Release Notes for the Cisco ASA Series REST API
First Published: May 26, 2021
This document contains release information for Cisco ASA REST API.
 Note |
Following the release of ASA REST API version 1.3.2-346, the API version numbering scheme was changed to match Cisco ASDM version numbering. |
System Requirements
For information about REST API software and hardware requirements and compatibility, see Cisco ASA Compatibility.
Note |
The ASA 5506-X series does not support concurrently running the REST API and the FirePOWER module Version 6.0 or later. If necessary, disable the ASA REST API using the “no rest-api agent” command. |
Installing and Enabling the ASA REST API Agent
The REST API Agent is published individually with other ASA images on cisco.com. For physical ASAs, the REST API package must be downloaded to the device’s flash and installed using the “rest-api image” command. The REST API Agent is then enabled using the “rest-api agent” command.
With a virtual ASA (ASAv), the REST API image must be downloaded to the “boot:” partition. You must then issue the “rest-api image” command, followed by the “rest-api agent” command, to access and enable the REST API Agent.
You can download the appropriate REST API package for your ASA or ASAv from software.cisco.com/download/home. Locate the specific Adaptive Security Appliances (ASA) model and then choose Adaptive Security Appliance REST API Plugin.
The REST API Agent is a Java-based application. The Java Runtime Environment (JRE) is bundled in the REST API Agent package.
Usage Guidelines
Important |
You must include the header |
In multi-context mode, the REST API Agent commands are available only in the System context.
Maximum Supported Configuration Size
The ASA Rest API is an “on-board” application running inside the physical ASA, and as such has a limitation on the memory allocated to it. Maximum supported running configuration size has increased over the release cycle to approximately 2 MB on recent platforms such as the 5555, 5585, and 4100 Series.
.
The ASA Rest API also has memory constraints on the virtual ASA platforms. Total memory on the ASAv5 can be 1.5 GB,while on the ASAv10 it is 2 GB. The Rest API limits are 450 KB and 500 KB for the ASAv5 and ASAv10, respectively.
Therefore, be aware that large running configurations can produce exceptions in various memory-intensive situations such as a large number of concurrent requests, or large request volumes. In these situations, Rest API GET/PUT/POST calls may begin failing with 500 - Internal Server Error messages, and the Rest API Agent will restart automatically each time.
The workarounds to this situation are either move to higher-memory ASA/FPR or ASAV platforms, or reduce the size of the running configuration.
Restoring a Back-up Configuration
Restoring a full back-up configuration on the ASA using the REST API will reload the ASA. This is a limitation which will be addressed in a future release.
As an alternative, follow these steps to restore a full back-up:
Procedure
| Step 1 |
Open the ASA REST API Documentation & Console page. 
|
| Step 2 |
Use the POST command on the CLI tab with the following payload: where The target request address is |
New Features
This section lists new features for each release.
New Features in ASA REST API 7.16(x)
Released: May 26, 2021
No new features were added. This release is only a renumber release to accompany ASA 9.16.
New Features in ASA REST API 7.15(x)
Released: November 5, 2020
No new features were added. This release is only a renumber release to accompany ASA 9.15.
New Features in ASA REST API 7.14(x)
Released: April 1, 2020
ASA REST API Version 7.14(1) contains bug fixes only; no new features were added.
New Features in ASA REST API 7.13(x)
Released: September 25, 2019
ASA REST API Version 7.13(1) contains bug fixes only; no new features were added.
New Features in ASA REST API 1.3(x)
New Features in ASA REST API 1.3(2)-346
Released: February 28, 2019
ASA REST API image 1.3.2-346 is a special patch that provides key changes related to authorization, and addresses a few bugs.
This release is backward compatible and upgrading to this version is recommended.
ASA REST API image 1.3.2-346 or later is the minimum required version for compatibility with these ASA versions:
-
9.12.1 or later
-
9.10.1.11 or later
-
9.6.4.22 or later
-
9.4.4.31 or later
New Features in ASA REST API 1.3(2)-325
Released: August 8, 2018
ASA REST API Version 1.3(2)-325 contains bug fixes only; no new features were added.
New Features in ASA REST API 1.3(2)-320
Released: July 16, 2018
ASA REST API Version 1.3(2)-320 contains bug fixes only; no new features were added.
New Features in ASA REST API 1.3(2)-308
Released: May 18, 2018
ASA REST API Version 1.3(2)-308 contains bug fixes only; no new features were added.
New Features in ASA REST API 1.3(2)-221
Released: March 9, 2018
ASA REST API Version 1.3(2)-221 contains bug fixes only; no new features were added.
New Features in ASA REST API 1.3(2)-200
Released: November 21, 2017
ASA REST API Version 1.3(2)-200 contains bug fixes only; no new features were added.
New Features in ASA REST API 1.3(2)-100
Released: February 16, 2017
The response type of /api/certificate/details was changed from the CertificateDetails object to a list of CertificateDetails. Scripts utilizing this API will need to be modified accordingly.
New Features in ASA REST API 1.3(2)
Released: August 22, 2016
ASA REST API Version 1.3(2) contains bug fixes only; no new features were added.
New Features in ASA REST API 1.3(1)
Released: March 21, 2016
The following are the new features for ASA REST API Version 1.3(1).
-
Application Protocol inspection—We added support for the ESMTP and SNMP protocol inspections:
-
Certificate Management—We added support for generating and managing key pairs, identity certificates and Certificate Authority (CA) certificates
-
TLS Proxy—We added support for TLS Proxy configuration.
New Features in ASA REST API 1.2(x)
New Features in ASA REST API 1.2(2)200
Released: February 9, 2016
This release provides a fix for the following bug: CSCux92088 Increase the limit of bulk api request entries to 1000.
New Features in ASA REST API 1.2(2)
Released: November 30, 2015
We added support for the following features:
-
Smart Licensing
-
IP Audit
-
Additional inspections: FTP, NetBIOS, RTSP, SIP, SQL*Net
-
ASA serial number querying
New Features in ASA REST API 1.2(1)
Released: August 11, 2015
We added support for the following features:
-
Monitoring support for multi-context mode
-
DHCP server and relay agents
-
DNS
-
Protocol Timeout (PTO)
-
GTP
-
IP Options
New Features in ASA REST API 1.1(x)
New Features in ASA REST API 1.1(2)
Released: July 14, 2015
We introduced support for the ASA security module on the Firepower 9300.
New Features in ASA REST API 1.1(1)
Released: March 23, 2015
The following are the new features for ASA REST API Version 1.1(1)/ASDM Version 7.4(1).
-
Token-based authentication (in addition to existing basic authentication)—Client can send log-in request to a specific URL; if successful, a token is returned (in response header). Client then uses this token (in a special request header) for sending additional API calls. The token is valid until explicitly invalidated, or the idle/session timeout is reached.
-
Limited multiple-context support—The REST API agent can now be enabled in multi-context mode; the CLI commands can be issued only in the system context.
Pass-through CLI API commands can be used to configure any context, as follows.
https://<asa_admin_context_ip>/api/cli?context=<context_name>
If the context parameter is not present, it is assumed that the request is directed to the admin context.
-
Application Protocol inspection—We added support for the following inspections:
-
DNS over UDP
-
HTTP
-
ICMP
-
ICMP ERROR
-
RTSP
-
DCERPC
-
IP Options
-
-
Connection limits
-
Backup and restore
-
NTP
-
Write memory—We added support for saving the running configuration (write memory ).
New Features in ASA REST API 1.0(1)
Released: December 18, 2014
The following are the new features for ASA REST API Version 1.0(1)/ASDM Version 7.4(1).
-
We introduced support for the following ASA features:
-
Interface configuration
-
Licensing (Permanent and Activation Key Licenses), Shared Secret License
-
Management Access
-
Static Routing
-
AAA
-
Access Rules
-
NAT (Twice NAT and Object NAT)
-
Service Policy
-
Objects (network objects/groups, service objects/groups, time ranges, security groups)
-
Failover
-
Logging
-
Site-to-Site VPN
-
Monitoring
-
-
Bulk API—The Bulk API is optimal for loading or deleting large sets of data.
-
CLI pass-through or Generic CLI command executor API—Supports pass-through CLI for ASA features that are not supported in the API.
Open and Resolved Bugs
The open and resolved bugs are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.
Note |
You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account. If you do not have a Cisco support contract, you can only look up bugs by ID; you cannot run searches. |
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
Open and Resolved Bugs in 7.16(x)
There are no open or resolved bugs for this release.
Open and Resolved Bugs in 7.15(x)
There are no open or resolved bugs for this release.
Open and Resolved Bugs in 7.14(x)
Open Bugs in 7.14(1)
None.
Resolved Bugs in 7.14(1)
|
Bug ID |
Title |
|---|---|
|
Not able to push TCP TIMEOUT info under policy-map using REST API |
|
|
Duplicate objects error while configuring objects and ACL using Rest API feature. |
Open and Resolved Bugs in 7.13(x)
Open Bugs in 7.13(1)
None.
Resolved Bugs in 7.13(1)
|
Bug ID |
Title |
|---|---|
|
ASA Rest-API -CT1660 SEC-WEB-XSS-2: Prevent cross-site scripting vulnerabilities in doc page |
|
|
Missing X-Content-Type-Options in Rest-API header |
|
|
Empty responses for the REST-API GET queries even status code is 200 |
|
|
500 internal server error while trying to add user using REST-API |
|
|
REST-API: Block Spyker/5512/5515 device types |
Open and Resolved Bugs in 1.3(x)
The following topics list the open and resolved bugs for the various 1.3(x) versions.
Open and Resolved Bugs in 1.3(2)-346
Open Bugs in 1.3(2)-346
|
Bug ID |
Title |
|---|---|
|
ASA Rest-API -CT1660 SEC-WEB-XSS-2: Prevent cross-site scripting vulnerabilities in doc page |
|
|
Missing X-Content-Type-Options in Rest-API header |
Resolved Bugs in 1.3(2)-346
|
Bug ID |
Title |
|---|---|
|
DOC - "User-Agent: REST API Agent" in all the REST calls from is now required |
|
|
Rest agent unable to lookup privilege for usernames with '/' characters |
|
|
Rest-api: Deleting network object deletes the auto NAT entry but rest-API shows the nat in GETALL |
|
|
REST-API on ASA fails with SERVER ERROR when pushing extensive group-policy configuration |
|
|
Need to check the versioning between ASA 9.9.2 and ASA 9.10.1 |
|
|
Bulk API returns different code for some requests |
Open and Resolved Bugs in 1.3(2)-325
Open Bugs in 1.3(2)-325
|
Bug ID |
Title |
|---|---|
|
ASA REST-API only one extended access-list returned |
|
|
REST-API: restore POST reloads the ASA. |
Resolved Bugs in 1.3(2)-325
|
Bug ID |
Title |
|---|---|
|
“Specified remark does not exist\n” shown when body of the PATCH method contains multiple actions |
Open and Resolved Bugs in 1.3(2)-320
Open Bugs in 1.3(2)-320
|
Bug ID |
Title |
|---|---|
|
Cannot create a rule via REST-API that references a non-existent service object type of “tcp-udp” |
Resolved Bugs in 1.3(2)-320
|
Bug ID |
Title |
|---|---|
|
“Specified remark does not exist\n” error message shown if a rule with multiline remarks is changed |
Open and Resolved Bugs in 1.3(2)-308
Open Bugs in 1.3(2)-308
|
Bug ID |
Title |
|---|---|
|
REST-API Login: Fallback Authentication does not work |
Resolved Bugs in 1.3(2)-308
|
Bug ID |
Title |
|---|---|
|
REST API - not supporting user-configured OG protocol argument for PATCH method |
|
|
ASA REST API Agent failed, reason: OUTOFMEMORY_CONDITION_OCCURED |
|
|
Increase max heap memory allocation |
Open and Resolved Bugs in 1.3(2)-221
Open Bugs in 1.3(2)-221
|
Bug ID |
Title |
|---|---|
|
REST-API: /api/restore POST method reboots the ASA |
|
|
ASA Rest API agent in multicontext mode may throw error: NOT_AVAILABLE_IN_SINGLE_CONTEXT |
|
|
Rest-API queries return “Resource-not-found” for existing resources |
|
|
ASA REST-API gives incomplete responses for extended ACL entries GET request |
Resolved Bugs in 1.3(2)-221
|
Bug ID |
Title |
|---|---|
|
ASA REST-API shows NAT rule even though it was deleted from configuration |
Open and Resolved Bugs in 1.3(2)-200
Open Bugs in 1.3(2)-200
|
Bug ID |
Title |
|---|---|
|
Not able to query REST API, Internal server error 500 |
|
|
ASA REST API gives incomplete responses for extended ACL entries GET request |
|
|
REST API does not report an error while it fails to delete object-group |
Resolved Bugs in 1.3(2)-200
|
Bug ID |
Title |
|---|---|
|
ASA REST API Agent failed, reason: OUTOFMEMORY_CONDITION_OCCURED |
|
|
Unable to configure access-list with service-object having numeric name through REST API |
|
|
Deleting network object deletes the NAT entry but REST API doesn't show deletion |
|
|
After upgrading ASA from 9.5 to 9.6.2, compliance status is not readable via REST API |
Open and Resolved Bugs in 1.3(2)-100
Open Bugs in 1.3(2)-100
None.
Resolved Bugs in 1.3(2)-100
|
Bug ID |
Title |
|---|---|
|
ASA REST API not working on trustpoint with both Identity and CA certs |
Open and Resolved Bugs in 1.3(2)
Open Bugs in 1.3(2)
|
Bug ID |
Title |
|---|---|
|
ASA REST API not working on trustpoint with both Identity and CA certs |
Resolved Bugs in 1.3(2)
|
Bug ID |
Title |
|---|---|
|
ikev2globalparams - Maximum number of SAs out of range |
|
|
/api/licensing/smart/asav/info returns 500 error on ASAv 9.5.2.200 |
|
|
Duplicate error message is not coming in response. |
|
|
ASA REST API: /cli api fail in System context by authentication fail. |
|
|
500 error when sending multiple requests to /api/cli?context=system |
|
|
REST-API does not create ACL remarks |
Open and Resolved Bugs in 1.3(1)
Open Bugs in 1.3(1)
|
Bug ID |
Title |
|---|---|
|
ikev2globalparams - Maximum number of SAs out of range |
|
|
/api/licensing/smart/asav/info returns 500 error on ASAv 9.5.2.200 |
Resolved Bugs in 1.3(1)
|
Bug ID |
Title |
|---|---|
|
When bulk API fails, no error message is returned |
|
|
/licensing/smart/asav: changing licenseServerUrl results in 500 error |
|
|
Can’t setup multiple default routes on different interfaces with same metric |
End-User License Agreement
For information on the end-user license agreement, go to http://www.cisco.com/go/warranty.
Related Documentation
For additional information on the ASA, see Navigating the Cisco ASA Series Documentation.
Feedback