Cisco Secure Access Network and Service Objects APIs

Network and Service Objects API

The Cisco Secure Access Network and Service Objects API enables you to create, list, update, and delete Network and Service Objects and the groups that include these objects. You can add a single object or group in Secure Access or upload and validate a comma-separated values (CSV) file of Network or Service Objects.

After you add Network and Service Objects in Secure Access, you can select the object and groups as rule conditions when you create the internet or private access rules in the Access policy. You can select Network Objects and Groups for the source or destination component of an access rule. You can select Service Objects and Groups for the source components only of an access rule. For information about managing the Access policy programmatically, see Secure Access Policy Rules API.

You can find the Network and Service Objects API endpoints under the policies scope in Secure Access.

Overview

General Limits
Rate Limits for Network and Service Objects
Request Headers
About Importing and Validating Objects
About Network Objects
About Network Object Groups
About Service Objects
About Service Object Groups
Network and Service Objects API Endpoints

General Limits

Secure Access supports adding up to 50000 Network Objects and 50000 Service Objects in the organization.
- The total number of Network or Service Objects includes any non-reusable objects that you add directly to a group.
Secure Access supports adding up to 10000 Network Object Groups and 10000 Service Object Groups in the organization.
Secure Access supports adding up to 1500 Network Objects in a Network Object Group.
Secure Access supports adding up to 1500 Service Objects in a Service Object Group.
Secure Access supports the import of 1000 rows of object properties in a comma-separated values (CSV) file.
- The CSV file cannot exceed 10MB.
Secure Access supports the selection of 10 objects and 10 groups in an access rule.
Secure Access supports including up to 50000 objects in a group.
The total number of objects referenced in the internet and private access rules combined cannot exceed 50000. For example, since the maximum number of rules that an organization can configure is 10000, if you have 10000 rules, you cannot configure more than 5 objects on each rule in the Access policy.
- The total number of objects referenced in the access rules includes the use of the same object in any number of access rules.

Rate Limits for Network and Service Objects

Secure Access enables rate limits on the Network and Service Objects API Endpoints. For more information, see Rate Limits > Network and Service Objects.

Request Headers

Unless specified, the Secure Access API endpoints use JSON for all requests and responses.

Note: For POST, PUT, and PATCH operations, set the HTTP Content-Type header to application/json in your API request.

About Importing and Validating Objects

Secure Access accepts a comma-separated values (CSV) file with the required properties to create the Network Objects.
Secure Access accepts a comma-separated values (CSV) file with the required properties to create the Service Objects.
You can upload no more than 1000 rows of properties for each object.
The CSV file must be less than 10MB.
Secure Access uploads only CSV files with valid properties.
Secure Access can import the objects in a CSV file only if all of the objects are valid. If the CSV file contains errors, Secure Access does not upload the CSV file.
Secure Access does not add duplicate objects.

About Network Objects

You can add a Network Object in Secure Access with a single IP address (IPv4 or IPv6), range of IPv4 addresses, CIDR block, or fully-qualified domain name (FQDN). The Network Object must have a unique name for all Network Objects in the organization.

Then, after you add the Network Object, use the Network and Service Objects API to get, update, or delete the Network Object. You can also get the resources that are associated with the Network Objects in Secure Access.

Network Objects are available on both the source and destination components of the internet and private access rules.

About Network Object Groups

A Network Object Group is a collection of Network Objects and other Network Object Groups. You can add a Network Object Group with Network Objects and other Network Object Groups. The Network Object Group must have a unique name for all Network Object Groups in the organization.

After you add the Network Object Group, use the Network and Service Objects API to get, update, or delete the Network Object Group. You can also get the resources that are associated with the Network Object Groups in Secure Access.

Network Object Groups are available on both the source and destination components of the internet and private access rules.

About Service Objects

A Service Object represents a service or application. You can add a Service Object in Secure Access with a port, range of ports, and protocol information. The Service Object must have a unique name for all Service Objects in the organization.

Then, after you add the Service Object, use the Network and Service Objects API to get, update, or delete the Service Object. You can also get the resources that are associated with the Service Objects in Secure Access.

Service Objects are available on the destination component of the internet and private access rules.

About Service Object Groups

A Service Object Group is a collection of Service Objects and other Service Object Groups. You can add a Service Object Group with Service Objects and other Service Object Groups. The Service Object Group must have a unique name for all Service Object Groups in the organization.

After you add the Service Object Group, use the Network and Service Objects API to get, update, or delete the Service Object Group. You can also get the resources that are associated with the Service Object Groups in Secure Access.

Service Object Groups are available on the destination component of the internet and private access rules.