ISE APIs

 

 

ISE Application Programming Interfaces (APIs)

The ISE Command References page on cisco.com contains the official documentation for both the ISE API Reference Guides and ISE CLI Reference Guides.

 

 

 

ISE Monitoring REST API

The Monitoring REST API allows allow you to gather session and node-specific information from ISE Monitoring nodes in your network.

 

Session Management

Session Management includes session counts, session lists, individual session details and remove sessions.

 

Troubleshooting

Troubleshooting allows for integration with Cisco Prime NCS, retrieving ISE node information, failure reasons information and authentication/authorization status.

 

Change of Authorization

Change of Authorization (CoA) enables the ability to send session authentication and session disconnect commands to a specified Cisco Monitoring ISE node and in turn the respective network access device.

 

 

 

ISE External RESTful Services (ERS) API

This API is based on REST (Representational State Transfer) methodology to provide secure and authenticated access to a set of operations for management and monitoring of ISE. These API calls enable you to perform CRUD (Create, Read, Update, Delete) operations on Cisco ISE resources such as Endpoints, Endpoint identity groups, Guest users, Identity groups, Internal users, Portals, Profiler policies, Network devices, Network device groups, and Security groups.

 

The External RESTful Services APIs are based on the HTTPS protocol and REST methodology and uses port 9060. The External RESTful Services APIs support basic authentication and the credentials are encrypted and are part of the request header. The ISE administrator must assign special privileges to a user to perform operations using the External RESTful Services APIs. The ISE administrator can assign the following two roles to perform operations using the External RESTful Services APIs.

  • External RESTful Services Admin : For full access to all ERS APIs (GET, POST, DELETE, PUT)
  • External RESTful Services Operator : For Read Only access (GET request only).

 

See the ISE ERS API Examples for example of how to use the API.

 

 

ISE Guest REST API

The Guest API allows you to create, read, update, delete, and search for guest users.

Note: Guest passwords cannot be set or updated via the API.

 

 

 

Cisco Platform Exchange Grid (pxGrid)

The Cisco Platform Exchange Grid (pxGrid) allows you to publish and subscribe to specific topics of information with other grid participants in a multi-vendor, cross-platform network system. You orchestrate what is published and what is subscribed through the pxGrid controller which resides on Cisco ISE.  You can customize numerous context topics for a variety of partner platforms, yet always shared via the same reusable pxGrid framework.

 

ISE shares network context about Who, What, When, and Where users and endpoints are connecting to the network with other pxGrid participants which may be used to correlate network information and make policy and security decisions. An application may then instruct Cisco ISE to quarantine users and devices in response to threatening network events that another application or service detects.