To authenticate to the ClearPass API you first need to go to the GUI of ClearPass Policy Manager and login.
Step 1: Access Guest Section
Once logged in browse to the top right corner and select Guest. It is weird that the API settings are in the guest part of ClearPass, but there must be a reason the developers done it this way.
Step 2: Navigate to API Services
Go to Administration on the left menu system, then browse to API Services > API Clients.
Step 3: Create API Client
On the right browse to "Create API client".
Create the API client as below, giving the relevant access and lifetime.
Step 4: Generate Access Token
After the API client has been created, click the new client and select generate access token. Copy the HTTP Authorization bearer into Postman.
Step 5: Browse API Explorer
Browse to the API explorer at https://<ip/url>/api-docs. Choose what API you want to use.
Example: Getting Static Host Lists
For this example I'm doing a simple GET request using Postman to pull all of the static host lists.
Postman Configuration
- URL:
https://<ip or url>/api/static-host-list - Method: GET
- Authorization: Bearer Token
- Token: Paste the token from ClearPass into the box
Response Example
Once this is sent you will get a response from ClearPass containing the static host lists in JSON format.
{
"_links": {
"self": {
"href": "https://192.168.0.48/api/static-host-list/?calculate_count=false&offset=0&limit=25&sort=%2Bid&filter=%7B%7D"
},
"first": {
"href": "https://192.168.0.48/api/static-host-list/?calculate_count=false&offset=0&limit=25&sort=%2Bid&filter=%7B%7D"
}
},
"_embedded": {
"items": [
{
"id": 3001,
"name": "Test-Test",
"description": "Add MAC with API call",
"host_format": "list",
"host_type": "MACAddress",
"host_entries": [
{
"host_address": "00-00-AA-22-33-44",
"host_address_desc": "Test-44"
},
{
"host_address": "AA-BB-CC-DD-EE-FF",
"host_address_desc": "Test-ff"
},
{
"host_address": "00-AA-BB-CC-DD-EE",
"host_address_desc": "Test-ee"
},
{
"host_address": "11-AA-BB-CC-DD-FF",
"host_address_desc": "Test-11"
}
],
"_links": {
"self": {
"href": "https://192.168.0.48/api/static-host-list/3001"
}
}
},
{
"id": 3002,
"name": "MFT PDA VLAN 2004",
"description": "",
"host_format": "list",
"host_type": "MACAddress",
"host_entries": [
{
"host_address": "66-55-44-33-22-11",
"host_address_desc": "Device1234"
},
{
"host_address": "22-33-44-55-66-77",
"host_address_desc": "device4321"
}
],
"_links": {
"self": {
"href": "https://192.168.0.48/api/static-host-list/3002"
}
}
}
]
}
}This simple example shows how to authenticate and retrieve static host lists from ClearPass. The API can be used for much more complex operations including adding/removing endpoints, managing guest access, and integrating with other systems.
Additional API Endpoints
Common ClearPass API Operations
GET /api/static-host-list- Retrieve all static host listsGET /api/static-host-list/{id}- Get specific host listPOST /api/static-host-list- Create new host listPUT /api/static-host-list/{id}- Update existing host listDELETE /api/static-host-list/{id}- Delete host listGET /api/endpoint- Retrieve endpointsGET /api/guest- Manage guest accounts
Best Practices
- Use appropriate token lifetimes - not too long for security, not too short for usability
- Limit API client permissions to only what's needed
- Always use HTTPS when making API calls
- Store tokens securely and never commit them to version control
- Monitor API usage and set up proper logging
- Test API calls in a lab environment before production deployment