Introduction to REST API

Hello Nicolas

REST has no built-in security features, however, there are several ways you can secure it. One way is to use token-based authentication, as seen in the lesson. However, this is not the only method. You could use HTTPS with TLS encryption as an option as well.

Typically, tokens are valid for a particular period of time. After this time expires, they are considered invalid and require a refresh token. This is a new access token that replaces the old one. How often this is done depends on the configuration. More info on refresh tokens and expiry durations can be found in this Cisco documentation:

In this setup, H1 is the client, and R1 is the server. So the IP of the server is the IP of the Gi/2 interface on the router, which is 172.16.1.100. The IP address in the default route is that of H1. This is set up like this only for the purpose of the lab. You wouldnā€™t see such a default route pointing to a host in a production network.

I hope this has been helpful!

Laz

PS, thanks for pointing out the typo, Iā€™ll let Rene know!

1 Like

Thanks a lot Laz, always clear and helpful answers!

1 Like

HI

ASRx routers will support this virtual service?

Hello Pavan

The ASR 9000 does support the virtual service option with release 5.1.1 or later as described in this document:

The ASR 1000 with IOS XE Everest 16.5 also supports virtual service as seen here:

However, for the ASR 900 and 920 I was unable to find any indication that this is supported. Your best bet is to take a detailed look at the Cisco Feature Navigator found at the following link, and take a look at specific IOS and platforms to ensure what features are available on what devices.
https://cfnng.cisco.com/

I hope this has been helpful!

Laz

Hello, I am trying to clone your public repo but get a server certificate error. I am on a WSL instance on my windows laptop.

Cloning into ā€˜csr1000v-rest-apiā€™ā€¦
fatal: unable to access ā€˜https://gitlab.com/networklessons-content/csr1000v-rest-api.git/ā€™: server certificate verification failed. CAfile: none CRLfile: none

Is this my issue or the servers?

Thanks,

Hello Peter,

That looks like a gitlab issue. What git clone command did you try?

On the repo page there are the SSH and HTTPS options:

This should work without configuring anything:

git clone https://gitlab.com/networklessons-content/csr1000v-rest-api.git

1 Like

Hello,

I have some CAT9400 series running 17.09.04a and unlike CSR1000v I canā€™t see an option to download the corresponding install package ā€œIOS XE Remote Management Softwareā€. Is this still supported? if not what is the alternative. What would be the right ova to use here virtual-service install name csr_mgmt package bootflash:/iosxe-remote-mgmt.XX.XX.XX.ova for IOS-XE 17.09.04a. Please let me know and thank you

CSR1000v ova: https://software.cisco.com/download/home/284364978/type/286283116/release/16.9.3?catid=null

Hello Alejandro

The REST API is supported only on specific platforms such as the CSR 1000V and the ASR1000 series routers. You can take a more detailed look at what is supported here:

Keep in mind that according to this Cisco Documentation, even for the supported platforms, REST API is supported only for IOS XE versions up to 16.6. REST API is not supported from the IOS-XE 16.7.x release onwards. If you are using the 16.7.x version or above, Cisco recommends that you use Restconf.

I hope this has been helpful!

Laz

I think my issue was a work laptop as Iā€™m sure i did that. Donā€™t know any other way to do it.

Works on home computer.

1 Like