Meraki API – Where Do You Start?

/ nolanwifi

Problem: It’s 2018 and I don’t know squat about API’s, PYTHON, JSON, NETMIKO or any of the other neat and cool things kids are doing these days. I’ve been avoiding these things because they are new and possibly difficult to learn, even though it’s painfully obvious that this is the future for network engineers young and old.

Goal: Learn how to use the Meraki API by writing this blog and hopefully it will teach others that are standing in the same shoes. I want to be able to actually utilize this stuff in the real world, as I’m sure you do too.

I’ve been aware for a few years now that Meraki has API functionality and that some guy uses it to tell his Alexa to enable or disable his SSID. My first reaction was I’ll never need to use that. However when I started to look into its possibilities, I quickly realized that I should start to learn how to use this stuff. So here I go…

 

What is an API (Application Programming Interface) ?

Think of an API as the messenger that takes a request, tells the system what to you want to do, and then returns the response. It’s not really a UI per say, its more of software to software communication, stuff that happens behind the scenes.

There are a variety of different API types such as:

  • Web service
  • Hardware
  • OS functions/routines
  • Database
  • More…

The most common is the use of Web APIs, which allows data and information to be exchanged through HTTP or HTTPS. This transfer of data exchange has several methods that are classified as such:

  1. SOAP (Simple Object Access Protocol)
    • Data Format = XML
  2. RPC (Remote Procedure Call)
    • XML-RCP
      • Data Format = XML
    • JSON-RPC
      • Data Format = JSON
  3. REST (Representational State Transfer)
    • Data Format = XML or JSON

As for the XML vs JSON difference, see for yourself. JSON is shorter, and easier to read for the human eye, and more importantly easier to parse for actual data use.

 

 

Real World Example:

You want to find the cheapest flights you can for an upcoming trip. So you go to the American Airlines website and search for flights. Then you go to Delta’s website and search for their flights. Then you go to the next, and the next. This seems tedious and time consuming.

The alternative is you go to the Travelocity website to look for flights. Travelocity won’t have all that information stored locally however. So it will use an API to reach out to the Airliners themselves, which will return back with data for all upcoming flights based on the criteria you specified.

Meraki Example:

You need to know the public IP Address for all 2,000 networks within your organization.

You could……log into the dashboard, go to a specific network>security appliance>security appliance status>uplink.  Copy the public IP information being shown and paste it into an excel document, and repeat this two thousand times.

The alternative here is you could use the Meraki API feature, which will query your entire organization once to check the status of every device, and provide you with all this information lickety-split.

[
  {
    "name": EXAMPLE-SITE-MX001,
    "serial": "Q2QN-ABCD-EFGH",
    "mac": "e0:55:76:ab:cd:ef",
    "publicIp": "12.12.12.12",  <---------- HEY LOOK HERE !!
    "networkId": "123456789",
    "status": "online",
    "usingCellularFailover": false,
    "wan1Ip": "10.10.10.1",
    "wan2Ip": null

 

Meraki uses a Web API, utilizing REST with HTTPS requests via URL, and a data format of JSON. Click here to view all the options you can do with Meraki API.

One thing I’ve noticed is that while the ability to use these API features with Meraki is very awesome and powerful, its usefulness seems to mostly only benefit those with large or massive networks. I personally only manage around 15 sites, maybe adding one or two a year to my collection within my organization. Small potatoes compared to some. However if I had hundreds or thousands of networks, the potential of the API really starts to shine.

So now that we have a very high level and basic overview of the API architecture (let’s hope I got it right!), how exactly do I enable it within Meraki, and how can I use it?

Meraki has a guide and document here for you to review. So let’s go ahead and follow this guide and enable it for my organization.

Follow the steps below:

**At first I was not able to view or generate the key and I then I discovered from the documentation that if you logged in as a SAML dashboard administrator, you won’t be able to. You will have to log in with the actual local dashboard account to perform this task.

This step is important, this will be the only opportunity that you get to copy down the KEY that you generated. You will not be able to view it any longer so make sure you store it in a secure location.

Meraki use to have this key in plain text so that you could simply go to your profile page and copy it whenever you wanted to, but they have since updated the dashboard so that this is no longer in plain text and is encrypted. So if you lose the key, you will need to generate a new one.

The old view used to look like this:

 

Now that we have enabled the API functionality within your Meraki dashboard, its now time to use it.

You will need to download and install a program called Postman, which you can download at their website getpostman.com. Postman is a client application for development and testing web API environments and services that utilize REST API’s, (remember earlier that Meraki uses the RESTful API system).

 

Now that you have the program installed, lets go ahead and do ourselves a favor and add into it something called a ‘Collection’ of the Meraki API options. You can do this buy visiting this Postman documenter site here and up at the top right corner, click the ‘Run in Postman’ option.

After you click this you will then be prompted with the following:

When you do this, the Postman application will automatically open up and install the Meraki API Collections to your program. You will see this here.

These will come in handy later on as we continue to learn how to use the Meraki API with Postman.

Every API request we perform has to specify the API Key in the request header. Without the API key in each call you perform, the Postman system won’t be able to reach your Meraki dashboard.

With Postman we can store this Key so that we don’t have to keep copy/pasting it for each API call we wish to perform. There are also other common attributes like that we will want to setup Variables for.

X-Cisco-Meraki-API-Key
baseUrl
organizationId
networkId

Within Postman you will want to configure an environment variable. This is how we will store those common attributes so they can be easily re-used for any future calls. The Postman Meraki Collection that you added earlier will auto-populate some of these variables for you, so you need to make sure that we have entries for them.

You may or may not want to bother with creating unique variables for each ‘networkId’ if you have hundreds. However it is important to know that using the GET call of ‘List networks in org’ is how you find the networkId information.

Since Meraki uses the REST API architectural style, we’ll need a quick understanding of the  HTTP ‘methods’ that REST operates with. These are:

GET – returns the value of a resource
PUT – adds a new resource
POST – updates a resource
DELETE – removes a resource

Here is an example from Postman after loading the Meraki API Collection:

 

So now let’s test it out with an example case. For this one, I am going to try and update the L3 firewall rules for my Z-CELLULAR network MX appliance.

Below you can see that the Z-CELLULAR firewall rules are currently empty.

There you have it folks. I’ve now successfully used an API for the first time and more importantly, it actually was useful for helping me do my job.

This pretty much sums up the basics of what an API is, and how to use it with Meraki through Postman. One thing to keep in mind is that while the Meraki API can be very beneficial, it is still very much a work in progress and there are tons of missing options.

In order to make this process even faster, we’ll need to incorporate scripting using something like Python. I’ll leave that for another blog post.

If you feel that I misunderstood a concept, explained something incorrectly, then PLEASE leave a comment and educate me so that I can update it. This was very much a learning process for me so I’m expecting some of you experts out there to spot my mistakes.

Thanks !

-Nolan

11 thoughts on “Meraki API – Where Do You Start?

  3. Hey, brooo I’m going through a similar learning phase. I think I’m sticking with powershell, it’s so much simpler once you have a few scripts written out, and it’s SO much easier to parse things out from commands.

    Like in your example where you want the IP address of the APs, when I looked at postman you had to run another 3-5 line command that was in JS I think.

    In powershell, you:
    build out the command to get the org networks,
    pass that info to get the network devices in your networks,
    then filter with | FT name,’ip address’

    It’s beautiful once you get running. I’m still very novice at it, but that took me maybe 3-4 hours of googling and learning.

    Like

    Reply

  6. that moment when you have a bit of downtime and start to do the tutorial, but you can’t even get the Collection imported into Postman! Doesn’t even work from the Meraki site.

    The whole API thing seems like such a great idea….thanks Meraki for giving us the power to do some of these things…but really at some point, why can’t they just release pre-built tools or actually build the functionality into their product? It would be hard to imagine that their customers might actually want to search for things on their networks!

    Like

    Reply

Leave a comment