SD-LAN SD-WAN Network View Documentation
Introduction
The KPN SD-LAN SD-WAN Network View API offers an interface for software to interact directly with the KPN SD-LAN SD-WAN products, based on the Cisco Meraki cloud platform and Cisco Meraki managed devices. The API contains a set of endpoints for use cases such as monitoring, event management, and video camera analystics.
The API resources follow a structure like in the image below. Organizations consist of networks, which contain devices such as access points, switches and MX security appliances. The characteristics of these devices can be configured with the API.
The KPN SD-LAN SD-WAN Network View API is a REST API using HTTPS requests to a URL and JSON as a human-readable format.
The API call volume rate is limited to 3 calls per second per organization.
API specification
Base URL
https://api-prd.kpn.com/kpn/meraki
Conceptual model
Description
- You communicate the item of your ICT environment you want more info about to My Developer Portal through the SD-LAN SD-WAN Network View API.
- My Developer Portal immediately moves the request to the Cisco Meraki cloud platform.
- The Meraki controller retrieves the information from your ICT environment.
- The cloud platform returns the information you requested via the API to you.
Network View API
The Network View API gives users read rights to retrieve information from the Network View API resources.
Allowed methods: GET
Requirements
This API is only available for customers of KPN SD-LAN SD-WAN services based on Cisco Meraki.
Definitions
Layer 3 (L3) firewall rule
L3 firewall rules provide administrators granular access control of client traffic. Layer 3 firewalls filter traffic, based on the TCP/IP stack. This approach is sometimes also referred to as packet filtering because you’re essentially allowing and blocking individual network packets depending on where they originated and which ports they want to talk to.
MAC address
In a local area network (LAN) or other network, the MAC (Media Access Control) address is the computer's unique hardware number.
MX
Cisco Meraki MX Security Appliances are multi-functional security & SD-WAN enterprise appliances, with a wide set of capabilities to address multiple use cases from an all-in-one device.
PoE
Power over Ethernet (PoE) is a technology for wired Ethernet local area networks (LANs) that allows the electrical current necessary for the operation of each device to be carried by the data cables rather than by power cords.
Quality of Service (QoS)
QoS is the description or measurement of the overall performance of a service, such as a telephony, computer network or a cloud computing service, particularly the performance seen by the users of the network.
SSID
Service Set Identifier. A “service set” refers to a collection of wireless networking devices with the same parameters. SSIDs serve as "wireless network names" and are typically natural language labels.
Switch
A network switch is a device that connects different network segments together transparently.
Switch port
A network switch port is a physical interface on the switch where devices connect to the switch.
VLAN
A VLAN (virtual LAN) is a sub-network, which can group together collections of devices on separate physical local area networks (LANs).
API workflow
Features
- Retrieve information about the configuration of your networks, devices, VLANs, and more.
- Get the latest network status and information on events.
- See results of the analytics performed on images captured with your security cameras.
Getting started
Make sure you've read What's in it for you for more info on how to register and start testing APIs.
Authentication
The API follows the KPN Store API Authentication Standard to secure the API. It includes the use of OAuth 2.0 client_id and client_secret to receive an access token.
Go to the Authentication tab on top of this page to find out how to:
- Authenticate to an API using cURL.
- Authenticate to an API on Swaggerhub.
- Import Open API Specifications (OAS), also called Swagger files into Postman.
How to...
Parameters marked with an asterisk are required. Example:
serial*.
Retrieve Layer 3 firewall rules for MX appliances {get-l3-firewall-mx}
This endpoint returns the L3 firewall rules for an MX appliance.
Request
GET /networks/{networkId}/l3FirewallRules
| Path parameter | Type | Description |
|---|---|---|
networkId* |
string | Network identity is a portion of the TCP/IP address that is used to identify individuals or devices on a network such as a local area network or the Internet. |
Response
Response example
Successful HTTP Status: 200
[
{
"comment": "Allow TCP traffic to subnet with HTTP servers.",
"policy": "allow",
"protocol": "tcp",
"destPort": 443,
"destCidr": "192.168.1.0/24",
"srcPort": "Any",
"srcCidr": "Any",
"syslogEnabled": false
}
]
Retrieve a list of switch ports {#get-switch-ports}
Lists the switch ports for a switch.
Request
GET /devices/{serial}/switchPorts
| Path parameter | Type | Description |
|---|---|---|
serial* |
string | The serial number of the device. Example: Q7QN-9J8L-SGTD |
| Query parameter | Type | Description |
|---|---|---|
t0 |
string | The beginning of the timespan for the data. The maximum lookback period is 31 days from today. |
timespan |
integer | The timespan for which the information will be fetched. If specifying timespan, do not specify parameter t0. The value must be in seconds and be less than or equal to 31 days. The default is 1 day. |
Response
Response example
Successful HTTP Status: 200
[
{
"number": 1,
"name": "My switch port",
"tags": "tag1 tag2",
"enabled": true,
"poeEnabled": true,
"type": "access",
"vlan": 10,
"voiceVlan": 20,
"isolationEnabled": false,
"rstpEnabled": true,
"stpGuard": "disabled",
"accessPolicyNumber": "1234",
"linkNegotiation": "Auto negotiate",
"portScheduleId": "1234",
"udld": "Alert only",
"macWhitelist": [
"34:56:fe:ce:8e:a0",
"34:56:fe:ce:8e:a1"
],
"stickyMacWhitelist": [
"34:56:fe:ce:8e:b0",
"34:56:fe:ce:8e:b1"
],
"stickyMacWhitelistLimit": 5,
"stormControlEnabled": true
}
]
Retrieve a specific switch port {#get-specific-switch-port}
Request
GET /devices/{serial}/switchPorts/{number}
| Path parameter | Type | Description |
|---|---|---|
serial* |
string | The serial number of the device. Example: Q7QN-9J8L-SGTD |
number * |
string | The number of the device. Example: Q7QN-9J8L-SGTD |
Response
Response example
Successful HTTP Status: 200
{
"number": 1,
"name": "My switch port",
"tags": "tag1 tag2",
"enabled": true,
"poeEnabled": true,
"type": "access",
"vlan": 10,
"voiceVlan": 20,
"isolationEnabled": false,
"rstpEnabled": true,
"stpGuard": "disabled",
"accessPolicyNumber": "1234",
"linkNegotiation": "Auto negotiate",
"portScheduleId": "1234",
"udld": "Alert only",
"macWhitelist": [
"34:56:fe:ce:8e:a0",
"34:56:fe:ce:8e:a1"
],
"stickyMacWhitelist": [
"34:56:fe:ce:8e:b0",
"34:56:fe:ce:8e:b1"
],
"stickyMacWhitelistLimit": 5,
"stormControlEnabled": true
}
Retrieve a list of Service Set Identifiers (SSID) {#get-ssid}
Lists the SSIDs in a network. Supports networks with access points or wireless-enabled security appliances and teleworker gateways.
Request
GET /networks/{networkId}/ssids
| Path parameter | Type | Description |
|---|---|---|
networkId * |
string | The network ID of the device. Example: L_1234567894811040791 |
Response
Response example
Successful HTTP Status: 200
[
{
"number": 0,
"name": "My SSID",
"enabled": true,
"splashPage": "Click-through splash page",
"ssidAdminAccessible": false,
"authMode": "8021x-radius",
"encryptionMode": "wpa-eap",
"wpaEncryptionMode": "WPA2 only",
"radiusServers": [
{
"host": "0.0.0.0",
"port": 3000
}
],
"radiusAccountingEnabled": false,
"radiusEnabled": true,
"radiusAttributeForGroupPolicies": "Filter-Id",
"radiusFailoverPolicy": "null",
"radiusLoadBalancingPolicy": "null",
"ipAssignmentMode": "NAT mode",
"adminSplashUrl": "http://example.com",
"splashTimeout": "30 minutes",
"walledGardenEnabled": true,
"walledGardenRanges": "example.com",
"minBitrate": 11,
"bandSelection": "5 GHz band only",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": false,
"availabilityTags": [ "test-tag" ]
}
]
Retrieve a single SSID {#get-single-ssid}
Returns a specific Service Set Identifier (SSID).
Request
GET /networks/{networkId}/ssids/{number}
| Path parameter | Type | Description |
|---|---|---|
networkId * |
string | The network ID of the device. Example: L_1234567894811040791 |
number * |
string | The number of the SSID instance. |
Response
Response example
Successful HTTP Status: 200
{
"number": 0,
"name": "My SSID",
"enabled": true,
"splashPage": "Click-through splash page",
"ssidAdminAccessible": false,
"authMode": "8021x-radius",
"encryptionMode": "wpa-eap",
"wpaEncryptionMode": "WPA2 only",
"radiusServers": [
{
"host": "0.0.0.0",
"port": 3000
}
],
"radiusAccountingEnabled": false,
"radiusEnabled": true,
"radiusAttributeForGroupPolicies": "Filter-Id",
"radiusFailoverPolicy": "null",
"radiusLoadBalancingPolicy": "null",
"ipAssignmentMode": "NAT mode",
"adminSplashUrl": "http://example.com",
"splashTimeout": "30 minutes",
"walledGardenEnabled": true,
"walledGardenRanges": "example.com",
"minBitrate": 11,
"bandSelection": "5 GHz band only",
"perClientBandwidthLimitUp": 0,
"perClientBandwidthLimitDown": 0,
"visible": true,
"availableOnAllAps": false,
"availabilityTags": [ "test-tag" ]
}
List of API resources
Go to the interactive OpenAPI Specification (OAS) documentation on SwaggerHub to explore the SD-LAN SD-WAN Network View API endpoints. See KPN SD-LAN SD-WAN Network View API.
Each endpoint has a complete description of all the required parameters:
- Bluetooth clients.
- Bluetooth settings.
- Camera quality retention profiles.
- Cameras.
- Clients.
- Connectivity monitoring destinations.
- Content filtering categories.
- Content filtering rules.
- Devices.
- Events.
- Firewalled services.
- Floorplans.
- Group policies.
- HTTP servers.
- Intrusion settings.
- Link aggregations.
- MG Cellular Gateway.
- MR Wireless Network.
- MX Appliances.
- Malware settings.
- Management interface settings.
- Meraki auth users.
- Named tag scope.
- NetFlow settings.
- Networks.
- Organization.
- Radio settings.
- SNMP settings.
- SSIDs.
- Security events.
- Splash login attempts.
- Splash settings.
- Switch ACLs.
- Switch port schedules.
- Switch ports.
- Switch profiles.
- Switch settings.
- Switch stacks.
- Traffic shaping.
- Uplink settings.
- VLANs.
- Wireless settings.
