Meraki

Community

Finding network ID with full access to network but not organization

Solved
O-I
Conversationalist
‎Jun 7 2019 5:23 PM
‎Jun 7 2019 5:23 PM

Finding network ID with full access to network but not organization

Hello,

 

I am trying to determine the network ID of a network I was granted full access to. Am I able to retrieve this information via the Meraki Dashboard API (or from the Dashboard itself) without requiring full organization access?

 

The owner of the organization has enabled the Dashboard API and I can see the organization when I query https://api.meraki.com/api/v0/organizations, but I am unable to figure out how to determine the network ID of the one network in that organization that I have access to. Is this possible?

 

Thanks for the help.

Labels:
0 Kudos
1 Accepted Solution
In response to O-I
BrechtSchamp
Kind of a big deal
‎Jun 28 2019 6:37 AM
‎Jun 28 2019 6:37 AM

Basically an API key is linked to an account. It inherits the access rights of that account. So if it only has read-only access to a certain network it will only be able to execute the GET calls pertaining to that network.

 

I just tested this and with an account that only has read-only access to a certain network I can execute this for that network:

{{baseUrl}}/networks/{{networkId}}/devices

 

But I can't do for example:

{{baseUrl}}/organizations/{{organizationId}}/deviceStatuses

{{baseUrl}}/organizations/{{organizationId}}/networks

 

So I guess it works as you should expect it to. You can execute the calls that do the same thing you would be able to do via dashboard with your account.

View solution in original post

3 Replies 3
jdsilva
Kind of a big deal
‎Jun 7 2019 7:26 PM
‎Jun 7 2019 7:26 PM

API access requires Org level admin. If you only have network admin you cannot generate your own API key, which means you cannot use the API.

 

You would need the API key of an Org admin, which then would give you full Org rights over that Org.

http://blog.brokennetwork.ca | @jdsilva
In response to jdsilva
O-I
Conversationalist
‎Jun 10 2019 8:24 AM
‎Jun 10 2019 8:24 AM

Hi jdsilva,

 

I have a valid API key. Does it only work for API requests that I have org-level access over?

 

What about network endpoints? If I were provided the ID of a network I have admin over, could I make a successful request to GET /networks/{networkId} without requiring organization access? 

 

This particular organization has many networks, only one of which I should be able to provision. It's a little awkward for me to ask for full organization access in this case. I understand that may be necessary, though.

 

Thanks for your help.

0 Kudos
In response to O-I
BrechtSchamp
Kind of a big deal
‎Jun 28 2019 6:37 AM
‎Jun 28 2019 6:37 AM

Basically an API key is linked to an account. It inherits the access rights of that account. So if it only has read-only access to a certain network it will only be able to execute the GET calls pertaining to that network.

 

I just tested this and with an account that only has read-only access to a certain network I can execute this for that network:

{{baseUrl}}/networks/{{networkId}}/devices

 

But I can't do for example:

{{baseUrl}}/organizations/{{organizationId}}/deviceStatuses

{{baseUrl}}/organizations/{{organizationId}}/networks

 

So I guess it works as you should expect it to. You can execute the calls that do the same thing you would be able to do via dashboard with your account.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.