Skip to main content

Aaa Profile

The AAA Profile API provides endpoints forprovide managingcomprehensive management of Authentication, Authorization, and Accounting (AAA) profiles used for network device access control. These endpoints allow you to create, configure, and manage RADIUS-style attribute profiles that define authenticationuser methods, authorizationaccess policies, network permissions, and accounting settingsrules that can be applied tofor network infrastructuredevices components.and services.

Base URL: https://gate.zequenze.com/api/v1

Authentication: All endpoints require a Bearer token:

Authorization: Bearer <your-api-token>

Overview

The AAA Profile API enables network administrators to createmanage authentication and manageauthorization comprehensiveprofiles authentication,that authorization,control network access for users and accounting profiles for their network infrastructure.devices. AAA profiles arecontain essentialsets componentsof inRADIUS network securityattributes that define:define what resources users can access, how they authenticate, and what accounting information is collected.

Key Concepts:

  • AuthenticationReply methodsAttributes: -Sent Howback usersto the Network Access Server (NAS) during successful authentication, defining user permissions and devicesaccess verify their identity (RADIUS, TACACS+, local accounts)parameters
  • AuthorizationCheck policiesAttributes: -Used Whatduring resourcesauthentication authenticatedto usersvalidate canuser credentials and access and what commands they can executerights
  • AccountingOperators: settingsDefine -how How user activities and system eventsattributes are loggedprocessed and(=, tracked+=, :=, ==, !=, >, >=, <, <=, =, !)

TheseCommon Use Cases:

    Creating user access policies for different user groups (employees, guests, contractors) Defining VLAN assignments and bandwidth limits Setting session timeouts and access restrictions Managing VPN access profiles areConfiguring typically applied towireless network devices like switches, routers, and firewalls to enforce consistent securityaccess policies across your network infrastructure.

    The API supports full CRUD operations, allowing you to programmaticallylist, managecreate, retrieve, update, and delete AAA profiles aswith partcomprehensive ofattribute automated network provisioning workflows or configuration management systems.

    Common scenarios include setting up role-based access control for network engineers, configuring centralized authentication for device management, and implementing audit trails for compliance requirements.management.

    Endpoints

    GET /aaa_profile/

    Description: Retrieves a paginated list of all AAA profiles in your organization. This endpoint is essential for discovering existing profiles, monitoring configuration changes, and implementing profile selectionmanagement interfaces, and auditing your current AAA configuration landscape.interfaces.

    Use Cases:

    • DisplayBuilding availableadministrative dashboards that display all configured access policies
    Auditing network access configurations across your organization Synchronizing AAA profiles inwith networkexternal configuration management dashboards Audit existing authentication policies across your infrastructure Populate dropdown menus for device configuration tools Generate reports on AAA profile usage and distributionsystems

    Full URL Example:

    https://gate.zequenze.com/api/v1/aaa_profile/?limit=20&offset=0

    Parameters:

    Parameter Type In Required Description
    limit integer query No Number of results to return per page (default: 20, max: 100)
    offset integer query No TheStarting initial index from which to return resultsposition for pagination (default: 0)

    cURL Example:

    curl -X GET "https://gate.zequenze.com/api/v1/aaa_profile/?limit=2010&offset=0" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

    Example Response:

    {
  "count": 45,25,
  "next": "https://gate.zequenze.com/api/v1/aaa_profile/?limit=2010&offset=20"10",
  "previous": null,
  "results": [
    {
      "id": 1,
      "name": "Corporate-Network-AAA"Employee Access Profile",
      "short_name": "employee-access",
      "description": "PrimaryStandard AAAaccess profile for corporatefull-time network infrastructure"employees",
      "authentication_method"organization_id": "RADIUS"org_12345",
      "radius_server"reply_attribute": [
        {
          "attribute": "radius.company.com"Tunnel-Type",
          "radius_port": 1812,
      "authorization_method"op": "TACACS+:=",
          "tacacs_server"value": "tacacs.company.com",
      "accounting_enabled": true,
      "accounting_method": "RADIUS",
      "fallback_local_auth": true,
      "created_at": "2024-01-15T10:30:00Z",
      "updated_at": "2024-01-20T14:22:00Z",
      "created_by": "admin@company.com",
      "status": "active"VLAN"
        },
        {
          "id": 2,
      "name"attribute": "Guest-Access-Profile"Tunnel-Medium-Type",
          "description"op": "Limited access profile for guest network devices":=",
          "authentication_method"value": "local"IEEE-802"
        }
      ],
      "authorization_method"check_attribute": [
        {
          "attribute": "local"User-Password",
          "accounting_enabled": false,
      "fallback_local_auth": true,
      "created_at"op": "2024-01-10T09:15:00Z"==",
          "updated_at"value": "2024-01-18T11:45:00Z",%{User-Password}"
        "created_by":}
      "network-admin@company.com",
      "status": "active"]
    }
  ]
}

    Response Codes:

    Status Description
    200 Success - Returns paginated list of AAA profiles
    401 Unauthorized - Invalid or missing authentication token
    403 Forbidden - Insufficient permissions to view AAAaccess profiles

    POST /aaa_profile/

    Description: Creates a new AAA profile with specified authentication, authorization,reply and accountingcheck configurations.attributes. This endpoint allows you to programmaticallydefine deploynew standardized securityaccess policies acrossand yourauthentication rules that can be applied to users and network infrastructure.devices.

    Use Cases:

    • AutomateSetting AAAup profileaccess creationpolicies duringfor new user groups or departments
    Creating specialized profiles for guest network expansionaccess DeployDefining standardizedcontractor securityor policiestemporary touser newaccess network segments Create environment-specific profiles (production, staging, development) Implement infrastructure-as-code for network security configurationsrestrictions

    Full URL Example:

    https://gate.zequenze.com/api/v1/aaa_profile/

    Parameters:

    Parameter Type In Required Description data object body Yes JSON object containing the AAA profile configuration

    cURL Example:

    curl -X POST "https://gate.zequenze.com/api/v1/aaa_profile/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Branch-Office-AAA"Guest WiFi Profile",
    "short_name": "guest-wifi",
    "description": "AAALimited access profile for branchguest office network devices"users",
    "authentication_method"reply_attribute": "RADIUS",
    "radius_server": "10.1.1.100",
    "radius_port": 1812,
    "radius_secret": "shared_secret_key",
    "authorization_method": "RADIUS",
    "accounting_enabled": true,
    "accounting_method": "RADIUS",
    "fallback_local_auth": true,
    "session_timeout": 3600,
    "privilege_levels":[
      {
        "readonly"attribute": 1,"Session-Timeout",
        "operator"op": 5,":=",
        "admin"value": 15"3600"
      },
      {
        "attribute": "Tunnel-Private-Group-Id",
        "op": ":=",
        "value": "100"
      }
    ],
    "check_attribute": [
      {
        "attribute": "Calling-Station-Id",
        "op": "=*",
        "value": "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$"
      }
    ]
  }'

    Request Body Example:

    {
  "name": "VPN Access Profile",
  "short_name": "vpn-access",
  "description": "Profile for remote VPN users with bandwidth limits",
  "reply_attribute": [
    {
      "attribute": "Framed-IP-Address",
      "op": ":=",
      "value": "255.255.255.254"
    },
    {
      "attribute": "Acct-Interim-Interval",
      "op": ":=",
      "value": "600"
    }
  ],
  "check_attribute": [
    {
      "attribute": "NAS-Port-Type",
      "op": "==",
      "value": "Virtual"
    }
  ]
}

    Example Response:

    {
  "id": 15,
  "name": "Branch-Office-AAA"VPN Access Profile",
  "short_name": "vpn-access",
  "description": "AAA profileProfile for branchremote officeVPN networkusers devices"with bandwidth limits",
  "authentication_method"organization_id": "RADIUS"org_12345",
  "radius_server"reply_attribute": "10.1.1.100",
  "radius_port": 1812,
  "authorization_method": "RADIUS",
  "accounting_enabled": true,
  "accounting_method": "RADIUS",
  "fallback_local_auth": true,
  "session_timeout": 3600,
  "privilege_levels":[
    {
      "readonly"attribute": 1,"Framed-IP-Address",
      "operator"op": 5,":=",
      "admin"value": 15"255.255.255.254"
    },
    {
      "created_at"attribute": "2024-01-25T16:20:00Z"Acct-Interim-Interval",
      "updated_at"op": "2024-01-25T16:20:00Z":=",
      "created_by"value": "api-user@company.com"600"
    }
  ],
  "status"check_attribute": [
    {
      "attribute": "active"NAS-Port-Type",
      "op": "==",
      "value": "Virtual"
    }
  ]
}

    Response Codes:

    Status Description
    201 Created - AAA profile successfully created
    400 Bad Request - Invalid profiledata configurationin orrequest missing required fieldsbody
    401 Unauthorized - Invalid or missing authentication token
    403
    Forbidden - Insufficient permissions to create AAA profiles 409 Conflict - Profile with the same nameshort_name already exists

    GET /aaa_profile/{id}/

    Description: Retrieves detailed information about a specific AAA profile by its unique identifier.ID. This endpoint provides complete profile configuration detailsincluding neededall forreply profileand analysis,check troubleshooting,attributes orwith cloningtheir operations.operators and values.

    Use Cases:

    • ViewReviewing completespecific configurationprofile detailsconfigurations before making changes
    Debugging authentication issues by examining profile attributes Exporting profile configurations for a specific AAA profile Validate profile settings during troubleshooting Retrieve profile data for cloningbackup or templating Display profile information in configuration management interfacesmigration

    Full URL Example:

    https://gate.zequenze.com/api/v1/aaa_profile/15/

    cURL Example:

    curl -X GET "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

    Example Response:

    {
  "id": 15,
  "name": "Branch-Office-AAA"Manager Access Profile",
  "short_name": "manager-access",
  "description": "AAAEnhanced access profile for branchmanagement officestaff networkwith devices"extended permissions",
  "authentication_method"organization_id": "RADIUS"org_12345",
  "radius_server"reply_attribute": "10.1.1.100",
  "radius_port": 1812,
  "radius_backup_server": "10.1.1.101",
  "authorization_method": "RADIUS",
  "accounting_enabled": true,
  "accounting_method": "RADIUS",
  "accounting_server": "10.1.1.100",
  "fallback_local_auth": true,
  "session_timeout": 3600,
  "idle_timeout": 1800,
  "privilege_levels":[
    {
      "readonly"attribute": 1,"Filter-Id",
      "operator"op": 5,":=",
      "admin"value": 15"manager_acl"
    },
    {
      "command_authorization"attribute": "Session-Timeout",
      "op": ":=",
      "value": "28800"
    },
    {
      "enable_command_auth"attribute": true,"Tunnel-Private-Group-Id",
      "restricted_commands"op": ":=",
      "value": "200"
    }
  ],
  "check_attribute": [
    {
      "reload"attribute": "User-Password",
      "writeop": erase""==",
      "format"]value": "%{User-Password}"
    },
    {
      "created_at"attribute": "2024-01-25T16:20:00Z"Huntgroup-Name",
      "updated_at"op": "2024-01-25T16:20:00Z"==",
      "created_by"value": "api-user@company.com",management"
    "last_used":}
  "2024-01-26T08:30:00Z",
  "device_count": 12,
  "status": "active"]
}

    Response Codes:

    Status Description
    200 Success - Returns the specified AAA profile details
    401 Unauthorized - Invalid or missing authentication token
    403 Forbidden - Insufficient permissions to view this profile 404 Not Found - AAA profile with specified ID does not exist

    PUT /aaa_profile/{id}/

    Description: Completely replaces an existing AAA profile with new configuration data. This endpoint performs a full update, replacing all profile settingsattributes with the provided data. Use this when you need to make comprehensive changes to a profile configuration.values.

    Use Cases:

    • Migrate profiles to new authentication servers
    ImplementImplementing major policy changes acrossthat networkaffect infrastructuremultiple attributes Update profiles with new security requirements StandardizeStandardizing profiles across different networkenvironments segmentsMigrating from legacy configurations to new attribute sets

    Full URL Example:

    https://gate.zequenze.com/api/v1/aaa_profile/15/

    cURL Example:

    curl -X PUT "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Branch-Office-AAA-Updated"Updated Manager Profile",
    "short_name": "manager-access-v2",
    "description": "UpdatedRevised AAAmanager profileaccess with new TACACS+security server"policies",
    "authentication_method"reply_attribute": [
      {
        "attribute": "TACACS+Filter-Id",
        "op": ":=",
        "tacacs_server"value": "tacacs.newdomain.com"manager_acl_v2"
      },
      {
        "attribute": "Session-Timeout",
        "tacacs_port": 49,
    "tacacs_secret"op": "new_shared_secret",
    "authorization_method": "TACACS+=",
        "accounting_enabled": true,
    "accounting_method"value": "TACACS+14400"
      }
    ],
    "check_attribute": [
      {
        "attribute": "User-Password",
        "op": "==",
        "fallback_local_auth"value": true,
    "session_timeout": 7200,
    %{User-Password}"privilege_levels": {
      "readonly": 1,
      "operator": 7,
      "admin": 15
      }
    ]
  }'

    Example Response:

    {
  "id": 15,
  "name": "Branch-Office-AAA-Updated",
  "description": "Updated AAA profile with new TACACS+ server",
  "authentication_method": "TACACS+",
  "tacacs_server": "tacacs.newdomain.com",
  "tacacs_port": 49,
  "authorization_method": "TACACS+",
  "accounting_enabled": true,
  "accounting_method": "TACACS+",
  "fallback_local_auth": true,
  "session_timeout": 7200,
  "privilege_levels": {
    "readonly": 1,
    "operator": 7,
    "admin": 15
  },
  "created_at": "2024-01-25T16:20:00Z",
  "updated_at": "2024-01-26T14:35:00Z",
  "created_by": "api-user@company.com",
  "status": "active"
}

    Response Codes:

    Status Description
    200 Success - AAA profile successfully updated
    400 Bad Request - Invalid configuration data orin missingrequest required fieldsbody
    401 Unauthorized - Invalid or missing authentication token
    403 Forbidden - Insufficient permissions to update this profile 404 Not Found - AAA profile with specified ID does not exist

    PATCH /aaa_profile/{id}/

    Description: Partially updates an existing AAA profile byprofile, modifying only the specified fields.fields while preserving existing configuration for unspecified attributes. This endpoint is ideal for making targeted changes without affecting otherthe profileentire settings, such as updating server addresses or adjusting timeout values.profile.

    Use Cases:

    • UpdateAdjusting serversession IP addresses during network migrations
    Adjust timeout values based on performance requirements Enabletimeouts or disablebandwidth specific AAA features Update descriptions and metadatalimits without changing functionalaccess settingsrules Adding new reply attributes while keeping existing check attributes Making quick configuration changes for specific requirements

    Full URL Example:

    https://gate.zequenze.com/api/v1/aaa_profile/15/

    cURL Example:

    curl -X PATCH "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "radius_server": "10.2.1.100",
    "session_timeout": 5400,
    "description": "Updated radiusdescription serverwith IPnew aftersecurity datacenterrequirements",
    migration""reply_attribute": [
      {
        "attribute": "Session-Timeout",
        "op": ":=",
        "value": "21600"
      }
    ]
  }'

    Example Response:

    {
  "id": 15,
  "name": "Branch-Office-AAA-Updated"Manager Access Profile",
  "short_name": "manager-access",
  "description": "Updated radiusdescription serverwith IPnew aftersecurity datacenter migration"requirements",
  "authentication_method"organization_id": "TACACS+org_12345",
  "reply_attribute": [
    {
      "attribute": "Session-Timeout",
      "op": ":=",
      "tacacs_server"value": "tacacs.newdomain.com"21600"
    }
  ],
  "radius_server"check_attribute": [
    {
      "attribute": "10.2.1.100"User-Password",
      "tacacs_port": 49,
  "authorization_method"op": "TACACS+==",
      "accounting_enabled": true,
  "accounting_method"value": "TACACS+%{User-Password}"
    },
    {
      "attribute": "Huntgroup-Name",
      "op": "==",
      "fallback_local_auth": true,
  "session_timeout": 5400,
  "privilege_levels": {
    "readonly": 1,
    "operator": 7,
    "admin": 15
  },
  "created_at"value": "2024-01-25T16:20:00Z",management"
    "updated_at":}
  "2024-01-26T16:45:00Z",
  "created_by": "api-user@company.com",
  "status": "active"]
}

    Response Codes:

    Status Description
    200 Success - AAA profile successfully updated
    400 Bad Request - Invalid field values or data formatin request body
    401 Unauthorized - Invalid or missing authentication token
    403 Forbidden - Insufficient permissions to modify this profile 404 Not Found - AAA profile with specified ID does not exist

    DELETE /aaa_profile/{id}/

    Description: Permanently removes an AAA profile from the system. This operationaction cannot be undone and will failaffect ifany theusers profileor isdevices currently assigned to anythis network devices. Ensure all device associations are removed before attempting deletion.profile.

    Use Cases:

    • CleanRemoving obsolete profiles that are no longer needed
    Cleaning up unusedtest or obsoletetemporary AAA profilesconfigurations RemoveDecommissioning testaccess profiles after development cycles Decommission profilespolicies for retireddiscontinued network segments Maintain profile inventory hygiene in configuration managementservices

    Full URL Example:

    https://gate.zequenze.com/api/v1/aaa_profile/15/

    cURL Example:

    curl -X DELETE "https://gate.zequenze.com/api/v1/aaa_profile/15/" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

    Response Codes:

    Status Description
    204 No Content - AAA profile successfully deleted
    401 Unauthorized - Invalid or missing authentication token
    403
    Forbidden - Insufficient permissions to delete this profile 404 Not Found - AAA profile with specified ID does not exist 409 Conflict - Profile is currently in use and cannot be deleted

    Common Use Cases

    Use Case 1: NetworkEmployee Infrastructure StandardizationOnboarding

    DeployCreate consistentstandardized AAAaccess profiles acrossfor multiplenew networkemployees devicesby duringusing initialPOST setup/aaa_profile/ orwith infrastructureappropriate expansion.VLAN Useassignments and session timeouts, then retrieve the profile using GET to identify existing profiles, POST/aaa_profile/{id}/ to createverify standardized templates, and apply them systematically across your device inventory.configuration.

    Use Case 2: SecurityGuest PolicyNetwork MigrationManagement

    MigrateSet fromup localtime-limited authenticationguest access by creating profiles with Session-Timeout attributes and bandwidth restrictions, using the reply_attribute array to centralizeddefine RADIUS/TACACS+access authentication. Use GET to audit current profiles, PATCH to gradually update authentication methods, and monitor the transition across your network infrastructure.parameters.

    Use Case 3: ComplianceProfile and Audit ManagementMaintenance

    ImplementRegularly role-basedaudit existing profiles using GET /aaa_profile/ with pagination, then use PATCH operations to update specific attributes like session timeouts or access controlrules andwithout accountingdisrupting forother regulatory compliance. Create profiles with specific privilege levels, enable comprehensive accounting, and use GET endpoints to generate compliance reports showing AAA policy distribution.configuration.

    Use Case 4: DisasterSecurity RecoveryPolicy and BackupUpdates

    MaintainImplement backuporganization-wide AAAsecurity configurationschanges by retrieving all profiles with GET /aaa_profile/, then using PUT operations to update profiles with new check attributes for businessenhanced continuity.authentication Use GET to export current profiles, store configurations in version control, and use POST to quickly restore AAA services during disaster recovery scenarios.requirements.

    Use Case 5: Multi-EnvironmentSeasonal ManagementAccess Control

    ManageCreate separateand AAAdelete temporary profiles for development,contractors staging,or seasonal workers using POST and productionDELETE environments. Create environment-specific profilesoperations, with appropriatespecific securityreply levelsattributes that limit access duration and servernetwork configurations, enabling secure development workflows while maintaining production security standards.resources.

    Best Practices

    • Attribute Operators: Use := for setting values, == for exact matches in checks, and =* for pattern matching with regular expressions
    Profile Naming Conventions: Use descriptive names that indicate the profile's purpose, environment, and authenticationconsistent methodslug-format (e.g., "Production-RADIUS-Corporate", "Dev-Local-TestLab") Server Redundancy: Always configure backup authentication servers using fallback_local_auth and backup server fieldsshort_names to ensuremake networkprofiles accessibilityeasily during server outages Gradual Deployment: When updating existing profiles, use PATCH for incremental changes and test thoroughly before applying to production devicesidentifiable Pagination Strategy: ForWhen largelisting profileprofiles, inventories, implement efficient pagination usinguse appropriate limit values (recommended:20-50) 20-50to perbalance page)performance and cache results when possible Security Considerations: Regularly rotate shared secrets, implement appropriate session timeouts, and use encrypted connections for authentication server communication Profile Lifecycle Management: Regularly audit profile usage using device_count and last_used fields, and clean up unused profiles to maintain security hygieneusability Error Handling: ImplementAlways proper retry logiccheck for network409 timeouts,conflicts validatewhen profilecreating configurationsprofiles, beforeas deployment,short_name values must be unique within an organization Testing: Create test profiles in non-production environments first, as deleted profiles cannot be recovered Documentation: Maintain detailed descriptions for complex profiles to help other administrators understand their purpose and maintain fallback authentication methods for critical infrastructureconfiguration
    Back to top