Unable to update MX group policy whitelist with API

SOLVED
Damguy
Conversationalist

Unable to update MX group policy whitelist with API

I am working on a script that I hope will be able to add URLs to MX group policy whitelists by API call. 

 

We have ~100 remote locations with an MX firewall, a user PC, and a digital signage PC connected to a large display.  Each site has a boilerplate Meraki group policy applied to the digital signage PC that blocks all traffic, except what is appended to the whitelist on the policy.  

 

I have built out a script in powershell that is able to enumerate all MX devices in our organization, check each MX for this policy, and get the settings for this policy.

 

I've added on to this script, and am now trying to push new URLs out to the group policy whitelist for sites.  I am testing against just one in particular, but am seeing unexpected results. 

 

When checking the constructed request body in the script, I can see that the test URL is present (www.foo.com) and is included in the PUT request.  When looking in the REST response after making the call, I do not see www.foo.com.  I also checked in a browser at both the direct API URL, and the Dashboard for this policy, but it is not being added to either place.

 

On a hunch, I went to the Dashboard for this policy, and added www.bar.com to the whitelist, and waited for the configuration to synchronize.  When I ran the script again and checked the REST response, I saw the same behavior above for www.foo.com, but I saw www.bar.com in the response. 

 

I confirmed that I am using the PUT method for this call, and that my request parameters match what is required in the API documentation (https://developer.cisco.com/meraki/api-v1/#!update-network-group-policy). 

 

It appears that the API is handling this request as a GET instead of a PUT, and I'm not sure how to proceed.  Any advice or insight would be greatly appreciated.  

1 ACCEPTED SOLUTION
Damguy
Conversationalist

I ended up solving this with further testing.  I used an API testing program and found it was able to successfully perform updates.  I ran through all the parameters to find out what I had missed, and the answer was specifying the content-type header field in the put request.  Once that was added to the script it was able to connect successfully and update the allowed URLs.

View solution in original post

3 REPLIES 3
PhilipDAth
Kind of a big deal
Kind of a big deal

As a test, if you instead call createNetworkGroupPolicy with a dummy name, does it create it correctly?

Damguy
Conversationalist

I'm not able to use the post method to create a dummy policy.  When invoking the request, it returns an error 400, bad request.  I initially copied my existing put body, but later trimmed it down to just add a policy name and a couple of test allow patterns, but still no luck.

 

My original code still connects successfully with the put method, but is not updating the policy, just returning the existing settings as if it's a get request.

Damguy
Conversationalist

I ended up solving this with further testing.  I used an API testing program and found it was able to successfully perform updates.  I ran through all the parameters to find out what I had missed, and the answer was specifying the content-type header field in the put request.  Once that was added to the script it was able to connect successfully and update the allowed URLs.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels