About NX-API
On Cisco Nexus devices, command-line interfaces (CLIs) are run only on the device. NX-API improves the accessibility of these CLIs by making them available outside of the switch by using HTTP/HTTPS. You can use this extension to the existing Cisco Nexus CLI system on the Cisco Nexus 3500 Series devices. NX-API supports show commands, configurations, and Linux Bash.
NX-API supports JSON-RPC, JSON, and XML formats.
Feature NX-API
-
Feature NX-API is required to be enabled for access the device through sandbox.
-
| json on the device internally uses python script to generate output.
-
NX-API can be enabled either on http/https via ipv4:
BLR-VXLAN-NPT-CR-179# show nxapi nxapi enabled HTTP Listen on port 80 HTTPS Listen on port 443 BLR-VXLAN-NPT-CR-179#
-
NX-API is internally spawning third-party NGINX process, which handler receive/send/processing of http requests/response:
nxapi certificate {httpscrt |httpskey} nxapi certificate enable
-
NX-API Certificates can be enabled for https
-
Default port for nginx to operate is 80/443 for http/https respectively. It can also be changed using the following CLI command:
nxapi {http|https} port port-number
Transport
NX-API uses HTTP/HTTPS as its transport. CLIs are encoded into the HTTP/HTTPS POST body.
The NX-API backend uses the Nginx HTTP server. The Nginx process, and all of its children processes, are under Linux cgroup protection where the CPU and memory usage is capped. If the Nginx memory usage exceeds the cgroup limitations, the Nginx process is restarted and restored.
Note |
The Nginx process continues to run even after NX-API is disabled using the |
Message Format
Note |
|
Security
NX-API supports HTTPS. All communication to the device is encrypted when you use HTTPS.
NX-API is integrated into the authentication system on the device. Users must have appropriate accounts to access the device through NX-API. NX-API uses HTTP basic authentication. All requests must contain the username and password in the HTTP header.
Note |
You should consider using HTTPS to secure your user's login credentials. |
You can enable NX-API by using the feature manager CLI command. NX-API is disabled by default.