Get organizations with permission

ricardocwc
Conversationalist

Get organizations with permission

Hi,

 

I'm trying to get a list of the organizations my user has privileges on. That must be an easy task using https://api.meraki.com/api/v1/organizations. My problem is that some of those organizations include the security option to limit the Dashboard API access to some IP ranges. I would not like to eliminate that security.

 

Is there a way I can get a list of the Organizations, and just skip the organiztion that doesn't have enough security permissions?

 

 

7 Replies 7
sungod
Kind of a big deal

The getOrganizations call returns all organizations you have privileges on, including whether or not API access is enabled.

 

https://developer.cisco.com/meraki/api-v1/#!get-organizations

 

If it doesn't automatically exclude those further restricted by IP, I'd just take the result and go through it trying a simple read on each ID to see which allow access, i.e. do this call on each ID...

 

https://developer.cisco.com/meraki/api-v1/#!get-organization-login-security

 

ricardocwc
Conversationalist

thank you for your answer sungod.

 

I tried https://api.meraki.com/api/v1/organizations, but I dont get the list of organizations. I only get an error with one of the organizations bloqued:

 

{
    "errors": [
        "Your client IP address [my IP here] is not within an approved subnet for organization [organization name here] - [organization ID here]"
    ]
}
 
Is there a way I can get the IDs of other organizations instead this error?
 
 
thanks again

Do you see this error on just a few orgs in your list? or you don't see the entire list?

try this:

response = dashboard.organizations.getOrganizations()
for orgs in response:
if orgs["name"] in response:
<code>

 This says that if "name" is in "response " do <code>

sungod
Kind of a big deal

Is that the complete response you posted?

 

If it's not returning a list, just this one error, then I'd call it a bug.

 

The call is cross-organization, in my opinion it should at least return the list of organizations your API key has access to, though I'd prefer it to retain its original behaviour and simply return the full list - that wouldn't leak any information that you could not obtain other ways through your admin access - or null out information other than the id in the response for any restricted organization(s).

 

This API call existed a long time before IP-based access control was a feature, I'd say it needs updating to handle it sensibly.

 

I'd open a support case.

 

Each admin is allowed two API keys, if you are only using one at the moment, a workaround would be to generate a second API key and use it for any organizations that have an IP restriction.

 

ricardocwc
Conversationalist

Thank you everyone for the answers,

 

Yes, that is the complete response, I don't get any list, the response contains only that error message.

 

I will test with the second API key and open the ticket.

 

Thanks

 

 

ricardocwc
Conversationalist

Hi,

I received this answer from the Meraki Help desk:

 

"As of right now, that is not possible. There are only two options. 1) Would not use the Allowed IP Range field for API Access. This would allow you to access all organizations. 2) add your IP address to the Allowed IP Range field for API Access on all of your organizations."

 

So I think the alternative is to stop using the limit the Dashboard API access to some IP ranges funtion if you want to use the API

Get notified when there are additional replies to this discussion.