Aaa Profile
Manage Authentication, Authorization, and Accounting (AAA) profiles for network device access control and user authentication.
Base URL: https://gate.zequenze.com/api/v1
Authentication: All endpoints require a Bearer token:
Authorization: Bearer <your-api-token>
Endpoints
GET /aaa_profile/
Retrieve a paginated list of all AAA profiles.
Parameters:
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
| limit | integer | query | No | Number of results to return per page |
| offset | integer | query | No | The initial index from which to return the results |
Example Request:
GET /api/v1/aaa_profile/?limit=10&offset=0
Example Response:
{
"count": 25,
"next": "https://gate.zequenze.com/api/v1/aaa_profile/?limit=10&offset=10",
"previous": null,
"results": [
{
"id": 1,
"name": "Corporate_AAA",
"authentication_method": "radius",
"authorization_enabled": true,
"accounting_enabled": true,
"radius_server": "192.168.1.10",
"radius_port": 1812,
"shared_secret": "****",
"timeout": 30,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
]
}
| Status | Description |
|---|---|
| 200 | Success |
| 401 | Unauthorized |
POST /aaa_profile/
Create a new AAA profile.
Parameters:
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
| data | object | body | Yes | AAA profile configuration data |
Example Request:
POST /api/v1/aaa_profile/
Content-Type: application/json
{
"name": "Branch_Office_AAA",
"authentication_method": "radius",
"authorization_enabled": true,
"accounting_enabled": true,
"radius_server": "10.0.1.50",
"radius_port": 1812,
"shared_secret": "MySecretKey123",
"timeout": 45,
"fallback_method": "local"
}
Example Response:
{
"id": 2,
"name": "Branch_Office_AAA",
"authentication_method": "radius",
"authorization_enabled": true,
"accounting_enabled": true,
"radius_server": "10.0.1.50",
"radius_port": 1812,
"shared_secret": "****",
"timeout": 45,
"fallback_method": "local",
"created_at": "2024-01-16T14:20:00Z",
"updated_at": "2024-01-16T14:20:00Z"
}
| Status | Description |
|---|---|
| 201 | Profile created successfully |
| 400 | Bad request - invalid data |
| 401 | Unauthorized |
GET /aaa_profile/{id}/
Retrieve details of a specific AAA profile.
Example Request:
GET /api/v1/aaa_profile/1/
Example Response:
{
"id": 1,
"name": "Corporate_AAA",
"authentication_method": "radius",
"authorization_enabled": true,
"accounting_enabled": true,
"radius_server": "192.168.1.10",
"radius_port": 1812,
"shared_secret": "****",
"timeout": 30,
"fallback_method": "local",
"retry_attempts": 3,
"dead_time": 10,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-15T10:30:00Z"
}
| Status | Description |
|---|---|
| 200 | Success |
| 401 | Unauthorized |
| 404 | Profile not found |
PUT /aaa_profile/{id}/
Update an entire AAA profile (replaces all fields).
Parameters:
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
| data | object | body | Yes | Complete AAA profile configuration data |
Example Request:
PUT /api/v1/aaa_profile/1/
Content-Type: application/json
{
"name": "Corporate_AAA_Updated",
"authentication_method": "radius",
"authorization_enabled": true,
"accounting_enabled": false,
"radius_server": "192.168.1.15",
"radius_port": 1812,
"shared_secret": "NewSecretKey456",
"timeout": 60,
"fallback_method": "local"
}
Example Response:
{
"id": 1,
"name": "Corporate_AAA_Updated",
"authentication_method": "radius",
"authorization_enabled": true,
"accounting_enabled": false,
"radius_server": "192.168.1.15",
"radius_port": 1812,
"shared_secret": "****",
"timeout": 60,
"fallback_method": "local",
"updated_at": "2024-01-16T15:45:00Z"
}
| Status | Description |
|---|---|
| 200 | Profile updated successfully |
| 400 | Bad request - invalid data |
| 401 | Unauthorized |
| 404 | Profile not found |
PATCH /aaa_profile/{id}/
Partially update specific fields of an AAA profile.
Parameters:
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
| data | object | body | Yes | Partial AAA profile data to update |
Example Request:
PATCH /api/v1/aaa_profile/1/
Content-Type: application/json
{
"timeout": 120,
"accounting_enabled": true
}
Example Response:
{
"id": 1,
"name": "Corporate_AAA_Updated",
"authentication_method": "radius",
"authorization_enabled": true,
"accounting_enabled": true,
"radius_server": "192.168.1.15",
"radius_port": 1812,
"shared_secret": "****",
"timeout": 120,
"fallback_method": "local",
"updated_at": "2024-01-16T16:30:00Z"
}
| Status | Description |
|---|---|
| 200 | Profile updated successfully |
| 400 | Bad request - invalid data |
| 401 | Unauthorized |
| 404 | Profile not found |
DELETE /aaa_profile/{id}/
Delete an AAA profile permanently.
Example Request:
DELETE /api/v1/aaa_profile/1/
| Status | Description |
|---|---|
| 204 | Profile deleted successfully |
| 401 | Unauthorized |
| 404 | Profile not found |
| 409 | Conflict - profile is in use |
Best Practices
- Profile Naming: Use descriptive names that indicate the profile's purpose (e.g., "Corporate_RADIUS", "Guest_Local")
- Security: Always use strong shared secrets for RADIUS authentication and rotate them regularly
- Fallback Methods: Configure local authentication as a fallback when using external AAA servers
- Timeout Values: Set appropriate timeout values based on network latency and server response times
- Testing: Test AAA profiles in a non-production environment before deploying to critical infrastructure
- Monitoring: Enable accounting to track user authentication and authorization events for security auditing