# Aruba Central API Gateway

## Types of API
Before looking at Central's API gateway, let us quickly look at what type of North bound interfaces are avaialble for extensiblity or integration with Central.

### REST (Representational State Transfer) API
- REST API confine to certain architectural constraints which govern the information exchange between a user and a provider/system.
- This is one of the most widely used APIs, which uses a Request-Response style interaction
- Here, API requests use above mentioned HTTP methods to interact with a system
- It is also known as Polling API since an end-user has to poll the system every time a interaction is desired

### Streaming API
-   As the name suggests, a system streams the data at certain time intervals to its end-users    
-   It is of a Publish-Subscribe model, where end-users or subscribers, subscribe to the API/system, and the system publishes the data to these subscribers.    
-   Real-time data is sent to subscribers/end-user
-   End-user can only read the data and cannot make any changes back to the system like REST API.

### Webhook
- Even though webhooks do not strictly fall under API, they are widely use in automation to fetch real-time data as notification or alerts
- Here alerts or thresholds are pre-configured on a system and whenever that threshold is reached, the system generates an alert and sends it as structured data (JSON) to and end- user
- This data is sent to using a HTTP request to end-user’s web-url of choice (note that, this url is a special web server which catches these hooks or alerts)


## API Gateway

API Gateway is an application/service/gatekeeper Central to manage everything related to API. It deals with all aspects of API documentation, security, access, and usage tracking.

- Open a web browser and log in to the Central Account provided to you for this lab (You may have received a separate email from Aruba to register).
 **[ADD SCREENSHOT](https://notebooks3.hpedev.io/hub/user-redirect/lab/tree/WKSHP-Aruba-Python-SDK-PyCentral/Pictures/ss-1.0-registeration-email.png)**
- API Gateway can be accessed from the Account Home on Central’s GUI.

1. Click on Central Account Home on top right

![Account Home Icon](Pictures/ss-1.1-account-home-icon.png)

2. Click on API Gateway

![Account Home Screen](Pictures/ss-1.2-account-home-screen.png)

- On the API Gateway, you will see four tabs: APIs, My Apps & Tokens, System Apps & Tokens (for admins) and Usage. Let us explore each of these tabs.


### APIs

- In this tab you will find a link to the API documentation. Clicking on the link opens a new tab with a list of API.
- This is also known as the Swagger tool, which is used to test and familiarize with APIs and its documentation, without extensive programming knowledge.
- All the attributed of an API mentioned in the API documentation section, are present on Swagger too, such as API are documented with description and path, along with parameters and sample body/payload.
- All REST API on Central (that you see on Swagger) are documented based on the Open API Specification (a rulebook for documenting API, usually through a backend JSON file).
- Lets check out the various elements of the API Documentation page. (Each section is numbered, and its details are mentioned below the image)

![API Documentation](Pictures/ss-1.3-API-doc-page.png)
<p align="center">
  <img src="Pictures/ss-1.4-API-doc-page-extension.png">
  
</p>

1. **Base URL** – to construct the final URL for API call. This is an important aspect, and it is different for different clusters on Central.
   URL/URI = Base URL + API Path + Parameters/Filters
2. **Dropdown** – which shows a collection of API groups, which combines API as per their operation. For example, Configuration related API will under “Configuration”, User related API will be under “User Management”, and so on.
3. **Token box** – This is where a valid access token should be added to test an API through this documentation
4. **API Reference** – All Monitoring (since it is selected in the dropdown) related API on Aruba Central
5. **API Name, Path and Method** – Name of the API with a description below it, as well as its path and HTTP method.
6. **API Parameters** – Parameters that can be used along with the API call. These parameters filter the data as per needed. Some parameters might be required, whereas non-required parameters are optional.
7. **Response Sample & Schema** – This shows how a sample response would look like and the schema includes data types (integer, string, array, etc.) for each element of the response.
8. **Try button** – This is used to test the endpoint. Once a valid token has been provided along with any required API parameters, a user can click on this button to test the API and see its output. (It is recommended at the beginning to use GET API, since it doesn’t change anything on the system).
9. **Response Messages or Error Codes** – For API calls which do not check the requirements, Central would send a certain error code (HTTP error codes) with a message describing what went wrong.


### My Apps & Tokens

- Moving back to Central API Gateway, let us now check out My Apps & Tokens.
- This tab shows all the token associated to your account username.
- Since Aruba follows the OAuth2.0 protocol, as discussed above, it a two-step process where client ID and client secret are generated as part of first step and using these, access token is generated as part of step 2.
- Central also has API to automate this process which can be found [here](https://help.central.arubanetworks.com/2.5.3/documentation/online_help/content/api/code-grant.htm?Highlight=oauth), it’s known as obtaining API token through Grant Mechanism. However, for now we will use the UI to generate a token.

1. To generate a token, click on + **Add Apps & Tokens**
2. Select **Network Operations** from the Application dropdown
3. Click on Generate
![My Apps & Tokens Page](Pictures/ss-1.5-my-apps-and-tokens.png)

4. You will see that a new client id and client secret has been generated for your account, as seen in the My Apps & Token table, along with a new token as seen in the Token List table.

![New Token Created](Pictures/ss-1.6-token-created.png)

5. Click on **Download Token** – This opens the token information in a new tab/window.

![Access Token](Pictures/ss-1.7-access-token.png)

- As you can see, the token consists of an **access_token** used to authenticate API user.
- Access token is valid for a period of 7200 second (2 hours), therefore after that period of time the token becomes invalid to use.
- Once invalid, instead of creating a brand-new token, a user can use the **refresh_token** along with client id and client secret we saw above, to generate a new pair of valid access_token and refresh_token. Thus, the entire OAuth2.0 process need not be carried out every time a token expires.

- Note: The Access Token expires after every 2 hours (7200 seconds) and to get a new access token, the Refresh Token is required. Refresh tokens are valid for 14 days.



### System App & Tokens

- This is similar to My Apps & Tokens, with a distinction that this tab is visible only for admin users.
- System Apps & Tokens table displays the user info for API token created in your Central account. These tokens could be user tokens or tokens created by a user for an application like Postman or Python, etc.
- Token List table however only display the actual tokens created by your user account and not others token information.

![System Apps & Tokens](Pictures/ss-1.8-system-apps-and-tokens.png)


### Usage

- This tab displays the API usage statistics. API have a rate limit of 1000 calls per day (GMT midnight).

![API Usage Statistics](Pictures/ss-1.9-api-usage.png)



## API Call using API documentation (Swagger)

1. Create a new token by going to My Apps & Tokens.

2. Once created, click on Download Token to view the contents, and copy the access_token to a notepad on your local machine.(Make sure there are not multiple tokens created or multiple entries in the Token List table on Central UI. If you see multiple tokens, revoke all tokens, and create a new token)

3. Go to APIs tab and click on the API documentation link.

4. From the URL dropdown, select Configuration.

5. Go to Groups from the API list and select **Get all groups** API

6. Paste your valid **access_token** in the token box and **click on the arrow**

![API Test](Pictures/ss-1.10-swagger-api-test-get.png)

7. Fill in the following API parameters: Limit = 20, Offset = 0

8. Click on TRY

9. Check the output

10. Try any other non-deprecated GET API to see how different APIs work.(Note that, if you change anything in the URL dropdown (select others), you need to re-paste the token the token box)

- Note: API version change over time, it is possible that some API are change when you are attending this workshop. As a best practice, always use API endpoint that do NOT have "(Deprecated)" mentioned in the API documentation.

![API Test - GET](Pictures/ss-1.10-swagger-api-test-get.png)

11. Close the previous API response window if open.
12. Click on Create new group, from the API Reference Menu on the left.
13. Since it’s a POST request, some data is required in JSON format along with the request.

14. Example JSON data is given in Body Sample on right side. You can click on it once to auto populate the Parameters section. Change the “group” value from “Central_Group” to something of your choice and similarly change the password as well.

![API Test - POST](Pictures/ss-1.11-swagger-api-test-post.png)

15. Click Try – If everything was correct, the API response would say “Created” with a 200 code (signifying OK)

16. You can verify this newly created group from Central UI

![API Test - POST](Pictures/ss-1.12-swagger-api-test-post-2.png)

