Skip to main content

Aaa Profile

ManageThe AAA Profile API provides endpoints for managing Authentication, Authorization, and Accounting (AAA) profiles used for network device access controlcontrol. These profiles define authentication methods, authorization policies, and useraccounting authentication.settings that can be applied to network infrastructure components.

Base URL: https://gate.zequenze.com/api/v1

Authentication: All endpoints require a Bearer token:

Authorization: Bearer <your-api-token>

Overview

The AAA Profile API enables network administrators to create and manage comprehensive authentication, authorization, and accounting profiles for their network infrastructure. AAA profiles are essential components in network security that define:

    Authentication methods - How users and devices verify their identity (RADIUS, TACACS+, local accounts) Authorization policies - What resources authenticated users can access and what commands they can execute Accounting settings - How user activities and system events are logged and tracked

    These profiles are typically applied to network devices like switches, routers, and firewalls to enforce consistent security policies across your network infrastructure. The API supports full CRUD operations, allowing you to programmatically manage profiles as part of automated network provisioning workflows or configuration management systems.

    Common scenarios include setting up role-based access control for network engineers, configuring centralized authentication for device management, and implementing audit trails for compliance requirements.

    Endpoints

    GET /aaa_profile/

    RetrieveDescription: Retrieves a paginated list of all AAA profiles.profiles in your organization. This endpoint is essential for discovering existing profiles, implementing profile selection interfaces, and auditing your current AAA configuration landscape.

    Use Cases:

      Display available AAA profiles in network management dashboards Audit existing authentication policies across your infrastructure Populate dropdown menus for device configuration tools Generate reports on AAA profile usage and distribution

      Full URL Example:

      https://gate.zequenze.com/api/v1/aaa_profile/?limit=20&offset=0

      Parameters:

      Parameter Type In Required Description
      limit integer query No Number of results to return per page (default: 20, max: 100)
      offset integer query No The initial index from which to return theresults resultsfor pagination

      ExamplecURL Request:Example:

      curl -X GET "https://gate.zequenze.com/api/v1/aaa_profile/?limit=1020&offset=00" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

      Example Response:

      {
  "count": 25,45,
  "next": "https://gate.zequenze.com/api/v1/aaa_profile/?limit=1020&offset=10"20",
  "previous": null,
  "results": [
    {
      "id": 1,
      "name": "Corporate_AAA"Corporate-Network-AAA",
      "description": "Primary AAA profile for corporate network infrastructure",
      "authentication_method": "radius"RADIUS",
      "authorization_enabled": true,
      "accounting_enabled": true,
      "radius_server": "192.168.1.10"radius.company.com",
      "radius_port": 1812,
      "shared_secret"authorization_method": "****TACACS+",
      "timeout"tacacs_server": 30,"tacacs.company.com",
      "accounting_enabled": true,
      "accounting_method": "RADIUS",
      "fallback_local_auth": true,
      "created_at": "2024-01-15T10:30:00Z",
      "updated_at": "2024-01-15T10:30:20T14:22:00Z",
      "created_by": "admin@company.com",
      "status": "active"
    },
    {
      "id": 2,
      "name": "Guest-Access-Profile",
      "description": "Limited access profile for guest network devices",
      "authentication_method": "local",
      "authorization_method": "local",
      "accounting_enabled": false,
      "fallback_local_auth": true,
      "created_at": "2024-01-10T09:15:00Z",
      "updated_at": "2024-01-18T11:45:00Z",
      "created_by": "network-admin@company.com",
      "status": "active"
    }
  ]
}

      Response Codes:

      Status Description
      200 Success - Returns paginated list of AAA profiles
      401 Unauthorized - Invalid or missing authentication token
      403 Forbidden - Insufficient permissions to view AAA profiles

      POST /aaa_profile/

      CreateDescription: Creates a new AAA profile.profile with specified authentication, authorization, and accounting configurations. This endpoint allows you to programmatically deploy standardized security policies across your network infrastructure.

      Use Cases:

        Automate AAA profile creation during network expansion Deploy standardized security policies to new network segments Create environment-specific profiles (production, staging, development) Implement infrastructure-as-code for network security configurations

        Full URL Example:

        https://gate.zequenze.com/api/v1/aaa_profile/

        Parameters:

        Parameter Type In Required Description
        data object body Yes JSON object containing the AAA profile configuration data

        ExamplecURL Request:Example:

        curl -X POST "https://gate.zequenze.com/api/v1/aaa_profile/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/jsonjson" \
  -d '{
    "name": "Branch_Office_AAA"Branch-Office-AAA",
    "description": "AAA profile for branch office network devices",
    "authentication_method": "radius"RADIUS",
  "authorization_enabled": true,
  "accounting_enabled": true,
    "radius_server": "10.0.1.50"1.100",
    "radius_port": 1812,
    "shared_secret"radius_secret": "MySecretKey123"shared_secret_key",
    "timeout": 45,
  "fallback_method"authorization_method": "local"RADIUS",
    "accounting_enabled": true,
    "accounting_method": "RADIUS",
    "fallback_local_auth": true,
    "session_timeout": 3600,
    "privilege_levels": {
      "readonly": 1,
      "operator": 5,
      "admin": 15
    }
  }'

        Example Response:

        {
  "id": 2,15,
  "name": "Branch_Office_AAA"Branch-Office-AAA",
  "description": "AAA profile for branch office network devices",
  "authentication_method": "radius"RADIUS",
  "authorization_enabled": true,
  "accounting_enabled": true,
  "radius_server": "10.0.1.50"1.100",
  "radius_port": 1812,
  "shared_secret"authorization_method": "****"RADIUS",
  "timeout"accounting_enabled": 45,true,
  "fallback_method"accounting_method": "local"RADIUS",
  "fallback_local_auth": true,
  "session_timeout": 3600,
  "privilege_levels": {
    "readonly": 1,
    "operator": 5,
    "admin": 15
  },
  "created_at": "2024-01-16T14:25T16:20:00Z",
  "updated_at": "2024-01-16T14:25T16:20:00Z",
  "created_by": "api-user@company.com",
  "status": "active"
}

        Response Codes:

        Status Description
        201 ProfileCreated - AAA profile successfully created successfully
        400 Bad requestRequest - invalidInvalid dataprofile configuration or missing required fields
        401 Unauthorized - Invalid or missing authentication token
        403 Forbidden - Insufficient permissions to create AAA profiles 409 Conflict - Profile with the same name already exists

        GET /aaa_profile/{id}/

        RetrieveDescription: detailsRetrieves ofdetailed information about a specific AAA profile.profile by its unique identifier. This endpoint provides complete profile configuration details needed for profile analysis, troubleshooting, or cloning operations.

        ExampleUse Request:Cases:

          View complete configuration details for a specific AAA profile Validate profile settings during troubleshooting Retrieve profile data for cloning or templating Display profile information in configuration management interfaces

          Full URL Example:

          GET https://gate.zequenze.com/api/v1/aaa_profile/1/15/

          cURL Example:

          curl -X GET "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

          Example Response:

          {
  "id": 1,15,
  "name": "Corporate_AAA"Branch-Office-AAA",
  "description": "AAA profile for branch office network devices",
  "authentication_method": "radius"RADIUS",
  "authorization_enabled": true,
  "accounting_enabled": true,
  "radius_server": "192.168.10.1.10"1.100",
  "radius_port": 1812,
  "shared_secret"radius_backup_server": "****"10.1.1.101",
  "timeout": 30,
  "fallback_method"authorization_method": "local"RADIUS",
  "retry_attempts"accounting_enabled": 3,true,
  "dead_time"accounting_method": 10,"RADIUS",
  "accounting_server": "10.1.1.100",
  "fallback_local_auth": true,
  "session_timeout": 3600,
  "idle_timeout": 1800,
  "privilege_levels": {
    "readonly": 1,
    "operator": 5,
    "admin": 15
  },
  "command_authorization": {
    "enable_command_auth": true,
    "restricted_commands": ["reload", "write erase", "format"]
  },
  "created_at": "2024-01-15T10:30:25T16:20:00Z",
  "updated_at": "2024-01-15T10:25T16:20:00Z",
  "created_by": "api-user@company.com",
  "last_used": "2024-01-26T08:30:00Z",
  "device_count": 12,
  "status": "active"
}

          Response Codes:

          Status Description
          200 Success - Returns the AAA profile details
          401 Unauthorized - Invalid or missing authentication token
          403 Forbidden - Insufficient permissions to view this profile 404 ProfileNot Found - AAA profile with specified ID does not foundexist

          PUT /aaa_profile/{id}/

          UpdateDescription: Completely replaces an entireexisting AAA profile (replaceswith new configuration data. This endpoint performs a full update, replacing all fields).profile settings with the provided data. Use this when you need to make comprehensive changes to a profile configuration.

          Parameters:Use Cases:

          • Migrate profiles Parameterto Typenew Inauthentication Requiredservers Description
          • Implement
          major policy changes across datanetwork objectinfrastructure bodyUpdate Yesprofiles Completewith AAAnew profilesecurity configurationrequirements dataStandardize profiles across different network segments

          ExampleFull Request:URL Example:

          PUT https://gate.zequenze.com/api/v1/aaa_profile/1/15/

          cURL Example:

          curl -X PUT "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/jsonjson" \
  -d '{
    "name": "Corporate_AAA_Updated"Branch-Office-AAA-Updated",
    "description": "Updated AAA profile with new TACACS+ server",
    "authentication_method": "radius"TACACS+",
    "authorization_enabled"tacacs_server": "tacacs.newdomain.com",
    "tacacs_port": 49,
    "tacacs_secret": "new_shared_secret",
    "authorization_method": "TACACS+",
    "accounting_enabled": true,
    "accounting_enabled": false,
  "radius_server"accounting_method": "192.168.1.15"TACACS+",
    "radius_port"fallback_local_auth": 1812,true,
    "shared_secret"session_timeout": "NewSecretKey456",7200,
    "timeout"privilege_levels": 60,{
      "fallback_method"readonly": 1,
      "local"operator": 7,
      "admin": 15
    }
  }'

          Example Response:

          {
  "id": 1,15,
  "name": "Corporate_AAA_Updated"Branch-Office-AAA-Updated",
  "description": "Updated AAA profile with new TACACS+ server",
  "authentication_method": "radius"TACACS+",
  "authorization_enabled"tacacs_server": "tacacs.newdomain.com",
  "tacacs_port": 49,
  "authorization_method": "TACACS+",
  "accounting_enabled": true,
  "accounting_enabled": false,
  "radius_server"accounting_method": "192.168.1.15",
  "radius_port": 1812,
  "shared_secret": "****TACACS+",
  "timeout"fallback_local_auth": 60,true,
  "fallback_method"session_timeout": 7200,
  "privilege_levels": {
    "readonly": 1,
    "operator": 7,
    "admin": 15
  },
  "created_at": "local"2024-01-25T16:20:00Z",
  "updated_at": "2024-01-16T15:45:26T14:35:00Z",
  "created_by": "api-user@company.com",
  "status": "active"
}

          Response Codes:

          Status Description
          200 ProfileSuccess - AAA profile successfully updated successfully
          400 Bad requestRequest - invalidInvalid configuration data or missing required fields
          401 Unauthorized - Invalid or missing authentication token
          403 Forbidden - Insufficient permissions to update this profile 404 ProfileNot Found - AAA profile with specified ID does not foundexist

          PATCH /aaa_profile/{id}/

          Description: Partially update specific fields ofupdates an AAA profile.

          Parameters:

          Parameter Type In Required Description data object body Yes Partialexisting AAA profile databy tomodifying updateonly the specified fields. This endpoint is ideal for making targeted changes without affecting other profile settings, such as updating server addresses or adjusting timeout values.

          ExampleUse Request:Cases:

            Update server IP addresses during network migrations Adjust timeout values based on performance requirements Enable or disable specific AAA features Update descriptions and metadata without changing functional settings

            Full URL Example:

            PATCH https://gate.zequenze.com/api/v1/aaa_profile/1/15/

            cURL Example:

            curl -X PATCH "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/jsonjson" \
  -d '{
    "timeout"radius_server": 120,"10.2.1.100",
    "accounting_enabled"session_timeout": true5400,
    "description": "Updated radius server IP after datacenter migration"
  }'

            Example Response:

            {
  "id": 1,15,
  "name": "Corporate_AAA_Updated"Branch-Office-AAA-Updated",
  "description": "Updated radius server IP after datacenter migration",
  "authentication_method": "radius"TACACS+",
  "authorization_enabled"tacacs_server": true,"tacacs.newdomain.com",
  "radius_server": "10.2.1.100",
  "tacacs_port": 49,
  "authorization_method": "TACACS+",
  "accounting_enabled": true,
  "radius_server"accounting_method": "192.168.1.15",
  "radius_port": 1812,
  "shared_secret": "****TACACS+",
  "timeout"fallback_local_auth": 120,true,
  "fallback_method"session_timeout": 5400,
  "privilege_levels": {
    "readonly": 1,
    "operator": 7,
    "admin": 15
  },
  "created_at": "local"2024-01-25T16:20:00Z",
  "updated_at": "2024-01-16T16:30:26T16:45:00Z",
  "created_by": "api-user@company.com",
  "status": "active"
}

            Response Codes:

            Status Description
            200 ProfileSuccess - AAA profile successfully updated successfully
            400 Bad requestRequest - invalidInvalid field values or data format
            401 Unauthorized - Invalid or missing authentication token
            403 Forbidden - Insufficient permissions to modify this profile 404 ProfileNot Found - AAA profile with specified ID does not foundexist

            DELETE /aaa_profile/{id}/

            DeleteDescription: Permanently removes an AAA profile permanently.from the system. This operation cannot be undone and will fail if the profile is currently assigned to any network devices. Ensure all device associations are removed before attempting deletion.

            ExampleUse Request:Cases:

              Clean up unused or obsolete AAA profiles Remove test profiles after development cycles Decommission profiles for retired network segments Maintain profile inventory hygiene in configuration management

              Full URL Example:

              DELETE https://gate.zequenze.com/api/v1/aaa_profile/1/15/

              cURL Example:

              curl -X DELETE "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

              Response Codes:

              Status Description
              204 ProfileNo Content - AAA profile successfully deleted successfully
              401 Unauthorized - Invalid or missing authentication token
              403 Forbidden - Insufficient permissions to delete this profile 404 ProfileNot Found - AAA profile with specified ID does not foundexist 409 Conflict - profileProfile is currently in use and cannot be deleted

              Common Use Cases

              Use Case 1: Network Infrastructure Standardization

              Deploy consistent AAA profiles across multiple network devices during initial setup or infrastructure expansion. Use GET to identify existing profiles, POST to create standardized templates, and apply them systematically across your device inventory.

              Use Case 2: Security Policy Migration

              Migrate from local authentication to centralized RADIUS/TACACS+ authentication. Use GET to audit current profiles, PATCH to gradually update authentication methods, and monitor the transition across your network infrastructure.

              Use Case 3: Compliance and Audit Management

              Implement role-based access control and accounting for regulatory compliance. Create profiles with specific privilege levels, enable comprehensive accounting, and use GET endpoints to generate compliance reports showing AAA policy distribution.

              Use Case 4: Disaster Recovery and Backup

              Maintain backup AAA configurations for business continuity. Use GET to export current profiles, store configurations in version control, and use POST to quickly restore AAA services during disaster recovery scenarios.

              Use Case 5: Multi-Environment Management

              Manage separate AAA profiles for development, staging, and production environments. Create environment-specific profiles with appropriate security levels and server configurations, enabling secure development workflows while maintaining production security standards.

              Best Practices

              • Profile Naming Conventions: Use descriptive names that indicate the profile's purposepurpose, environment, and authentication method (e.g., "Corporate_RADIUS"Production-RADIUS-Corporate", "Guest_Local"Dev-Local-TestLab")
              • SecurityServer Redundancy: Always useconfigure strong shared secrets for RADIUSbackup authentication servers using fallback_local_auth and rotatebackup themserver regularlyfields to ensure network accessibility during server outages
              • FallbackGradual MethodsDeployment: ConfigureWhen localupdating authenticationexisting asprofiles, ause fallbackPATCH whenfor usingincremental externalchanges AAAand serverstest thoroughly before applying to production devices
              • TimeoutPagination ValuesStrategy: SetFor large profile inventories, implement efficient pagination using appropriate timeoutlimit values based(recommended: on20-50 networkper latencypage) and servercache responseresults timeswhen possible
              • TestingSecurity Considerations: TestRegularly AAArotate shared secrets, implement appropriate session timeouts, and use encrypted connections for authentication server communication
              Profile Lifecycle Management: Regularly audit profile usage using device_count and last_used fields, and clean up unused profiles into amaintain non-productionsecurity environmenthygiene Error Handling: Implement proper retry logic for network timeouts, validate profile configurations before deployingdeployment, toand maintain fallback authentication methods for critical infrastructure Monitoring: Enable accounting to track user authentication and authorization events for security auditing
              Back to top