This is an old revision of the document!
POSTMAN TUTO
INSTALL POSTMAN: External Link
~Download it in Downloads folder sudo tar -xvzf ~/Downloads/Postman-linux-x64-7.33.1.tar.gz -C /opt sudo ln -s /opt/Postman/Postman /usr/bin/postman
- PASSWORD MANAGEMENT: For authentication, providing credentials are static, we do: Basic Auth > Update Request > [Check headers to see authorization token is generated] > Test > Save it
- Other popular authentication methods: 'token bearer' ; token created manually in the header (header tab: key : 'Authentication' value :' Token ee8jgfjhfkhvhjvjh1'
- CODE GENERATED: Note verify=False for the ssl verification & removed: cache-control and postman-token
- Accept header: Note that this is misleading. It goes in the request (GET) and specifies the media types which are acceptable for the response.
CURL
TODO: curl most common flags
CRAFTED REQUESTS
The USER-AGENT makes a request in which they connect to the DOMAIN (whatever the region is). The actual HTTP-REQUEST is then the line:
GET /multizone/channels-json.fcgi?url=mobileapp%3Ade.telekom.t_online_de HTTP/1.1
So normally hostname and request comes in DIFFERENT PACKETS. The DOMAIN is not traveling in any packet, that's resolved into an IP.
The entire URL, e.g.: “protocol:/hostname/path” isn't sent as a single line in HTTP. Instead you get:
METHOD path HTTP/Version Host: hostname
E.g.http://xyz.com/hello/world GET /hello/world HTTP/1.1
Host: xyz.com
CURL AND SOCKS
Also see curl examples in External Link
curl --socks5 127.0.0.1:1080 -X GET --header 'Accept: application/json' --header 'X-CSRFToken: WBC93zWg6SMnpzs6vvBXnejzLzpJJQ4LSeuGHsHVbeSHDa7cwlWcrwyGL8v1CTOn' 'http://netbox.uswest-cluster.aws.mycompany1.co.uk:8080/api/dcim/devices/'
BUILDING THE URL
- Parameters
- Terms
- Endpoint: endpoint is the whole URL. Leftside is Domain name; Rightside is URI
- A group of resources is called a collection. External Link
- method, headers, data(body) External Link
- The URL above has two parameters separated by &
- The second parameter has two terms separated by ' AND '
- If we are told to separate anything with Space, this is how is encoded in the URL :
%20. So, if we need something like ' AND ' we encode it as:%20AND%20
CREDENTIALS
- Token bearer
- Non-standard token (in the header itself):
- Content-Type : Content-Type
- X-Arbux-APIToken : xxxxxxx
Rest API resource internals LINK
- REST API should expose named UUID-V3 identifier. UUID should be generated from the resource logical key
- BACKEND should use/store numeric (ID) primary keys for its logics
REQUESTS MODULE
requests.get == requests.request(“GET”,
REQUEST TO DICT AND MANIPULATION (working example!):
import requests
import json
import urllib2
url = "http://observium.dc.mycompany1.co.uk/api/v0/devices/"
response = requests.get(url, auth=('api2', 't.........'))
json_data = json.loads(response.text)
for key, value in json_data.iteritems() :
print key, value
#!/usr/bin/env python
[...]
resources = data["resources"]
end_result = []
for res_elements in resources:
if res_elements["type"] == "oci_core_network_security_group_security_rule":
# Creates list with NSG ids for all NSG-rules
end_result.append(res_elements["instances"][0]["attributes"]["network_security_group_id"])
# How many different NSGs we have (ocids)
nsgs = sorted(set(end_result))
# For loop goes through all NSGs and count occurrences (1 NSG will appear per rule)
for item in nsgs:
print ("NSG: " + item[-5:] + " ; Number-of-rules: " + str(end_result.count(item)))
if __name__ == "__main__":
main()
JUNOS REST API:
- This link for resources: External Link
set system services rest http port 3000 set system services rest enable-explorer set system services rest control allowed-sources [10.5.128.12 10.8.8.3] set system services rest control connection-limit 100 set system services rest http addresses 10.5.128.8 set system services rest traceoptions flag all
Curl call:
curl -u "root:password" http://10.5.128.8:3000/rpc/get-interface-information # we can easily use the browse based rest-api navigator
To see the rcp call from a plain junos command (example):
show bgp summary | display xml rpc
ASA REST API\
http://www.cisco.com/c/en/us/td/docs/security/asa/api/qsg-asa-api.html#56532
CPI 3 API NOTES
REST API 101
http://developer.cisco.com/site/devnet/learn/coding-101-tutorial/#how-does-this-work?
- API account in PI needs to be created and assigned to new Virtual Domain with the correct permissions!
- Initiate postman. Clear cache and cookies.
- Interceptor ON
- In chrome: https://crpashcpi01.corporate.local/webacs/pages/common/login.jsp + Login as api user
- Now you can issue the api URL in postman
THE HTTP HEADER
GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1 Host: code.tutsplus.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120 Pragma: no-cache Cache-Control: no-cache * Connection: keep-alive or close
METHOD
- GET - used when retrieving data
- POST - used when creating something new
- PUT - used when updating data
- DELETE - used to delete data
HOST: Is a way of multiplexing. An HTTP request is sent to a specific IP address. But since most servers are capable of hosting multiple websites under the same IP, they must know which domain name the browser is looking for.
URL
The URL for the endpoint you want to call
Example: http://APIC-EMController}/api/v0/host
AUTHENTICATION
- You need to know the authentication type to use. Basic HTTP, and OAuth are common types.
- Authentication credentials
CUSTOM HEADER:
- Does the API require you to send any HTTP Headers?
- Example: Content-Type: application/json
REQUEST BODY
JSON or XML containing data that is needed to complete request can be sent in the body of the request
JSON NOTES:
- key : value pairs
- OBJECT: whatever in Curly Braces
- ARRAY: whatever in squared brackets. Sometimes the array comprises the whole code top level object
If we want the Top Level Object to be in curly brackets, it requires to have a key (beccause all in curly brackets needs to be key value!).
console.log(myObj.People[1].Lastname); # in js code and in json with top level code as curly, will access the second curly brackets inside the tlc and then to the value associated to the 'LastName' in that curly block. see DevNet(43) video for more info.
