Introduction to REST API

Hello Nicolas

REST has no built-in security features, however, there are several ways you can secure it. One way is to use token-based authentication, as seen in the lesson. However, this is not the only method. You could use HTTPS with TLS encryption as an option as well.

Typically, tokens are valid for a particular period of time. After this time expires, they are considered invalid and require a refresh token. This is a new access token that replaces the old one. How often this is done depends on the configuration. More info on refresh tokens and expiry durations can be found in this Cisco documentation:

In this setup, H1 is the client, and R1 is the server. So the IP of the server is the IP of the Gi/2 interface on the router, which is 172.16.1.100. The IP address in the default route is that of H1. This is set up like this only for the purpose of the lab. You wouldn’t see such a default route pointing to a host in a production network.

I hope this has been helpful!

Laz

PS, thanks for pointing out the typo, I’ll let Rene know!

Thanks a lot Laz, always clear and helpful answers!

HI

ASRx routers will support this virtual service?

Hello Pavan

The ASR 9000 does support the virtual service option with release 5.1.1 or later as described in this document:

The ASR 1000 with IOS XE Everest 16.5 also supports virtual service as seen here:

However, for the ASR 900 and 920 I was unable to find any indication that this is supported. Your best bet is to take a detailed look at the Cisco Feature Navigator found at the following link, and take a look at specific IOS and platforms to ensure what features are available on what devices.

I hope this has been helpful!

Laz

Hello, I am trying to clone your public repo but get a server certificate error. I am on a WSL instance on my windows laptop.

Cloning into ‘csr1000v-rest-api’…
fatal: unable to access ‘https://gitlab.com/networklessons-content/csr1000v-rest-api.git/’: server certificate verification failed. CAfile: none CRLfile: none

Is this my issue or the servers?

Thanks,

Hello Peter,

That looks like a gitlab issue. What git clone command did you try?

On the repo page there are the SSH and HTTPS options:

This should work without configuring anything:

git clone https://gitlab.com/networklessons-content/csr1000v-rest-api.git

Hello,

I have some CAT9400 series running 17.09.04a and unlike CSR1000v I can’t see an option to download the corresponding install package “IOS XE Remote Management Software”. Is this still supported? if not what is the alternative. What would be the right ova to use here virtual-service install name csr_mgmt package bootflash:/iosxe-remote-mgmt.XX.XX.XX.ova for IOS-XE 17.09.04a. Please let me know and thank you

CSR1000v ova: https://software.cisco.com/download/home/284364978/type/286283116/release/16.9.3?catid=null

Hello Alejandro

The REST API is supported only on specific platforms such as the CSR 1000V and the ASR1000 series routers. You can take a more detailed look at what is supported here:

Keep in mind that according to this Cisco Documentation, even for the supported platforms, REST API is supported only for IOS XE versions up to 16.6. REST API is not supported from the IOS-XE 16.7.x release onwards. If you are using the 16.7.x version or above, Cisco recommends that you use Restconf.

I hope this has been helpful!

Laz

I think my issue was a work laptop as I’m sure i did that. Don’t know any other way to do it.

Works on home computer.

Hello.

A simple question here, I need some clarification regarding what an API is.

I understand that it’s some piece of software that allows applications or devices to communicate. I suppose that I can use socialblade as an example here

obrázok1907×934 297 KB

SocialBlade is a website that provides statistics about various YouTube channels. So does this mean that YT has its own API that is available to public, therefore SocialBlade can use it to extract all this information from the YT database?

In this context, what exactly is an API? Did YouTube program something into their application that allows other websites to extract information from it?

So I suppose that a similar concept exists in the concept of network devices. There is some sort of API configured on them that allows us, the network engineer/programmer to extract information from it. Or in the case of SDN, the controller could use the API to extract/configure information from the device.

Thank you.
David

Hello David

First of all, let’s address the question about SocialBlade. Yes, YouTube provides a public API that allows services like SocialBlade to access platform data programmatically.

YouTube’s API is a controlled interface between its internal database and external applications. SocialBlade sends structured requests to specific API endpoints. For example, to fetch subscriber counts or video metrics, SocialBlade might use something like this:

GET https://www.googleapis.com/youtube/v3/channels?part=statistics&id=CHANNEL_ID&key=API_KEY

This returns data in standardized formats like JSON, which SocialBlade then parses for processing and display. This allows YouTube to safely provide the information it chooses to third parties like SocialBlade, in a structured and controlled manner without the need to allow them to interact with internal databases and systems.

Yes, that’s exactly it. Of course, this is simply one example of what an API can do. More generally speaking, an API is a well defined interface through which programs/software can gain access programmatically to interact with that system in a controlled and structured manner.

Yes. In the example of SocialBlade, the purpose of the API is to simply extract information in a particular way. But APIs can be configured to provide deeper interaction between the system providing the API and the system using the API. For example, VoIP telephony systems that I’ve worked with provide predefined APIs that allow deep interaction with Customer Relationship Management (CRM) systems allowing the direct correlation of phone numbers with customer names. Similarly, APIs on network devices like routers and switches and firewalls can provide anything from extracting information, to full control and configuration using network management systems. So in the case of SDN, not only can you extract information, but you can have full control of the device. Not through CLI, but through a network management and controller system like Cisco DNA Center, which uses APIs extensively.

So an API is a programmatic interface through which another software program/process can interact with the system in question. The extent of interaction depends upon the configuration of the API itself. Does that clarify things a bit?

I hope this has been helpful!

Laz

Hello Laz.

It’s all clear now. I don’t think that things will be ever 100% clear considering the fact that I don’t program or create any APIs and seeing the background process would surely help, but at this CCNA/CCNP level, it’s more than enough.

So what’s the better option if we want to either configure or extract information from devices? Use an API or SSH/Telnet/SNMP (since SDN allows that approach as well).

David

Hello David

I understand, I too am not as involved in programming, so the lack of practical experience can hinder us from fuller understanding. In any case, you’re right, reaching this level of understanding for the purpose of certification is indeed enough.

It all depends on what you want to do, how much detail you want to get into, and how much time you want to spend arranging it. If you want a “quick and dirty” solution, it’s preferable to use predefined setups from network monitoring systems, using SNMP. If you’re using SDN, and there are predefined templates that can be used with SSH (not Telnet due to security concerns), then that would be the way to go.

If you want to have a more customized result, and you have the time, manpower, software tools, and expertise available, you can design specific APIs to do whatever you like, as far as configs and extractions go.

If you use Cisco DNA Center, it has many predefined APIs built in that allow you to streamline the implementation, giving you more options for the type of interaction you can achieve between the controller and the network devices.

So there are many options, all of which depend upon your requirements and the availability of specialized tools and skillsets. Does that make sense?

I hope this has been helpful!

Laz

Hello, everyone.

I have a quick question.

I don’t quite understand what Representational means in REST. Rene says that we transfer the representation of a resource. So not the actual resource itself, or what exactly is this representation? What is used to represent the resource?

Thank you.
David

Hello David

When we talk about REST (Representational State Transfer), and specifically about representations of resources, here’s what we mean.

A resource in REST is an abstract concept. It’s typically a piece of data or information object identified by a URI. For example, this:

/restconf/data/ietf-interfaces:interfaces/interface=GigabitEthernet1

might identify the interface named GigabitEthernet1 on a device. This resource could have several properties — name, description, IP address, status, etc.

The representation is how the resource is encoded or presented over the network. It’s not the actual resource itself. Think of it as a snapshot of the current state of that resource. This representation is what is actually transferred in RESTCONF.

So the representation of that resource (i.e. the structured URI) is transferred. Does that make sense?

I hope this has been helpful!

Laz