Enabling ISE 3.0 ERS APIs

I want to walkthrough enabling the External RESTful Services (ERS) APIs in Cisco ISE 3.0 so that we can consume ISE APIs in later posts to do a variety of things to include endpoint creation/manipulation, network device creation, and many more tasks. Once we enable and configure ISE we will briefly go over the ISE Software Development Kit (SDK).

A few important things to note:

  • ISE ERS APIs use HTTPS protocol on port 9060

  • These APIs allow CRUD operations

  • ERS is based on the HTTP protocol and REST methodology

Note: See more about CRUD/REST/HTTP verbs here: CURL, REST, & CRUD Tidbit

Ok, we have a fresh ISE 3.0 install in vmware. Once installed, ensure the app server is running so that we can access the web admin UI portal. If it is not, you can manually check status/start the app server from cli. If the app server is 'initializing' you can actually browse to the admin UI and it displays a nice message stating so (nice new feature with ISE 3.0).

Helpful CLI Commands to ensure app server is running:

#show application status ise
#application start/stop ise
#application status ise

Ok so let's begin. After login this is what the main default page looks like. In order to get to System settings so we can enable the ERS APIs click the top left 3bar drop down:

Now go to Administration->System->Settings:

Now click on ERS settings in the left pane:

We will proceed with Enabling the ERS setting for the Admin node & enabled CSRF Check. You will get the following popup:

Ok so now that our ERS APIs are enabled we need to create an ERS admin. Note that there are different roles: Quick overview:

  • ERS Admin: This user can create, read, update, and delete External RESTful Services API requests. They have full access to all External RESTful Services APIs (GET, POST, DELETE, PUT).

  • ERS Operator: This user has read-only access (GET requests only).

To create the ERS Admin user go to: Adminstration->System->Admin Access->Administrators->Admin Users: Then click +Add:

For our setup we will be creating a new user and assigning it to ERS Admin group so that we have full access to ERS APIs:

Once we have enabled the RESTful services, and created our ERS admin user we are now ready to begin consuming APIs.

Lastly, to view the ERS SDK you can access it via: https://<ISE-ADMIN-NODE>:9060/ers/sdk. Only users with the role ERS Admin can access the External RESTful Services SDK.

The SDK consists of the following components:

  • Quick reference API documentation.

  • A complete list of all available API operations.

  • Schema files available for download.

  • Sample application in Java available for download.

  • Use cases in cURL script format.

  • Use cases in Python script format.

  • Instructions on using Chrome Postman.

Good luck & see you in later posts, Cheers!


Recent Posts

See All

Linux AnyConnect Overview & Ansible Automation

"The What?" - In this blog I want to cover a brief overview of one way to install AnyConnect (AC) on a linux client running a supported OS. Once I cover the overview I intend on covering a few Ansibl

Using a Custom Ansible Module for ISE API Interaction

"The What?" - In this post I am going to provide a general understanding on how to use a custom Ansible module. A module is essentially a reusable standalone script that Ansible will run on your beha

Ansible URI Module Breakdown & ISE Example

"The What?" - In this blog I want to cover an important Ansible module for those looking to gain an understanding of how to use Ansible to consume APIs without the need for custom modules. The URI mo