Using OAuth 2.0 for Authentication

For secure access to the APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software., the Aruba Central API Framework plug-in supports OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. protocol for authentication and authorization. OAuth 2.0 is a simple and secure authorization framework. It allows applications to acquire an access token for Aruba Central through a variety of work flows supported within the OAuth 2.0 specification.

All OAuth 2.0 requests must use the SSL Secure Sockets Layer. SSL is a computer networking protocol for securing connections between network application clients and servers over the Internet. endpoint available at the Domain URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. (for example, https://app1-apigw.central.arubanetworks.com).

Access and Refresh Tokens

The access token is a string that identifies a user, app, or web page and is used by the app to access an API. The access tokens provide a temporary and secure access to the APIs.

The access tokens have a limited lifetime. If the application uses web server or user-agent OAuth authentication flows, a refresh token is provided during authorization that can be used to get a new access token.

If you are writing a long running applications (web app) or native mobile application you should refresh the token periodically. For more information, see Refreshing a token.

This section includes the following topics:

Obtaining Access Token

Users can generate the OAuth token using one of the following methods:

Accessing APIs

To access the API, use the Domain URL (for example, https://app1-apigw.central.arubanetworks.com/).

This endpoint is accessible over SSL and the HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. (non-SSL) connections are redirected to the SSL port.

Table 1: Accessing the API

URL

Description

Domain URL

For example, https://app1-apigw.central.arubanetworks.com/

The API gateway URL. All APIs can be accessed from this URL by providing a correct access token.

The parameters for the API are as follows:

Table 2: Parameters for the API

Parameter

Value

Description

request_path

URL Path

URL path of an API, for example, to access monitoring APIs, use the path /monitoring/v1/aps.

Table 3: Header for the API

Header

Value

Description

Authorization

Bearer <access token>

Pass the access token in the header.

Example

Request Method: GET GET refers HTTP request method or an SNMP operation method. The GET HTTP request method submits data to be processed to a specified resource. The GET SNMP operation method obtains information from the Management Information Base (MIB).

request_path: https://app1-apigw.central.arubanetworks.com/monitoring/v1/aps

Request Header:

Authorization: Bearer ouzMaXEBbB6XqGtsWomK7MvaTuhrqDQ1

Response:

{

"aps": [

{

"firmware_version": "6.4.4.4-4.2.3.1_54637",

"group_name": "00TestVRK",

"ip_address": "10.29.18.195",

"labels": [

"Filter_242",

"Ziaomof",

"roster",

"242455",

"Diegso"

],

"macaddr": "6c:f3:7f:c3:5d:92",

"model": "AP-134",

"name": "6c:f3:7f:c3:5d:92",

"radios": [

{

"band": 0,

"index": 1,

"macaddr": "6c:f3:7f:b5:d9:20",

"status": "Down"

},

{

"band": 1,

"index": 0,

"macaddr": "6c:f3:7f:b5:d9:30",

"status": "Down"

}

],

"serial": "AX0140586",

"status": "Down",

"swarm_id": "e3bf1ba201a6f85f4b5eaedeead5e502d85a9aef58d8e1d8a0",

"swarm_master": true

}

],

"count": 1

}

Accessing Tenant APIs using MSP Access Token

MSP Managed Service Provider. The Managed Service Provider (MSP) mode is a multi-tenant operational mode that Aruba Central accounts can be converted into, provided these accounts have subscribed to the Aruba Central app. users can use their access token to perform the operation on their tenant accounts using NBAPI. User privileges as per the tenant role are applied for these operations. An MSP user must provide the tenant info (CID Customer ID is an authentication mechanism used within computing systems, networks, and applications.) as part of the request header.

The Rate-limit will be consumed from the MSP account quota.

Table 4: Header for the API

Header

Value

Description

TenantID

267958b55d5a463e94a302c20f4a6b68

Pass the tenant CID.

Example

Request Method: GET

https://app1-apigw.central.arubanetworks.com/central/v2/sites

Request Header:

TenantID: 267958b55d5a463e94a302c20f4a6b68

Response Code: 200

Response:

{

"count": 1,

"sites": [

{

"address": "bangalore",

"associated_device_count": 4,

"city": "bangalore",

"country": "India",

"latitude": "12.9298689",

"longitude": "77.6848366",

"site_id": 1,

"site_name": "test-pcap",

"state": "Karnataka",

"tags": null,

"zipcode": "560103"

}

],

"total": 1

}

Viewing and Revoking Tokens

To view or revoke tokens, complete the following steps:

  1. In the Aruba Central app, set the filter to Global.
  2. Under Maintain, click Organization > Platform Integration > Rest API.
    The API Gateway page is displayed.
  3. Click My Apps & Tokens. The Token List table displays the following:
    • Token ID—Token ID of the application.
    • User Name—Name of the user to whom this token is associated to. An application can be associated to multiple users.
    • Application—Name of the application to which this token is associated to. For example, Aruba Central.
    • Generated At—Date on which the token was generated.
    • Revoke Token—Click Revoke Token and click Yes to revoke the token associated to a particular user. For example, if two users are associated to an application and if you want to remove access to a particular user, revoke the token associated to that user.
    • Download Token—Click Download Token to download the token.

The admin user has System Apps & Tokens tab which displays all the apps and tokens generated in all non-admin user profiles in addition to the apps and tokens created in the admin user profile. To view all the tokens of admin and non-admin user, go to Organization > Platform Integration > Rest API > System Apps & Tokens.

Adding a New Token

To add a new token, complete the following steps:

  1. In the Aruba Central app, set the filter to Global.
  2. Under Maintain, click Organization > Platform Integration > Rest API.
    The API Gateway page is displayed.
  3. Click My Apps & Tokens. The Token List table displays the following:
    • Token ID—Token ID of the application.
    • User Name—Name of the user to whom this token is associated to. An application can be associated to multiple users.
    • Application—Name of the application to which this token is associated to. For example, Aruba Central.
    • Generated At—Date on which the token was generated.
    • Revoke Token—Click Revoke Token and click Yes to revoke the token associated to a particular user. For example, if two users are associated to an application and if you want to remove access to a particular user, revoke the token associated to that user.
    • Download Token—Click Download Token to download the token.

The user with Aruba Central Administrator role can create new tokens for all non-admin users by clicking + Add Apps & Tokens in the System Apps & Tokens tab.

  1. Click + Add Apps & Tokens to add a new token.
  2. Enter the application name in the Application Name box and click Generate.

If you have registered a custom URI Uniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format. when creating a new app under System Apps and Tokens, the Redirect URI option is disabled for you in the My Apps and Tokens > + Add Apps and Tokens > New Token. In such cases, the Redirect URI option in Add Apps and Tokens > New Token under My Apps and Tokens populates your already registered URI.