Skip to main content

AAA Profile

The AAA Profile API endpoints provide comprehensive management of Authentication, Authorization, and Accounting (AAA) profiles for network access control. These endpoints allow you to create, configure, and manage RADIUS-style attribute profiles that define user access policies, network permissions, and accounting rules for network devices and services.

Base URL: https://gate.zequenze.com/api/v1

Authentication: All endpoints require a Bearer token:

Authorization: Bearer <your-api-token>

Overview

The AAA Profile API enables network administrators to manage authentication and authorization profiles that control network access for users and devices. AAA profiles contain sets of RADIUS attributes that define what resources users can access, how they authenticate, and what accounting information is collected.

Key Concepts:

  • Reply Attributes: Sent back to the Network Access Server (NAS) during successful authentication, defining user permissions and access parameters
  • Check Attributes: Used during authentication to validate user credentials and access rights
  • Operators: Define how attributes are processed (=, +=, :=, ==, !=, >, >=, <, <=, =, !)

Common Use Cases:

  • Creating user access policies for different user groups (employees, guests, contractors)
  • Defining VLAN assignments and bandwidth limits
  • Setting session timeouts and access restrictions
  • Managing VPN access profiles
  • Configuring wireless network access policies

The API supports full CRUD operations, allowing you to list, create, retrieve, update, and delete AAA profiles with comprehensive attribute management.

Endpoints

GET /aaa_profile/

Description: Retrieves a paginated list of all AAA profiles in your organization. This endpoint is essential for discovering existing profiles, monitoring configuration changes, and implementing profile management interfaces.

Use Cases:

  • Building administrative dashboards that display all configured access policies
  • Auditing network access configurations across your organization
  • Synchronizing AAA profiles with external configuration management systems

Full URL Example:

https://gate.zequenze.com/api/v1/aaa_profile/?limit=20&offset=0

Parameters:

Parameter Type In Required Description
limit integer query No Number of results to return per page (default: 20, max: 100)
offset integer query No Starting position for pagination (default: 0)

cURL Example:

curl -X GET "https://gate.zequenze.com/api/v1/aaa_profile/?limit=10&offset=0" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

Example Response:

{
  "count": 25,
  "next": "https://gate.zequenze.com/api/v1/aaa_profile/?limit=10&offset=10",
  "previous": null,
  "results": [
    {
      "id": 1,
      "name": "Employee Access Profile",
      "short_name": "employee-access",
      "description": "Standard access profile for full-time employees",
      "organization_id": "org_12345",
      "reply_attribute": [
        {
          "attribute": "Tunnel-Type",
          "op": ":=",
          "value": "VLAN"
        },
        {
          "attribute": "Tunnel-Medium-Type",
          "op": ":=",
          "value": "IEEE-802"
        }
      ],
      "check_attribute": [
        {
          "attribute": "User-Password",
          "op": "==",
          "value": "%{User-Password}"
        }
      ]
    }
  ]
}

Response Codes:

Status Description
200 Success - Returns paginated list of AAA profiles
401 Unauthorized - Invalid or missing authentication token
403 Forbidden - Insufficient permissions to access profiles

POST /aaa_profile/

Description: Creates a new AAA profile with specified reply and check attributes. This endpoint allows you to define new access policies and authentication rules that can be applied to users and network devices.

Use Cases:

  • Setting up access policies for new user groups or departments
  • Creating specialized profiles for guest network access
  • Defining contractor or temporary user access restrictions

Full URL Example:

https://gate.zequenze.com/api/v1/aaa_profile/

cURL Example:

curl -X POST "https://gate.zequenze.com/api/v1/aaa_profile/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Guest WiFi Profile",
    "short_name": "guest-wifi",
    "description": "Limited access profile for guest users",
    "reply_attribute": [
      {
        "attribute": "Session-Timeout",
        "op": ":=",
        "value": "3600"
      },
      {
        "attribute": "Tunnel-Private-Group-Id",
        "op": ":=",
        "value": "100"
      }
    ],
    "check_attribute": [
      {
        "attribute": "Calling-Station-Id",
        "op": "=*",
        "value": "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$"
      }
    ]
  }'

Request Body Example:

{
  "name": "VPN Access Profile",
  "short_name": "vpn-access",
  "description": "Profile for remote VPN users with bandwidth limits",
  "reply_attribute": [
    {
      "attribute": "Framed-IP-Address",
      "op": ":=",
      "value": "255.255.255.254"
    },
    {
      "attribute": "Acct-Interim-Interval",
      "op": ":=",
      "value": "600"
    }
  ],
  "check_attribute": [
    {
      "attribute": "NAS-Port-Type",
      "op": "==",
      "value": "Virtual"
    }
  ]
}

Example Response:

{
  "id": 15,
  "name": "VPN Access Profile",
  "short_name": "vpn-access",
  "description": "Profile for remote VPN users with bandwidth limits",
  "organization_id": "org_12345",
  "reply_attribute": [
    {
      "attribute": "Framed-IP-Address",
      "op": ":=",
      "value": "255.255.255.254"
    },
    {
      "attribute": "Acct-Interim-Interval",
      "op": ":=",
      "value": "600"
    }
  ],
  "check_attribute": [
    {
      "attribute": "NAS-Port-Type",
      "op": "==",
      "value": "Virtual"
    }
  ]
}

Response Codes:

Status Description
201 Created - AAA profile successfully created
400 Bad Request - Invalid data in request body
401 Unauthorized - Invalid or missing authentication token
409 Conflict - Profile with same short_name already exists

GET /aaa_profile/{id}/

Description: Retrieves detailed information about a specific AAA profile by its ID. This endpoint provides complete profile configuration including all reply and check attributes with their operators and values.

Use Cases:

  • Reviewing specific profile configurations before making changes
  • Debugging authentication issues by examining profile attributes
  • Exporting profile configurations for backup or migration

Full URL Example:

https://gate.zequenze.com/api/v1/aaa_profile/15/

cURL Example:

curl -X GET "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

Example Response:

{
  "id": 15,
  "name": "Manager Access Profile",
  "short_name": "manager-access",
  "description": "Enhanced access profile for management staff with extended permissions",
  "organization_id": "org_12345",
  "reply_attribute": [
    {
      "attribute": "Filter-Id",
      "op": ":=",
      "value": "manager_acl"
    },
    {
      "attribute": "Session-Timeout",
      "op": ":=",
      "value": "28800"
    },
    {
      "attribute": "Tunnel-Private-Group-Id",
      "op": ":=",
      "value": "200"
    }
  ],
  "check_attribute": [
    {
      "attribute": "User-Password",
      "op": "==",
      "value": "%{User-Password}"
    },
    {
      "attribute": "Huntgroup-Name",
      "op": "==",
      "value": "management"
    }
  ]
}

Response Codes:

Status Description
200 Success - Returns the specified AAA profile
401 Unauthorized - Invalid or missing authentication token
404 Not Found - AAA profile with specified ID does not exist

PUT /aaa_profile/{id}/

Description: Completely replaces an existing AAA profile with new configuration data. This endpoint performs a full update, replacing all profile attributes with the provided values.

Use Cases:

  • Implementing major policy changes that affect multiple attributes
  • Standardizing profiles across different environments
  • Migrating from legacy configurations to new attribute sets

Full URL Example:

https://gate.zequenze.com/api/v1/aaa_profile/15/

cURL Example:

curl -X PUT "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Updated Manager Profile",
    "short_name": "manager-access-v2",
    "description": "Revised manager access with new security policies",
    "reply_attribute": [
      {
        "attribute": "Filter-Id",
        "op": ":=",
        "value": "manager_acl_v2"
      },
      {
        "attribute": "Session-Timeout",
        "op": ":=",
        "value": "14400"
      }
    ],
    "check_attribute": [
      {
        "attribute": "User-Password",
        "op": "==",
        "value": "%{User-Password}"
      }
    ]
  }'

Response Codes:

Status Description
200 Success - AAA profile successfully updated
400 Bad Request - Invalid data in request body
401 Unauthorized - Invalid or missing authentication token
404 Not Found - AAA profile with specified ID does not exist

PATCH /aaa_profile/{id}/

Description: Partially updates an existing AAA profile, modifying only the specified fields while preserving existing configuration for unspecified attributes. This endpoint is ideal for making targeted changes without affecting the entire profile.

Use Cases:

  • Adjusting session timeouts or bandwidth limits without changing access rules
  • Adding new reply attributes while keeping existing check attributes
  • Making quick configuration changes for specific requirements

Full URL Example:

https://gate.zequenze.com/api/v1/aaa_profile/15/

cURL Example:

curl -X PATCH "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "description": "Updated description with new security requirements",
    "reply_attribute": [
      {
        "attribute": "Session-Timeout",
        "op": ":=",
        "value": "21600"
      }
    ]
  }'

Example Response:

{
  "id": 15,
  "name": "Manager Access Profile",
  "short_name": "manager-access",
  "description": "Updated description with new security requirements",
  "organization_id": "org_12345",
  "reply_attribute": [
    {
      "attribute": "Session-Timeout",
      "op": ":=",
      "value": "21600"
    }
  ],
  "check_attribute": [
    {
      "attribute": "User-Password",
      "op": "==",
      "value": "%{User-Password}"
    },
    {
      "attribute": "Huntgroup-Name",
      "op": "==",
      "value": "management"
    }
  ]
}

Response Codes:

Status Description
200 Success - AAA profile successfully updated
400 Bad Request - Invalid data in request body
401 Unauthorized - Invalid or missing authentication token
404 Not Found - AAA profile with specified ID does not exist

DELETE /aaa_profile/{id}/

Description: Permanently removes an AAA profile from the system. This action cannot be undone and will affect any users or devices currently assigned to this profile.

Use Cases:

  • Removing obsolete profiles that are no longer needed
  • Cleaning up test or temporary configurations
  • Decommissioning access policies for discontinued services

Full URL Example:

https://gate.zequenze.com/api/v1/aaa_profile/15/

cURL Example:

curl -X DELETE "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN"

Response Codes:

Status Description
204 No Content - AAA profile successfully deleted
401 Unauthorized - Invalid or missing authentication token
404 Not Found - AAA profile with specified ID does not exist
409 Conflict - Profile is in use and cannot be deleted

Common Use Cases

Use Case 1: Employee Onboarding

Create standardized access profiles for new employees by using POST /aaa_profile/ with appropriate VLAN assignments and session timeouts, then retrieve the profile using GET /aaa_profile/{id}/ to verify configuration.

Use Case 2: Guest Network Management

Set up time-limited guest access by creating profiles with Session-Timeout attributes and bandwidth restrictions, using the reply_attribute array to define access parameters.

Use Case 3: Profile Maintenance

Regularly audit existing profiles using GET /aaa_profile/ with pagination, then use PATCH operations to update specific attributes like session timeouts or access rules without disrupting other configuration.

Use Case 4: Security Policy Updates

Implement organization-wide security changes by retrieving all profiles with GET /aaa_profile/, then using PUT operations to update profiles with new check attributes for enhanced authentication requirements.

Use Case 5: Seasonal Access Control

Create and delete temporary profiles for contractors or seasonal workers using POST and DELETE operations, with specific reply attributes that limit access duration and network resources.

Best Practices

  • Attribute Operators: Use := for setting values, == for exact matches in checks, and =* for pattern matching with regular expressions
  • Profile Naming: Use descriptive names and consistent slug-format short_names to make profiles easily identifiable
  • Pagination: When listing profiles, use appropriate limit values (20-50) to balance performance and usability
  • Error Handling: Always check for 409 conflicts when creating profiles, as short_name values must be unique within an organization
  • Testing: Create test profiles in non-production environments first, as deleted profiles cannot be recovered
  • Documentation: Maintain detailed descriptions for complex profiles to help other administrators understand their purpose and configuration

No comments to display

Back to top