Meraki

Community

Inquiry on Meraki API Capabilities for Wi-Fi Password Management

Solved
TFBAPI
New here
a month ago
a month ago

Inquiry on Meraki API Capabilities for Wi-Fi Password Management

Can you elaborate 1) is PSK the Wi-Fi password  
                                    2) is it plain text?  
                                    3) how the encryption use? 
                                    4) who can update the password internal /external user?
                                    5)  what are the required field in the body, if we only want to update Wi-Fi password? 
                                    6) What is the number present in the input – is it the router id?  
                                    7) I see the end point also has on the node also
                                         "credentials": {
                                                                     "Logon Name": "user", "password": "password"} (how the user and password is sent plain text? encrypted ...?) 
                                        is this optional? also, what then is the diff between this end point and the below one for identity Wi-Fi ? 
                                    😎 in case of identity Wi-Fi Wireless SSID Identity PSKs including PUT /networks/{networkId}/wireless/ssids/{number}/identityPsks/{identityPskId}).
                                       Get Network Wireless Ssid Identity Psk - Meraki Dashboard API v1 - Cisco Meraki Developer Hub

What is the Identity psk ID? where we can get it, which end point we can use for this? 
where to take the Network ID? 
please explain this PUT end point need, what are the params mean and how to use it if we want to set the Wi-Fi password of the device.   
9) are these endpoints can work on array or only one device or network id?

0 Kudos
1 Accepted Solution
In response to PhilipDAth
Hadas
Conversationalist
a month ago
a month ago

Thank you!

View solution in original post

0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
a month ago
a month ago

PSK (Pre-Shared Key) is the Wi-Fi password used when the SSID is configured for WPA2-PSK or WPA3-PSK authentication.
So, if your SSID is configured with authMode = "psk", the value you set in the API field psk is the Wi-Fi password.

 

Is it plain text?

Yes, when you retrieve it via the API, Meraki returns it in plain text, and when you update it, you must send it in plain text too.

 

How is encryption used?

API transport: Encrypted via HTTPS.

Dashboard storage: Internally, Meraki stores PSKs securely but returns them in plain text when queried via API. So encryption protects the channel, not the data field.

 

Who can update the password, internal or external user?

Only authorized Dashboard/API users with appropriate permissions.

 

What are the required fields in the body if we only want to update the Wi-Fi password?

For the endpoint: PUT /networks/{networkId}/wireless/ssids/{number}

 

What is the number present in the input, is it the router ID?

No, the {number} represents the SSID number (index), not the router or device ID.

SSIDs are numbered 0–14 (Meraki allows up to 15 per network).

 

About "credentials": { "Logon Name": "user", "password": "password" }

This applies only when using  Enterprise authentication (WPA2-Enterprise)

 

Difference between normal PSK endpoint and Identity PSK endpoint

Normal PSK: /networks/{networkId}/wireless/ssids/{number} - Changes the single global PSK for that SSID.

Identity PSK: /networks/{networkId}/wireless/ssids/{number}/identityPsks/{identityPskId} - Changes one individual PSK that applies to a specific user, device, or group under that SSID.
Useful if each device has its own password (iPSK).

 

Where to get the Network ID?

You can find it in multiple ways:

From the Dashboard URL https://dashboard.meraki.com/.../n_1234abcd/manage/nodes or via API GET /organizations/{organizationId}/networks

 

Can these endpoints work on arrays or only one device/network?

These endpoints act on networks, not individual devices.

You cannot bulk-update multiple networks in a single API call.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
Hadas
Conversationalist
a month ago
a month ago

Thanks for the detailed! This is very helpful!

I have a couple of follow-up questions, if you happen to know:

  1. Regarding user credentials (e.g., for WPA2-Enterprise authentication):
    Are these also returned or submitted in plain text via the API? Is the only layer of protection the HTTPS transport encryption?

  2. Do you know if this is a synchronous operation, or is the update queued asynchronously in the backend?
    If it’s asynchronous, is there a recommended way to verify that the update was successfully applied? 

 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
a month ago
a month ago

Also, check out the code snippets on the right-hand side for examples.

 

PhilipDAth_0-1761686336028.png

 

In response to PhilipDAth
Hadas
Conversationalist
a month ago
a month ago

Thank you!

0 Kudos
In response to PhilipDAth
TFBAPI
New here
3 weeks ago
3 weeks ago

Thanks for the detailed! This is very helpful!

I have a couple of follow-up questions, if you happen to know:

  1. Regarding user credentials (e.g., for WPA2-Enterprise authentication):
    Are these also returned or submitted in plain text via the API? Is the only layer of protection the HTTPS transport encryption?

  2. Do you know if this is a synchronous operation, or is the update queued asynchronously in the backend?
    If it’s asynchronous, is there a recommended way to verify that the update was successfully applied? 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.