Download OpenAPI specification:Download
This is the spec that defines the API provided by the application to provide auth across the cluster
{- "code": 0,
- "message": "message"
}Create an access token for EFA
Credentials to fetch a token
| username | string Name of the user for whom the token has to be generated |
| password | string Password for the above user |
{- "username": "admin",
- "password": "password"
}{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "message": "Certificates will expire soon, please renew"
}{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "message": "Certificates will expire soon, please renew"
}Create an extended system access token for EFA
Credentials to fetch a token
| clientId | string ID of the registered client |
| expiry | integer Number of seconds until extended token must expire |
{- "clientId": "sdjfdjskjd",
- "expiry": 300
}{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "message": "Certificates will expire soon, please renew"
}Create an access token for XCO clients
Client Credentials to fetch a token
| username | string Name of the user for whom the token has to be generated |
| password | string Password for the above user |
| clientId | string ID of the registered client |
{- "username": "admin",
- "password": "password"
}{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "message": "Certificates will expire soon, please renew"
}Get access token with refresh token
Refresh token
| refresh-token | string refresh token |
| grant-type | string grant type(refresh_token) |
{- "grant-type": "refresh_token",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "message": "Certificates will expire soon, please renew"
}Create a key for XCO clients
| force required | boolean Force key regenerate |
Credentials to fetch a token
| clientId | string ID of the registered client |
{- "clientId": "sdjfdjskjd"
}{- "apiKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}Update Token Expiry Time For A Specific Token
Type of the XCO token
| type | string Type of the token |
| hours | integer Hours for token expiry |
| minutes | integer Minutes for token expiry |
{- "type": "ACCESS",
- "hours": 0,
- "minutes": 15
}{- "type": "ACCESS",
- "hours": 0,
- "minutes": 15
}[- {
- "type": "ACCESS",
- "hours": 0,
- "minutes": 15
}
]Register a new client to access EFA
Details of the client
| name | string Name for the client(tenant name for Openstack clients) |
| clientType | string Type of the client(openstack for Openstack clients) |
{- "name": "tenantname",
- "clientType": "openstack"
}{- "name": "tenantname",
- "clientID": "askjf-djffi-dwokd-askls",
- "clientType": "openstack"
}Fetch LDAP details by name
| name required | string Name given for the ldap connection |
{- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}Update LDAP configuration for authentication
| name required | string Name of the registered LDAP Server |
Details of the LDAP Server
| name | string Name for the LDAP connection |
| host | string Specify the hostname or IP address |
| port | string Specify the port at which the OpenLDAP server is listening for connections |
| tls required | boolean Enable to use LDAP over SSL/TLS |
| insecure-tls required | boolean Enable to use LDAP without cert verification |
| cacert | string CA certificate |
| timeout required | integer Duration in number of seconds before considering the server unreachable(defaults to 5 sec) |
| bind-user-name | string Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries |
| bind-user-password | string Password of the bind user |
| user-search-base | string Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects. |
| user-object-class | string Name of the object class used for user objects(defaults to inetOrgPerson) |
| user-login-attribute | string The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid) |
| user-role-attribute | string The attribute to read the role of user from |
| user-role-attribute-key | string The attribute to read the role value from role attribute |
| user-member-attribute | string The attribute to read the member of the group the user is part of |
| group-search-base | string Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects. |
| group-object-class | string Name of the object class used for group objects(defaults to groupOfNames) |
| group-attribute | string Attribute to define search filter on group(defaults to cn) |
| group-member-user-attribute | string The name of the user attribute whose format matches the group members(defualts to entrydn) |
| group-member-mapping-attribute | string The name of the group attribute containing the members of a group(defaults to member) |
| cli | boolean Default: false Differentiate the client type |
{- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string",
- "cli": false
}{- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}Register a new LDAP Server for authentication
Details of the LDAP Server
| name | string Name for the LDAP connection |
| host | string Specify the hostname or IP address |
| port | string Specify the port at which the OpenLDAP server is listening for connections |
| tls required | boolean Enable to use LDAP over SSL/TLS |
| insecure-tls required | boolean Enable to use LDAP without cert verification |
| cacert | string CA certificate |
| timeout required | integer Duration in number of seconds before considering the server unreachable(defaults to 5 sec) |
| bind-user-name | string Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries |
| bind-user-password | string Password of the bind user |
| user-search-base | string Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects. |
| user-object-class | string Name of the object class used for user objects(defaults to inetOrgPerson) |
| user-login-attribute | string The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid) |
| user-role-attribute | string The attribute to read the role of user from |
| user-role-attribute-key | string The attribute to read the role value from role attribute |
| user-member-attribute | string The attribute to read the member of the group the user is part of |
| group-search-base | string Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects. |
| group-object-class | string Name of the object class used for group objects(defaults to groupOfNames) |
| group-attribute | string Attribute to define search filter on group(defaults to cn) |
| group-member-user-attribute | string The name of the user attribute whose format matches the group members(defualts to entrydn) |
| group-member-mapping-attribute | string The name of the group attribute containing the members of a group(defaults to member) |
| cli | boolean Default: false Differentiate the client type |
{- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string",
- "cli": false
}{- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}Reset LDAP configuration
| name required | string Name of the registered LDAP Server |
Reset LDAP Configs.
[- "Host",
- "Port",
- "CaCert",
- "BindUsername",
- "BindUserPassword",
- "UserSearchBase",
- "UserObjectClass",
- "UserLoginAttribute",
- "UserRoleAttribute",
- "UserRoleAttributeKey",
- "UserMemberAttribute",
- "GroupSearchBase",
- "GroupObjectClass",
- "GroupAttribute",
- "GroupMemberUserAttribute",
- "GroupMemberMappingAttribute"
]{- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}Get All LDAP details configured in the application
[- {
- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}
]To map LDAP role to XCO role
LDAP role name and XCO supported role name
| xRole | string Enum: "SystemAdmin" "NetworkOperator" Extreme role name |
| ldapRole | string Ldap role name |
| name | string Ldap name registered in application |
{- "xRole": "SystemAdmin",
- "ldapRole": "ldapAdmin"
}[- {
- "xRole": "string",
- "roleDescription": "string",
- "ldapRole": "string",
- "name": "string"
}
]Fetch all LDAP role mapping details
| name | string The name of the LDAP server registered |
| ldapRole | string The LDAP role name registered for a given host |
[- {
- "xRole": "string",
- "roleDescription": "string",
- "ldapRole": "string",
- "name": "string"
}
]To map LDAP role to XCO role
LDAP role name and XCO supported role name
| xRole | string Enum: "SystemAdmin" "NetworkOperator" Extreme role name |
| ldapRole | string Ldap role name |
| name | string Ldap name registered in application |
[- {
- "xRole": "SystemAdmin",
- "ldapRole": "ldapAdmin"
}
][- {
- "xRole": "string",
- "roleDescription": "string",
- "ldapRole": "string",
- "name": "string"
}
]Register a new TACACS server
TACACS server
| host | string Tacacs server host ipv4/ipv6 address |
| port | integer Port number |
| protocol | string Enum: "CHAP" "PAP" Protocol like PAP or CHAP |
| secretKey | string <= 40 characters Secret key maximum 40 characters |
{- "host": "10.37.138.217",
- "port": 49,
- "protocol": "CHAP",
- "secretKey": "sharedsecret"
}{- "code": 0,
- "message": "message"
}Update Tacacs server details
Details of the TACACS server
| host | string Tacacs server host ipv4/ipv6 address |
| port | integer Port number |
| protocol | string Enum: "CHAP" "PAP" Protocol like PAP or CHAP |
| secretKey | string <= 40 characters Secret key maximum 40 characters |
{- "host": "10.37.138.217",
- "port": 49,
- "protocol": "CHAP",
- "secretKey": "sharedsecret"
}{- "host": "10.37.138.217",
- "port": 49,
- "protocol": "CHAP",
- "secretKey": "sharedsecret"
}Fetch TACACS server details of a specific host or all hosts
| host | string The host of the TACACS server registered or all to get all servers |
[- {
- "host": "10.37.138.217",
- "port": 49,
- "protocol": "CHAP",
- "secretKey": "sharedsecret"
}
]To map TACACS role to XCO role
TACACS role name and XCO supported role name
| xRole | string Enum: "SystemAdmin" "NetworkOperator" Extreme role name |
| tacacsRole | string Tacacs role name |
| host | string Tacacs host registered in application |
{- "xRole": "SystemAdmin",
- "tacacsRole": "tacAdmin"
}[- {
- "xRole": "string",
- "roleDescription": "string",
- "tacacsRole": "string",
- "host": "string"
}
]Fetch all tacacs role mapping details
| host | string The host of the TACACS server registered |
| tacacsRole | string The tacacs role name registered for a given host |
[- {
- "xRole": "string",
- "roleDescription": "string",
- "tacacsRole": "string",
- "host": "string"
}
]To map TACACS role to XCO role
TACACS role name and XCO supported role name
| xRole | string Enum: "SystemAdmin" "NetworkOperator" Extreme role name |
| tacacsRole | string Tacacs role name |
| host | string Tacacs host registered in application |
[- {
- "xRole": "SystemAdmin",
- "tacacsRole": "tacAdmin"
}
][- {
- "xRole": "string",
- "roleDescription": "string",
- "tacacsRole": "string",
- "host": "string"
}
]Add the authentication preference
Add the authentication preference
| authType | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" TACAC, LDAP, LOCAL, or HOST |
| identifier | string auth identifier |
| preference | integer auth preference |
{- "authType": "TACACS",
- "identifier": "10.37.23.4",
- "preference": 1
}{- "code": 0,
- "message": "message"
}Update the authentication preference
Update the authentication preference
| authType | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" TACAC, LDAP, LOCAL, or HOST |
| identifier | string auth identifier |
| preference | integer auth preference |
{- "authType": "TACACS",
- "identifier": "10.37.23.4",
- "preference": 1
}{- "code": 0,
- "message": "message"
}Delete the authentication preference
Delete the authentication preference
| authType | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" TACAC, LDAP, LOCAL, or HOST |
| identifier | string auth identifier |
| preference | integer auth preference |
{- "authType": "TACACS",
- "identifier": "10.37.23.4",
- "preference": 1
}{- "code": 0,
- "message": "message"
}Add and update the authentication preferences
Add and update the authentication preferences
| authType | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" TACAC, LDAP, LOCAL, or HOST |
| identifier | string auth identifier |
| preference | integer auth preference |
[- {
- "authType": "TACACS",
- "identifier": "10.37.23.4",
- "preference": 1
}
]{- "code": 0,
- "message": "message"
}Get the active users details by authentication type
| auth_type required | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" Authentication type of the user |
{- "pagination_response": {
- "remaining_count": 0,
- "first_id": 0,
- "last_id": 0
}, - "user": [
- {
- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
]
}Fetch all users details or specific user detail by name
| user_name | string Name of the user |
{- "pagination_response": {
- "remaining_count": 0,
- "first_id": 0,
- "last_id": 0
}, - "user": [
- {
- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
]
}Register a new user
Details of the user
| id | integer <int32> ID of the operation |
| user_name | string user name to be registered |
| email_id | string email id to be registered |
| password | string password |
| roles | Array of strings (Full list of roles) List of roles or specific role details |
| is_blocked | boolean Default: false is user blocked |
| created_at | string <date-time> user created time |
| organization | string organization information |
| address | string user address |
| mobile_number | string user mobile number |
| location | string user location |
| auth_type | string authorization type |
| is_active | boolean Default: false is user active |
| active_since | string <date-time> user active time |
{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}Update roles of a registered user
Details of the user
| id | integer <int32> ID of the operation |
| user_name | string user name to be registered |
| email_id | string email id to be registered |
| password | string password |
| roles | Array of strings (Full list of roles) List of roles or specific role details |
| is_blocked | boolean Default: false is user blocked |
| created_at | string <date-time> user created time |
| organization | string organization information |
| address | string user address |
| mobile_number | string user mobile number |
| location | string user location |
| auth_type | string authorization type |
| is_active | boolean Default: false is user active |
| active_since | string <date-time> user active time |
{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}Update the user state blocked or unblocked
Details of the user
| user_name | string user name to be updated |
| is_blocked | boolean Default: false is user blocked |
{- "user_name": "willsmith",
- "is_blocked": false
}{- "user_name": "willsmith",
- "is_blocked": false
}Change password of a registered user
Details of the user
| user_name | string user name |
| old_password | string old password |
| new_password | string new password |
{- "user_name": "willsmith",
- "old_password": "test",
- "new-Password": "test1"
}{- "user_name": "willsmith",
- "old_password": "test",
- "new-Password": "test1"
}Reset password of a registered user
Details of the user
| password | string password |
{- "password": "test1"
}{- "message": "passowrd changed successfully"
}Reset user password
Details of the user
| user_name | string user name to be registered |
| email_id | string email id to be registered |
{- "user_name": "string",
- "email_id": "string"
}{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}Get the detailed output of the given execution ID
| id required | string Execution ID |
{- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "parameters": "client add",
- "logs": "logs",
- "command": "client add",
- "status": "Failed, Succeeded"
}This API will delete the execution entries older than specific number of days
| days_older_by required | integer Default: 30 Deletes execution entries older than specified number of days |
{- "code": 0,
- "message": "message"
}Get the list of all the previous executions
| limit required | integer Default: 10 Limit the number of executions that will be sent in the response. Default is 10 |
| status | string Default: "all" Filter the executions based on the status(failed/succeeded/all) |
{- "items": [
- {
- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "command": "client add",
- "status": "client add"
}, - {
- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "command": "client add",
- "status": "client add"
}
]
}Get Execution log list with pagination
object {"group_by":"user_name"} Responses grouped by user name {"filter":[{"name":"user_name","value":"admin"}] Responses filtered by name="admin" {"fuzzy":"ConfigAddUpdate"} Responses searched using fuzzy search "ConfigAddUpdate" |
{- "items": [
- {
- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "command": "client add",
- "status": "client add"
}, - {
- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "command": "client add",
- "status": "client add"
}
]
}[- {
- "id": 1,
- "name": "tenantname",
- "role": "TenantAdmin",
- "type": "user"
}
]Add new role mapping
Details of the mapping to be created
| name | string Name for the user or group for whom role is to assigned |
| role | string Name of the role to be assigned |
| type | string Type of the assignment (user or group) |
{- "name": "tenantname",
- "role": "TenantAdmin",
- "type": "user"
}{- "id": 1,
- "name": "tenantname",
- "role": "TenantAdmin",
- "type": "user"
}