Download OpenAPI specification:Download
This is the spec that defines the API provided by the application to provide auth across the cluster
{- "code": 0,
- "message": "message"
}
Create an access token for EFA
Credentials to fetch a token
username | string Name of the user for whom the token has to be generated |
password | string Password for the above user |
{- "username": "admin",
- "password": "password"
}
{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "message": "Certificates will expire soon, please renew"
}
{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "message": "Certificates will expire soon, please renew"
}
Create an extended system access token for EFA
Credentials to fetch a token
clientId | string ID of the registered client |
expiry | integer Number of seconds until extended token must expire |
{- "clientId": "sdjfdjskjd",
- "expiry": 300
}
{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "message": "Certificates will expire soon, please renew"
}
Create an access token for XCO clients
Client Credentials to fetch a token
username | string Name of the user for whom the token has to be generated |
password | string Password for the above user |
clientId | string ID of the registered client |
{- "username": "admin",
- "password": "password"
}
{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "message": "Certificates will expire soon, please renew"
}
Get access token with refresh token
Refresh token
refresh-token | string refresh token |
grant-type | string grant type(refresh_token) |
{- "grant-type": "refresh_token",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
{- "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "token-type": "Bearer",
- "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
- "message": "Certificates will expire soon, please renew"
}
Create a key for XCO clients
force required | boolean Force key regenerate |
Credentials to fetch a token
clientId | string ID of the registered client |
{- "clientId": "sdjfdjskjd"
}
{- "apiKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Update Token Expiry Time For A Specific Token
Type of the XCO token
type | string Type of the token |
hours | integer Hours for token expiry |
minutes | integer Minutes for token expiry |
{- "type": "ACCESS",
- "hours": 0,
- "minutes": 15
}
{- "type": "ACCESS",
- "hours": 0,
- "minutes": 15
}
[- {
- "type": "ACCESS",
- "hours": 0,
- "minutes": 15
}
]
Register a new client to access EFA
Details of the client
name | string Name for the client(tenant name for Openstack clients) |
clientType | string Type of the client(openstack for Openstack clients) |
{- "name": "tenantname",
- "clientType": "openstack"
}
{- "name": "tenantname",
- "clientID": "askjf-djffi-dwokd-askls",
- "clientType": "openstack"
}
Fetch LDAP details by name
name required | string Name given for the ldap connection |
{- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}
Update LDAP configuration for authentication
name required | string Name of the registered LDAP Server |
Details of the LDAP Server
name | string Name for the LDAP connection |
host | string Specify the hostname or IP address |
port | string Specify the port at which the OpenLDAP server is listening for connections |
tls required | boolean Enable to use LDAP over SSL/TLS |
insecure-tls required | boolean Enable to use LDAP without cert verification |
cacert | string CA certificate |
timeout required | integer Duration in number of seconds before considering the server unreachable(defaults to 5 sec) |
bind-user-name | string Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries |
bind-user-password | string Password of the bind user |
user-search-base | string Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects. |
user-object-class | string Name of the object class used for user objects(defaults to inetOrgPerson) |
user-login-attribute | string The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid) |
user-role-attribute | string The attribute to read the role of user from |
user-role-attribute-key | string The attribute to read the role value from role attribute |
user-member-attribute | string The attribute to read the member of the group the user is part of |
group-search-base | string Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects. |
group-object-class | string Name of the object class used for group objects(defaults to groupOfNames) |
group-attribute | string Attribute to define search filter on group(defaults to cn) |
group-member-user-attribute | string The name of the user attribute whose format matches the group members(defualts to entrydn) |
group-member-mapping-attribute | string The name of the group attribute containing the members of a group(defaults to member) |
cli | boolean Default: false Differentiate the client type |
{- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string",
- "cli": false
}
{- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}
Register a new LDAP Server for authentication
Details of the LDAP Server
name | string Name for the LDAP connection |
host | string Specify the hostname or IP address |
port | string Specify the port at which the OpenLDAP server is listening for connections |
tls required | boolean Enable to use LDAP over SSL/TLS |
insecure-tls required | boolean Enable to use LDAP without cert verification |
cacert | string CA certificate |
timeout required | integer Duration in number of seconds before considering the server unreachable(defaults to 5 sec) |
bind-user-name | string Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries |
bind-user-password | string Password of the bind user |
user-search-base | string Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects. |
user-object-class | string Name of the object class used for user objects(defaults to inetOrgPerson) |
user-login-attribute | string The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid) |
user-role-attribute | string The attribute to read the role of user from |
user-role-attribute-key | string The attribute to read the role value from role attribute |
user-member-attribute | string The attribute to read the member of the group the user is part of |
group-search-base | string Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects. |
group-object-class | string Name of the object class used for group objects(defaults to groupOfNames) |
group-attribute | string Attribute to define search filter on group(defaults to cn) |
group-member-user-attribute | string The name of the user attribute whose format matches the group members(defualts to entrydn) |
group-member-mapping-attribute | string The name of the group attribute containing the members of a group(defaults to member) |
cli | boolean Default: false Differentiate the client type |
{- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string",
- "cli": false
}
{- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}
Reset LDAP configuration
name required | string Name of the registered LDAP Server |
Reset LDAP Configs.
[- "Host",
- "Port",
- "CaCert",
- "BindUsername",
- "BindUserPassword",
- "UserSearchBase",
- "UserObjectClass",
- "UserLoginAttribute",
- "UserRoleAttribute",
- "UserRoleAttributeKey",
- "UserMemberAttribute",
- "GroupSearchBase",
- "GroupObjectClass",
- "GroupAttribute",
- "GroupMemberUserAttribute",
- "GroupMemberMappingAttribute"
]
{- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}
Get All LDAP details configured in the application
[- {
- "id": 0,
- "name": "string",
- "host": "string",
- "port": "string",
- "tls": true,
- "insecure-tls": true,
- "cacert": "string",
- "timeout": 0,
- "bind-user-name": "string",
- "bind-user-password": "string",
- "user-search-base": "string",
- "user-object-class": "string",
- "user-login-attribute": "string",
- "user-role-attribute": "string",
- "user-role-attribute-key": "string",
- "user-member-attribute": "string",
- "group-search-base": "string",
- "group-object-class": "string",
- "group-attribute": "string",
- "group-member-user-attribute": "string",
- "group-member-mapping-attribute": "string"
}
]
To map LDAP role to XCO role
LDAP role name and XCO supported role name
xRole | string Enum: "SystemAdmin" "NetworkOperator" Extreme role name |
ldapRole | string Ldap role name |
name | string Ldap name registered in application |
{- "xRole": "SystemAdmin",
- "ldapRole": "ldapAdmin"
}
[- {
- "xRole": "string",
- "roleDescription": "string",
- "ldapRole": "string",
- "name": "string"
}
]
Fetch all LDAP role mapping details
name | string The name of the LDAP server registered |
ldapRole | string The LDAP role name registered for a given host |
[- {
- "xRole": "string",
- "roleDescription": "string",
- "ldapRole": "string",
- "name": "string"
}
]
To map LDAP role to XCO role
LDAP role name and XCO supported role name
xRole | string Enum: "SystemAdmin" "NetworkOperator" Extreme role name |
ldapRole | string Ldap role name |
name | string Ldap name registered in application |
[- {
- "xRole": "SystemAdmin",
- "ldapRole": "ldapAdmin"
}
]
[- {
- "xRole": "string",
- "roleDescription": "string",
- "ldapRole": "string",
- "name": "string"
}
]
Register a new TACACS server
TACACS server
host | string Tacacs server host ipv4/ipv6 address |
port | integer Port number |
protocol | string Enum: "CHAP" "PAP" Protocol like PAP or CHAP |
secretKey | string <= 40 characters Secret key maximum 40 characters |
{- "host": "10.37.138.217",
- "port": 49,
- "protocol": "CHAP",
- "secretKey": "sharedsecret"
}
{- "code": 0,
- "message": "message"
}
Update Tacacs server details
Details of the TACACS server
host | string Tacacs server host ipv4/ipv6 address |
port | integer Port number |
protocol | string Enum: "CHAP" "PAP" Protocol like PAP or CHAP |
secretKey | string <= 40 characters Secret key maximum 40 characters |
{- "host": "10.37.138.217",
- "port": 49,
- "protocol": "CHAP",
- "secretKey": "sharedsecret"
}
{- "host": "10.37.138.217",
- "port": 49,
- "protocol": "CHAP",
- "secretKey": "sharedsecret"
}
Fetch TACACS server details of a specific host or all hosts
host | string The host of the TACACS server registered or all to get all servers |
[- {
- "host": "10.37.138.217",
- "port": 49,
- "protocol": "CHAP",
- "secretKey": "sharedsecret"
}
]
To map TACACS role to XCO role
TACACS role name and XCO supported role name
xRole | string Enum: "SystemAdmin" "NetworkOperator" Extreme role name |
tacacsRole | string Tacacs role name |
host | string Tacacs host registered in application |
{- "xRole": "SystemAdmin",
- "tacacsRole": "tacAdmin"
}
[- {
- "xRole": "string",
- "roleDescription": "string",
- "tacacsRole": "string",
- "host": "string"
}
]
Fetch all tacacs role mapping details
host | string The host of the TACACS server registered |
tacacsRole | string The tacacs role name registered for a given host |
[- {
- "xRole": "string",
- "roleDescription": "string",
- "tacacsRole": "string",
- "host": "string"
}
]
To map TACACS role to XCO role
TACACS role name and XCO supported role name
xRole | string Enum: "SystemAdmin" "NetworkOperator" Extreme role name |
tacacsRole | string Tacacs role name |
host | string Tacacs host registered in application |
[- {
- "xRole": "SystemAdmin",
- "tacacsRole": "tacAdmin"
}
]
[- {
- "xRole": "string",
- "roleDescription": "string",
- "tacacsRole": "string",
- "host": "string"
}
]
Add the authentication preference
Add the authentication preference
authType | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" TACAC, LDAP, LOCAL, or HOST |
identifier | string auth identifier |
preference | integer auth preference |
{- "authType": "TACACS",
- "identifier": "10.37.23.4",
- "preference": 1
}
{- "code": 0,
- "message": "message"
}
Update the authentication preference
Update the authentication preference
authType | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" TACAC, LDAP, LOCAL, or HOST |
identifier | string auth identifier |
preference | integer auth preference |
{- "authType": "TACACS",
- "identifier": "10.37.23.4",
- "preference": 1
}
{- "code": 0,
- "message": "message"
}
Delete the authentication preference
Delete the authentication preference
authType | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" TACAC, LDAP, LOCAL, or HOST |
identifier | string auth identifier |
preference | integer auth preference |
{- "authType": "TACACS",
- "identifier": "10.37.23.4",
- "preference": 1
}
{- "code": 0,
- "message": "message"
}
Add and update the authentication preferences
Add and update the authentication preferences
authType | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" TACAC, LDAP, LOCAL, or HOST |
identifier | string auth identifier |
preference | integer auth preference |
[- {
- "authType": "TACACS",
- "identifier": "10.37.23.4",
- "preference": 1
}
]
{- "code": 0,
- "message": "message"
}
Get the active users details by authentication type
auth_type required | string Default: "HOST" Enum: "TACACS" "LDAP" "LOCAL" "HOST" Authentication type of the user |
{- "pagination_response": {
- "remaining_count": 0,
- "first_id": 0,
- "last_id": 0
}, - "user": [
- {
- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
]
}
Fetch all users details or specific user detail by name
user_name | string Name of the user |
{- "pagination_response": {
- "remaining_count": 0,
- "first_id": 0,
- "last_id": 0
}, - "user": [
- {
- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
]
}
Register a new user
Details of the user
id | integer <int32> ID of the operation |
user_name | string user name to be registered |
email_id | string email id to be registered |
password | string password |
roles | Array of strings (Full list of roles) List of roles or specific role details |
is_blocked | boolean Default: false is user blocked |
created_at | string <date-time> user created time |
organization | string organization information |
address | string user address |
mobile_number | string user mobile number |
location | string user location |
auth_type | string authorization type |
is_active | boolean Default: false is user active |
active_since | string <date-time> user active time |
{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
Update roles of a registered user
Details of the user
id | integer <int32> ID of the operation |
user_name | string user name to be registered |
email_id | string email id to be registered |
password | string password |
roles | Array of strings (Full list of roles) List of roles or specific role details |
is_blocked | boolean Default: false is user blocked |
created_at | string <date-time> user created time |
organization | string organization information |
address | string user address |
mobile_number | string user mobile number |
location | string user location |
auth_type | string authorization type |
is_active | boolean Default: false is user active |
active_since | string <date-time> user active time |
{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
Update the user state blocked or unblocked
Details of the user
user_name | string user name to be updated |
is_blocked | boolean Default: false is user blocked |
{- "user_name": "willsmith",
- "is_blocked": false
}
{- "user_name": "willsmith",
- "is_blocked": false
}
Change password of a registered user
Details of the user
user_name | string user name |
old_password | string old password |
new_password | string new password |
{- "user_name": "willsmith",
- "old_password": "test",
- "new-Password": "test1"
}
{- "user_name": "willsmith",
- "old_password": "test",
- "new-Password": "test1"
}
Reset password of a registered user
Details of the user
password | string password |
{- "password": "test1"
}
{- "message": "passowrd changed successfully"
}
Reset user password
Details of the user
user_name | string user name to be registered |
email_id | string email id to be registered |
{- "user_name": "string",
- "email_id": "string"
}
{- "id": 1,
- "user_name": "willsmith",
- "email_id": "abc@test.com",
- "roles": [
- "SystemAdmin",
- "NetworkOperator"
], - "is_blocked": false,
- "organization": "Extreme Networks",
- "location": "New York",
- "is_active": false
}
Get the detailed output of the given execution ID
id required | string Execution ID |
{- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "parameters": "client add",
- "logs": "logs",
- "command": "client add",
- "status": "Failed, Succeeded"
}
This API will delete the execution entries older than specific number of days
days_older_by required | integer Default: 30 Deletes execution entries older than specified number of days |
{- "code": 0,
- "message": "message"
}
Get the list of all the previous executions
limit required | integer Default: 10 Limit the number of executions that will be sent in the response. Default is 10 |
status | string Default: "all" Filter the executions based on the status(failed/succeeded/all) |
{- "items": [
- {
- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "command": "client add",
- "status": "client add"
}, - {
- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "command": "client add",
- "status": "client add"
}
]
}
Get Execution log list with pagination
object {"group_by":"user_name"} Responses grouped by user name {"filter":[{"name":"user_name","value":"admin"}] Responses filtered by name="admin" {"fuzzy":"ConfigAddUpdate"} Responses searched using fuzzy search "ConfigAddUpdate" |
{- "items": [
- {
- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "command": "client add",
- "status": "client add"
}, - {
- "start_time": "2000-01-23T04:56:07.000Z",
- "end_time": "2000-01-23T04:56:07.000Z",
- "id": "id",
- "command": "client add",
- "status": "client add"
}
]
}
[- {
- "id": 1,
- "name": "tenantname",
- "role": "TenantAdmin",
- "type": "user"
}
]
Add new role mapping
Details of the mapping to be created
name | string Name for the user or group for whom role is to assigned |
role | string Name of the role to be assigned |
type | string Type of the assignment (user or group) |
{- "name": "tenantname",
- "role": "TenantAdmin",
- "type": "user"
}
{- "id": 1,
- "name": "tenantname",
- "role": "TenantAdmin",
- "type": "user"
}