cancel
Showing results for 
Search instead for 
Did you mean: 

Finding network ID with full access to network but not organization

SOLVED
O-I
Conversationalist

Finding network ID with full access to network but not organization

Hello,

 

I am trying to determine the network ID of a network I was granted full access to. Am I able to retrieve this information via the Meraki Dashboard API (or from the Dashboard itself) without requiring full organization access?

 

The owner of the organization has enabled the Dashboard API and I can see the organization when I query https://api.meraki.com/api/v0/organizations, but I am unable to figure out how to determine the network ID of the one network in that organization that I have access to. Is this possible?

 

Thanks for the help.

1 ACCEPTED SOLUTION

Accepted Solutions
Kind of a big deal

Re: Finding network ID with full access to network but not organization

Basically an API key is linked to an account. It inherits the access rights of that account. So if it only has read-only access to a certain network it will only be able to execute the GET calls pertaining to that network.

 

I just tested this and with an account that only has read-only access to a certain network I can execute this for that network:

{{baseUrl}}/networks/{{networkId}}/devices

 

But I can't do for example:

{{baseUrl}}/organizations/{{organizationId}}/deviceStatuses

{{baseUrl}}/organizations/{{organizationId}}/networks

 

So I guess it works as you should expect it to. You can execute the calls that do the same thing you would be able to do via dashboard with your account.

3 REPLIES 3
Kind of a big deal

Re: Finding network ID with full access to network but not organization

API access requires Org level admin. If you only have network admin you cannot generate your own API key, which means you cannot use the API.

 

You would need the API key of an Org admin, which then would give you full Org rights over that Org.

O-I
Conversationalist

Re: Finding network ID with full access to network but not organization

Hi jdsilva,

 

I have a valid API key. Does it only work for API requests that I have org-level access over?

 

What about network endpoints? If I were provided the ID of a network I have admin over, could I make a successful request to GET /networks/{networkId} without requiring organization access? 

 

This particular organization has many networks, only one of which I should be able to provision. It's a little awkward for me to ask for full organization access in this case. I understand that may be necessary, though.

 

Thanks for your help.

Kind of a big deal

Re: Finding network ID with full access to network but not organization

Basically an API key is linked to an account. It inherits the access rights of that account. So if it only has read-only access to a certain network it will only be able to execute the GET calls pertaining to that network.

 

I just tested this and with an account that only has read-only access to a certain network I can execute this for that network:

{{baseUrl}}/networks/{{networkId}}/devices

 

But I can't do for example:

{{baseUrl}}/organizations/{{organizationId}}/deviceStatuses

{{baseUrl}}/organizations/{{organizationId}}/networks

 

So I guess it works as you should expect it to. You can execute the calls that do the same thing you would be able to do via dashboard with your account.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.