Aaa Profile
The AAA Profile API provides endpoints for managing Authentication, Authorization, and Accounting (AAA) profiles used for network device access control. These profiles define authentication methods, authorization policies, and accounting settings that can be applied to network infrastructure components.
Base URL: https://gate.zequenze.com/api/v1
Authentication: All endpoints require a Bearer token:
Authorization: Bearer <your-api-token>
Overview
The AAA Profile API enables network administrators to create and manage comprehensive authentication, authorization, and accounting profiles for their network infrastructure. AAA profiles are essential components in network security that define:
- Authentication methods - How users and devices verify their identity (RADIUS, TACACS+, local accounts)
- Authorization policies - What resources authenticated users can access and what commands they can execute
- Accounting settings - How user activities and system events are logged and tracked
These profiles are typically applied to network devices like switches, routers, and firewalls to enforce consistent security policies across your network infrastructure. The API supports full CRUD operations, allowing you to programmatically manage profiles as part of automated network provisioning workflows or configuration management systems.
Common scenarios include setting up role-based access control for network engineers, configuring centralized authentication for device management, and implementing audit trails for compliance requirements.
Endpoints
GET /aaa_profile/
Description: Retrieves a paginated list of all AAA profiles in your organization. This endpoint is essential for discovering existing profiles, implementing profile selection interfaces, and auditing your current AAA configuration landscape.
Use Cases:
- Display available AAA profiles in network management dashboards
- Audit existing authentication policies across your infrastructure
- Populate dropdown menus for device configuration tools
- Generate reports on AAA profile usage and distribution
Full URL Example:
https://gate.zequenze.com/api/v1/aaa_profile/?limit=20&offset=0
Parameters:
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
| limit | integer | query | No | Number of results to return per page (default: 20, max: 100) |
| offset | integer | query | No | The initial index from which to return results for pagination |
cURL Example:
curl -X GET "https://gate.zequenze.com/api/v1/aaa_profile/?limit=20&offset=0" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"
Example Response:
{
"count": 45,
"next": "https://gate.zequenze.com/api/v1/aaa_profile/?limit=20&offset=20",
"previous": null,
"results": [
{
"id": 1,
"name": "Corporate-Network-AAA",
"description": "Primary AAA profile for corporate network infrastructure",
"authentication_method": "RADIUS",
"radius_server": "radius.company.com",
"radius_port": 1812,
"authorization_method": "TACACS+",
"tacacs_server": "tacacs.company.com",
"accounting_enabled": true,
"accounting_method": "RADIUS",
"fallback_local_auth": true,
"created_at": "2024-01-15T10:30:00Z",
"updated_at": "2024-01-20T14:22:00Z",
"created_by": "admin@company.com",
"status": "active"
},
{
"id": 2,
"name": "Guest-Access-Profile",
"description": "Limited access profile for guest network devices",
"authentication_method": "local",
"authorization_method": "local",
"accounting_enabled": false,
"fallback_local_auth": true,
"created_at": "2024-01-10T09:15:00Z",
"updated_at": "2024-01-18T11:45:00Z",
"created_by": "network-admin@company.com",
"status": "active"
}
]
}
Response Codes:
| Status | Description |
|---|---|
| 200 | Success - Returns paginated list of AAA profiles |
| 401 | Unauthorized - Invalid or missing authentication token |
| 403 | Forbidden - Insufficient permissions to view AAA profiles |
POST /aaa_profile/
Description: Creates a new AAA profile with specified authentication, authorization, and accounting configurations. This endpoint allows you to programmatically deploy standardized security policies across your network infrastructure.
Use Cases:
- Automate AAA profile creation during network expansion
- Deploy standardized security policies to new network segments
- Create environment-specific profiles (production, staging, development)
- Implement infrastructure-as-code for network security configurations
Full URL Example:
https://gate.zequenze.com/api/v1/aaa_profile/
Parameters:
| Parameter | Type | In | Required | Description |
|---|---|---|---|---|
| data | object | body | Yes | JSON object containing the AAA profile configuration |
cURL Example:
curl -X POST "https://gate.zequenze.com/api/v1/aaa_profile/" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Branch-Office-AAA",
"description": "AAA profile for branch office network devices",
"authentication_method": "RADIUS",
"radius_server": "10.1.1.100",
"radius_port": 1812,
"radius_secret": "shared_secret_key",
"authorization_method": "RADIUS",
"accounting_enabled": true,
"accounting_method": "RADIUS",
"fallback_local_auth": true,
"session_timeout": 3600,
"privilege_levels": {
"readonly": 1,
"operator": 5,
"admin": 15
}
}'
Example Response:
{
"id": 15,
"name": "Branch-Office-AAA",
"description": "AAA profile for branch office network devices",
"authentication_method": "RADIUS",
"radius_server": "10.1.1.100",
"radius_port": 1812,
"authorization_method": "RADIUS",
"accounting_enabled": true,
"accounting_method": "RADIUS",
"fallback_local_auth": true,
"session_timeout": 3600,
"privilege_levels": {
"readonly": 1,
"operator": 5,
"admin": 15
},
"created_at": "2024-01-25T16:20:00Z",
"updated_at": "2024-01-25T16:20:00Z",
"created_by": "api-user@company.com",
"status": "active"
}
Response Codes:
| Status | Description |
|---|---|
| 201 | Created - AAA profile successfully created |
| 400 | Bad Request - Invalid profile configuration or missing required fields |
| 401 | Unauthorized - Invalid or missing authentication token |
| 403 | Forbidden - Insufficient permissions to create AAA profiles |
| 409 | Conflict - Profile with the same name already exists |
GET /aaa_profile/{id}/
Description: Retrieves detailed information about a specific AAA profile by its unique identifier. This endpoint provides complete profile configuration details needed for profile analysis, troubleshooting, or cloning operations.
Use Cases:
- View complete configuration details for a specific AAA profile
- Validate profile settings during troubleshooting
- Retrieve profile data for cloning or templating
- Display profile information in configuration management interfaces
Full URL Example:
https://gate.zequenze.com/api/v1/aaa_profile/15/
cURL Example:
curl -X GET "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"
Example Response:
{
"id": 15,
"name": "Branch-Office-AAA",
"description": "AAA profile for branch office network devices",
"authentication_method": "RADIUS",
"radius_server": "10.1.1.100",
"radius_port": 1812,
"radius_backup_server": "10.1.1.101",
"authorization_method": "RADIUS",
"accounting_enabled": true,
"accounting_method": "RADIUS",
"accounting_server": "10.1.1.100",
"fallback_local_auth": true,
"session_timeout": 3600,
"idle_timeout": 1800,
"privilege_levels": {
"readonly": 1,
"operator": 5,
"admin": 15
},
"command_authorization": {
"enable_command_auth": true,
"restricted_commands": ["reload", "write erase", "format"]
},
"created_at": "2024-01-25T16:20:00Z",
"updated_at": "2024-01-25T16:20:00Z",
"created_by": "api-user@company.com",
"last_used": "2024-01-26T08:30:00Z",
"device_count": 12,
"status": "active"
}
Response Codes:
| Status | Description |
|---|---|
| 200 | Success - Returns the AAA profile details |
| 401 | Unauthorized - Invalid or missing authentication token |
| 403 | Forbidden - Insufficient permissions to view this profile |
| 404 | Not Found - AAA profile with specified ID does not exist |
PUT /aaa_profile/{id}/
Description: Completely replaces an existing AAA profile with new configuration data. This endpoint performs a full update, replacing all profile settings with the provided data. Use this when you need to make comprehensive changes to a profile configuration.
Use Cases:
- Migrate profiles to new authentication servers
- Implement major policy changes across network infrastructure
- Update profiles with new security requirements
- Standardize profiles across different network segments
Full URL Example:
https://gate.zequenze.com/api/v1/aaa_profile/15/
cURL Example:
curl -X PUT "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "Branch-Office-AAA-Updated",
"description": "Updated AAA profile with new TACACS+ server",
"authentication_method": "TACACS+",
"tacacs_server": "tacacs.newdomain.com",
"tacacs_port": 49,
"tacacs_secret": "new_shared_secret",
"authorization_method": "TACACS+",
"accounting_enabled": true,
"accounting_method": "TACACS+",
"fallback_local_auth": true,
"session_timeout": 7200,
"privilege_levels": {
"readonly": 1,
"operator": 7,
"admin": 15
}
}'
Example Response:
{
"id": 15,
"name": "Branch-Office-AAA-Updated",
"description": "Updated AAA profile with new TACACS+ server",
"authentication_method": "TACACS+",
"tacacs_server": "tacacs.newdomain.com",
"tacacs_port": 49,
"authorization_method": "TACACS+",
"accounting_enabled": true,
"accounting_method": "TACACS+",
"fallback_local_auth": true,
"session_timeout": 7200,
"privilege_levels": {
"readonly": 1,
"operator": 7,
"admin": 15
},
"created_at": "2024-01-25T16:20:00Z",
"updated_at": "2024-01-26T14:35:00Z",
"created_by": "api-user@company.com",
"status": "active"
}
Response Codes:
| Status | Description |
|---|---|
| 200 | Success - AAA profile successfully updated |
| 400 | Bad Request - Invalid configuration data or missing required fields |
| 401 | Unauthorized - Invalid or missing authentication token |
| 403 | Forbidden - Insufficient permissions to update this profile |
| 404 | Not Found - AAA profile with specified ID does not exist |
PATCH /aaa_profile/{id}/
Description: Partially updates an existing AAA profile by modifying only the specified fields. This endpoint is ideal for making targeted changes without affecting other profile settings, such as updating server addresses or adjusting timeout values.
Use Cases:
- Update server IP addresses during network migrations
- Adjust timeout values based on performance requirements
- Enable or disable specific AAA features
- Update descriptions and metadata without changing functional settings
Full URL Example:
https://gate.zequenze.com/api/v1/aaa_profile/15/
cURL Example:
curl -X PATCH "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"radius_server": "10.2.1.100",
"session_timeout": 5400,
"description": "Updated radius server IP after datacenter migration"
}'
Example Response:
{
"id": 15,
"name": "Branch-Office-AAA-Updated",
"description": "Updated radius server IP after datacenter migration",
"authentication_method": "TACACS+",
"tacacs_server": "tacacs.newdomain.com",
"radius_server": "10.2.1.100",
"tacacs_port": 49,
"authorization_method": "TACACS+",
"accounting_enabled": true,
"accounting_method": "TACACS+",
"fallback_local_auth": true,
"session_timeout": 5400,
"privilege_levels": {
"readonly": 1,
"operator": 7,
"admin": 15
},
"created_at": "2024-01-25T16:20:00Z",
"updated_at": "2024-01-26T16:45:00Z",
"created_by": "api-user@company.com",
"status": "active"
}
Response Codes:
| Status | Description |
|---|---|
| 200 | Success - AAA profile successfully updated |
| 400 | Bad Request - Invalid field values or data format |
| 401 | Unauthorized - Invalid or missing authentication token |
| 403 | Forbidden - Insufficient permissions to modify this profile |
| 404 | Not Found - AAA profile with specified ID does not exist |
DELETE /aaa_profile/{id}/
Description: Permanently removes an AAA profile from the system. This operation cannot be undone and will fail if the profile is currently assigned to any network devices. Ensure all device associations are removed before attempting deletion.
Use Cases:
- Clean up unused or obsolete AAA profiles
- Remove test profiles after development cycles
- Decommission profiles for retired network segments
- Maintain profile inventory hygiene in configuration management
Full URL Example:
https://gate.zequenze.com/api/v1/aaa_profile/15/
cURL Example:
curl -X DELETE "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"
Response Codes:
| Status | Description |
|---|---|
| 204 | No Content - AAA profile successfully deleted |
| 401 | Unauthorized - Invalid or missing authentication token |
| 403 | Forbidden - Insufficient permissions to delete this profile |
| 404 | Not Found - AAA profile with specified ID does not exist |
| 409 | Conflict - Profile is currently in use and cannot be deleted |
Common Use Cases
Use Case 1: Network Infrastructure Standardization
Deploy consistent AAA profiles across multiple network devices during initial setup or infrastructure expansion. Use GET to identify existing profiles, POST to create standardized templates, and apply them systematically across your device inventory.
Use Case 2: Security Policy Migration
Migrate from local authentication to centralized RADIUS/TACACS+ authentication. Use GET to audit current profiles, PATCH to gradually update authentication methods, and monitor the transition across your network infrastructure.
Use Case 3: Compliance and Audit Management
Implement role-based access control and accounting for regulatory compliance. Create profiles with specific privilege levels, enable comprehensive accounting, and use GET endpoints to generate compliance reports showing AAA policy distribution.
Use Case 4: Disaster Recovery and Backup
Maintain backup AAA configurations for business continuity. Use GET to export current profiles, store configurations in version control, and use POST to quickly restore AAA services during disaster recovery scenarios.
Use Case 5: Multi-Environment Management
Manage separate AAA profiles for development, staging, and production environments. Create environment-specific profiles with appropriate security levels and server configurations, enabling secure development workflows while maintaining production security standards.
Best Practices
- Profile Naming Conventions: Use descriptive names that indicate the profile's purpose, environment, and authentication method (e.g., "Production-RADIUS-Corporate", "Dev-Local-TestLab")
- Server Redundancy: Always configure backup authentication servers using fallback_local_auth and backup server fields to ensure network accessibility during server outages
- Gradual Deployment: When updating existing profiles, use PATCH for incremental changes and test thoroughly before applying to production devices
- Pagination Strategy: For large profile inventories, implement efficient pagination using appropriate limit values (recommended: 20-50 per page) and cache results when possible
- Security Considerations: Regularly rotate shared secrets, implement appropriate session timeouts, and use encrypted connections for authentication server communication
- Profile Lifecycle Management: Regularly audit profile usage using device_count and last_used fields, and clean up unused profiles to maintain security hygiene
- Error Handling: Implement proper retry logic for network timeouts, validate profile configurations before deployment, and maintain fallback authentication methods for critical infrastructure