Authentication Cheatsheet¶

Webex Teams (python requests)¶

1. Create a bot, get a token for the bot which is good for 100 years.
2. Include the token in an Authorization header Bearer {token}

headers['Authorization'] = f"Bearer {token}"

Webex Teams (SDK)¶

1. Create a bot, get a token for the bot which is good for 100 years.

api = WebexTeamsAPI(access_token=token)

Meraki¶

1. Go to organization settings and make sure API Access is enabled
2. Go to your profile and generate a key
3. Set a header called X-Cisco-Meraki-API-Key with the API key in it

headers['X-Cisco-Meraki-API-Key'] = {api_key}

DNA Center¶

1. Issue POST request using HTTP Basic authentication with userid/password.
2. Get back a token that you should populate into a header field called X-Auth-Token on subsequent requests

import requests
from requests.auth import HTTPBasicAuth

username = "devnetuser"
password = "Cisco123!"
hostname = "sandboxdnac2.cisco.com"

auth = HTTPBasicAuth(username, password)

login_url = f"https://{hostname}/dna/system/api/v1/auth/token"

resp = requests.post(login_url, headers=headers, auth=auth)
token = resp.json()['Token']

headers['X-Auth-Token'] = token

DNA Center SDK¶

1. Create a DNACenter object passing it username/password as arguments

from dnacentersdk import api

dnac = api.DNACenterAPI(username="devnetuser",
                        password="Cisco123!",
                        base_url="https://sandboxdnac2.cisco.com")

Intersight¶

1. Generate an API Key ID and Secret from the dashboard.
2. Use the IntersightAuth module to handle the signing of the headers + content
3. Add the encrypted auth object to the auth parameter in requests

from intersight_auth import IntersightAuth
auth = IntersightAuth(secret_key_filename=key_file, api_key_id=api_key_id)

requests.get("https://intersight.com/api/v1/compute/PhysicalSummaries", auth=auth)

Intersight SDK¶

1. Pass the private_key and api_key_id obtained from the dashboard into an InterSightApiClient instance.

api_instance = IntersightApiClient(
    "https://intersight.com/api/v1",
    private_key="SecretKey.txt",
    api_key_id = "5eaf2f437564612d309e379a/5eaf2f437564612d309e37a7/5ef564117564612d33d47ce1"
)

UCS¶

1. Send an XML document with username/password in the payload
2. Insert the received outCookie into the XML body of all subsequent requests

login_body = f'<aaaLogin inName="{username}" inPassword="{password}"/>'

headers = {"Content-Type": "application/x-www-form-urlencoded"}

resp = requests.post(url=url, headers=headers, data=login_body, verify=False)

Login response:

<aaaLogin cookie="" response="yes" '
 'outCookie="1593347478/7bdd8f29-7dbc-42e4-b088-f59ac09e8488" '
 'outRefreshPeriod="600" '
 'outPriv="aaa,admin,ext-lan-config,ext-lan-policy,ext-lan-qos,ext-lan-security,ext-san-config,ext-san-policy,ext-san-security,fault,operations,pod-config,pod-policy,pod-qos,pod-security,read-only" '
 'outDomains="org-root" outChannel="noencssl" outEvtChannel="noencssl" '
 'outSessionId="" outVersion="4.1(2c)" outName=""> </aaaLogin>

UCS SDK¶

1. Create a UcsHandle object, passing in the hostname, username and password
2. Call the login() method

from ucsmsdk.ucshandle import UcsHandle

handle = UcsHandle(hostname, username, password)
handle.login()

Firepower Device Manager (FDM)¶

1. Post a JSON payload containing username, password, and grant-type = password.
2. Get back an access_token which must be set in an Authorization header on any subsequent requests in the format Bearer [access-token]

token_payload = {"grant_type": "password",
                 "username": "admin",
                 "password": "Cisco1234"}

headers = {"Content-Type":"application/json", "Accept": "application/json"}

url = f"https://{hostname}/api/fdm/latest/fdm/token"

resp = requests.post(url=url,
                     headers=headers,
                     json=token_payload,
                     verify=False)

token = resp.json()['access_token']

headers['Authorization'] = f"Bearer {token}"

RESTCONF¶

1. Create a tuple containing userid/password and pass into the auth argument of the requests module

auth = ("developer", "C1sco12345")
get_headers = {"Accept": "application/yang-data+json"}

get_rte_resp = requests.get(
        url,
        headers=get_headers,
        auth=auth,
        verify=False
    )