API Discussions

Discussions and questions regarding the Cato Networks API

Forum Widgets

Recent Discussions

Permission errors when testing Cato API with Python
HI all, I am currently working on a project to automate workflows in Cato with Python. I've already set and reviewed my API permissions and they should already inherit my account which is able to edit and view most of the resources. However, I still get this error: HTTP 200 { "errors": [ { "message": "permission denied", "path": [ "licensing", "licensingInfo" ], "extensions": { "code": "Code104" } } ], "data": { "licensing": { "licensingInfo": null } } } I've been scouting the documentation on specific troubleshooting steps but I couldn't seem to find the answers i'm looking for. Any chance some folks could give me a quick guide on how to ensure I get the right permissions for my API keys? This is the sample script i'm testing btw, it is to pull available licensing information for monitoring. API_KEY = os.getenv("CATO_API_KEY") API_URL = "https://api.catonetworks.com/api/v1/graphql2" QUERY = """ { licensing(accountId: <ID_HERE>) { licensingInfo { globalLicenseAllocations { ztnaUsers { total allocated available } } } } } """ async def main(): headers = { "x-api-key": API_KEY, "Content-Type": "application/json" } async with aiohttp.ClientSession(headers=headers) as session: async with session.post(API_URL, json={"query": QUERY}) as resp: print("HTTP", resp.status) print(json.dumps(await resp.json(), indent=4)) asyncio.run(main())
Solved
Elmark
Joining the Conversation
2 months ago
232Views
0likes
6Comments
How to get license id ?
Hi, I want to use the assignSiteBwLicense mutation to automate site licensing, but I cannot find the correct licenseId to pass in the input. Mutation I want to use: mutation assignSiteBwLicense($accountId: ID!, $input: AssignSiteBwLicenseInput!) { sites(accountId: $accountId) { assignSiteBwLicense(input: $input) { license { __typename id sku ... on SiteLicense { site { id } total } } } } } Variables: { "accountId": "123", "input": { "site": { "input": "123" }, // <-- I have the correct Site ID and Account ID "licenseId": "???", // <-- MISSING: How to find this ID? Troubleshooting steps: I tried using the pool ID seen in browser debug ("4436"), but the mutation returns "internal upstream error". I tried listing licenses via licensing { bwLicenses } but the query fails (field does not exist). I tried accountManagement { licenses } but it returns empty or generic IDs. Question: Which query should I use to get the specific licenseId required for this mutation? Thanks for your help
Solved
SR
Joining the Conversation
3 months ago
81Views
0likes
1Comment
Reporting on Max amount of licenses reached
It's rather embarrassing to run out of SDP licenses as it provides for a negative new joiner experience when their Cato connection won't come up as expected. As Cato in their wisdom has decided there is no need to alert admins when the license count is reached (they'd probably rather we waste money purchasing a sufficient surplus of said licenses), is there a way to use the API to query for this status? Yes, I submitted an RMA for this last year that went nowhere. And yes, I know we can probably hack something together on our end that statically compares the number of licenses to the membership count in our provisioning groups. But this feels like it should be a basic feature of a SaaS service, especially as there is a hard stop when the license count is reached.
Solved
JM
Staying Involved
10 months ago
208Views
1like
4Comments
Pull network rules via API
Hi community, I am trying to pull network settings for several sites. To be more precise, I would like to create a list of bypass rules per site. I tried the following query with empty results: query entityLookup ($accountID: ID!, $type: EntityType!, $parent: EntityInput!) { entityLookup (accountID: $accountID, type: $type, parent: $parent) { items { entity { id name type } description helperFields } } } { "accountID": "{{accountID}}", "type": "localRouting", "parent": { "id": 0, "type": "site" } } Other "type" like lanFirewall worked. Any suggestions how to proceed and get details about bypass ruleset per site?
Solved
Phil
Joining the Conversation
10 months ago
179Views
1like
3Comments
Is there an API applicable to IP Ranges in the Resources topic?
Hello. We need to create about 4,000 objects in IP Ranges, is there an API available for this? thanks.
Solved
ESCARE-Team
Making Connections
10 months ago
363Views
0likes
13Comments
Bulk import error: Concurrent edits in account for Site
Hi Guys, We need to import static hosts reservations into CATO. I found this helpful documentation: https://registry.terraform.io/providers/catonetworks/cato/latest/docs/guides/guide_cato_static_host_from_csv However when running the import for multiple hosts I'm getting the following error: The first host is created successfully, however the others are not working because of error: Concurrent edits in account for Site Any ideas on how to solve this?
Solved
Nielsn
Joining the Conversation
10 months ago
160Views
0likes
2Comments
Add Interface Subnets to User Defined Groups
Hi, using the Cato API is it possible to add Site Interface Subnets to a user defined group? The use case here would be to create a script that creates a Site, creates routes networks, and then adds those routed networks to several groups. I checked the API documentation, but didn't see any options initially. Thanks!
Solved
Jeremy
Joining the Conversation
1 year ago
150Views
1like
3Comments
How do you make an API request that lists IP address of LAN and WAN interfaces ?
I need to retrieve several pieces of information using API requests : - full list of IP ranges for LAN interfaces (type : Native, VLAN, Routed) [screenshot] - IP addresses of the WAN interfaces (socket IP) In the "entityLookUp" request, I can only find the site's native IP address (VLAN, Routed?) and in the "accountSnapshot" request, there is no internal address. Thank for your time
Solved
MaelJ
Making Connections
1 year ago
204Views
1like
2Comments
How To Get All users Regardless Of Current Connection Status
I am trying to retrieve a list of all users including their last connected datetime, which doesnt seem to be included in the results for entity lookup. I do get this field from accountSnapshot, but that only returns a list of users that are currently connected, I need all of them. I am trying to retrieve all user ids via entity lookup and then pass them to the accountSnapshot since you can get non connected users by specifying their ids. Anyonehave any suggestions on how to adjust my query? I am working in C#/Dotnet
Solved
BennettCarter
Joining the Conversation
1 year ago
128Views
0likes
2Comments
Looking for Socket Interface Wan Role and Precedence
Hello devs! I am trying to fetch interface data for our application. In doing so, I realized that I cannot locate the interface wan role # and the precedence # from CATO API. I did some digging and found 'naturalOrder' - is this the WAN precedence? Also, directly from the Socket Web GUI (proxy) - I could see `wan_outlet_id` which looks like it could be the wan role, however this is not exposed in InterfaceSnapshot. ps: Do varioius Socket/vSocket platforms have different values/limits for WAN Role and Precedence? I currently see 3 WAN Roles, and 3 Precedences in our deployments.
Solved
JessieBryan
Making Connections
1 year ago
227Views
1like
6Comments