Practice Questions
Test your knowledge on this topic in the ENAUTO Exam Trainer — 186 questions across 5 interactive modes.
API Endpoint Glossary – ENAUTO v2.0
Quick Reference
This glossary covers all REST API endpoints across the four Cisco controllers tested on the ENAUTO v2.0 exam, plus device-level RESTCONF paths. For detailed code examples, see the individual deep dives: Catalyst_Center_Deep_Dive, Meraki_Deep_Dive, SDWAN_Deep_Dive, ISE_Deep_Dive, 2.0_Device_Level_Deep_Dive.
Dataview Summary — All Endpoints
| Method | Path | Controller | Purpose |
|---|---|---|---|
| POST | /dna/system/api/v1/auth/token | Catalyst Center | Authentication (token exchange) |
| GET | /dna/intent/api/v1/network-device | Catalyst Center | List all managed devices |
| GET | /dna/intent/api/v1/network-device/{id} | Catalyst Center | Get device by UUID |
| GET | /dna/intent/api/v1/network-device/count | Catalyst Center | Device count |
| PUT | /dna/intent/api/v1/network-device/role | Catalyst Center | Update device role (async) |
| GET | /dna/intent/api/v1/site-health | Catalyst Center | Site health scores |
| GET | /dna/intent/api/v1/client-health | Catalyst Center | Client health |
| GET | /dna/intent/api/v1/network-health | Catalyst Center | Network health |
| GET | /dna/intent/api/v1/device-health | Catalyst Center | Device health |
| POST | /dna/intent/api/v1/network-device-poller/cli/read-request | Catalyst Center | Command Runner (async) |
| GET | /dna/intent/api/v1/task/{taskId} | Catalyst Center | Poll async task status |
| GET | /dna/intent/api/v1/file/{fileId} | Catalyst Center | Retrieve Command Runner output |
| GET | /dna/intent/api/v1/template-programmer/template | Catalyst Center | List config templates |
| POST | /dna/intent/api/v1/template-programmer/template | Catalyst Center | Create config template |
| PUT | /dna/intent/api/v1/template-programmer/template/deploy | Catalyst Center | Deploy template (async) |
| GET | /dna/intent/api/v1/onboarding/pnp-device | Catalyst Center | List PnP devices |
| POST | /dna/intent/api/v1/onboarding/pnp-device | Catalyst Center | Add PnP device |
| POST | /dna/intent/api/v1/onboarding/pnp-device/site-claim | Catalyst Center | Claim device to site |
| GET | /dna/intent/api/v1/image/importation | Catalyst Center | List software images (SWIM) |
| POST | /dna/intent/api/v1/image/distribution | Catalyst Center | Distribute image (async) |
| POST | /dna/intent/api/v1/image/activation | Catalyst Center | Activate image (async) |
| GET | /api/v1/organizations | Meraki | List organizations |
| GET | /api/v1/organizations/{orgId}/networks | Meraki | List networks |
| POST | /api/v1/organizations/{orgId}/networks | Meraki | Create network |
| GET | /api/v1/organizations/{orgId}/devices | Meraki | List org devices |
| GET | /api/v1/organizations/{orgId}/devices/statuses | Meraki | Device statuses |
| GET | /api/v1/networks/{networkId}/devices | Meraki | List network devices |
| POST | /api/v1/networks/{networkId}/devices/claim | Meraki | Claim device (Day-0) |
| GET | /api/v1/networks/{networkId}/wireless/ssids | Meraki | List SSIDs |
| PUT | /api/v1/networks/{networkId}/wireless/ssids/{number} | Meraki | Update SSID |
| GET | /api/v1/networks/{networkId}/clients | Meraki | List clients |
| GET | /api/v1/networks/{networkId}/appliance/firewall/l3FirewallRules | Meraki | Get L3 firewall rules |
| PUT | /api/v1/networks/{networkId}/appliance/firewall/l3FirewallRules | Meraki | Update firewall rules |
| POST | /api/v1/organizations/{orgId}/actionBatches | Meraki | Create action batch |
| GET | /api/v1/organizations/{orgId}/actionBatches/{batchId} | Meraki | Action batch status |
| POST | /api/v1/networks/{networkId}/webhooks/httpServers | Meraki | Create webhook receiver |
| GET | /api/v1/organizations/{orgId}/configTemplates | Meraki | List config templates |
| POST | /api/v1/networks/{networkId}/bind | Meraki | Bind network to template |
| POST | /j_security_check | SD-WAN | Session authentication |
| GET | /dataservice/client/token | SD-WAN | Get XSRF token |
| GET | /dataservice/device | SD-WAN | List all devices |
| GET | /dataservice/device/monitor | SD-WAN | Device monitoring data |
| GET | /dataservice/system/device/vedges | SD-WAN | List vEdge/cEdge devices |
| GET | /dataservice/template/feature | SD-WAN | List feature templates |
| POST | /dataservice/template/feature | SD-WAN | Create feature template |
| GET | /dataservice/template/device | SD-WAN | List device templates |
| POST | /dataservice/template/device | SD-WAN | Create device template |
| POST | /dataservice/template/device/config/attachdevice | SD-WAN | Attach template to device |
| GET | /dataservice/template/device/config/attached/{templateId} | SD-WAN | List attached devices |
| POST | /dataservice/template/device/config/detachdevice | SD-WAN | Detach template |
| GET | /dataservice/device/action/status/{actionId} | SD-WAN | Poll async action status |
| GET | /dataservice/alarms | SD-WAN | Get alarms |
| POST | /dataservice/device/action/ztp | SD-WAN | Zero-touch provisioning |
| GET | /dataservice/device/action/software/images | SD-WAN | List software images |
| GET | /ers/config/networkdevice | ISE | List network devices |
| POST | /ers/config/networkdevice | ISE | Create network device |
| GET | /ers/config/networkdevice/{id} | ISE | Get device by ID |
| PUT | /ers/config/networkdevice/{id} | ISE | Update network device |
| DELETE | /ers/config/networkdevice/{id} | ISE | Delete network device |
| GET | /ers/config/internaluser | ISE | List internal users |
| POST | /ers/config/internaluser | ISE | Create internal user |
| GET | /ers/config/endpoint | ISE | List endpoints |
| POST | /ers/config/endpoint | ISE | Create endpoint |
| GET | /ers/config/endpointgroup | ISE | List endpoint groups |
| GET | /ers/config/sgt | ISE | List Security Group Tags |
| POST | /ers/config/sgt | ISE | Create SGT |
| GET | /ers/config/sgacl | ISE | List SGACLs |
| GET | /ers/config/egressmatrixcell | ISE | List TrustSec policies |
| PUT | /ers/config/egressmatrixcell/{id} | ISE | Update TrustSec policy |
| GET | /ers/config/authorizationprofile | ISE | List auth profiles |
| POST | /ers/config/authorizationprofile | ISE | Create auth profile |
| PUT | /ers/config/ancendpoint/apply | ISE | ANC quarantine endpoint |
| PUT | /ers/config/ancendpoint/clear | ISE | ANC clear endpoint |
| GET | /ers/config/guestuser | ISE | List guest users |
| POST | /ers/config/guestuser | ISE | Create guest user |
| GET | /api/v1/deployment/node | ISE | List deployment nodes (Open API) |
| GET | /restconf/data/ietf-interfaces:interfaces | RESTCONF | List all interfaces |
| GET | /restconf/data/ietf-interfaces:interfaces/interface={name} | RESTCONF | Get specific interface |
| PATCH | /restconf/data/ietf-interfaces:interfaces/interface={name} | RESTCONF | Partial interface update |
| PUT | /restconf/data/ietf-interfaces:interfaces/interface={name} | RESTCONF | Full interface replace |
| DELETE | /restconf/data/ietf-interfaces:interfaces/interface={name} | RESTCONF | Delete interface |
| GET | /restconf/data/Cisco-IOS-XE-native:native | RESTCONF | Get full native config |
| GET | /restconf/data/Cisco-IOS-XE-native:native/hostname | RESTCONF | Get hostname |
| PATCH | /restconf/data/Cisco-IOS-XE-native:native | RESTCONF | Partial native config update |
| GET | /restconf/data/openconfig-interfaces:interfaces | RESTCONF | OpenConfig interfaces |
| GET | /restconf/data/Cisco-IOS-XE-process-cpu-oper:cpu-usage | RESTCONF | CPU operational data |
| GET | /restconf/data/Cisco-IOS-XE-memory-oper:memory-statistics | RESTCONF | Memory operational data |
Controller Authentication Comparison
| Aspect | Catalyst Center | Meraki | SD-WAN (vManage) | ISE |
|---|---|---|---|---|
| Auth Method | Token exchange (POST) | API Key (static header) | Session cookie + XSRF | Basic Auth (every request) |
| Auth Header | X-Auth-Token | X-Cisco-Meraki-API-Key | Cookie: JSESSIONID + X-XSRF-TOKEN | Authorization: Basic |
| Auth Endpoint | POST /dna/system/api/v1/auth/token | None (key in header) | POST /j_security_check | None (Basic in header) |
| Base URL | /dna/intent/api/v1 | https://api.meraki.com/api/v1 | /dataservice | /ers/config (ERS) / /api/v1 (Open API) |
| Write Behavior | Async (taskId) | Synchronous | Async (actionId) | Synchronous |
| Rate Limit | None documented | 5 calls/sec/org (429 + Retry-After) | None documented | None documented |
| Default Format | JSON | JSON | JSON | XML (set Accept: application/json) |
| Python SDK | catalystcentersdk | meraki | catalystwan | ciscoisesdk |
1 – Catalyst Center APIs
Reference: Catalyst_Center_Deep_Dive Auth:
POST /dna/system/api/v1/auth/tokenwith Basic Auth → use token asX-Auth-Tokenheader All writes are asynchronous — returnstaskIdto poll
Authentication
POST /dna/system/api/v1/auth/token
- Controller: Catalyst Center
- Purpose: Exchange username/password for an authentication token
- Key Parameters: None (credentials in Basic Auth header)
- Auth: HTTP Basic Auth (
Authorization: Basic base64(user:pass)) - Returns:
{"Token": "eyJ..."}— valid ~60 minutes - Exam Tip: Uses Basic Auth for token exchange, then
X-Auth-Tokenheader (NOTBearer) for all subsequent calls. This is the #1 tested auth pattern. - Related Topics: 2 – Authentication with Python requests
Device Management
GET /dna/intent/api/v1/network-device
- Controller: Catalyst Center
- Purpose: List all managed network devices
- Key Parameters:
?managementIpAddress=x,?hostname=x,?family=x,?role=x - Auth:
X-Auth-Token - Returns:
{"response": [{"id": "...", "hostname": "...", "managementIpAddress": "...", ...}]} - Exam Tip: Returns a list in
responsearray. Deviceid(UUID) is needed for subsequent per-device calls. - Related Topics: 4 – Get Network Devices (requests)
GET /dna/intent/api/v1/network-device/{id}
- Controller: Catalyst Center
- Purpose: Get a specific device by its UUID
- Key Parameters:
{id}— device UUID from listing - Auth:
X-Auth-Token - Returns: Single device object in
response - Exam Tip: The
idis a UUID, not the device hostname or IP address. - Related Topics: 4 – Get Network Devices (requests)
GET /dna/intent/api/v1/network-device/count
- Controller: Catalyst Center
- Purpose: Get total number of managed devices
- Key Parameters: None
- Auth:
X-Auth-Token - Returns:
{"response": 42} - Related Topics: 4 – Get Network Devices (requests)
PUT /dna/intent/api/v1/network-device/role
- Controller: Catalyst Center
- Purpose: Update a device’s role (ACCESS, DISTRIBUTION, CORE, BORDER ROUTER)
- Key Parameters: Body:
{"id": "uuid", "role": "ACCESS"} - Auth:
X-Auth-Token - Returns:
taskId(async) - Exam Tip: Write operation → returns
taskId. Must poll task status. - Related Topics: 6 – Update Device Role (requests)
Health Monitoring
GET /dna/intent/api/v1/site-health
- Controller: Catalyst Center
- Purpose: Get health scores for all sites
- Key Parameters:
?timestamp=epoch_ms - Auth:
X-Auth-Token - Returns: Site health data with overall scores (0–100)
- Exam Tip: Health scores are 0–100. Know which endpoint provides site-level vs device-level health.
- Related Topics: 10 – Network Health Monitoring
GET /dna/intent/api/v1/client-health
- Controller: Catalyst Center
- Purpose: Get overall client health (wired + wireless)
- Key Parameters:
?timestamp=epoch_ms - Auth:
X-Auth-Token - Returns: Client health scores and category breakdowns
- Related Topics: 10 – Network Health Monitoring
GET /dna/intent/api/v1/network-health
- Controller: Catalyst Center
- Purpose: Get overall network health score
- Key Parameters:
?timestamp=epoch_ms - Auth:
X-Auth-Token - Returns: Network-wide health aggregation
- Related Topics: 10 – Network Health Monitoring
GET /dna/intent/api/v1/device-health
- Controller: Catalyst Center
- Purpose: Get per-device health scores
- Key Parameters:
?deviceRole=ACCESS,?limit=,?offset= - Auth:
X-Auth-Token - Returns: Individual device health scores
- Related Topics: 10 – Network Health Monitoring
Command Runner
POST /dna/intent/api/v1/network-device-poller/cli/read-request
- Controller: Catalyst Center
- Purpose: Execute CLI commands on devices remotely
- Key Parameters: Body:
{"commands": ["show version"], "deviceUuids": ["uuid1"]} - Auth:
X-Auth-Token - Returns:
taskId→ poll task → getfileId→ download output - Exam Tip: Three-step process: (1) POST command → taskId, (2) GET task → fileId, (3) GET file → output. Frequently tested.
- Related Topics: 12 – Common Patterns and Gotchas, 3.5_Security_Automation_CrossController
GET /dna/intent/api/v1/task/{taskId}
- Controller: Catalyst Center
- Purpose: Check status of any async operation
- Key Parameters:
{taskId} - Auth:
X-Auth-Token - Returns:
{"response": {"isError": false, "progress": "...", ...}} - Exam Tip: Poll until
isErrororendTimeis present.progressmay containfileId. - Related Topics: 12 – Common Patterns and Gotchas
GET /dna/intent/api/v1/file/{fileId}
- Controller: Catalyst Center
- Purpose: Download file output (e.g., Command Runner results)
- Key Parameters:
{fileId}from task progress - Auth:
X-Auth-Token - Returns: File content (JSON with command output)
- Related Topics: 12 – Common Patterns and Gotchas
Template Programmer
GET /dna/intent/api/v1/template-programmer/template
- Controller: Catalyst Center
- Purpose: List all configuration templates
- Key Parameters:
?projectId=,?softwareType=IOS-XE - Auth:
X-Auth-Token - Returns: Array of template objects
- Related Topics: 9 – Jinja2 Configuration Templates
POST /dna/intent/api/v1/template-programmer/template
- Controller: Catalyst Center
- Purpose: Create a new configuration template (Jinja2 or Velocity)
- Key Parameters: Body:
{"name": "...", "language": "JINJA", "templateContent": "..."} - Auth:
X-Auth-Token - Returns:
taskId(async) - Exam Tip:
languagemust be"JINJA"or"VELOCITY". Templates must be committed before deployment. - Related Topics: 9 – Jinja2 Configuration Templates, 3.3_Jinja2_Deep_Dive
PUT /dna/intent/api/v1/template-programmer/template/deploy
- Controller: Catalyst Center
- Purpose: Deploy a template to target devices
- Key Parameters: Body with
templateId, target device UUIDs, variable bindings - Auth:
X-Auth-Token - Returns:
taskId(async) - Exam Tip: Must commit template version before deploying.
- Related Topics: 9 – Jinja2 Configuration Templates
PnP (Day-0 Provisioning)
GET /dna/intent/api/v1/onboarding/pnp-device
- Controller: Catalyst Center
- Purpose: List PnP device claims
- Key Parameters:
?state=Unclaimed,?serialNumber= - Auth:
X-Auth-Token - Returns: Array of PnP device objects
- Related Topics: 8 – Day-0 PnP Provisioning
POST /dna/intent/api/v1/onboarding/pnp-device
- Controller: Catalyst Center
- Purpose: Add a device to the PnP database
- Key Parameters: Body:
{"deviceInfo": {"serialNumber": "...", "hostname": "..."}} - Auth:
X-Auth-Token - Returns: Created PnP device object
- Related Topics: 8 – Day-0 PnP Provisioning
POST /dna/intent/api/v1/onboarding/pnp-device/site-claim
- Controller: Catalyst Center
- Purpose: Claim a PnP device to a site with config and image
- Key Parameters: Body:
{"siteId": "...", "deviceId": "...", "configInfo": {...}} - Auth:
X-Auth-Token - Returns:
taskId(async) - Exam Tip: Key Day-0 endpoint — maps device to site + config + image.
- Related Topics: 8 – Day-0 PnP Provisioning
SWIM (Software Image Management)
GET /dna/intent/api/v1/image/importation
- Controller: Catalyst Center
- Purpose: List imported software images
- Key Parameters:
?isTaggedGolden=true - Auth:
X-Auth-Token - Returns: Array of image objects
- Related Topics: 11 – Software Image Management (SWIM)
POST /dna/intent/api/v1/image/distribution
- Controller: Catalyst Center
- Purpose: Distribute an image to target devices
- Key Parameters: Body:
[{"deviceUuid": "...", "imageUuid": "..."}] - Auth:
X-Auth-Token - Returns:
taskId(async) - Related Topics: 11 – Software Image Management (SWIM)
POST /dna/intent/api/v1/image/activation
- Controller: Catalyst Center
- Purpose: Activate an image on target devices (triggers reboot)
- Auth:
X-Auth-Token - Returns:
taskId(async) - Exam Tip: SWIM workflow: Import → Mark Golden → Distribute → Activate. Each step is async.
- Related Topics: 11 – Software Image Management (SWIM)
2 – Meraki APIs
Reference: Meraki_Deep_Dive Auth:
X-Cisco-Meraki-API-Keyheader on every request (no token exchange) Base URL:https://api.meraki.com/api/v1All operations are synchronous — response = result Rate limit: 5 calls/sec/org — 429 returnsRetry-Afterheader
Organizations and Networks
GET /api/v1/organizations
- Controller: Meraki
- Purpose: List all organizations the API key has access to
- Key Parameters: None
- Auth:
X-Cisco-Meraki-API-Key - Returns:
[{"id": "123456", "name": "My Org", ...}] - Exam Tip:
organizationIdis needed for all org-level endpoints. - Related Topics: 5 – Get Organizations, Networks, and Devices
GET /api/v1/organizations/{orgId}/networks
- Controller: Meraki
- Purpose: List all networks in an organization
- Key Parameters:
{orgId},?productTypes[]=wireless - Auth:
X-Cisco-Meraki-API-Key - Returns: Array of network objects
- Related Topics: 5 – Get Organizations, Networks, and Devices
POST /api/v1/organizations/{orgId}/networks
- Controller: Meraki
- Purpose: Create a new network
- Key Parameters: Body:
{"name": "...", "productTypes": ["wireless", "switch"]} - Auth:
X-Cisco-Meraki-API-Key - Returns: Created network object (synchronous)
- Related Topics: 5 – Get Organizations, Networks, and Devices
Devices
GET /api/v1/organizations/{orgId}/devices
- Controller: Meraki
- Purpose: List all devices across the organization
- Auth:
X-Cisco-Meraki-API-Key - Returns: Array of device objects
- Related Topics: 5 – Get Organizations, Networks, and Devices
GET /api/v1/organizations/{orgId}/devices/statuses
- Controller: Meraki
- Purpose: Get online/offline status for all org devices
- Auth:
X-Cisco-Meraki-API-Key - Returns: Array with
statusfield (online/offline/alerting) - Related Topics: 9 – Network Health Monitoring
GET /api/v1/networks/{networkId}/devices
- Controller: Meraki
- Purpose: List devices in a specific network
- Auth:
X-Cisco-Meraki-API-Key - Returns: Array of device objects
- Related Topics: 5 – Get Organizations, Networks, and Devices
POST /api/v1/networks/{networkId}/devices/claim
- Controller: Meraki
- Purpose: Claim devices to a network — Day-0 provisioning
- Key Parameters: Body:
{"serials": ["XXXX-XXXX-XXXX"]} - Auth:
X-Cisco-Meraki-API-Key - Returns: Claimed device objects (synchronous)
- Exam Tip: Meraki Day-0 = claim by serial number. Compare with Catalyst Center PnP
site-claim. - Related Topics: 7 – Day-0 Provisioning – Device Claiming
Wireless (SSIDs)
GET /api/v1/networks/{networkId}/wireless/ssids
- Controller: Meraki
- Purpose: List all 15 SSIDs for a wireless network
- Auth:
X-Cisco-Meraki-API-Key - Returns: Array of 15 SSID objects (0–14)
- Exam Tip: Meraki always returns all 15 SSIDs. Unused ones have
enabled: false. - Related Topics: 6 – SSID Management
PUT /api/v1/networks/{networkId}/wireless/ssids/{number}
- Controller: Meraki
- Purpose: Update an SSID’s configuration
- Key Parameters:
{number}(0–14), Body:{"name": "...", "enabled": true, "authMode": "psk"} - Auth:
X-Cisco-Meraki-API-Key - Returns: Updated SSID object (synchronous)
- Exam Tip: SSID
{number}is index 0–14, NOT the SSID name. - Related Topics: 6 – SSID Management
Clients
GET /api/v1/networks/{networkId}/clients
- Controller: Meraki
- Purpose: List clients connected to a network
- Key Parameters:
?timespan=86400,?perPage=100 - Auth:
X-Cisco-Meraki-API-Key - Returns: Array of client objects (MAC, IP, usage)
- Related Topics: 9 – Network Health Monitoring
Firewall Rules
GET /api/v1/networks/{networkId}/appliance/firewall/l3FirewallRules
- Controller: Meraki
- Purpose: Get L3 firewall rules for an MX appliance
- Auth:
X-Cisco-Meraki-API-Key - Returns:
{"rules": [...]} - Related Topics: 3.5_Security_Automation_CrossController
PUT /api/v1/networks/{networkId}/appliance/firewall/l3FirewallRules
- Controller: Meraki
- Purpose: Update L3 firewall rules (replaces entire rule set)
- Key Parameters: Body:
{"rules": [...]} - Auth:
X-Cisco-Meraki-API-Key - Returns: Updated rules (synchronous)
- Exam Tip: PUT replaces ALL rules. Always GET first, modify, then PUT back.
- Related Topics: 3.5_Security_Automation_CrossController
Action Batches
POST /api/v1/organizations/{orgId}/actionBatches
- Controller: Meraki
- Purpose: Execute multiple API calls as a single batch (up to 20 actions)
- Key Parameters: Body:
{"confirmed": true, "synchronous": false, "actions": [...]} - Auth:
X-Cisco-Meraki-API-Key - Returns: Batch object with
idandstatus - Exam Tip: Only way to make Meraki operations atomic. Max 20 actions per batch.
- Related Topics: 8 – Configuration Templates and Action Batches
GET /api/v1/organizations/{orgId}/actionBatches/{batchId}
- Controller: Meraki
- Purpose: Check action batch status
- Auth:
X-Cisco-Meraki-API-Key - Returns:
completed,failed, orpending - Related Topics: 8 – Configuration Templates and Action Batches
Webhooks and Templates
POST /api/v1/networks/{networkId}/webhooks/httpServers
- Controller: Meraki
- Purpose: Create a webhook receiver for alerts
- Key Parameters: Body:
{"name": "...", "url": "https://...", "sharedSecret": "..."} - Auth:
X-Cisco-Meraki-API-Key - Returns: Created webhook object
- Related Topics: 10 – Webhook-Based Monitoring
GET /api/v1/networks/{networkId}/webhooks/httpServers
- Controller: Meraki
- Purpose: List configured webhook receivers
- Auth:
X-Cisco-Meraki-API-Key - Returns: Array of webhook objects
- Related Topics: 10 – Webhook-Based Monitoring
GET /api/v1/organizations/{orgId}/configTemplates
- Controller: Meraki
- Purpose: List configuration templates
- Auth:
X-Cisco-Meraki-API-Key - Returns: Array of template objects
- Related Topics: 8 – Configuration Templates and Action Batches
POST /api/v1/networks/{networkId}/bind
- Controller: Meraki
- Purpose: Bind a network to a configuration template
- Key Parameters: Body:
{"configTemplateId": "..."} - Auth:
X-Cisco-Meraki-API-Key - Returns: Bind confirmation
- Related Topics: 8 – Configuration Templates and Action Batches
3 – SD-WAN (vManage) APIs
Reference: SDWAN_Deep_Dive Auth:
POST /j_security_checkwith form-urlencoded data →JSESSIONIDcookie +X-XSRF-TOKENfor writes Base URL:https://{vmanage-ip}Writes are asynchronous — poll action status
Authentication
POST /j_security_check
- Controller: SD-WAN (vManage)
- Purpose: Authenticate and establish a session
- Key Parameters: Form data:
j_username=admin&j_password=C1sco12345 - Auth: None (this IS the auth endpoint)
- Returns:
JSESSIONIDcookie in response headers - Exam Tip: Uses
application/x-www-form-urlencoded(NOT JSON!). #1 tested SD-WAN auth gotcha. - Related Topics: 2 – Authentication with Python requests
GET /dataservice/client/token
- Controller: SD-WAN (vManage)
- Purpose: Get XSRF token for write operations
- Auth:
JSESSIONIDcookie - Returns: Plain text token string
- Exam Tip: Called AFTER
/j_security_check. Token goes inX-XSRF-TOKENheader for writes. - Related Topics: 2 – Authentication with Python requests
Device Management
GET /dataservice/device
- Controller: SD-WAN (vManage)
- Purpose: List all devices in the SD-WAN fabric
- Auth:
JSESSIONIDcookie - Returns:
{"data": [{"deviceId": "...", "host-name": "...", "reachability": "reachable"}]} - Exam Tip: Response is in
dataarray (notresponselike Catalyst Center). - Related Topics: 4 – Get Devices and System Status
GET /dataservice/device/monitor
- Controller: SD-WAN (vManage)
- Purpose: Get device monitoring data
- Auth:
JSESSIONIDcookie - Returns: Monitoring data for all devices
- Related Topics: 10 – Network Health Monitoring
GET /dataservice/system/device/vedges
- Controller: SD-WAN (vManage)
- Purpose: List vEdge/cEdge devices
- Key Parameters:
?model=vedge-cloud - Auth:
JSESSIONIDcookie - Returns: Device details with personality, model, serial
- Related Topics: 4 – Get Devices and System Status
Templates
GET /dataservice/template/feature
- Controller: SD-WAN (vManage)
- Purpose: List feature templates
- Auth:
JSESSIONIDcookie - Returns:
{"data": [{"templateId": "...", "templateName": "...", "templateType": "..."}]} - Related Topics: 6 – Feature Templates and Device Templates
POST /dataservice/template/feature
- Controller: SD-WAN (vManage)
- Purpose: Create a feature template
- Auth:
JSESSIONID+X-XSRF-TOKEN - Returns:
{"templateId": "..."} - Exam Tip: Requires XSRF token (write operation).
- Related Topics: 6 – Feature Templates and Device Templates
GET /dataservice/template/device
- Controller: SD-WAN (vManage)
- Purpose: List device templates
- Auth:
JSESSIONIDcookie - Returns: Array of device template objects
- Related Topics: 6 – Feature Templates and Device Templates
POST /dataservice/template/device
- Controller: SD-WAN (vManage)
- Purpose: Create a device template (combines feature templates)
- Auth:
JSESSIONID+X-XSRF-TOKEN - Returns:
{"templateId": "..."} - Related Topics: 6 – Feature Templates and Device Templates
POST /dataservice/template/device/config/attachdevice
- Controller: SD-WAN (vManage)
- Purpose: Attach a device template to a device (push config)
- Auth:
JSESSIONID+X-XSRF-TOKEN - Returns:
actionId(async) - Exam Tip: SD-WAN equivalent of deploying a template. Requires device-specific variable values.
- Related Topics: 7 – Attach and Detach Device Templates
GET /dataservice/template/device/config/attached/{templateId}
- Controller: SD-WAN (vManage)
- Purpose: List devices attached to a device template
- Auth:
JSESSIONIDcookie - Returns: Array of attached device info
- Related Topics: 7 – Attach and Detach Device Templates
POST /dataservice/template/device/config/detachdevice
- Controller: SD-WAN (vManage)
- Purpose: Detach a template from a device
- Auth:
JSESSIONID+X-XSRF-TOKEN - Returns:
actionId(async) - Related Topics: 7 – Attach and Detach Device Templates
Operations
GET /dataservice/device/action/status/{actionId}
- Controller: SD-WAN (vManage)
- Purpose: Check status of an async operation
- Auth:
JSESSIONIDcookie - Returns: Action status with per-device results
- Exam Tip: SD-WAN equivalent of Catalyst Center’s
/task/{taskId}. - Related Topics: 12 – Common Patterns and Gotchas
GET /dataservice/alarms
- Controller: SD-WAN (vManage)
- Purpose: Get current alarms
- Key Parameters:
?query={"field":"active","type":"boolean","value":["true"]} - Auth:
JSESSIONIDcookie - Returns: Array of alarm objects
- Related Topics: 10 – Network Health Monitoring
GET /dataservice/statistics/interface
- Controller: SD-WAN (vManage)
- Purpose: Get interface statistics
- Auth:
JSESSIONIDcookie - Returns: Interface statistics data
- Related Topics: 10 – Network Health Monitoring
GET /dataservice/device/bfd/sessions
- Controller: SD-WAN (vManage)
- Purpose: Get BFD session status across the fabric
- Key Parameters:
?deviceId= - Auth:
JSESSIONIDcookie - Returns: BFD session data (state, latency, loss, jitter)
- Related Topics: 10 – Network Health Monitoring
POST /dataservice/device/action/ztp
- Controller: SD-WAN (vManage)
- Purpose: Trigger ZTP provisioning
- Auth:
JSESSIONID+X-XSRF-TOKEN - Returns: Action status
- Related Topics: 8 – Day-0 Provisioning
GET /dataservice/device/action/software/images
- Controller: SD-WAN (vManage)
- Purpose: List available software images
- Auth:
JSESSIONIDcookie - Returns: Array of images
- Related Topics: 11 – Software Image Management
4 – ISE APIs
Reference: ISE_Deep_Dive Auth: Basic Auth on every request (no token exchange, no session) ERS Base:
https://{ise-ip}:443/ers/config— defaults to XML (must setAccept: application/json) Open API Base:https://{ise-ip}/api/v1
ISE Header Gotcha
ERS API defaults to XML. You MUST include
Accept: application/jsonANDContent-Type: application/jsonfor JSON responses.
Network Device Management
GET /ers/config/networkdevice
- Controller: ISE (ERS)
- Purpose: List all network access devices (NADs)
- Key Parameters:
?size=100&page=1,?filter=name.EQ.switch1 - Auth: Basic Auth +
Accept: application/json - Returns:
{"SearchResult": {"resources": [{"id": "...", "name": "...", "link": {...}}]}} - Exam Tip: ERS uses pagination (
size/page). Results inSearchResult.resources. Only returns id/name/link — use the ID for full details. - Related Topics: 5 – Network Device Management
POST /ers/config/networkdevice
- Controller: ISE (ERS)
- Purpose: Register a new NAD — Day-0 onboarding
- Key Parameters: Body:
{"NetworkDevice": {"name": "...", "NetworkDeviceIPList": [...], "authenticationSettings": {"radiusSharedSecret": "..."}}} - Auth: Basic Auth
- Returns:
201 Created - Exam Tip: ISE Day-0 = register NAD so ISE accepts RADIUS from it.
- Related Topics: 8 – Day-0 Network Device Onboarding
GET /ers/config/networkdevice/{id}
- Controller: ISE (ERS)
- Purpose: Get full device details
- Auth: Basic Auth
- Returns: Full
NetworkDeviceobject - Related Topics: 5 – Network Device Management
PUT /ers/config/networkdevice/{id}
- Controller: ISE (ERS)
- Purpose: Update a network device
- Auth: Basic Auth
- Returns:
200 OK - Exam Tip: ERS PUT requires the complete object (not partial like RESTCONF PATCH).
- Related Topics: 5 – Network Device Management
DELETE /ers/config/networkdevice/{id}
- Controller: ISE (ERS)
- Purpose: Delete a network device
- Auth: Basic Auth
- Returns:
204 No Content - Related Topics: 5 – Network Device Management
User and Endpoint Management
GET /ers/config/internaluser
- Controller: ISE (ERS)
- Purpose: List internal users
- Auth: Basic Auth
- Returns: User resources
- Related Topics: 6 – Internal User Management
POST /ers/config/internaluser
- Controller: ISE (ERS)
- Purpose: Create internal user
- Key Parameters: Body:
{"InternalUser": {"name": "...", "password": "...", "identityGroups": "..."}} - Auth: Basic Auth
- Returns:
201 Created - Related Topics: 6 – Internal User Management
GET /ers/config/endpoint
- Controller: ISE (ERS)
- Purpose: List endpoints (MAC addresses)
- Key Parameters:
?filter=mac.EQ.AA:BB:CC:DD:EE:FF - Auth: Basic Auth
- Returns: Endpoint resources
- Related Topics: 7 – Endpoint and Endpoint Group Management
POST /ers/config/endpoint
- Controller: ISE (ERS)
- Purpose: Register a new endpoint
- Auth: Basic Auth
- Returns:
201 Created - Related Topics: 7 – Endpoint and Endpoint Group Management
GET /ers/config/endpointgroup
- Controller: ISE (ERS)
- Purpose: List endpoint identity groups
- Auth: Basic Auth
- Returns: Group resources
- Related Topics: 7 – Endpoint and Endpoint Group Management
TrustSec (Security Group Tags)
GET /ers/config/sgt
- Controller: ISE (ERS)
- Purpose: List all SGTs
- Key Parameters:
?filter=name.CONTAINS.server - Auth: Basic Auth
- Returns: SGT resources with
value(tag number) andname - Exam Tip: SGTs are TrustSec micro-segmentation foundation. Each has numeric
value+name. - Related Topics: 9 – TrustSec and Security Group Tags (SGTs)
POST /ers/config/sgt
- Controller: ISE (ERS)
- Purpose: Create a new SGT
- Key Parameters: Body:
{"Sgt": {"name": "...", "value": 8}} - Auth: Basic Auth
- Returns:
201 Created - Related Topics: 9 – TrustSec and Security Group Tags (SGTs)
GET /ers/config/sgacl
- Controller: ISE (ERS)
- Purpose: List Security Group ACLs
- Auth: Basic Auth
- Related Topics: 9 – TrustSec and Security Group Tags (SGTs)
GET /ers/config/egressmatrixcell
- Controller: ISE (ERS)
- Purpose: Get TrustSec egress policy matrix
- Auth: Basic Auth
- Returns: Matrix cells (source SGT → dest SGT → SGACL)
- Related Topics: 9 – TrustSec and Security Group Tags (SGTs)
PUT /ers/config/egressmatrixcell/{id}
- Controller: ISE (ERS)
- Purpose: Update TrustSec egress policy
- Auth: Basic Auth
- Related Topics: 9 – TrustSec and Security Group Tags (SGTs)
Authorization and ANC
GET /ers/config/authorizationprofile
- Controller: ISE (ERS)
- Purpose: List authorization profiles
- Auth: Basic Auth
- Related Topics: 10 – Authorization Profiles and Policy Management
POST /ers/config/authorizationprofile
- Controller: ISE (ERS)
- Purpose: Create authorization profile
- Auth: Basic Auth
- Returns:
201 Created - Related Topics: 10 – Authorization Profiles and Policy Management
PUT /ers/config/ancendpoint/apply
- Controller: ISE (ERS)
- Purpose: Apply ANC policy to an endpoint (quarantine)
- Key Parameters: Body:
{"OperationAdditionalData": {"additionalData": [{"name": "macAddress", "value": "..."}, {"name": "policyName", "value": "QUARANTINE"}]}} - Auth: Basic Auth
- Returns:
204 No Content - Exam Tip: ANC quarantine = automated incident response. Apply → CoA → device enforces.
- Related Topics: ISE_Deep_Dive, 3.5_Security_Automation_CrossController
PUT /ers/config/ancendpoint/clear
- Controller: ISE (ERS)
- Purpose: Clear ANC policy (un-quarantine)
- Auth: Basic Auth
- Returns:
204 No Content - Related Topics: ISE_Deep_Dive, 3.5_Security_Automation_CrossController
Guest Users and Open API
GET /ers/config/guestuser
- Controller: ISE (ERS)
- Purpose: List guest users
- Auth: Basic Auth
- Related Topics: 11 – Guest User Management
POST /ers/config/guestuser
- Controller: ISE (ERS)
- Purpose: Create guest user
- Auth: Basic Auth
- Returns:
201 Created - Related Topics: 11 – Guest User Management
GET /api/v1/deployment/node
- Controller: ISE (Open API)
- Purpose: List ISE nodes and personas (PAN, PSN, MnT, pxGrid)
- Auth: Basic Auth
- Exam Tip: Open API uses
/api/v1base. Know which endpoints are ERS vs Open API. - Related Topics: 1 – Architecture Overview
5 – RESTCONF Endpoints (Device-Level)
Reference: 2.0_Device_Level_Deep_Dive, 1.0_Foundation_Deep_Dive Auth: Basic Auth on IOS XE Headers:
Accept: application/yang-data+json,Content-Type: application/yang-data+jsonBase:https://{device-ip}/restconf
Interfaces (ietf-interfaces)
GET /restconf/data/ietf-interfaces:interfaces
- Purpose: Get all interfaces (config + operational state)
- Key Parameters:
?content=config(config only),?content=nonconfig(oper only) - Auth: Basic Auth
- Related Topics: 3 – RESTCONF with Python requests
GET /restconf/data/ietf-interfaces:interfaces/interface={name}
- Purpose: Get a specific interface
- Auth: Basic Auth
- Related Topics: 3 – RESTCONF with Python requests
PATCH /restconf/data/ietf-interfaces:interfaces/interface={name}
- Purpose: Partially update an interface
- Auth: Basic Auth
- Returns:
204 No Content - Exam Tip: PATCH = merge (safest). PUT = full replace.
- Related Topics: 3 – RESTCONF with Python requests
PUT /restconf/data/ietf-interfaces:interfaces/interface={name}
- Purpose: Create or replace an interface
- Auth: Basic Auth
- Returns:
201 Createdor204 No Content - Related Topics: 3 – RESTCONF with Python requests
DELETE /restconf/data/ietf-interfaces:interfaces/interface={name}
- Purpose: Delete an interface
- Auth: Basic Auth
- Returns:
204 No Content - Related Topics: 3 – RESTCONF with Python requests
Native Config (Cisco-IOS-XE-native)
GET /restconf/data/Cisco-IOS-XE-native:native
- Purpose: Get full native IOS XE configuration
- Auth: Basic Auth
- Exam Tip: Most complete model — covers ALL CLI features.
- Related Topics: 1.0_Foundation_Deep_Dive
GET /restconf/data/Cisco-IOS-XE-native:native/hostname
- Purpose: Get hostname only
- Auth: Basic Auth
- Returns:
{"Cisco-IOS-XE-native:hostname": "CSR1kv"} - Related Topics: 1.0_Foundation_Deep_Dive
PATCH /restconf/data/Cisco-IOS-XE-native:native
- Purpose: Partially update native config
- Auth: Basic Auth
- Returns:
204 No Content - Related Topics: 3 – RESTCONF with Python requests
OpenConfig and Operational Data
GET /restconf/data/openconfig-interfaces:interfaces
- Purpose: Get interfaces via OpenConfig model
- Auth: Basic Auth
- Exam Tip: OpenConfig separates
configandstatecontainers. IETF does not. - Related Topics: 1 – YANG Data Models Overview (Exam Topic 1.1)
GET /restconf/data/Cisco-IOS-XE-process-cpu-oper:cpu-usage
- Purpose: Get CPU utilization (read-only operational data)
- Auth: Basic Auth
- Exam Tip:
rodata — cannot be modified. Used for monitoring/telemetry. - Related Topics: 4.0_Operations_Deep_Dive
GET /restconf/data/Cisco-IOS-XE-memory-oper:memory-statistics
- Purpose: Get memory utilization (read-only)
- Auth: Basic Auth
- Related Topics: 4.0_Operations_Deep_Dive
6 – Quick Endpoint Lookup by Use Case
| Use Case | Controller | Endpoint |
|---|---|---|
| Authenticate | Catalyst Center | POST /dna/system/api/v1/auth/token |
| SD-WAN | POST /j_security_check | |
| Meraki | Header: X-Cisco-Meraki-API-Key | |
| ISE | Header: Authorization: Basic | |
| List devices | Catalyst Center | GET /dna/intent/api/v1/network-device |
| SD-WAN | GET /dataservice/device | |
| Meraki | GET /api/v1/organizations/{orgId}/devices | |
| ISE | GET /ers/config/networkdevice | |
| RESTCONF | GET /restconf/data/ietf-interfaces:interfaces | |
| Day-0 provision | Catalyst Center | POST .../onboarding/pnp-device/site-claim |
| SD-WAN | POST /dataservice/device/action/ztp | |
| Meraki | POST /api/v1/networks/{id}/devices/claim | |
| ISE | POST /ers/config/networkdevice | |
| Push config | Catalyst Center | PUT .../template-programmer/template/deploy |
| SD-WAN | POST .../template/device/config/attachdevice | |
| Meraki | PUT /api/v1/networks/{id}/wireless/ssids/{n} | |
| RESTCONF | PATCH /restconf/data/Cisco-IOS-XE-native:native | |
| Check health | Catalyst Center | GET /dna/intent/api/v1/site-health |
| SD-WAN | GET /dataservice/device/monitor | |
| Meraki | GET /api/v1/organizations/{orgId}/devices/statuses | |
| RESTCONF | GET .../Cisco-IOS-XE-process-cpu-oper:cpu-usage | |
| Security/Quarantine | ISE | PUT /ers/config/ancendpoint/apply |
| Meraki | PUT .../appliance/firewall/l3FirewallRules | |
| Check async status | Catalyst Center | GET /dna/intent/api/v1/task/{taskId} |
| SD-WAN | GET /dataservice/device/action/status/{actionId} | |
| SWIM/Images | Catalyst Center | POST /dna/intent/api/v1/image/distribution |
| SD-WAN | GET /dataservice/device/action/software/images |