Cisco ACI Multi-Site REST API

This chapter contains the following sections:

REST API Overview

Cisco ACI Multi-Site REST API is a set of programming interfaces that uses Representational State Transfer (REST) architecture. The API contains resources represented by Uniform Resource Identifiers (URIs), which allow to unambiguously identify each resource. Each URI contains a protocol used to exchange the messages and the resource location string. For example, the https://<mso-ip>/api/v1/schemas URI specifies that the HTTPS protocol is to be used and the schemas resource path relative to the Cisco ACI Multi-Site Orchestrator address.

URIs can refer to a single object or a collection of objects. For example, http://<mso-ip>/api/v1/schemas represents all the schemas that exist in the fabric, whereas http://<mso-ip>/api/v1/schemas/{id} specifies a schema with a specific ID.

When you want to retrieve information or make changes to the fabric, you use API calls to exchange messages between your client and an URI. The messages must be in JavaScript Object Notation (JSON) format, but you can use any programming language to generate and send them.

The following standard REST methods are supported by the Cisco ACI Multi-Site REST API:

  • GET

  • POST

  • PUT

  • DELETE

  • PATCH

The PUT and PATCH methods are idempotent, which means that there is no additional effect if they are called more than once with the same input parameters. The GET method is nullipotent, meaning that it can be called zero or more times without making any changes, in other words it is a read-only operation.

REST API User Roles and Authorization

The Cisco ACI Multi-Site Orchestrator API supports multiple users, each with their own user-specific authorization and set of privileges based on their role. A user can be associated with specific roles for access based on their function and REST endpoints can be restricted based on the user's role. The admin user has unrestricted access. For more information on creating and manager users and their roles, see the Cisco ACI Multi-Site Configuration Guide.

REST API Requests

The Cisco ACI Multi-Site REST API supports a number of standard API calls, which allow you to retrieve information about or make changes to your fabric. A typical REST API operation consists of three elements:

  • Request URL: The address of the resource to which you make the API call.

  • Request message: The JSON-formatted payload that contains the new data you want to add or update. For read-only operation (GET) the request message is empty.

  • Request response: The JSON-formatted response that contains the requested information.

The following sections provide an overview of each call as well as an example JSON payload.

GET Requests

The GET request is a read-only operation that allows you to retrieve information about one or more objects in the fabric. The following example uses a GET request to obtain information about Cisco ACI Multi-Site Orchestrator users, such as their names, contact information, status, and privileges.

Request URL:

https://<mso-ip>/api/v1/users

Request payload:

EMPTY

Request response:

{
    "users": [{
            "id": "5b6380972d0000f85ddea55e",
            "username": "User01",
            "password": "******",
            "firstName": "fName01",
            "lastName": "lName01",
            "emailAddress": "User01@cisco.com",
            "phoneNumber": "098-765-4321",
            "accountStatus": "active",
            "needsPasswordUpdate": true,
            "roles": [{
                    "roleId": "0000ffff0000000000000031"
                }, {
                    "roleId": "0000ffff0000000000000033"
                }, {
                    "roleId": "0000ffff0000000000000035"
                }
            ],
            "domainId": "0000ffff0000000000000090"
        }, {
            "id": "5bb7aabc2c0000f34c7b89f7",
            "username": "User02",
            "password": "******",
            "firstName": "fName02",
            "lastName": "lName02",
            "emailAddress": "User02@cisco.com",
            "phoneNumber": "123-456-7890",
            "accountStatus": "active",
            "needsPasswordUpdate": true,
            "roles": [{
                    "roleId": "0000ffff0000000000000031"
                }, {
                    "roleId": "0000ffff0000000000000032"
                }
            ],
            "domainId": "0000ffff0000000000000090"
        }
    ]
}

POST and PUT Requests

The POST and PUT requests are write operations that allow you to create a new or update an existing object. Keep in mind, that if you are updating an existing object, you must provide the object in its entirety. Any previously existing fields that are missing from the POST payload, will be replaced by an empty string or null.

A PUT request is idempotent, which is the main difference between the PUT and POST requests.

The following example uses a POST request to create a new user. The request response contains the newly created object.

Request URL:

https://<mso-ip>/api/v1/users

Request payload:

{
    "id": "",
    "username": "<username>",
    "password": "<user-pass>",
    "confirmPassword": "<user-pass>",
    "firstName": "<user-first-name>",
    "lastName": "<user-last-name>",
    "emailAddress": "<user-email>",
    "phoneNumber": "<user-phone>",
    "accountStatus": "active",
    "needsPasswordUpdate": true,
    "roles": [{
            "roleId": "0000ffff0000000000000031"
        }
    ]
}

Request response:

{
    "id": "5c40b8832b0000744a77ec1a",
    "username": "<username>",
    "password": "******",
    "firstName": "<user-first-name>",
    "lastName": "<user-last-name>",
    "emailAddress": "<user-email>",
    "phoneNumber": "<user-phone>",
    "accountStatus": "active",
    "needsPasswordUpdate": true,
    "roles": [{
            "roleId": "0000ffff0000000000000031"
        }
    ],
    "domainId": "0000ffff0000000000000090"
}

DELETE Requests

The DELETE request is a write operation that allows you to delete an existing object. A DELETE request does not require a payload and does not return a response.

The following example uses a DELETE request to delete the user we created in the POST example.

Request URL:

https://<mso-ip>/api/v1/users/5c40b8832b0000744a77ec1a

Request payload:

EMPTY

Request response:

EMPTY

PATCH Requests

The PATCH request is a write operation that allow you to update an existing object. The main difference between PATCH and POST or PUT requests is that you can provide only the fields that contain new data rather than the entire object being updated. A PATCH request is neither safe nor idempotent, because a PATCH operation cannot ensure the entire resource has been updated. Also, unlike other API requests, a PATCH request contains instructions on how to modify a resource, rather than a version of the resource itself.


Note

The current release of Cisco ACI Multi-Site Orchestrator supports PATCH requests only for some objects. Check the Swagger API reference to see if an object supports PATCH requests.

When creating PATCH requests, the payload must contain the following:

  • op: the operation to be performed by the request. Currently supported operations are add, remove, or replace.

  • path: the path to the resource that you are updating. The value contains the URI of the resource and the position inside that resource where the information will be added.

    For add operations, the position value can be any positive integer or a dash (-) to specify the end of the schema. For example, /templates/<template-name>/vrfs/- would indicate adding a new VRF at the end of the current list, whereas /templates/<template-name>/vrfs/2 would add the VRF at the second position.

    For replace operations, the position value can also be a the name of the object to replace in addition to the index. For example, /templates/<template-name>/anps/AP1 would replace the application profile named AP1

  • value: the new or updated value or object. For example, {"vrfname" : "vrf1"} would specify a new VRF with the name vrf1.

    You do not need to provide the value field for remove operations.

PATCH API has the following limitations:

  • You cannot use the PATCH API to change a template name, because multiple references in the fabric must be updated. Use PUT request instead.

    Names should not contain the slash (/) character. If the name contains a slash, you cannot use it to access an element in an array and must use the element's index instead.

    Names must not contain numbers only. This limitation is caused by the fact that pure numbers are interpreted as the PATCH index.

    For site local schema objects, refer to the Site ID and Template name combination as <site-id>-<template-name>, for example /sites/5b7d29c2a7fa00a7fae9bbf3-SampleTemplate/epgs

The following two example illustrate how to uses the PATCH requests to add and remove a VRF in a template in an existing schema. The request response contains the entire object that was updated.

Add an Object Using PATCH Request

The following example uses a PATCH request to add a VRF to a template in an existing schema. The request response contains the entire object that was updated.

Original schema:

{
  "id": "5c4b55db1a00003422f2215e",
  "displayName": "SampleSchema",
  "templates": [
    {
      "name": "Template1",
      "displayName": "Template1",
      "tenantId": "0000ffff0000000000000010",
      "anps": [],
      "vrfs": [],
      "bds": [],
      "contracts": [],
      "filters": [],
      "externalEpgs": [],
      "serviceGraphs": [],
      "intersiteL3outs": []
    }
  ]
}

Request URL:

PATCH https://<mso-ip>/api/v1/schemas/5c4b55db1a00003422f2215e

Request payload:

[{
    "op": "add",
    "path": "/templates/Template1/vrfs/-",
    "value": {
        "displayName" : "vrf1",
        "name" : "vrf1" }
}]

Request response:

{
  "id": "5c4b55db1a00003422f2215e",
  "displayName": "SampleSchema",
  "templates": [
    {
      "name": "Template1",
      "displayName": "T1",
      "tenantId": "0000ffff0000000000000010",
      "anps": [],
      "vrfs": [
        {
          "name": "vrf1",
          "displayName": "vrf1",
          "vrfRef": "/schemas/5c4b55db1a00003422f2215e/templates/Template1/vrfs/vrf1",
          "vzAnyProviderContracts": [],
          "vzAnyConsumerContracts": []
        }
      ],
      "bds": [],
      "contracts": [],
      "filters": [],
      "externalEpgs": [],
      "serviceGraphs": [],
      "intersiteL3outs": []
    }
  ]
}

Remove an Object Using PATCH Request (VRF Example)

The following example uses a PATCH request to remove a VRF from a template in an existing schema. The request response contains the entire object that was updated.

Original schema:

{
  "id": "5c4b55db1a00003422f2215e",
  "displayName": "SampleSchema",
  "templates": [
    {
      "name": "Template1",
      "displayName": "T1",
      "tenantId": "0000ffff0000000000000010",
      "anps": [],
      "vrfs": [
        {
          "name": "vrf1",
          "displayName": "vrf1",
          "vrfRef": "/schemas/5c4b55db1a00003422f2215e/templates/Template1/vrfs/vrf1",
          "vzAnyProviderContracts": [],
          "vzAnyConsumerContracts": []
        }
      ],
      "bds": [],
      "contracts": [],
      "filters": [],
      "externalEpgs": [],
      "serviceGraphs": [],
      "intersiteL3outs": []
    }
  ]
}

Request URL:

PATCH https://<mso-ip>/api/v1/schemas/5c4b55db1a00003422f2215e

Request payload:

[{
    "op": "remove",
    "path": "/templates/Template1/vrfs/vrf1"
}]

Request response:

{
  "id": "5c4b55db1a00003422f2215e",
  "displayName": "SampleSchema",
  "templates": [
    {
      "name": "Template1",
      "displayName": "T1",
      "tenantId": "0000ffff0000000000000010",
      "anps": [],
      "vrfs": [],
      "bds": [],
      "contracts": [],
      "filters": [],
      "externalEpgs": [],
      "serviceGraphs": [],
      "intersiteL3outs": []
    }
  ]
}

Remove an Object Using PATCH Request (staticPort Example)

An additional example of using PATCH request to remove a static port.

Original schema:

{
    "id": "601acfed38000070a4ee9ec0",
    "displayName": "Schema1",
    "description": "",
    "templates": [
        {
            "name": "Template1",
            "displayName": "Template 1",
            "tenantId": "0000ffff0000000000000010",
            "anps": [
                {
                    "name": "AP1",
                    "displayName": "AP 1",
                    "anpRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/anps/AP1",
                    "epgs": [
                        {
                            "name": "EPG1",
                            "displayName": "EPG 1",
                            "epgRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/anps/AP1/epgs/EPG1",
                            "contractRelationships": [],
                            "subnets": [],
                            "uSegEpg": false,
                            "uSegAttrs": [],
                            "intraEpg": "unenforced",
                            "prio": "unspecified",
                            "proxyArp": false,
                            "preferredGroup": false,
                            "bdRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/bds/BD1",
                            "vrfRef": "",
                            "selectors": [],
                            "epgType": "application"
                        }
                    ]
                }
            ],
            "vrfs": [
                {
                    "name": "VRF1",
                    "displayName": "VRF 1",
                    "vrfRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/vrfs/VRF1",
                    "l3MCast": false,
                    "preferredGroup": false,
                    "vzAnyEnabled": false,
                    "vzAnyProviderContracts": [],
                    "vzAnyConsumerContracts": [],
                    "rpConfigs": [],
                    "pcEnfPref": "enforced",
                    "ipDataPlaneLearning": "enabled"
                }
            ],
            "bds": [
                {
                    "name": "BD1",
                    "displayName": "BD 1",
                    "bdRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/bds/BD1",
                    "l2UnknownUnicast": "proxy",
                    "intersiteBumTrafficAllow": true,
                    "optimizeWanBandwidth": true,
                    "l2Stretch": true,
                    "subnets": [],
                    "vrfRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/vrfs/VRF1",
                    "unkMcastAct": "flood",
                    "v6unkMcastAct": "flood",
                    "arpFlood": true,
                    "multiDstPktAct": "bd-flood"
                }
            ],
            "contracts": [],
            "filters": [],
            "externalEpgs": [],
            "serviceGraphs": [],
            "intersiteL3outs": [],
            "templateType": "stretched-template",
            "templateSubType": []
        }
    ],
    "_updateVersion": 1,
    "sites": [
        {
            "siteId": "5efceb4a3600002738221157",
            "templateName": "Template1",
            "anps": [
                {
                    "anpRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/anps/AP1",
                    "epgs": [
                        {
                            "epgRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/anps/AP1/epgs/EPG1",
                            "domainAssociations": [],
                            "staticPorts": [
                                {
                                    "type": "port",
                                    "path": "topology/pod-1/paths-101/pathep-[eth1/1]",
                                    "portEncapVlan": 1,
                                    "deploymentImmediacy": "lazy",
                                    "mode": "regular"
                                },
                                {
                                    "type": "port",
                                    "path": "topology/pod-1/paths-102/pathep-[eth1/2]",
                                    "portEncapVlan": 2,
                                    "deploymentImmediacy": "lazy",
                                    "mode": "regular"
                                }
                            ],
                            "staticLeafs": [],
                            "uSegAttrs": [],
                            "subnets": [],
                            "selectors": []
                        }
                    ]
                }
            ],
            "vrfs": [],
            "bds": [],
            "contracts": [],
            "externalEpgs": [],
            "serviceGraphs": [],
            "intersiteL3outs": []
        }
    ]
}

Request URL:

PATCH https://<mso-ip>/api/v1/schemas/601acfed38000070a4ee9ec0

Request payload:

[{
    "op": "remove",
    "path": "/sites/0/anps/0/epgs/0/staticPorts/1"
}]

Request response:

{
    "id": "601acfed38000070a4ee9ec0",
    "displayName": "Schema1",
    "description": "",
    "templates": [
        {
            "name": "Template1",
            "displayName": "Template 1",
            "tenantId": "0000ffff0000000000000010",
            "anps": [
                {
                    "name": "AP1",
                    "displayName": "AP 1",
                    "anpRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/anps/AP1",
                    "epgs": [
                        {
                            "name": "EPG1",
                            "displayName": "EPG 1",
                            "epgRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/anps/AP1/epgs/EPG1",
                            "contractRelationships": [],
                            "subnets": [],
                            "uSegEpg": false,
                            "uSegAttrs": [],
                            "intraEpg": "unenforced",
                            "prio": "unspecified",
                            "proxyArp": false,
                            "preferredGroup": false,
                            "bdRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/bds/BD1",
                            "vrfRef": "",
                            "selectors": [],
                            "epgType": "application"
                        }
                    ]
                }
            ],
            "vrfs": [
                {
                    "name": "VRF1",
                    "displayName": "VRF 1",
                    "vrfRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/vrfs/VRF1",
                    "l3MCast": false,
                    "preferredGroup": false,
                    "vzAnyEnabled": false,
                    "vzAnyProviderContracts": [],
                    "vzAnyConsumerContracts": [],
                    "rpConfigs": [],
                    "pcEnfPref": "enforced",
                    "ipDataPlaneLearning": "enabled"
                }
            ],
            "bds": [
                {
                    "name": "BD1",
                    "displayName": "BD 1",
                    "bdRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/bds/BD1",
                    "l2UnknownUnicast": "proxy",
                    "intersiteBumTrafficAllow": true,
                    "optimizeWanBandwidth": true,
                    "l2Stretch": true,
                    "subnets": [],
                    "vrfRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/vrfs/VRF1",
                    "unkMcastAct": "flood",
                    "v6unkMcastAct": "flood",
                    "arpFlood": true,
                    "multiDstPktAct": "bd-flood"
                }
            ],
            "contracts": [],
            "filters": [],
            "externalEpgs": [],
            "serviceGraphs": [],
            "intersiteL3outs": [],
            "templateType": "stretched-template",
            "templateSubType": []
        }
    ],
    "_updateVersion": 1,
    "sites": [
        {
            "siteId": "5efceb4a3600002738221157",
            "templateName": "Template1",
            "anps": [
                {
                    "anpRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/anps/AP1",
                    "epgs": [
                        {
                            "epgRef": "/schemas/601acfed38000070a4ee9ec0/templates/Template1/anps/AP1/epgs/EPG1",
                            "domainAssociations": [],
                            "staticPorts": [
                                {
                                    "type": "port",
                                    "path": "topology/pod-1/paths-101/pathep-[eth1/1]",
                                    "portEncapVlan": 1,
                                    "deploymentImmediacy": "lazy",
                                    "mode": "regular"
                                }
                            ],
                            "staticLeafs": [],
                            "uSegAttrs": [],
                            "subnets": [],
                            "selectors": []
                        }
                    ]
                }
            ],
            "vrfs": [],
            "bds": [],
            "contracts": [],
            "externalEpgs": [],
            "serviceGraphs": [],
            "intersiteL3outs": []
        }
    ]
}

Preventing Conflicting Configuration Updates

The Multi-Site Orchestrator GUI will ensure that any concurrent updates on the same site or schema object cannot unintentionally overwrite each other. If you attempt to make changes to a site or schema that was updated by another user since you opened it, the GUI will reject any subsequent changes you try to make and present a warning requesting you to refresh the object before making additional changes:

However, the default REST API functionality was left unchanged in order to preserve backward compatibility with existing applications. In other words, while the UI is always enabled for this protection, you must explicitly enable it for your API calls for MSO to keep track of configuration changes.


Note

When enabling this feature, note the following:

  • This release supports detection of conflicting configuration changes for Site and Schema objects only.

  • Only PUT and PATCH API calls support the version check feature.

  • If you do not explicitly enable the version check parameter in your API calls, MSO will not track any updates internally. And as a result, any configuration updates can be potentially overwritten by both subsequent API calls or GUI users.

To enable the configuration version check, you can pass the enableVersionCheck=true parameter to the API call by appending it to the end of the API endpoint you are using, for example: 

https://<mso-ip-address>/mso/api/v1/schemas/<schema-id>?enableVersionCheck=true

Example

We will use a simple example of updating the display name of a template in a schema to show how to use the version check attribute with PUT or PATCH calls.

First, you would GET the schema you want to modify, which will return the current latest version of the schema in the call's response: 

{
    "id": "601acfed38000070a4ee9ec0",
    "displayName": "Schema1",
    "description": "",
    "templates": [
        {
            "name": "Template1",
            "displayName": "current name",
            [...]
        }
    ],
    "_updateVersion": 12,
    "sites": [...]
}

Then you can modify the schema in one of two ways appending enableVersionCheck=true to the request URL:


Note

You must ensure that the value of the "_updateVersion" field in the payload is the same as the value you got in the original schema.

  • Using the PUT API with the entire updated schema as payload: 

    PUT /v1/schemas/601acfed38000070a4ee9ec0?enableVersionCheck=true
    {
    "id": "601acfed38000070a4ee9ec0",
    "displayName": "Schema1",
    "description": "",
    "templates": [
        {
            "name": "Template1",
            "displayName": "new name",
            [...]
        }
    ],
    "_updateVersion": 12,
    "sites": [...]
}

  • Using any of the PATCH API operations to make a specific change to one of the objects in the schema: 

    PATCH /v1/schemas/601acfed38000070a4ee9ec0?enableVersionCheck=true
    [ 
    {
        "op": "replace", 
        "path": "/templates/Template1/displayName", 
        "value": "new name",
        "_updateVersion": 12
    }
]

When the request is made, the API will increment the current schema version by 1 (from 12 to 13) and attempt to create the new version of the schema. If the new version does not yet exist, the operation will succeed and the schema will be updated; if another API call (with enableVersionCheck enabled) or the UI have modified the schema in the meantime, the operation fails and the API call will return the following response: 

{
    "code": 400,
    "message": "Update failed, object version in the DB has changed, refresh your client and retry"
}

REST API Reference (OpenAPI/Swagger)

Cisco ACI Multi-Site Orchestrator uses OpenAPI (also known as Swagger) to provide a complete API reference for developers linked directly from the Orchestrator's GUI. OpenAPI allows you to visualize and interact with the API's resources. The direct connection from the reference document to the live Orchestrator API provides an easy way to write and test simple request directly from the OpenAPI reference UI.

  • APIC Information API: Allows you to query the Cisco APIC sites directly for specific information, such as Pods, Tenants, VMM domains, L3Outs, and so on. This API is part of the site API.

  • Audit API: Allows you to access Cisco ACI Multi-Site Orchestrator's audit logs and query for information, such as records and users, as well as download all or specific records.

  • Backup API: Allows you to create, update, delete, or restore a backup of Cisco ACI Multi-Site Orchestrator configuration, as well as schedule a backup.

  • Deployment API: Allows you to deploy the Schemas and Templates directly to sites using SiteId and TemplateName.

  • Fabric Connectivity API: Allows you to query for fabric connectivity, connectivity status, multipod information, and so on. This API is part of the site API.

  • Infrastructure Logs API: Allows you to query for infrastructure and platform logs. This API is part of the platform API.

  • Platform API: Allows you to query for information about platform nodes and labels.

  • Policy Report API: Allows you to query for policy deployment reports. This API is part of the platform API.

  • Schema API: Allows you to create, update, patch, or delete schemas, as well as query for information associated with a schema.

  • Site API: Allows you to create, update, patch, or delete sites. This API is part of the site API.

  • Tenant API: Allows you to create, update, patch, or delete tenants, as well as query for information associated with a tenant. This API is part of the schema API.

  • User API: Allows you to create, update, or delete users, update user roles, and configure authentication providers, such as LDAP, TACACs, or RADIUS.

Accessing OpenAPI Reference

This section describes how to access the OpenAPI (Swagger) reference documentation from your Cisco ACI Multi-Site Orchestrator.

Procedure

Step 1

Log in to your Cisco ACI Multi-Site Orchestrator.

Step 2

In the top right corner of the main window, click the Options icon.

Step 3

Choose View Swagger Docs.

Step 4

In the Swagger APIs window that opens, select the API that you want to view

For more information on each of the listed APIs, see REST API Reference (OpenAPI/Swagger)

.

What to do next

The OpenAPI reference provides a simple, visual representation of the Cisco ACI Multi-Site REST API. It also allows you to create and test simple API requests directly on your fabric. The following two sections provide examples that will help you to get started working with Cisco ACI Multi-Site Orchestrator API and OpenAPI reference.

Using OpenAPI for Authentication

The following example shows how to use the OpenAPI GUI to provide your login credentials to log in to the Orchestrator and receive an authentication token for use in any subsequent REST API requests.

Before you begin

Procedure

Step 1

Navigate to the User API reference as described in Accessing OpenAPI Reference, or you can open your browser to <mso-ip>/docs/userdocs#/ after logging into the Orchestrator.

Step 2

Scroll down to Authentication APIs section.

Step 3

Click the POST /api/v1/auth/login row to expand the section.

Step 4

Click the Try it out button.

Step 5

Edit the POST request message

Step 6

Click Execute to send the request.

Step 7

If the request was successful, you will be able to see the server response and get the authentication token you can use in future requests.

Using OpenAPI to Manage Users

The following example shows how to use the OpenAPI GUI to send and receive sample REST requests to create, modify, and then delete a user.

Before you begin

You must obtain an authentication token as described in Using OpenAPI for Authentication.

Procedure

Step 1

Navigate to the User API reference as described in Accessing OpenAPI Reference, or you can open your browser to <mso-ip>/docs/userdocs#/ after logging into the Orchestrator.

Step 2

Scroll down to User APIs section.

Step 3

Click the POST /api/v1/users row and then Try it out.

Step 4

Edit the POST request message and then click Execute.

In the following sample post, provide the ID of the user you have created in previous steps.
{
  "id": "string",
  "username": "jsmith",
  "password": "welc0me!",
  "firstName": "John",
  "lastName": "Smith",
  "emailAddress": "jsmith@company.com",
  "phoneNumber": "123-456-7890",
  "accountStatus": {},
  "needsPasswordUpdate": 0,
  "roles": [
    {
      "roleId": "0000ffff0000000000000031"
    }
  ],
  "domainId": "0000ffff0000000000000090",
  "remote": false,
  "active": false
}
Step 5

If the request is successful, you will receive a response XML message containing the ID of the user that you created.

You can verify that the new user was created by logging into your Cisco ACI Multi-SiteOrchestrator GUI and checking the Users page.

Step 6

Now click on PATCH /api/v1/users/{id} and then Try it out.

In the following sample post, provide the ID of the user you created in previous steps as well as any details you wish to update. 

{
  "id": "<user-id>",
  "emailAddress": "johnsmith@company.com",
}
Step 7

If the request is successful, you will receive a response XML message containing the updated user details.

You can verify that the user was updated by logging into your Cisco ACI Multi-SiteOrchestrator GUI and checking the Users page.

Step 8

Now click on DELETE /api/v1/users/{id} and then Try it out.

Step 9

Provide the ID of the user you created in previous steps and click Exectue.

You can verify that the user was delete by logging into your Cisco ACI Multi-SiteOrchestrator GUI and checking the Users page.

Using In-Browser DevTools to View REST API Calls

Cisco ACI Multi-SiteOrchestrator is fully RESTful, as such each action performed in the GUI triggers one or more REST API calls to retrieve the fabric information to be displayed or to make changes to the fabric. You can view these API calls using the built-in developer tools in your browser of choice. Inspecting API calls associated with one or more UI actions may be useful for becoming familiar with the specific call syntax and contents.

This section describes how to access developer tools in your browser.

Procedure

Step 1

Open the built-in browser developer tools.

  1. If you are using Google Chrome, right click in the main browser window and choose Inspect.

  2. If you are using Mozilla Firefox, right click in the main browser window and choose Inspect Element.

  3. If you are using Microsoft Edge, right click in the main browser window and choose Inspect Element.

  4. If you are using Apple Safari, you must first enable the Develop menu.

    From the top menu bar, choose Safari > Preferences. Then select the Advanced tab and check the Show Develop menu in menu bar checkbox.

    Finally, open the developer tools pane by choosing Develop > Show Web Inspector from the top menu bar.

A developer tools panel will open in the main browser window alongside the current page.
Step 2

In the developer tools panel that opens, select the Network tab.

Step 3

Navigate to your Multi-Site Orchestrator and log in.
Step 4

Perform an action in the Multi-Site GUI to trigger one or more API calls.

You will be able to see the calls as they are being made by the browser to the Multi-Site Orchestrator.

Note 

You may want to clear the list before performing an action by clicking Clear button in the Network tab's menu bar.

Step 5

(Optional) Filter the list of API calls to view the relevant ones.

You can filter the list to display only the REST API calls by clicking the XHR button in the Network tab's menu bar.

Step 6

(Optional) Sort the list of API calls to group similar ones.

You can click on the column title to sort the network calls based on the property.
Step 7

Select one of the listed API calls to inspect its content.

When you select one of the calls, you can view its details in the pane that opens:

  • Headers tab shows the general, request, and response headers for the selected API call. You can view the call's request method, such as GET or POST, the remote address, authorization token, and the cookies.

  • Preview tab shows the XML text of the call sent to the server.

  • Response tab shows the XML text of the response received from the server.

  • Cookies tab shows the cookie information.

What to do next

For in-depth information on each browser's developer tools and their capabilities, see their respective documentation:

Using In-Browser DevTools to Work with REST API Calls

This section illustrates some simple examples of using browser tools to view, modify, and re-send REST API calls. The examples presented here use Google Chrome, however the steps are similar for other browsers. Accessing each browser's developer tools is described in Using In-Browser DevTools to View REST API Calls.

When you perform an action in the Cisco ACI Multi-Site Orchestrator GUI with DevTools open, you can see a list of the API calls made by the GUI to the Orchestrator. From there on, you can select each individual call to inspect its request and response contents.

For example, if you click on the Schemas view in the left-hand navigation sidebar of the GUI, two calls are made to /api/v1/schemas – one to get a list of schemas and another to get a list of tenants for each schema:

Figure 1. Schemas API Calls

If you then select one of the calls, for example tenants, you can view the call details, such as the request method, request URL, authentication token, and so on. The response tab provides the exact XML string received in response to the call.

If you right-click on any of the listed API calls, you can choose to copy the call in any of the available formats:

Figure 2. Copy API Call

For example, you can choose to copy the request as cURL, which you can then execute in 3rd party scripts:

curl "https://172.31.187.59/api/v1/schemas/tenants" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1Mzg3NjkyNjcsImlhdCI6MTUzODc2ODA2NywiaXNzIjoiNDRiMGNlZjI1MTgzNDE3YTk5MDJhODg1MmFhNzhhZmUiLCJ1c2VySWQiOiIwMDAwZmZmZjAwMDAwMDAwMDAwMDAwMjAiLCJ1c2VybmFtZSI6ImFkbWluIiwicGVybWlzc2lvbnMiOlsidmlldy1zaXRlcyIsIm1hbmFnZS1zaXRlcyIsInZpZXctdGVuYW50cyIsIm1hbmFnZS10ZW5hbnRzIiwidmlldy10ZW5hbnQtc2NoZW1hcyIsIm1hbmFnZS10ZW5hbnQtc2NoZW1hcyIsInZpZXctc2NoZW1hcyIsIm1hbmFnZS1zY2hlbWFzIiwidmlldy11c2VycyIsIm1hbmFnZS11c2VycyIsInZpZXctcm9sZXMiLCJtYW5hZ2Utcm9sZXMiLCJ2aWV3LWxhYmVscyIsIm1hbmFnZS1sYWJlbHMiLCJwbGF0Zm9ybS1sb2dzIiwiYmFja3VwLWRiIiwidmlldy1hbGwtYXVkaXQtcmVjb3JkcyIsIm1hbmFnZS1hdWRpdC1yZWNvcmRzIl19.BDVrkImuIaX57aG0gfWUsXE5NVJPq2FGKP289XCjHRw" -H "DNT: 1" -H "Accept-Encoding: gzip, deflate, br" -H "Accept-Language: en-US,en;q=0.9" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" -H "Content-Type: application/json" -H "Accept: application/json" -H "Referer: https://172.31.187.59/schemas" -H "Connection: keep-alive" --compressed --insecure

Another example would be the users API which is called when you select the Users view. The GUI retrieves the list of users using the following corresponding cURL request: 

curl "https://172.31.187.59/api/v1/users" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1Mzg3Njk1NzAsImlhdCI6MTUzODc2ODM3MCwiaXNzIjoiMThhNWM3MWNiNmM1NGMwNmFjNDIzYTI5ZWNiNWI5NzAiLCJ1c2VySWQiOiIwMDAwZmZmZjAwMDAwMDAwMDAwMDAwMjAiLCJ1c2VybmFtZSI6ImFkbWluIiwicGVybWlzc2lvbnMiOlsidmlldy1zaXRlcyIsIm1hbmFnZS1zaXRlcyIsInZpZXctdGVuYW50cyIsIm1hbmFnZS10ZW5hbnRzIiwidmlldy10ZW5hbnQtc2NoZW1hcyIsIm1hbmFnZS10ZW5hbnQtc2NoZW1hcyIsInZpZXctc2NoZW1hcyIsIm1hbmFnZS1zY2hlbWFzIiwidmlldy11c2VycyIsIm1hbmFnZS11c2VycyIsInZpZXctcm9sZXMiLCJtYW5hZ2Utcm9sZXMiLCJ2aWV3LWxhYmVscyIsIm1hbmFnZS1sYWJlbHMiLCJwbGF0Zm9ybS1sb2dzIiwiYmFja3VwLWRiIiwidmlldy1hbGwtYXVkaXQtcmVjb3JkcyIsIm1hbmFnZS1hdWRpdC1yZWNvcmRzIl19.CNs-nM3V73CBcYRBHqgfwtx3tAW5a9wsnMHqkKDGjDE" -H "DNT: 1" -H "Accept-Encoding: gzip, deflate, br" -H "Accept-Language: en-US,en;q=0.9" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" -H "Content-Type: application/json" -H "Accept: application/json" -H "Referer: https://172.31.187.59/users" -H "Connection: keep-alive" --compressed --insecure

And the request returns a JSON-formatted XML message similar to the following:

{
    "users": [{
            "id": "59f17fe7120000da00bf0d11",
            "username": "max-usermgr",
            "password": "******",
            "firstName": "firstName",
            "lastName": "lastName",
            "emailAddress": "email@domain.com",
            "phoneNumber": "7474747477",
            "accountStatus": "active",
            "needsPasswordUpdate": false,
            "roles": [{
                    "roleId": "0000ffff0000000000000035"
                }
            ],
            "domainId": "0000ffff0000000000000090"
        }, {
            "id": "59f17f9e0e00001701000326",
            "username": "max-schemamgr",
            "password": "******",
            "firstName": "firstName",
            "lastName": "lastName",
            "emailAddress": "email@domain.com",
            "phoneNumber": "34343442234",
            "accountStatus": "active",
            "needsPasswordUpdate": false,
            "roles": [{
                    "roleId": "0000ffff0000000000000033"
                }
            ],
            "domainId": "0000ffff0000000000000090"
        }, {
            "id": "59f17f6b120000eb00bf0d10",
            "username": "max-sitemgr",
            "password": "******",
            "firstName": "firstName",
            "lastName": "lastName",
            "emailAddress": "email@domain.com",
            "phoneNumber": "3838833838",
            "accountStatus": "active",
            "needsPasswordUpdate": false,
            "roles": [{
                    "roleId": "0000ffff0000000000000032"
                }
            ],
            "domainId": "0000ffff0000000000000090"
        }
    ]
}

Modifying Examples and Making Changes to the Fabric

In addition to being able to retrieve information about your Cisco ACI Multi-Site environment using the REST API, you can use it to make changes.

For instance, if instead of viewing the users, you create one in the GUI, you can then copy the call as an example, modify it, and then use the modified call in your 3rd party script to create or update user accounts. Below is a sample cURL command to create a user along with the XML POST contents: 

curl "https://172.31.187.59/api/v1/users" -H "Origin: https://172.31.187.59" -H "Accept-Encoding: gzip, deflate, br" -H "Accept-Language: en-US,en;q=0.9" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1Mzg3Njk1NzAsImlhdCI6MTUzODc2ODM3MCwiaXNzIjoiMThhNWM3MWNiNmM1NGMwNmFjNDIzYTI5ZWNiNWI5NzAiLCJ1c2VySWQiOiIwMDAwZmZmZjAwMDAwMDAwMDAwMDAwMjAiLCJ1c2VybmFtZSI6ImFkbWluIiwicGVybWlzc2lvbnMiOlsidmlldy1zaXRlcyIsIm1hbmFnZS1zaXRlcyIsInZpZXctdGVuYW50cyIsIm1hbmFnZS10ZW5hbnRzIiwidmlldy10ZW5hbnQtc2NoZW1hcyIsIm1hbmFnZS10ZW5hbnQtc2NoZW1hcyIsInZpZXctc2NoZW1hcyIsIm1hbmFnZS1zY2hlbWFzIiwidmlldy11c2VycyIsIm1hbmFnZS11c2VycyIsInZpZXctcm9sZXMiLCJtYW5hZ2Utcm9sZXMiLCJ2aWV3LWxhYmVscyIsIm1hbmFnZS1sYWJlbHMiLCJwbGF0Zm9ybS1sb2dzIiwiYmFja3VwLWRiIiwidmlldy1hbGwtYXVkaXQtcmVjb3JkcyIsIm1hbmFnZS1hdWRpdC1yZWNvcmRzIl19.CNs-nM3V73CBcYRBHqgfwtx3tAW5a9wsnMHqkKDGjDE" -H "Content-Type: application/json" -H "Accept: application/json" -H "Referer: https://172.31.187.59/users/create" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" -H "Connection: keep-alive" -H "DNT: 1" --data-binary "^{^\^"lastName^\^":^\^"lastName^\^",^\^"needsPasswordUpdate^\^":true,^\^"username^\^":^\^"newUserName^\^",^\^"phoneNumber^\^":^\^"1234567890^\^",^\^"emailAddress^\^":^\^"email^@domain.com^\^",^\^"id^\^":^\^"^\^",^\^"firstName^\^":^\^"firstName^\^",^\^"confirmPassword^\^":^\^"passw0rd^#^\^",^\^"password^\^":^\^"passw0rd^#^\^",^\^"accountStatus^\^":^\^"active^\^",^\^"roles^\^":^[^{^\^"roleId^\^":^\^"0000ffff0000000000000031^\^"^},^{^\^"roleId^\^":^\^"0000ffff0000000000000032^\^"^}^]^}" --compressed --insecure

And this is the contents of the POST call to create a user: 

{
    "id": "5bb7be240f00008206d3f137",
    "username": "newUserName",
    "password": "******",
    "firstName": "firstName",
    "lastName": "lastName",
    "emailAddress": "email@domain.com",
    "phoneNumber": "1234567890",
    "accountStatus": "active",
    "needsPasswordUpdate": true,
    "roles": [{
            "roleId": "0000ffff0000000000000031"
        }, {
            "roleId": "0000ffff0000000000000032"
        }
    ],
    "domainId": "0000ffff0000000000000090"
}