VPN User Connections API Guide
This guide provides Python client samples for the Cisco Secure Access VPN User Connections API. You can get the VPN users and update (disconnect) the VPN connections for the users.
- First get your Secure Access API key and set up your environment, and then install the Secure Access API client. For more information, see Samples Overview.
- Run
python3 main.py.
Note: Your Secure Access API key must have the permissions to read and write on the admin key scope. For more information about the API key scopes, see Secure Access OAuth 2.0 Scopes.
Run the Script
- Copy the script to a local file called
main.py. Locate the script in your environment in a directory above theciscodirectory. - Run
python3 main.py.
main.py
"""
Copyright (c) 2025 Cisco and/or its affiliates.
This software is licensed to you under the terms of the Cisco Sample
Code License, Version 1.1 (the "License"). You may obtain a copy of the
License at
https://developer.cisco.com/docs/licenses
All use of the material herein must be in accordance with the terms of
the License. All rights not expressly granted by the License are
reserved. Unless required by applicable law or agreed to separately in
writing, software distributed under the License is distributed on an "AS
IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
or implied.
"""
import requests
from requests_toolbelt import MultipartEncoder
import json
import os
from dotenv import load_dotenv
from cisco.secure_access import API
from cisco.secure_access import admin
from cisco.secure_access import GET
from cisco.secure_access import PUT
from cisco.secure_access import token_url
from cisco.secure_access import client_id
from cisco.secure_access import client_secret
# VPN User Connections API endpoints
vpn_user_connections_endpoint = "vpn/userConnections"
load_dotenv()
def get_vpn_connections(api):
''' Get the VPN connections in the organization. '''
try:
# Get the VPN connections in the organization
response = api.Query(admin, vpn_user_connections_endpoint, GET)
# Check if the API request was successful
if response.status_code == 200:
print(f"Success. GET {vpn_user_connections_endpoint}, {response.json()}")
return rsp.json()
else:
print(f"Failed to get the VPN connections. Status code: {response.status_code}, Response: {response.text}.")
return
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}.")
def put_vpn_connections(api, action=None, vpn_properties=None):
''' Disconnect the VPN connections in the organization. '''
try:
if action is None or vpn_properties is None:
raise ValueError("action and vpn_properties are required to update the VPN connections.")
# Prepare the payload
payload = {
"action": action,
"usernames": vpn_properties['usernames']
}
print(f"Disconnect the VPN connections with data: {payload}")
response = api.Query(admin, vpn_user_connections_endpoint, PUT, payload)
# Check the response status
if response.status_code == 200:
print(f"Success: PUT {vpn_user_connections_endpoint}, {response.json()}.")
return response.json()
else:
print(f"Failed to update the VPN connections. Status code: {response.status_code}, Response: {response.text}.")
return None
except Exception as e:
print(f"An error occurred: {e}.")
def main():
# Exit out if the required client_id or client_secret is not set
for var in ['API_SECRET', 'API_KEY', 'OUTPUT_DIR']:
if os.environ.get(var) == None:
print("Required environment variable: {} not set".format(var))
exit()
# Get your API token
api = API(token_url, client_id, client_secret)
try:
# Get VPN user connections.
json_data = get_vpn_connections(api)
if json_data:
print(json_data['data'])
# Disconnect VPN users. Provide the action (disconnect) and the list of usernames for the VPN connections.
vpn_properties = {}
vpn_action = 'disconnect'
vpn_properties['usernames'] = ['userdisconnect@test.com']
json_data = put_vpn_connections(api, vpn_action, vpn_properties)
if json_data:
print(json_data['data'])
except Exception as e:
print(e)
# main
if __name__ == "__main__":
main()