{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Authentication Cheatsheet\n",
"\n",
"## Webex Teams (python requests)\n",
"\n",
"1. Create a bot, get a token for the bot which is good for 100 years.\n",
"2. Include the token in an Authorization header `Bearer {token}`\n",
"\n",
"```\n",
"headers['Authorization'] = f\"Bearer {token}\"\n",
"```\n",
"\n",
"## Webex Teams (SDK)\n",
"1. Create a bot, get a token for the bot which is good for 100 years.\n",
"```\n",
"api = WebexTeamsAPI(access_token=token)\n",
"```\n",
"\n",
"## Meraki \n",
"1. Go to organization settings and make sure API Access is enabled\n",
"2. Go to your profile and generate a key\n",
"3. Set a header called `X-Cisco-Meraki-API-Key` with the API key in it\n",
"```\n",
"headers['X-Cisco-Meraki-API-Key'] = {api_key}\n",
"```\n",
"\n",
"## DNA Center\n",
"1. Issue POST request using HTTP Basic authentication with userid/password.\n",
"2. Get back a token that you should populate into a header field called `X-Auth-Token` on subsequent requests\n",
"```\n",
"import requests\n",
"from requests.auth import HTTPBasicAuth\n",
"\n",
"username = \"devnetuser\"\n",
"password = \"Cisco123!\"\n",
"hostname = \"sandboxdnac2.cisco.com\"\n",
"\n",
"auth = HTTPBasicAuth(username, password)\n",
"\n",
"login_url = f\"https://{hostname}/dna/system/api/v1/auth/token\"\n",
"\n",
"resp = requests.post(login_url, headers=headers, auth=auth)\n",
"token = resp.json()['Token']\n",
"\n",
"headers['X-Auth-Token'] = token\n",
"\n",
"```"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## DNA Center SDK\n",
"1. Create a DNACenter object passing it username/password as arguments\n",
"```\n",
"from dnacentersdk import api\n",
"\n",
"dnac = api.DNACenterAPI(username=\"devnetuser\",\n",
" password=\"Cisco123!\",\n",
" base_url=\"https://sandboxdnac2.cisco.com\")\n",
"```\n",
"\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Intersight\n",
"1. Generate an API Key ID and Secret from the dashboard. \n",
"2. Use the IntersightAuth module to handle the signing of the headers + content\n",
"3. Add the encrypted auth object to the auth parameter in requests\n",
"```\n",
"from intersight_auth import IntersightAuth\n",
"auth = IntersightAuth(secret_key_filename=key_file, api_key_id=api_key_id)\n",
"\n",
"requests.get(\"https://intersight.com/api/v1/compute/PhysicalSummaries\", auth=auth)\n",
"```\n",
"\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Intersight SDK\n",
"1. Pass the private_key and api_key_id obtained from the dashboard into an InterSightApiClient instance. \n",
"\n",
"```\n",
"api_instance = IntersightApiClient(\n",
" \"https://intersight.com/api/v1\",\n",
" private_key=\"SecretKey.txt\",\n",
" api_key_id = \"5eaf2f437564612d309e379a/5eaf2f437564612d309e37a7/5ef564117564612d33d47ce1\"\n",
")\n",
"```\n",
"\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## UCS \n",
"\n",
"1. Send an XML document with username/password in the payload\n",
"2. Insert the received outCookie into the XML body of all subsequent requests\n",
"\n",
"```\n",
"login_body = f'<aaaLogin inName=\"{username}\" inPassword=\"{password}\"/>'\n",
"\n",
"headers = {\"Content-Type\": \"application/x-www-form-urlencoded\"}\n",
"\n",
"resp = requests.post(url=url, headers=headers, data=login_body, verify=False)\n",
"```\n",
"Login response:\n",
"```\n",
"<aaaLogin cookie=\"\" response=\"yes\" '\n",
" 'outCookie=\"1593347478/7bdd8f29-7dbc-42e4-b088-f59ac09e8488\" '\n",
" 'outRefreshPeriod=\"600\" '\n",
" 'outPriv=\"aaa,admin,ext-lan-config,ext-lan-policy,ext-lan-qos,ext-lan-security,ext-san-config,ext-san-policy,ext-san-security,fault,operations,pod-config,pod-policy,pod-qos,pod-security,read-only\" '\n",
" 'outDomains=\"org-root\" outChannel=\"noencssl\" outEvtChannel=\"noencssl\" '\n",
" 'outSessionId=\"\" outVersion=\"4.1(2c)\" outName=\"\"> </aaaLogin>\n",
" ```"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## UCS SDK \n",
" \n",
"1. Create a UcsHandle object, passing in the hostname, username and password\n",
"2. Call the login() method\n",
"\n",
"```\n",
"from ucsmsdk.ucshandle import UcsHandle\n",
"\n",
"handle = UcsHandle(hostname, username, password)\n",
"handle.login()\n",
"```"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Firepower Device Manager (FDM) \n",
"1. Post a JSON payload containing username, password, and grant-type = password.\n",
"2. Get back an `access_token` which must be set in an Authorization header on any subsequent requests in the format `Bearer [access-token]`\n",
"\n",
"```\n",
"token_payload = {\"grant_type\": \"password\",\n",
" \"username\": \"admin\",\n",
" \"password\": \"Cisco1234\"}\n",
"\n",
"headers = {\"Content-Type\":\"application/json\", \"Accept\": \"application/json\"}\n",
"\n",
"url = f\"https://{hostname}/api/fdm/latest/fdm/token\"\n",
"\n",
"resp = requests.post(url=url,\n",
" headers=headers,\n",
" json=token_payload,\n",
" verify=False)\n",
"\n",
"token = resp.json()['access_token']\n",
"\n",
"headers['Authorization'] = f\"Bearer {token}\"\n",
"```\n",
"\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## RESTCONF \n",
"\n",
"1. Create a tuple containing userid/password and pass into the `auth` argument of the requests module\n",
"\n",
"```\n",
"auth = (\"developer\", \"C1sco12345\")\n",
"get_headers = {\"Accept\": \"application/yang-data+json\"}\n",
"\n",
"get_rte_resp = requests.get(\n",
" url,\n",
" headers=get_headers,\n",
" auth=auth,\n",
" verify=False\n",
" )\n",
"```"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": []
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.8.3"
}
},
"nbformat": 4,
"nbformat_minor": 4
}