Meraki

Community

Get organizations with permission

ricardocwc
Conversationalist
‎Jun 28 2022 2:18 PM
‎Jun 28 2022 2:18 PM

Get organizations with permission

Hi,

 

I'm trying to get a list of the organizations my user has privileges on. That must be an easy task using https://api.meraki.com/api/v1/organizations. My problem is that some of those organizations include the security option to limit the Dashboard API access to some IP ranges. I would not like to eliminate that security.

 

Is there a way I can get a list of the Organizations, and just skip the organiztion that doesn't have enough security permissions?

 

 

0 Kudos
7 Replies 7
sungod
Kind of a big deal
‎Jun 29 2022 12:34 AM
‎Jun 29 2022 12:34 AM

The getOrganizations call returns all organizations you have privileges on, including whether or not API access is enabled.

 

https://developer.cisco.com/meraki/api-v1/#!get-organizations

 

If it doesn't automatically exclude those further restricted by IP, I'd just take the result and go through it trying a simple read on each ID to see which allow access, i.e. do this call on each ID...

 

https://developer.cisco.com/meraki/api-v1/#!get-organization-login-security

 

0 Kudos
In response to sungod
ricardocwc
Conversationalist
‎Jun 29 2022 6:34 AM
‎Jun 29 2022 6:34 AM

thank you for your answer sungod.

 

I tried https://api.meraki.com/api/v1/organizations, but I dont get the list of organizations. I only get an error with one of the organizations bloqued:

 

{
    "errors": [
        "Your client IP address [my IP here] is not within an approved subnet for organization [organization name here] - [organization ID here]"
    ]
}
 
Is there a way I can get the IDs of other organizations instead this error?
 
 
thanks again
0 Kudos
In response to ricardocwc
NesAlba
Here to help
‎Jun 29 2022 7:23 AM
‎Jun 29 2022 7:23 AM

Do you see this error on just a few orgs in your list? or you don't see the entire list?

0 Kudos
In response to ricardocwc
NesAlba
Here to help
‎Jun 29 2022 7:31 AM
‎Jun 29 2022 7:31 AM

try this:

response = dashboard.organizations.getOrganizations()
for orgs in response:
if orgs["name"] in response:
     <code>

 This says that if "name" is in "response " do <code>

0 Kudos
In response to ricardocwc
sungod
Kind of a big deal
‎Jun 29 2022 8:18 AM
‎Jun 29 2022 8:18 AM

Is that the complete response you posted?

 

If it's not returning a list, just this one error, then I'd call it a bug.

 

The call is cross-organization, in my opinion it should at least return the list of organizations your API key has access to, though I'd prefer it to retain its original behaviour and simply return the full list - that wouldn't leak any information that you could not obtain other ways through your admin access - or null out information other than the id in the response for any restricted organization(s).

 

This API call existed a long time before IP-based access control was a feature, I'd say it needs updating to handle it sensibly.

 

I'd open a support case.

 

Each admin is allowed two API keys, if you are only using one at the moment, a workaround would be to generate a second API key and use it for any organizations that have an IP restriction.

 

0 Kudos
In response to sungod
ricardocwc
Conversationalist
‎Jun 29 2022 8:27 AM
‎Jun 29 2022 8:27 AM

Thank you everyone for the answers,

 

Yes, that is the complete response, I don't get any list, the response contains only that error message.

 

I will test with the second API key and open the ticket.

 

Thanks

 

 

ricardocwc
Conversationalist
‎Feb 9 2024 6:50 AM
‎Feb 9 2024 6:50 AM

Hi,

I received this answer from the Meraki Help desk:

 

"As of right now, that is not possible. There are only two options. 1) Would not use the Allowed IP Range field for API Access. This would allow you to access all organizations. 2) add your IP address to the Allowed IP Range field for API Access on all of your organizations."

 

So I think the alternative is to stop using the limit the Dashboard API access to some IP ranges funtion if you want to use the API

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.