifName": {
"optionType": "global",
"value": "ipsec1"
}
You can use the SD-WAN Manager API to get the canonical name of the region. For more information about regions, see SD-WAN Regions.
- Set the value of the
regionfield to the name of the geographical location of the data center. - Set the
optionTypefield toglobal.
For example:
"region": {
"value": "eu-central-1",
"optionType": "global"
}
Request
curl --request POST \
--url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa/{spa_Profile_Id}/spa-configuration \
--header 'Authorization: Bearer {apikey}' \
--header 'Content-Type: application/json' \
--header 'X-xsrf-token: {xsrf_token}' \
--data '{
"name": "Name of the Secure Private Access Profile",
"description": "Description for the Secure Private Access Profile",
"data": {
"sseProvider": {
"optionType": "global",
"value": "Cisco-SSE"
},
"vpn": {
"optionType": "global",
"value": "CorporateLAN"
},
"interface": [
{
"ifName": {
"optionType": "global",
"value": "ipsec101"
},
"shutdown": {
"optionType": "default",
"value": false
},
"description": {
"optionType": "default"
},
"tunnelSourceInterface": {
"optionType": "default",
"value": "Auto"
},
"tunnelRouteVia": {
"optionType": "default",
"value": "Auto"
},
"tunnelDcPreference": {
"optionType": "global",
"value": "primary-dc"
},
"tcpMssAdjust": {
"optionType": "default"
},
"mtu": {
"optionType": "global",
"value": 1400
},
"dpdInterval": {
"optionType": "default",
"value": 10
},
"dpdRetries": {
"optionType": "default",
"value": 3
},
"ikeRekeyInterval": {
"optionType": "default",
"value": 14400
},
"ikeCiphersuite": {
"optionType": "default",
"value": "aes256-cbc-sha1"
},
"ikeGroup": {
"optionType": "default",
"value": "16"
},
"ipsecRekeyInterval": {
"optionType": "default",
"value": 3600
},
"ipsecReplayWindow": {
"optionType": "default",
"value": 512
},
"ipsecCiphersuite": {
"optionType": "default",
"value": "aes256-gcm"
},
"perfectForwardSecrecy": {
"optionType": "default",
"value": "none"
}
},
{
"ifName": {
"optionType": "global",
"value": "ipsec102"
},
"shutdown": {
"optionType": "default",
"value": false
},
"description": {
"optionType": "default"
},
"tunnelSourceInterface": {
"optionType": "default",
"value": "Auto"
},
"tunnelRouteVia": {
"optionType": "default",
"value": "Auto"
},
"tunnelDcPreference": {
"optionType": "global",
"value": "secondary-dc"
},
"tcpMssAdjust": {
"optionType": "default"
},
"mtu": {
"optionType": "global",
"value": 1400
},
"dpdInterval": {
"optionType": "default",
"value": 10
},
"dpdRetries": {
"optionType": "default",
"value": 3
},
"ikeRekeyInterval": {
"optionType": "default",
"value": 14400
},
"ikeCiphersuite": {
"optionType": "default",
"value": "aes256-cbc-sha1"
},
"ikeGroup": {
"optionType": "default",
"value": "16"
},
"ipsecRekeyInterval": {
"optionType": "default",
"value": 3600
},
"ipsecReplayWindow": {
"optionType": "default",
"value": 512
},
"ipsecCiphersuite": {
"optionType": "default",
"value": "aes256-gcm"
},
"perfectForwardSecrecy": {
"optionType": "default",
"value": "none"
}
}
],
"region": {
"optionType": "global",
"value": "us-east-1"
},
"bgpAsNumber": {
"optionType": "global",
"value": 65412
},
"inRoutePolicy": {
"optionType": "global",
"value": "SPA_IN"
},
"outRoutePolicy": {
"optionType": "global",
"value": "SPA_OUT"
}
}
}'
Response
{
"parcelId": "cf150207-6533-4b14-80aa-0e4f7f064d0c"
}
Get Secure Private Access Profile
Get the details for a Secure Private Access profile.
Prerequisites
- gateway_url: The URL of the SD-WAN Manager API gateway.
- apikey: The API key for the SD-WAN Manager organization.
- xsrf_token: The SD-WAN Manager CSRF access token.
- spa_profile_id: The ID of the Secure Private Access profile.
- To get the identifiers of the Secure Private Access profiles in the organization, see List Secure Private Access Profiles.
Request
curl --request GET \
--url https://{gateway_url}/dataservice/v1/feature-profile/sdwan/sse-spa/{spa_profile_id}/spa-configuration \
--header 'authorization: Bearer {apikey}' \
--header 'content-type: application/json' \
--header 'x-xsrf-token: {xsrf_token}'
Response
{
"header": {
"generatedOn": 1775071115353
},
"data": [
{
"parcelId": "cf150207-6533-4b14-80aa-0e4f7f064d0c",
"parcelType": "spa-configuration",
"createdBy": "user@cisco.com",
"origin": "user",
"lastUpdatedBy": "user@cisco.com",
"createdOn": 1774395043668,
"lastUpdatedOn": 1774395043668,
"payload": {
"name": "name of payload",
"description": "",
"data": {
"sseProvider": {
"optionType": "global",
"value": "Cisco-SSE"
},
"vpn": {
"optionType": "global",
"value": "CorporateLAN"
},
"interface": [
{
"ifName": {
"optionType": "global",
"value": "ipsec101"
},
"shutdown": {
"optionType": "default",
"value": false
},
"description": {
"optionType": "default"
},
"tunnelSourceInterface": {
"optionType": "default",
"value": "Auto"
},
"tunnelRouteVia": {
"optionType": "default",
"value": "Auto"
},
"tunnelDcPreference": {
"optionType": "global",
"value": "primary-dc"
},
"tcpMssAdjust": {
"optionType": "default"
},
"mtu": {
"optionType": "global",
"value": 1400
},
"dpdInterval": {
"optionType": "default",
"value": 10
},
"dpdRetries": {
"optionType": "default",
"value": 3
},
"ikeRekeyInterval": {
"optionType": "default",
"value": 14400
},
"ikeCiphersuite": {
"optionType": "default",
"value": "aes256-cbc-sha1"
},
"ikeGroup": {
"optionType": "default",
"value": "16"
},
"ipsecRekeyInterval": {
"optionType": "default",
"value": 3600
},
"ipsecReplayWindow": {
"optionType": "default",
"value": 512
},
"ipsecCiphersuite": {
"optionType": "default",
"value": "aes256-gcm"
},
"perfectForwardSecrecy": {
"optionType": "default",
"value": "none"
}
},
{
"ifName": {
"optionType": "global",
"value": "ipsec102"
},
"shutdown": {
"optionType": "default",
"value": false
},
"description": {
"optionType": "default"
},
"tunnelSourceInterface": {
"optionType": "default",
"value": "Auto"
},
"tunnelRouteVia": {
"optionType": "default",
"value": "Auto"
},
"tunnelDcPreference": {
"optionType": "global",
"value": "secondary-dc"
},
"tcpMssAdjust": {
"optionType": "default"
},
"mtu": {
"optionType": "global",
"value": 1400
},
"dpdInterval": {
"optionType": "default",
"value": 10
},
"dpdRetries": {
"optionType": "default",
"value": 3
},
"ikeRekeyInterval": {
"optionType": "default",
"value": 14400
},
"ikeCiphersuite": {
"optionType": "default",
"value": "aes256-cbc-sha1"
},
"ikeGroup": {
"optionType": "default",
"value": "16"
},
"ipsecRekeyInterval": {
"optionType": "default",
"value": 3600
},
"ipsecReplayWindow": {
"optionType": "default",
"value": 512
},
"ipsecCiphersuite": {
"optionType": "default",
"value": "aes256-gcm"
},
"perfectForwardSecrecy": {
"optionType": "default",
"value": "none"
}
}
],
"region": {
"optionType": "global",
"value": "us-east-1"
},
"bgpAsNumber": {
"optionType": "global",
"value": 65412
},
"inRoutePolicy": {
"optionType": "global",
"value": "SPA_IN"
},
"outRoutePolicy": {
"optionType": "global",
"value": "SPA_OUT"
}
}
}
}
]
}