To authenticate to the ClearPass API you first need to go to the GUI of ClearPass Policy Manager and login.
Step 1: Access Guest Section
Once logged in browse to the top right corner and select Guest. It is weird that the API settings are in the guest part of ClearPass, but there must be a reason the developers done it this way.
Step 2: Navigate to API Services
Go to Administration on the left menu system, then browse to API Services > API Clients.
Step 3: Create API Client
On the right browse to "Create API client".
Create the API client as below, giving the relevant access and lifetime.
Step 4: Generate Access Token
After the API client has been created, click the new client and select generate access token. Copy the HTTP Authorization bearer into Postman.
Step 5: Browse API Explorer
Browse to the API explorer at https://<ip/url>/api-docs. Choose what API you want to use.
Example: Getting Static Host Lists
For this example I'm doing a simple GET request using Postman to pull all of the static host lists.
Postman Configuration
- URL:
https://<ip or url>/api/static-host-list - Method: GET
- Authorization: Bearer Token
- Token: Paste the token from ClearPass into the box
Response Example
Once this is sent you will get a response from ClearPass containing the static host lists in JSON format.
{
"_links": {
"self": {
"href": "https://192.168.0.48/api/static-host-list/?calculate_count=false&offset=0&limit=25&sort=%2Bid&filter=%7B%7D"
},
"first": {
"href": "https://192.168.0.48/api/static-host-list/?calculate_count=false&offset=0&limit=25&sort=%2Bid&filter=%7B%7D"
}
},
"_embedded": {
"items": [
{
"id": 3001,
"name": "Test-Test",
"description": "Add MAC with API call",
"host_format": "list",
"host_type": "MACAddress",
"host_entries": [
{
"host_address": "00-00-AA-22-33-44",
"host_address_desc": "Test-44"
},
{
"host_address": "AA-BB-CC-DD-EE-FF",
"host_address_desc": "Test-ff"
},
{
"host_address": "00-AA-BB-CC-DD-EE",
"host_address_desc": "Test-ee"
},
{
"host_address": "11-AA-BB-CC-DD-FF",
"host_address_desc": "Test-11"
}
],
"_links": {
"self": {
"href": "https://192.168.0.48/api/static-host-list/3001"
}
}
},
{
"id": 3002,
"name": "MFT PDA VLAN 2004",
"description": "",
"host_format": "list",
"host_type": "MACAddress",
"host_entries": [
{
"host_address": "66-55-44-33-22-11",
"host_address_desc": "Device1234"
},
{
"host_address": "22-33-44-55-66-77",
"host_address_desc": "device4321"
}
],
"_links": {
"self": {
"href": "https://192.168.0.48/api/static-host-list/3002"
}
}
}
]
}
}This simple example shows how to authenticate and retrieve static host lists from ClearPass. The API can be used for much more complex operations including adding/removing endpoints, managing guest access, and integrating with other systems.