Introduction to REST API

lagapidis · October 12, 2021, 7:59am

Hello Nicolas

REST has no built-in security features, however, there are several ways you can secure it. One way is to use token-based authentication, as seen in the lesson. However, this is not the only method. You could use HTTPS with TLS encryption as an option as well.

Typically, tokens are valid for a particular period of time. After this time expires, they are considered invalid and require a refresh token. This is a new access token that replaces the old one. How often this is done depends on the configuration. More info on refresh tokens and expiry durations can be found in this Cisco documentation:

In this setup, H1 is the client, and R1 is the server. So the IP of the server is the IP of the Gi/2 interface on the router, which is 172.16.1.100. The IP address in the default route is that of H1. This is set up like this only for the purpose of the lab. You wouldn’t see such a default route pointing to a host in a production network.

I hope this has been helpful!

Laz

PS, thanks for pointing out the typo, I’ll let Rene know!

nicolas.khalaf · October 14, 2021, 11:10pm

Thanks a lot Laz, always clear and helpful answers!

pavanc.08 · October 18, 2021, 6:20pm

HI

ASRx routers will support this virtual service?

lagapidis · October 20, 2021, 5:12am

Hello Pavan

The ASR 9000 does support the virtual service option with release 5.1.1 or later as described in this document:

The ASR 1000 with IOS XE Everest 16.5 also supports virtual service as seen here:

However, for the ASR 900 and 920 I was unable to find any indication that this is supported. Your best bet is to take a detailed look at the Cisco Feature Navigator found at the following link, and take a look at specific IOS and platforms to ensure what features are available on what devices.

I hope this has been helpful!

Laz

parnett · June 21, 2024, 10:51am

Hello, I am trying to clone your public repo but get a server certificate error. I am on a WSL instance on my windows laptop.

Cloning into ‘csr1000v-rest-api’…
fatal: unable to access ‘https://gitlab.com/networklessons-content/csr1000v-rest-api.git/’: server certificate verification failed. CAfile: none CRLfile: none

Is this my issue or the servers?

Thanks,

ReneMolenaar · June 24, 2024, 1:44pm

Hello Peter,

That looks like a gitlab issue. What git clone command did you try?

On the repo page there are the SSH and HTTPS options:

This should work without configuring anything:

git clone https://gitlab.com/networklessons-content/csr1000v-rest-api.git

alepaslopez · July 9, 2024, 7:14pm

Hello,

I have some CAT9400 series running 17.09.04a and unlike CSR1000v I can’t see an option to download the corresponding install package “IOS XE Remote Management Software”. Is this still supported? if not what is the alternative. What would be the right ova to use here virtual-service install name csr_mgmt package bootflash:/iosxe-remote-mgmt.XX.XX.XX.ova for IOS-XE 17.09.04a. Please let me know and thank you

CSR1000v ova: https://software.cisco.com/download/home/284364978/type/286283116/release/16.9.3?catid=null

lagapidis · July 15, 2024, 7:09am

Hello Alejandro

The REST API is supported only on specific platforms such as the CSR 1000V and the ASR1000 series routers. You can take a more detailed look at what is supported here:

Keep in mind that according to this Cisco Documentation, even for the supported platforms, REST API is supported only for IOS XE versions up to 16.6. REST API is not supported from the IOS-XE 16.7.x release onwards. If you are using the 16.7.x version or above, Cisco recommends that you use Restconf.

I hope this has been helpful!

Laz

parnett · July 22, 2024, 11:58am

I think my issue was a work laptop as I’m sure i did that. Don’t know any other way to do it.

Works on home computer.

davidilles · March 30, 2025, 10:28am

Hello.

A simple question here, I need some clarification regarding what an API is.

I understand that it’s some piece of software that allows applications or devices to communicate. I suppose that I can use socialblade as an example here

SocialBlade is a website that provides statistics about various YouTube channels. So does this mean that YT has its own API that is available to public, therefore SocialBlade can use it to extract all this information from the YT database?

In this context, what exactly is an API? Did YouTube program something into their application that allows other websites to extract information from it?

So I suppose that a similar concept exists in the concept of network devices. There is some sort of API configured on them that allows us, the network engineer/programmer to extract information from it. Or in the case of SDN, the controller could use the API to extract/configure information from the device.

Thank you.
David

lagapidis · April 1, 2025, 6:14am

Hello David

First of all, let’s address the question about SocialBlade. Yes, YouTube provides a public API that allows services like SocialBlade to access platform data programmatically.

YouTube’s API is a controlled interface between its internal database and external applications. SocialBlade sends structured requests to specific API endpoints. For example, to fetch subscriber counts or video metrics, SocialBlade might use something like this:

GET https://www.googleapis.com/youtube/v3/channels?part=statistics&id=CHANNEL_ID&key=API_KEY

This returns data in standardized formats like JSON, which SocialBlade then parses for processing and display. This allows YouTube to safely provide the information it chooses to third parties like SocialBlade, in a structured and controlled manner without the need to allow them to interact with internal databases and systems.

Yes, that’s exactly it. Of course, this is simply one example of what an API can do. More generally speaking, an API is a well defined interface through which programs/software can gain access programmatically to interact with that system in a controlled and structured manner.

Yes. In the example of SocialBlade, the purpose of the API is to simply extract information in a particular way. But APIs can be configured to provide deeper interaction between the system providing the API and the system using the API. For example, VoIP telephony systems that I’ve worked with provide predefined APIs that allow deep interaction with Customer Relationship Management (CRM) systems allowing the direct correlation of phone numbers with customer names. Similarly, APIs on network devices like routers and switches and firewalls can provide anything from extracting information, to full control and configuration using network management systems. So in the case of SDN, not only can you extract information, but you can have full control of the device. Not through CLI, but through a network management and controller system like Cisco DNA Center, which uses APIs extensively.

So an API is a programmatic interface through which another software program/process can interact with the system in question. The extent of interaction depends upon the configuration of the API itself. Does that clarify things a bit?

I hope this has been helpful!

Laz

davidilles · April 1, 2025, 4:41pm

Hello Laz.

It’s all clear now. I don’t think that things will be ever 100% clear considering the fact that I don’t program or create any APIs and seeing the background process would surely help, but at this CCNA/CCNP level, it’s more than enough.

So what’s the better option if we want to either configure or extract information from devices? Use an API or SSH/Telnet/SNMP (since SDN allows that approach as well).

David