Authenticating with Cisco APIs
NOTE: Cisco Meraki APIs use a different method of authentication to the standard Cisco APIs. To learn about interacting with Cisco Meraki APIs, please read the Get Hands On section of the Cisco Meraki developer website.
Subscription key
To communicate with any Cisco API through the Pivot Portal, you must include a Subscription Key in the header of every request. Otherwise your request will be blocked immediately by the Pivot Portal before relaying to Cisco. This is a security measure to protect Pivot and our partners attacks such as DDOS.
Subscription keys are only provided to trusted clients of the Pivot Cisco OEM APIs. A subscription key will be provided to you via email on request. Thereafter, using the subscription key is simple. Include the following HTTP header with every request you issued to the Pivot Portal:
Ocp-Apim-Subscription-Key: {subscription_key}Token
Before you can interact with any of the Cisco OEM APIs, you must first obtain a valid access token. This access token must be included in the header of all subsequent API calls.
https://api-uat.pivotts.com/oem-cisco/cisco-identity
Post your client_id and client_secret to this URL.
Note that different categories of Cisco APIs have different applications and therefore different credentials. The client_id and client_secret that you provide, depends on what API you need to call.
REQUESTPOST https://api-uat.pivotts.com/oem-cisco/cisco-identity/HTTP/1.1 Content-Type: application/x-www-form-urlencodedOcp-Apim-Subscription-Key: {subscription_key}grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}You should receive the following response assuming that all fields are valid. access_token is the one to be used for the API call..
RESPONSEHTTP/1.1 200 OKcontent-type: application/json;charset=utf-8{"access_token": "{access_token}","token_type": "Bearer","expires_in": 3599}Cisco's default lifetime for an access-token is 3600 seconds (1 hour), after which time you will need to acquire a new access-token by replicating the authorization process over again.
You may re-authorize (redo the OAuth v2.0 grant flow) at any time to get a new access-token (with a fresh expiry).
Subsequent API calls
Cisco recommend not generating a token for every API call. Rather, use the one for the specified duration for maximum efficiency and optimal performance.
An example request and response using an access token is as follows:
REQUESTGET https://api-uat.pivotts.com/oem-cisco/cisco-product-alerts/field-notice-bulletins?customerId={customer_id}&bulletinFirstPublished={bulletin_first_published}HTTP/1.1 Authorization: Bearer {access_token}Ocp-Apim-Subscription-Key: {subscription_key}RESPONSEHTTP/1.1 200 OKcontent-encoding: gzipcontent-type: application/json; charset=utf-8{"data": [{"bulletinFirstPublished": "2007-04-23","bulletinNumber": 62787,"fieldNoticeType": "Other","bulletinTitle": "FN# 62787 - Safety Notice - Potential Manufacturing Issue on Switches and Redundant Power Supplies","bulletinLastUpdated": "2008-06-30","alertAutomationCaveat": "No automated matching was done for the RPS power supply, since this is not supported in inventory at this time. The 3750 does not report unique chassis sysobjectid in SNMP, so manual verification of model may be required. Also, no check of the chassis version number was done.","url": "http://www.cisco.com/en/US/ts/fn/620/fn62787.html","bulletinSummary": "Although there has not been a reported safety incident, Cisco is aware of a potential safety issue that can be caused by a welded nut breaking free inside the switch and Redundant Power Supply (RPS).\r\n\r\nTightening the mounting screws used to secure the power supply or blower module to the switch or the RPS can lead to a welded nut on the interior to the switch or RPS breaking free from the chassis sheet metal. A risk of electric shock may exist if the chassis is not properly grounded and the loose nut comes in contact with the power supply line-in and chassis. "}]}