Professional Documents
Culture Documents
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883
NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R) Cisco Physical Access Control API Reference Guide, Release Release 1.2.0 Copyright 2009 Cisco Systems, Inc. All rights reserved.
CONTENTS
Preface
vii vii vii viii
Audience
Organization
CHAPTER
Overview Contents
Enabling Web Services on the Cisco PAM Server 1-2 Enabling the API Service on the Cisco PAM Server 1-2 Purchasing and Installing the Cisco PAM API License 1-3 Purchasing the API License 1-3 Installing the API License 1-4 Verifying the Installed Licenses 1-6 Displaying the Cisco PAM Appliance Serial Number 1-6 Executing API Requests 1-7 API URLs 1-7 Namespaces 1-8 WSDL File Location 1-8 Request and Response Samples Authentication and Authorization API Security API Logging
2
1-10 1-10 1-9
1-8
CHAPTER
API Functions
2-1 2-1
Function Summary
API Functions 2-4 Authentication APIs 2-5 authenticateUser 2-5 logoutUser 2-5 Physical Security Integration Management (PSIM) APIs getAcDeviceTypes 2-6
2-6
iii
Contents
getEventTypes 2-7 getAllEventsCategories 2-8 getAllCameraDevices 2-8 getAllAcDevices 2-10 getDeviceChildren 2-11 getAllDoorGroups 2-12 getAllDoorsByGroup 2-12 getAllPerson 2-14 getAllPersonTypeIds 2-14 getAllPersonStatusIds 2-15 getAllPersonByType 2-15 enrollPerson 2-16 updatePerson 2-16 getPersonInfo 2-17 getAllOrganizations 2-17 getAllDepartments 2-18 getAllEventsByCategory 2-18 getAllEventsByType 2-20 getUserAccessEvents 2-21 getAccessEventsByDoor 2-23 getAllAlarmsByCategory 2-24 getAllAlarmsByType 2-25 getAllAlarmUpdates 2-26 clearAlarm 2-27 ackAlarm 2-30 getVersionInfo 2-30 getAlarmDuplicates 2-31 Event Notification 2-32 registerAcEventCallback 2-32 registerAcEventXMLCallback 2-33 unregisterAcEventCallback 2-34 notifyAcEvent 2-35 Example to Implement and Register a Service Interface Door Command APIs 2-37 grantDoorAccess 2-37 setDoorMode 2-37 resetDoorMode 2-37 getDoorMode 2-38 setDoorModeConfig 2-38 Badge Enrollment APIs 2-39
Cisco Physical Access Control API Reference Guide
2-35
iv
OL-21512-02
Contents
getAllAccessLevels 2-39 getAllAccessLevelNames 2-40 getAccessLevelByName 2-40 getAllSchedules 2-41 getAllScheduleNames 2-42 getScheduleByName 2-43 enrollBadge 2-44 assignAccessLevel 2-46 getAllBadgesByPerson 2-46 getBadgeValidityTypes 2-47 getCredentialTemplateNames 2-47 getBadgeRoles 2-48 getAllBadgeTemplateNames 2-48 getAccessLevelByPerson 2-49 getBadgeByCardNum 2-49 updateBadge 2-50 getAccessLevelByUnid 2-51 getAllBadgeTypeIds 2-51 getAllBadgeRefs 2-52 Recording External Events 2-53 recordExtEvent 2-55
3
CHAPTER
Fault Codes
3-1
INDEX
Contents
vi
OL-21512-02
Preface
Revised: March 22, 2010, OL-21512-02
This document provides the information that is required to understand and use the Cisco Physical Access Control application programming interface (API).
Audience
This document is intended for developers who want to use the Cisco Physical Access Control API to control various access control features and functions. It assumes that developers have knowledge or experience with Cisco Physical Access Control, a high-level programming language, and the following:
Extensible Markup Language (XML) XML Schema Web Services Hyper Text Transport Protocol (HTTP) or Secure HTTP (HTTPS) Simple Object Access Protocol (SOAP)
Organization
This document is organized as follows: Chapter 1, Overview Chapter 2, API Functions Chapter 3, Web Services Description Language File Chapter 3, Fault Codes Introduces the API, describes the WSDL and API URLs, authentication method, security and API logging. Provides a summary of each API function and describes each function in detail. Shows the WSDL that the API uses. Provides fault codes and descriptions for API errors.
vii
Preface
viii
OL-21512-02
CH A P T E R
Overview
Access Control Web Services (ACWS) defines an application programming interface (API) for the following Cisco Physical Access Manager (Cisco PAM) features:
The Physical Security Integrated Management of access control devices such as doors and locks. For example, an application can receive the events generated when user access is granted or denied. The application can then open or close a door. The Visitor Management Application creates visitors and assigns access policies to allow access to specific doors or locations. The Badge Enrollment Application provisions badge credentials in the access control system.
This chapter includes general information, and instructions to enable the ACWS API on a Cisco PAM server. It also describes the ACWS authentication method, and the Namespaces and other information used to issue API requests.
Contents
Functionality Supported in Release 1.2.0, page 1-2 Enabling Web Services on the Cisco PAM Server, page 1-2
Enabling the API Service on the Cisco PAM Server, page 1-2 Purchasing and Installing the Cisco PAM API License, page 1-3
Authentication and Authorization, page 1-9 API Security, page 1-10 Understanding Unique IDs, page 1-10 API Logging, page 1-11
1-1
Overview
Authentication APIs: applications must call the authenticateUser API to retrieve a security context object before calling any other API. The object is provided as a parameter in all subsequent calls for that API session. If the session ends, a new object must be retrieved. See Authentication and Authorization, page 1-9 for more information. Physical Security Integration Management (PSIM) APIs: for use by the Physical Security Operations Management applications. These APIs return information on access control devices, users, events and alarms. The API provides mechanisms to query events or alarms based on event type, time-interval, and source device criteria. Event Notification: notifies a client application that registered a notification callback when an event or alarm occurs. In addition, APIs can query events or alarms based on the event type, time-interval, or source device. Door Command APIs:triggers actions based on access control events. For example, when a user attempts to access a door or device, the PSIM APIs can open or close the door. Badge Enrollment APIs: provisions badge credentials in the access control system. Also returns information on access levels and schedules. Recording External Events: allows applications to log events and alarms in Cisco PAM. Fault Codes: API errors return major and minor fault codes. See Chapter 3, Fault Codes for descriptions.
Enabling the API Service on the Cisco PAM Server, page 1-2 Purchasing and Installing the Cisco PAM API License, page 1-3
Log on to the Cisco PAM appliance as described in the Cisco Physical Access Manager User Guide. Select the Monitoring tab and then select Status, as shown in Figure 1-1. The Status window appears by default. This window also appears when you first log on.
1-2
OL-21512-02
Chapter 1
Figure 1-1
Step 3
Click the Enable button for Web Service API. A confirmation message appears and the Status changes to Enabled.
Tip
Purchasing the API License, page 1-3 Installing the API License, page 1-4 Verifying the Installed Licenses, page 1-6 Displaying the Cisco PAM Appliance Serial Number, page 1-6
Tip
For more information on server configuration and optional licenses, see the Cisco Physical Access Manager User Guide.
Determine the Cisco PAM appliance serial number (the serial number is required to complete the purchase). See Displaying the Cisco PAM Appliance Serial Number, page 1-6 for more information.
1-3
Overview
Step 2
Purchase the licence by contacting your Cisco sales representative or any Cisco reseller. For more information, visit http://www.cisco.com/en/US/ordering/index.shtml.
The part number for the Web services API optional license is CIAC-PAME-WSAPI=.
When the purchase is complete, you are issued a Product Authorization Key (PAK) in paper form, or in an email message. Continue to Installing the API License, page 1-4 for information on the two options used to download and install the license file using the PAK number.
Option 1: Enter the Product Authorization Key to Download the License File, page 1-4 Option 2: Obtain the License File from the Cisco Web Site, page 1-5
Option 1: Enter the Product Authorization Key to Download the License File
Note
To use this method, your PC must be connected to the Internet. Locate the Product Authorization Key (PAK) created with the purchase of the optional feature. Log on to the Cisco PAM appliance. See the Cisco Physical Access Manager User Guide for more information. Click the Setup tab, and then select the License menu, as shown in Figure 1-2. Enter the PAK code. Select Update to download and install the license file on the appliance and activate the features.
1-4
OL-21512-02
Chapter 1
Figure 1-2
Note
If the license file does not download, verify that your PC has Internet access, or use the method described in Option 2: Obtain the License File from the Cisco Web Site, page 1-5.
Step 6
Select the Features tab to verify that the new license was added. See Verifying the Installed Licenses, page 1-6 for more information.
Option 2: Obtain the License File from the Cisco Web Site
To use this method, obtain the license file from the Cisco Web site using a PC connected to the Internet, and transfer the file to the workstation used for server configuration.
Step 1 Step 2
Locate the Product Authorization Key (PAK) created with the purchase of the optional feature. In a Web browser, open the Cisco Product License Registration Web page. http://www.cisco.com/go/license/ Follow the on-screen instructions to complete the form and enter the Product Authorization Key (PAK). When you are done, a license file with the extension .lic is sent to your email address. Transfer the file to the drive of the PC used for the configuration. In the License screen (Figure 1-2 on page 1-5), click Browse to select the license file located on your local drive. When selected, the file name appears in the File field. Select Update to install the license file on the Cisco PAM appliance and activate the features. Select the Features tab to verify that the new license was added. See Verifying the Installed Licenses, page 1-6 for more information.
1-5
Overview
Select the Setup tab and then select the License menu, as shown in Figure 1-3. Select the Features tab to view the installed licenses.
Figure 1-3 License Features List
Log on to the Cisco PAM Server Administration utility. See the Cisco Physical Access Manager User Guide, or ask your system administrator for assistance. Select the Monitoring tab, and then select Server Status, as shown in Figure 1-4. Refer to the entry for Server Serial Number.
Step 2 Step 3
1-6
OL-21512-02
Chapter 1
Figure 1-4
Note
The Cisco Physical Access Control API is exposed using the WSDL 1.1 specification.
API URLs, page 1-7 Namespaces, page 1-8 WSDL File Location, page 1-8 Request and Response Samples, page 1-8
API URLs
Applications can use one of the following URLs to invoke an API using the HTTP POST method, content type = text/xml, and in the content, request payload.
SOAP/HTTP
The http URL for WSDL using SOAP/HTTP http://<cpam-server-ip-address>:8080/acws/services/psimws The https URL for WSDL using SOAP/HTTP https://<cpam-server-ip-address>/acws/services/psimws
XML / HTTP
The http URL for WSDL using XML / HTTP http://<cpam-server-ip-address>:8080/acws/services/psimxml The https URL for WSDL using XML / HTTP https://<cpam-server-ip-address>/acws/services/psimxml
1-7
Overview
Tip
You can view the WSDL file by including ?wsdl at the end of any of these URLs.
Namespaces
Web Services APIs are defined using WSDL and various object types defined by the XML schema. The schema definitions uses the following target namespaces.
Interfaces, methods and types are defined using the target namespace: http://cisco.com/physec/acws BaseDevice is defined using the target namespace: http://cisco.com/physec.
Note
BaseDevice is a type that defines the base device class. AcDevice and CameraDevices are sub-classes of the BaseDevice in their respective namespaces. Camera devices are defined using the target namespace: http://cisco.com/physec/video interfaces. ACWS devices and video names are derived by extension.
Tip
You can also view the WSDL file by including ?wsdl at the end of any of these API URLs.
1-8
OL-21512-02
Chapter 1
Note
For the current Cisco PAM release, we recommend using the Administrator username and password for API authentication.
Ending an API session
API sessions end after a default idle time of 10 hours, or you can manually end the session using the logoutUser API.
If a application session remains idle for a default duration of 10 hours, the session automatically ends and the security context object is deactivated. Applications can also use the logoutUser API to end an API session and deactivate the security context object. API calls using an expired security context object return a fault. See Chapter 3, Fault Codes for more information. Cisco PAM Web Service performs an automatic check every 10 minutes for idle sessions to expire.
Note
To begin a new API session, you must retrieve a new security context object (using authenticateUser).
API Username and Password
For the current Cisco PAM release, we recommend using the Administrator username and password for API authentication. Usernames and passwords can also be configured using the Cisco PAM application to limit the API functionality:
Use the Logins module to create the username and password for Cisco PAM client access. Use the Profiles module to define the Cisco PAM modules and commands available to a user.
For example, if an API application or user needs to view devices and events, the Logins username must be assigned a Profile with privileges to view events and devices. If an API user or application will invoke door commands, the username must include a profile with those privileges.
Tip
See the Cisco Physical Access Manager User Guide for instructions to configure Cisco PAM logins and profiles.
1-9
Overview
API Security
The Cisco PAM server and API use SSL for secure communication between the server and clients. The server uses a X.509 certificate (also called an SSL certificate) to verify its identity when a client attempts to connect to the server. Be default, the Cisco PAM server provides a self-signed certificate, which a client typically rejects. To prevent a client from rejecting this certificate, take one of the of the actions that Table 1-1 describes.
Table 1-1 Methods for Preventing a Client from Rejecting the Cisco PAM Server Self-Signed Certificate
Method
Notes
If you are using a Java client, configure the SSL Procedure: libraries for your clients to trust the self-signed 1. SSH to the Cisco PAM server using the user certificate by using the Java keytool to import the cpamadmin. certificate into the client truststore. 2. Enter sudo su to get a privileged shell.
3.
cpamservercert.jks has a Cisco
PAM server certificate in the Java keystore. Use SFTP to copy this file on a client machine and import this certificate to the client trust store.
If you are using a client other than Java, configure You may be able to copy the self-signed certificate the SSL libraries for your clients to trust the to a special directory on the client system. self-signed certificate. See your library documentation for detailed information. Modify the way in which your client code validates certificate trust chains. Some languages provide configurable SSL files that let you change the default certificate validation behavior.
A client verifies its identity with a user name and password that are sent to the server by the client application.
Readable IDs identify a specific record for an object, such as personId or badgeId. For example: a personId might be 3215. In some cases, this readable ID is used in the API request. A unique ID (unid) for an object is used in most API requests, and is displayed in the API result. The unique ID for an object (such as a person or badge) is generated by the database and is the unique identifier for any record. For example, the unid for a person object might be Z4JT5umCTzyCmVfvI6RAKw==.
Review the description for each API to determine which ID type is required.
1-10
OL-21512-02
Chapter 1
API Logging
For debugging, API request and response messages are logged in the catalina log file located on the Cisco PAM server in the folder:
/opt/cisco/cpam/apache-tomcat/logs
By default, Web Service debug logs are written in webapp.log which is located in the folder:
/opt/cisco/cpam/logs
1-11
Overview
1-12
OL-21512-02
CH A P T E R
API Functions
This chapter provide detailed descriptions for each function in the Cisco Physical Access Control API. It includes these topics:
Function Summary
Table 2-1 provides a summary of theCisco Physical Access Control API functions. Each function is described in detail in the section that is listed.
Table 2-1 API Function Summary
Function Name and Reference Functions for Authentication authenticateUser, page 2-5
Description Authenticates the username and password and returns a security context object which must be passed in all subsequent API calls. This method must be called before any other method is called. Ends an authenticated session. The security context object is expired and a new object must be generated to start a new API session. Returns a list of physical access control device types, including the deviceTypeId, name, and a list of the possible device states. This method returns a list of event types defined in Cisco PAM. Each event type indicates event type unique ID, name and category of event. Returns a list of the Cisco PAM event categories. Event categories can be used to call all the events that occurred for the event types that belong to that category. Returns a list of the camera devices in Cisco PAM. Cameras are associated with one or more access control devices, such as a door.
2-1
API Functions
Table 2-1
Function Name and Reference getAllAcDevices, page 2-10 getDeviceChildren, page 2-11 getAllDoorGroups, page 2-12 getAllDoorsByGroup, page 2-12 getAllPerson, page 2-14 getAllPersonTypeIds, page 2-14 getAllPersonStatusIds, page 2-15 getAllPersonByType, page 2-15 enrollPerson, page 2-16 updatePerson, page 2-16
Description Returns a list of all access control devices configured in Cisco PAM. Returns the child devices of the specified device. Returns the names of all door groups, including the unique ID for each group name. Returns all doors configured for the specified door group. Returns the first name, last name, person ID and unique ID for access control personnel configured in Cisco PAM. Returns all the personnel types defined in Cisco PAM. Returns a list of Status definitions for personnel in Cisco PAM. Returns the personnel records for a specified personnel type. Adds a personnel record to Cisco PAM. Updates a persons record in the Cisco PAM database. All properties in Cisco PAM are replaced by the new properties. Returns information for a personnel record, including a picture if available. Returns detailed information for the organizations defined in Cisco PAM. Returns all the departments defined in Cisco PAM. Lists the events and alarms defined by the selected parameters, including event category, time interval, and the unique ID for the device. Lists events and alarms defined by the selected parameters, including event type, time interval, and the device unique ID. Returns door access events related to granting or denying user access. Events can be returned for a specific user or device, or for all users and devices. Returns access events and alarms related for a door. Lists alarms filtered by event category, time interval, and device ID. Lists alarms filtered by event type, time interval, and device ID. Retrieves all alarm updates by getting a list of alarm annotations. Clears a specified alarm. Acknowledges an alarm. Returns access control web service version information.
getPersonInfo, page 2-17 getAllOrganizations, page 2-17 getAllDepartments, page 2-18 getAllEventsByCategory, page 2-18
getAccessEventsByDoor, page 2-23 getAllAlarmsByCategory, page 2-24 getAllAlarmsByType, page 2-25 getAllAlarmUpdates, page 2-26 clearAlarm, page 2-27 ackAlarm, page 2-30 getVersionInfo, page 2-30
2-2
OL-21512-02
Chapter 2
Table 2-1
Function Name and Reference getAlarmDuplicates, page 2-31 Event Notification APIs registerAcEventCallback, page 2-32
Description Returns duplicates for a specified alarm. Registers an event callback endpoint reference. Using this callback, events or alarms are notified to the endpoint referred by the endpoint reference. Registers an event callback endpoint URL. Using this callback events or alarms are notified to the endpoint pointed to by the service URL. Unregisters an event callback. This is called when application is no loner interested getting notifications. Notifies a client application that registered a notification callback when an event or alarm occurs. Grants access to a specified door using the Grant Door Access command. Sets the door mode for a specified door and overrides the current door mode. Resets the door mode to the original Cisco PAM configuration. Returns the current door mode for a specified door. Sets the door mode and door configuration for the specified door. Any outstanding configuration changes from Cisco PAM are also applied. Returns detailed information for all access levels defined in Cisco PAM. Returns names of all the access level defined in Cisco PAM. Returns detailed information for a specified access level. Returns information for all schedules defined in Cisco PAM. Returns names of all the access schedules defined in Cisco PAM. Returns detailed information for a specified access schedule. Adds one or more new badge credentials to an existing personnel record, or a new personnel record. If a new personnel record is specified, a picture in JPEG format can be included. Only new badges can be added using this API.
registerAcEventXMLCallback, page 2-33 unregisterAcEventCallback, page 2-34 notifyAcEvent, page 2-35 Door Commands grantDoorAccess, page 2-37 setDoorMode, page 2-37 resetDoorMode, page 2-37 getDoorMode, page 2-38 setDoorModeConfig, page 2-38
Functions for Access Level and Schedule getAllAccessLevels, page 2-39 getAllAccessLevelNames, page 2-40 getAccessLevelByName, page 2-40 getAllSchedules, page 2-41 getAllScheduleNames, page 2-42 getScheduleByName, page 2-43 enrollBadge, page 2-44
2-3
API Functions
Table 2-1
Description Assigns one or more access levels to a badge associated with a person.
Note
This API replaces all the access levels on the specified badge.
Returns badge details for the badges assigned to a specified person. Returns a list of Cisco PAM badge validity types.
getCredentialTemplateNames, page 2-47 Returns a list of names of Credential templates defined in CPAM getBadgeRoles, page 2-48 getAllBadgeTemplateNames, page 2-48 getAccessLevelByPerson, page 2-49 getBadgeByCardNum, page 2-49 updateBadge, page 2-50 Returns the Badge type (roles) defined in Cisco PAM. Returns the Badge Template names defined in Cisco PAM. The names are used as a parameter in the enrollBadge API. Returns a list of the access levels for all badges assigned to a person. The person is identified by a unique ID. Retrieves a badge record for a specified card number. Updates a list of badge credential in the Cisco PAM database. All properties on a badge in Cisco PAM are replaced by the new properties for the specified badge. Returns information about an access level specified by the access level unid. Returns the unique identifiers for Cisco PAM badge types. Returns a range of badge references based on required beginning and ending card number parameters.
getAccessLevelByUnid, page 2-51 getAllBadgeTypeIds, page 2-51 getAllBadgeRefs, page 2-52 Recording External Events
Note
This section also includes instructions to define the events used the Cisco PAM External Events module. See Recording External Events, page 2-53. Records an external event or alarm in Cisco PAM.
API Functions
The following sections describe each Cisco Physical Access Control API function in detail. The function descriptions provide the following information:
Function nameName of the function. DescriptionGeneral behavior for the function. ParametersParameters that the function requires. Sample RequestExample of the API request. Return resultDescribes the result for the function. Sample responseExample of a response that the function can receive.
2-4
OL-21512-02
Chapter 2
Note
The Method for all Cisco PAM APIs is POST. Sample request and response payloads are provided for each API. APIs can use either SOAP/HTTP or XML/HTTP. The sample requests and responses are for illustration purposes only.
Authentication APIs
authenticateUser
Function name Description authenticateUser Authenticates the username and password and returns a security context object which must be passed in all subsequent API calls. This method must be called before any other method is called. Post
username: (required) unique Cisco PAM log in ID. password: (required) Cisco PAM user password.
Return result
A security token is returned if authentication is successful. The token references a security context object maintained on the Cisco PAM API service. This object also maintains user session information. The token number must be provided using the secCtx parameter in each subsequent API call.
<ns2:authenticateUserResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing" token="23886766"
Sample response
logoutUser
Function name Description Method Parameters Sample request logoutUser Ends an authenticated session. The security context object is expired and a new object must be generated to start a new API session. Post
2-5
API Functions
Return result
All notification listeners registered in the user session are removed. Users must log back in using authenticateUser to retrieve a new security context object before executing additional APIs.
<ns2:logoutUserResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/" />
Sample response
A list of the physical access control device types, including the type ID, name, and possible device states.
<ns2:getAcDeviceTypesResponse xmlns:ns2=http://cisco.com/physec/acws/ xmlns:ns3="http://www.w3.org/2005/08/addressing"> <deviceTypes> <dtype deviceTypeName="Camera" deviceTypeId="CB.CAMERA"> <deviceStates> <state state="VX.DISABLED" /> <state state="VX.OFFLINE" /> <state state="VX.UNK" /> <state state="VX.ONLINE" /> </deviceStates> </dtype> . . <dtype deviceTypeName="Door" deviceTypeId="GW.DOOR"> <deviceStates> <state state="GW.FORCED_OPEN" /> <state state="VX.DISABLED" /> <state state="GW.DOOR_CLOSE" /> <state state="GW.INOPERATIONAL" /> <state state="GW.DOOR_OPEN" /> <state state="GW.UP" /> <state state="VX.UNK" /> <state state="GW.HELD_OPEN" /> <state state="GW.DOWN" /> </deviceStates> </dtype> </deviceTypes> </ns2:getAcDeviceTypesResponse>
2-6
OL-21512-02
Chapter 2
getEventTypes
Function name Description Method Parameters Sample request getEventTypes This method returns a list of event types defined in Cisco PAM. Each event type indicates event type unique ID, name and category of event. Post
A list of event types defined in Cisco PAM. Each event type indicates event type unique ID, name and category of event.
<ns2:getEventTypesResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <eventTypes> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="The Door is not an APB enabled door" unid="GW.EV_ALLOWED_NOT_APBDOOR" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="Access allowed on APB exempt" unid="GW.EV_ALLOWED_ON_APBEXEMPT" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="The reader type is not valid for APB area" unid="GW.EV_APB_NOTVALID_READER" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="APB policy retrieval failed." unid="GW.EV_APB_RETRIEVAL_FAILED" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="APB State reset by User. " unid="GW.EV_APB_STATE_RESET" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="Badge is authorized" unid="GW.EV_BADGE_AUTHORIZED" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="The badge is blacklisted" unid="GW.EV_BADGE_BLACK_LISTED" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="The badge is disabled" unid="GW.EV_BADGE_IS_DISABLED" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="The badge is not active" unid="GW.EV_BADGE_NOT_ACTIVE" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="Badge is not authorized" unid="GW.EV_BADGE_NOT_AUTHORIZED" /> <evtType category="GW.EV_MAJOR_ID_POLICY" description="Event" name="The badge has not active date" unid="GW.EV_BADGE_NO_ACTV_DTE" /> . . </eventTypes> </ns2:getEventTypesResponse>
2-7
API Functions
getAllEventsCategories
Function name Description Method Parameters Sample request getAllEventsCategories Returns a list of the Cisco PAM event categories. Event categories can be used to call all the events that occurred for the event types that belong to that category. Post
getAllCameraDevices
Function name Description Method Parameters Sample request getAllCameraDevices Returns a list of the camera devices in Cisco PAM. Cameras can be associated with one or more access control devices, such as a door. Post
2-8
OL-21512-02
Chapter 2
A list of camera devices with unique ID, name, type and list of associated devices.
<ns2:getAllCameraDevicesResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <cameras> <devices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns5="http://cisco.com/physec/video/" xsi:type="ns5:CameraDevice" type="CB.CAMERA" name="S1 Cam Lab 1" unid="2ZuPNca/QMeVjVl9XEjlPA==" /> <devices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns5="http://cisco.com/physec/video/" xsi:type="ns5:CameraDevice" type="CB.CAMERA" name="Panasonic1_new" unid="9cKGFhFPTdKxewHjI01wmg=="> <devices> <devices xsi:type="ns2:AcDoorDevice" enabled="true" siteId="DsL5KGP8Tpm+c2z/oN4C5g==" deviceState="GW.UP" location="Cisco Iodc/Building 9/First floor" address="/SanJose/pgw_123/Door/door00" type="GW.DOOR" name="door00" unid="Tu9M06ZcSi+HlC4f4pGuPw=="> <cameras> <devices xsi:type="ns5:CameraDevice" type="CB.CAMERA" name="Panasonic1_new" unid="9cKGFhFPTdKxewHjI01wmg==" /> <devices xsi:type="ns5:CameraDevice" type="CB.CAMERA" name="Panasonic_1" unid="e/ZRlB/lSVKKfp43lqFgGg==" /> </cameras> <adminStatus>ADMINUP</adminStatus> <associatedDevice enabled="true" siteId="DsL5KGP8Tpm+c2z/oN4C5g==" deviceState="GW.UP" address="/SanJose/pgw_123/m00/input01/rex" type="GW.REX" name="rex" unid="/cUCkOHIRwKGlXiIBK4A5Q=="> <adminStatus>ADMINUP</adminStatus> </associatedDevice> <associatedDevice enabled="true" siteId="DsL5KGP8Tpm+c2z/oN4C5g==" deviceState="GW.UP" address="/SanJose/pgw_123/m00/rdr01/reader" type="GW.RDR" name="reader" unid="wPfDHYC7SXu1Zgr7SlGY2g=="> <adminStatus>ADMINUP</adminStatus> </associatedDevice> <associatedDevice enabled="true" siteId="DsL5KGP8Tpm+c2z/oN4C5g==" deviceState="GW.UP" address="/SanJose/pgw_123/m00/input02/doorSensor" type="GW.DOORSENSOR" name="doorSensor" unid="Dmpm7RP0QfmCbj9+2Kfm5w=="> <adminStatus>ADMINUP</adminStatus> </associatedDevice> <associatedDevice enabled="true" siteId="DsL5KGP8Tpm+c2z/oN4C5g==" deviceState="GW.UP" address="/SanJose/pgw_123/m00/output02/lock" type="GW.LOCK" name="lock" unid="UUI40rvoR+aG749S18s5SQ=="> <adminStatus>ADMINUP</adminStatus> </associatedDevice> </devices> </devices> </devices> </cameras> </ns2:getAllCameraDevicesResponse>
2-9
API Functions
getAllAcDevices
Function name Description Method Parameters getAllAcDevices Returns a list of all access control devices configured in Cisco PAM. Post
secCtx: (required) the security context object returned by authenticateUser. dtypes: (optional) a collection of device types. Only the access control devices of the specified device types will be returned in the result. If not specified, all access control devices types are returned.
Sample request
In the following XML sample request, only door devices are requested.
<ns2:getAllAcDevices xmlns:ns2=http://cisco.com/physec/acws/ xmlns:ns3="http://www.w3.org/2005/08/addressing"> <secCtx token="1826753" /> <dtypes> <dtype deviceTypeName="Door" deviceTypeId="GW.DOOR" /> </dtypes> </ns2:getAllAcDevices>
2-10
OL-21512-02
Chapter 2
getDeviceChildren
Function name Description Method getDeviceChildren Returns the child devices of the specified device. Post
2-11
API Functions
secCtx: (required) the security context object returned by authenticateUser. deviceId: (required) the unique ID of the device.
getAllDoorGroups
Function name Description Method Parameters Sample request getAllDoorGroups Returns the names of all door groups, including the unique ID for each group name. Post
The names and unique ID of all door groups configured in Cisco PAM.
<ns2:getAllDoorGroupsResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <doorGroups name="Cube-doors" unid="0LYtFLOKS1SfM0kpnpIlew==" /> </ns2:getAllDoorGroupsResponse>
getAllDoorsByGroup
Function name Description Method getAllDoorsByGroup Returns all doors configured for the specified door group. Post
2-12
OL-21512-02
Chapter 2
secCtx: (required) the security context object returned by authenticateUser. groupId: (required) unique ID of the door group.
A list of the doors and door details assigned to the specified door group.
<ns2:getAllDoorsByGroupResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <doors enabled="true" siteId="v5OyH3XSQdqNRECjcKcAsQ==" deviceState="VX.UNK" address="/SanJose/pgw_1001/Door/door01" type="GW.DOOR" name="SideDoor" unid="YZkTWA0UQJm0HUCHY4fGWQ=="> <cameras> <devices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns5="http://cisco.com/physec/video/" xsi:type="ns5:CameraDevice" type="CB.CAMERA" name="2500-SD-Dual" unid="CquVLWW6RZOLYos6xfMUrA==" /> <devices xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns5="http://cisco.com/physec/video/" xsi:type="ns5:CameraDevice" type="CB.CAMERA" name="702 Xp3 0" unid="8evRj5pOTaSzX7Dt0N9vlQ==" /> </cameras> <adminStatus>PROVISIONED</adminStatus> <associatedDevice enabled="true" siteId="v5OyH3XSQdqNRECjcKcAsQ==" deviceState="VX.UNK" address="/SanJose/pgw_1001/m00/pwrfail01/doorSensor" type="GW.DOORSENSOR" name="doorSensor" unid="DRdu+K9QSy+GGKwY1m2omA=="> <adminStatus>PROVISIONED</adminStatus> </associatedDevice> <associatedDevice enabled="true" siteId="v5OyH3XSQdqNRECjcKcAsQ==" deviceState="VX.UNK" address="/SanJose/pgw_1001/m00/output02/lock" type="GW.LOCK" name="lock" unid="AmjWoa3XThySwn+PJRqf6A=="> <adminStatus>PROVISIONED</adminStatus> </associatedDevice> <associatedDevice enabled="true" siteId="v5OyH3XSQdqNRECjcKcAsQ==" deviceState="VX.UNK" address="/SanJose/pgw_1001/m00/input03/rex" type="GW.REX" name="rex" unid="kF8Wt/PiQfyqn9Y230mfVA=="> <adminStatus>PROVISIONED</adminStatus> </associatedDevice> <associatedDevice enabled="true" siteId="v5OyH3XSQdqNRECjcKcAsQ==" deviceState="VX.UNK" address="/SanJose/pgw_1001/m00/rdr02/reader" type="GW.RDR" name="reader" unid="pno3y3H0SMG0+suupRQtrw=="> <adminStatus>PROVISIONED</adminStatus> </associatedDevice> </doors> .... </ns2:getAllDoorsByGroupResponse>
2-13
API Functions
getAllPerson
Function name Description Method Parameters Sample request getAllPerson Returns the first name, last name, person ID and unique ID for access control personnel configured in Cisco PAM. Post
A list of the access control persons, including first name, last name, person ID and unique ID.
<ns2:getAllPersonResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <persons> <person lname="TestUser_LastName" fname="TestUser_FirstName" personId="123456" unid="wWyRKdm6QyuCNes9J3NXaA==" /> </persons> </ns2:getAllPersonResponse>
getAllPersonTypeIds
Function name Description Method Parameters Sample request getAllPersonTypeIds Returns all the personnel types defined in Cisco PAM. Post
Return result
Select Personnel from the Users menu. Open a personnel record and click the Occupational Information tab. Click the Personnel types menu to display the list.
Sample response
<ns2:getAllPersonTypeIdsResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <personType>EMPLOYEE</personType> <personType>EMPLOYEE_FULL_TIME</personType> <personType>EMPLOYEE_PART_TIME</personType> <personType>CONTRACTOR</personType> <personType>VENDOR</personType> <personType>INTERN</personType> <personType>VISITOR</personType> <personType>OTHER</personType> </ns2:getAllPersonTypeIdsResponse>
2-14
OL-21512-02
Chapter 2
getAllPersonStatusIds
Function name Description Method Parameters Sample request getAllPersonStatusIds Returns a list of Status definitions for personnel in Cisco PAM. Post
Return result
Select Personnel from the Users menu. Open a personnel record and click the Occupational Information tab. Click the Status menu to display the list.
Sample response
getAllPersonByType
Function name Description Method Parameters getAllPersonByType Returns the personnel records for a specified personnel type. Post
secCtx: (required) the security context object returned by authenticateUser. typeId: (required) one of the personnel types returned using the getAllPersonTypeIds API.
Sample request
2-15
API Functions
enrollPerson
Function name Description Method Parameters enrollPerson Adds a personnel record to Cisco PAM. Post
secCtx: (required) the security context object returned by authenticateUser. personInfo: (required) data assigned to the personnel record. This can include the personId, first name, last name, organizationId (can be fetched from the getAllOrganizations API), departmentId (can be fetched from the getAllDepartments API), statusId, and typeId. The personnel record can also include a base 64 encoded JPG image of the person.
Sample request
<ns2:enrollPerson xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="4557655" /> <pinfo statusId="ACTIVE" typeId="EMPLOYEE_FULL_TIME" departmentId="4MbV9fvNSWGc7Igu7B7SjQ==" organizationId="kYIGV6k9TGCUFVOMucOM0g==" lname="Last_3" fname="First_3" personId="4444"> <picture> <picture> /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAPAAA/+4AJkFkb2JlAGTAAAAAAQMAFQQ DBgoNAAAOtwAAE40AACJ5AAA+9//bAIQABgQEBAUEBgUFBgkGBQYJCwgGBggLDAoKCwoKDBA MDAwMDAwQDA4PEA8ODBMTFBQTExwbGxscHx8fHx8fHx8fHwEHBwcNDA0YEBAYGhURFRofHx8fHx8fNd n6Tj/5g+NP/9k= </picture> <type>JPEG</type> </picture> </pinfo> </ns2:enrollPerson>
updatePerson
Function name Description Method Parameters updatePerson Updates a persons record in the Cisco PAM database. All properties in Cisco PAM are replaced by the new properties. Post
secCtx: (required) the security context object returned by authenticateUser. Pinfo: (required) the information for the persons record.
2-16
OL-21512-02
Chapter 2
Sample request
<ns2:updatePerson xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <secCtx token="4065879" /> <pinfo statusId="ACTIVE" lname="Albert" fname="Richard" personId="000000013" unid="xx4M7jMiRX2x/cZRsEANDg==" /> </ns2:updatePerson>
Return result
No return result if the action is successful. A fault is returned if the person object is not found in the database. The following sample is for a successful action.
Sample response
getPersonInfo
Function name Description Method Parameters Sample request getPersonInfo Returns information for a personnel record, including a picture if available. Post
secCtx: (required) the security context object returned by authenticateUser. personId: (required) the unique ID of the person.
Returns the information configured for the specified person (PersonInfo object). If the object includes the persons picture, a base 64 encoded JPG image is also included.
<ns2:getPersonInfoResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <personInfo statusId="ACTIVE" lname="Last_5302" fname="First_5302" personId="5302" unid="Z4JT5umCTzyCmVfvI6RAKw==" /> </ns2:getPersonInfoResponse>
getAllOrganizations
Function name Description Method Parameters Sample request getAllOrganizations Returns detailed information for the organizations defined in Cisco PAM. Post
2-17
API Functions
List of organizations in Cisco PAM, including the unique ID, name and a list of department IDs.
<ns2:getAllOrganizationsResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <org> <uniqueId>kYIGV6k9TGCUFVOMucOM0g==</uniqueId> <name>Engineering</name> <deptIds>4MbV9fvNSWGc7Igu7B7SjQ==</deptIds> </org> <org> <uniqueId>zKhxXl7pSV6y1ZZP/7sGkg==</uniqueId> <name>Marketing</name> <deptIds>fmVolZqCTUSotR7m6JRJ5Q==</deptIds> </org> </ns2:getAllOrganizationsResponse>
getAllDepartments
Function name Description Method Parameters Sample request getAllDepartments Returns all the departments defined in Cisco PAM. Post
List of the departments in Cisco PAM. A department has a unique ID, name and the ID of the organization that it is a part of.
<ns2:getAllDepartmentsResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <dept> <uniqueId>4MbV9fvNSWGc7Igu7B7SjQ== </uniqueId> <name>PSBUAccessControl</name> <orgId>kYIGV6k9TGCUFVOMucOM0g==</orgId> </dept> <dept> <uniqueId>fmVolZqCTUSotR7m6JRJ5Q== </uniqueId> <name>VideoSurvellance</name> <orgId>zKhxXl7pSV6y1ZZP/7sGkg==</orgId> </dept> </ns2:getAllDepartmentsResponse>
getAllEventsByCategory
Function name Description getAllEventsByCategory Lists the events and alarms defined by the selected parameters, including event category, time interval, and the unique ID for the device.
2-18
OL-21512-02
Chapter 2
Method Parameters
Post
secCtx: (required) the security context object returned by authenticateUser. category: (string: required): the event category. beginTime: (long: optional) the interval start time. The beginning of a time interval, specified as number of milliseconds from epoch time. All events within this time interval are included in the result. endTime: (long: optional) the interval endTime. Ending time for a time interval, specified as number of milliseconds from epoch time. deviceId: (optional) the unique ID of the device. If a unique ID is included, events and alarms are only returned for the specified device. If blank, events of all devices are included.
Sample request
<ns2:getAllEventsByCategory xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="11563709" /> <category>GW.EV_MAJOR_ID_DOOR</category> <begTime>1244498633952</begTime> <endTime>1247090633952</endTime> </ns2:getAllEventsByCategory>
Returns the events and alarms by event category and other optional parameters.
<ns2:getAllEventsByCategoryResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <events> <event evtTime="1228950257000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="126"> <description>Door Forced Open</description> </event> <event evtTime="1228950535000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="129"> <description>Door Forced Open</description> </event> <event evtTime="1228950633000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="133"> <description>Door Forced Open</description> </event> <event evtTime="1228955167000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="139"> <description>Door Forced Open</description> </event> <event evtTime="1229014038000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="168"> <description>Door Forced Open</description> </event> </events> </ns2:getAllEventsByCategoryResponse>
2-19
API Functions
getAllEventsByType
Function name Description Method Parameters getAllEventsByType Lists events and alarms defined by the selected parameters, including event type, time interval, and the device unique ID. Post
secCtx: (required) the security context object returned by authenticateUser. evtTypeUnid: (string: required) the unique ID of the event type. beginTime: (long: optional) the interval start time. The beginning of a time interval, specified as number of milliseconds from epoch time. All events within this time interval are included in the result. endTime: (long: optional) the interval endTime. Ending time for a time interval, specified as number of milliseconds from epoch time. deviceId: (optional) the unique ID of the device. If blank, all devices are included.If a device ID is included, events and alarms are only returned for the specified device. If an invalid evtTypeUnid or deviceId is specified, no matching events will be returned.
Note
Sample request
The following XML example request specifies a category and time interval:
<ns2:getAllEventsByType xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="11563709" /> <evtTypeUnid>GW.EV_DOOR_FORCED_OPEN</evtTypeUnid> <begTime>1244498636499</begTime> <endTime>1247090636499</endTime> </ns2:getAllEventsByType>
2-20
OL-21512-02
Chapter 2
Return result
Returns the events and alarms by event type and other optional parameters.
Note
Sample response
<ns2:getAllEventsByTypeResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <events> <event evtTime="1228950257000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="126"> <description>Door Forced Open</description> </event> <event evtTime="1228950535000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="129"> <description>Door Forced Open</description> </event> <event evtTime="1228950633000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="133"> <description>Door Forced Open</description> </event> <event evtTime="1228955167000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="139"> <description>Door Forced Open</description> </event> </events> </ns2:getAllEventsByTypeResponse>
getUserAccessEvents
Function name Description getUserAccessEvents Returns door access events related to granting or denying user access. Events can be returned for a specific user or device, or for all users and devices.
Note
Events include all events in the GW.EV_MAJOR_ID_DOOR category. This includes door access grant or deny events.
Method
Post
2-21
API Functions
Parameters
secCtx: (required) the security context object returned by authenticateUser. beginTime: (long: optional) the interval start time. The beginning of a time interval, specified as number of milliseconds from epoch time. All events within this time interval are included in the result. endTime: (long: optional) the interval endTime. Ending time for a time interval, specified as number of milliseconds from epoch time. personId: (optional) the unique ID of an access control user. If not specified, door access events for all users are returned. deviceId: (optional) the unique ID of the door device. If a deviceID is not included, events for all door devices are returned. If a device unique ID is included, events and alarms are only returned for the specified device. max: (int: optional) specifies the maximum number of events. recent: (bool: optional) if true, the most recent events are returned first. If false or null, the oldest events are returned first. If an invalid personId or deviceId is specified, no matching events will be returned.
Note
Sample request
In the following example, a time interval is specified, a maximum 1,000 events are included, and events are returned by most recent first:
<ns2:getUserAccessEvents xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="11563709" /> <begTime>1244498636515</begTime> <endTime>1247090636515</endTime> <maxCount>1000</maxCount> <recent>true</recent> </ns2:getUserAccessEvents>
Return result
Returns information for events in the GW.EV_MAJOR_ID_DOOR category, including the following:
"EV_DOOR_GRANT_ACCESS" "EV_DOOR_GRANT_ACCESS_EXTENDED" "EV_DOOR_DENY_ACCESS_NO_ACC" "EV_DOOR_DENY_ACCESS_DOORSCHED" "EV_DOOR_DENY_ACCESS_WRONG_PIN" "EV_DOOR_DENY_ACCESS_TIMED_APB" "EV_DOOR_DENY_ACCESS_APB" "EV_DOOR_DENY_ACCESS_BLACKLIST"
Events are filtered by person, device, time interval and other optional parameters.
Note
Sample response
2-22
OL-21512-02
Chapter 2
getAccessEventsByDoor
Function name Description Method Parameters getAccessEventsByDoor Returns access events and alarms related for a door. Post
secCtx: (required) the security context object returned by authenticateUser. beginTime: (long: optional) the interval start time. The beginning of a time interval, specified as number of milliseconds from epoch time. All events within this time interval are included in the result. endTime: (long: optional) the interval endTime. Ending time for a time interval, specified as number of milliseconds from epoch time. deviceId: (required) the unique ID of the door device. Returns events and alarms for the specified device. If blank, a fault is returned (see Chapter 3, Fault Codes). max: (int: optional) specifies the maximum number of events. recent: (bool: optional) if true, the most recent events are returned first. If false or null, the oldest events are returned first.
Sample request
In the following example, a time interval is specified, a maximum 1,000 events are included, and events are returned by most recent first:
<ns2:getAccessEventsByDoor xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <secCtx token="12272293" /> <beginTime>1234746808724</beginTime> <endTime>1237338808724</endTime> <doorId>foGrYqOjT7yuxPDOw6/9Yg==</doorId> <maxCount>5</maxCount> <recent>true</recent> </ns2:getAccessEventsByDoor>
2-23
API Functions
Returns events for the specified door filtered by device, time interval and other optional parameters.
<ns2:getAccessEventsByDoorResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <events> <event priority="2" evtTime="1237326065000" isAlarm="false" type="GW.EV_DOOR_FORCED_OPEN_CLEAR" deviceId="foGrYqOjT7yuxPDOw6/9Yg==" unid="168"> <description>Door Forced Open Cleared</description> </event> <event count="1" priority="8" evtTime="1237326060000" isAlarm="true" status="CLEARED" type="GW.EV_DOOR_FORCED_OPEN" deviceId="foGrYqOjT7yuxPDOw6/9Yg==" unid="167"> <description>Door Forced Open</description> </event> <event priority="2" evtTime="1237325666000" isAlarm="false" type="GW.EV_DOOR_FORCED_OPEN_CLEAR" deviceId="foGrYqOjT7yuxPDOw6/9Yg==" unid="160"> <description>Door Forced Open Cleared</description> </event> <event count="1" priority="8" evtTime="1237324372000" isAlarm="true" status="CLEARED" type="GW.EV_DOOR_FORCED_OPEN" deviceId="foGrYqOjT7yuxPDOw6/9Yg==" unid="159"> <description>Door Forced Open</description> </event> <event priority="1" evtTime="1237324363000" isAlarm="false" deviceId="foGrYqOjT7yuxPDOw6/9Yg==" unid="158"> <description>Door Opened</description> </event> <event priority="1" evtTime="1237316957000" isAlarm="false" deviceId="foGrYqOjT7yuxPDOw6/9Yg==" unid="157"> <description>Door Opened</description> </event> </events> </ns2:getAccessEventsByDoorResponse>
getAllAlarmsByCategory
Function name Description Method getAllAlarmsByCategory Lists alarms filtered by event category, time interval, and device ID. Post
2-24
OL-21512-02
Chapter 2
Parameters
secCtx: (required) the security context object returned by authenticateUser. category: (string: required): the event category. beginTime: (long: optional) the interval start time. The beginning of a time interval, specified as number of milliseconds from epoch time. All events within this time interval are included in the result. endTime: (long: optional) the interval endTime. Ending time for a time interval, specified as number of milliseconds from epoch time. deviceId: (optional) the unique ID of the device. If blank, all devices are included.If a device ID is included, events and alarms are only returned for the specified device.
Sample request
The following XML example request specifies a category and time interval:
<ns2:getAllAlarmsByCategory xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="7980237" /> <category>GW.EV_MAJOR_ID_DOOR</category> <beginTime>1244680318628</beginTime> <endTime>1247272318628</endTime> </ns2:getAllAlarmsByCategory>
Lists alarms filtered by event category, time interval, and device ID.
<ns2:getAllAlarmsByCategoryResponse xmlns:ns3=http://www.w3.org/2005/08/addressing xmlns:ns2="http://cisco.com/physec/acws/"> <alarms> <event isAnnotation="false" siteId="LxQqj4cuTaO1YLINZk/dzA==" count="1" priority="8" evtTime="1247160358000" isAlarm="true" status="ACTIVE" type="GW.EV_DOOR_FORCED_OPEN" deviceId="szhUH331QKSq29LfkuVX/g==" unid="519"> <description>Door Forced Open</description> </event> </alarms> </ns2:getAllAlarmsByCategoryResponse>
getAllAlarmsByType
Function name Description Method Parameters getAllAlarmsByType Lists alarms filtered by event type, time interval, and device ID. Post
secCtx: (required) the security context object returned by authenticateUser. evtType: (string: required) the event type. beginTime: (long: optional) the interval start time. The beginning of a time interval, specified as number of milliseconds from epoch time. All events within this time interval are included in the result. endTime: (long:optional) the interval end time. Ending time for a time interval, specified as number of milliseconds from epoch time. deviceId: (optional) the unique ID of the device. If blank, all devices are included.If a device ID is included, events and alarms are only returned for the specified device.
2-25
API Functions
Sample request
The following XML example request specifies a category and time interval:
<ns2:getAllAlarmsByType xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="2697030" /> <type>GW.EV_DOOR_FORCED_OPEN</type> <beginTime>1244499763553</beginTime> <endTime>1247091763553</endTime> </ns2:getAllAlarmsByType>
Returns the events and alarms by event type and other optional parameters.
<ns2:getAllAlarmsByTypeResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <alarms> <event evtTime="1228950257000" isAlarm="true" type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="126"> <description>Door Forced Open</description> </event> </alarms> </ns2:getAllAlarmsByTypeResponse>
getAllAlarmUpdates
Function name Description Method Parameters getAllAlarmUpdates Retrieves all alarm updates by getting a list of alarm annotations. Post
secCtx: (required) the security context object returned by authenticateUser. beginTime: (long:optional) the interval start time. The beginning of a time interval, specified as number of milliseconds from epoch time. All events within this time interval are included in the result. endTime: (long: optional) the interval end time. Ending time for a time interval, specified as number of milliseconds from epoch time.
Sample request
2-26
OL-21512-02
Chapter 2
Return result
unid: unique ID of annotation alarmId: alarm ID that it annotates. state: state of the related alarm. siteId: site identifier that owns the alarm annotation. alarmDeviceId: the unique ID of the device on which alarm is generated.
Sample response
<ns2:getAllAlarmUpdatesResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <annotations> <unid>11651</unid> <alarmId>11501</alarmId> <state>CLEARED</state> <siteId>RqNfHyJ3Qu6nxrUs9W4nkw==</siteId> <alarmDeviceId>hHHiu6oyQBm6u+y/xP3j8A==</alarmDeviceId> </annotations> <annotations> <unid>11661</unid> <alarmId>11411</alarmId> <state>CLEARED</state> <siteId>RqNfHyJ3Qu6nxrUs9W4nkw==</siteId> <alarmDeviceId>hHHiu6oyQBm6u+y/xP3j8A==</alarmDeviceId> </annotations> <annotations> <unid>11671</unid> <alarmId>8011</alarmId> <state>CLEARED</state> <siteId>RqNfHyJ3Qu6nxrUs9W4nkw==</siteId> <alarmDeviceId>hHHiu6oyQBm6u+y/xP3j8A==</alarmDeviceId> </annotations> <annotations> <unid>11681</unid> <alarmId>5631</alarmId> <state>CLEARED</state> <siteId>RqNfHyJ3Qu6nxrUs9W4nkw==</siteId> <alarmDeviceId>hHHiu6oyQBm6u+y/xP3j8A==</alarmDeviceId> </annotations> <annotations> <unid>11781</unid> <alarmId>11741</alarmId> <state>CLEARED</state> <siteId>RqNfHyJ3Qu6nxrUs9W4nkw==</siteId> <alarmDeviceId>hHHiu6oyQBm6u+y/xP3j8A==</alarmDeviceId> </annotations> </ns2:getAllAlarmUpdatesResponse></soap:Body></soap:Envelope>
clearAlarm
Function name Description Method clearAlarm Clears a specified alarm. Post
2-27
API Functions
Parameters
secCtx: (required) the security context object returned by authenticateUser. alarmId: (required) specifies the unique ID of the alarm notes: (optional) notes that are saved with the alarm.
Sample request
2-28
OL-21512-02
Chapter 2
2-29
API Functions
ackAlarm
Function name Description Method Parameters ackAlarm Acknowledges an alarm. Post
secCtx: (required) the security context object returned by authenticateUser. alarmId: (required) specifies the unique ID of the alarm notes: (string:optional) notes that are saved with the alarm that is acknowledged.
<ns2:ackAlarm xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <secCtx token="25785386" /> <eventId>382</eventId> <notes>This is alarm notes</notes> </ns2:ackAlarm>
Sample request
getVersionInfo
Function name Description Method Parameters Sample request getVersionInfo Returns access control web service version information. Post None.
<ns2:getVersionInfo xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> </ns2:getVersionInfo>
Return result
Sample response
<ns2:getVersionInfoResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <version build="265" maint="0" minor="1" major="1" /> </ns2:getVersionInfoResponse>
2-30
OL-21512-02
Chapter 2
getAlarmDuplicates
Function name Description Method Parameters Sample request getAlarmDuplicates Returns duplicates for a specified alarm. Post
secCtx: (required) the security context object returned by authenticateUser. eventId: (required) specifies the unique ID of the alarm.
2-31
API Functions
Event Notification
A client application can receive event and alarm notifications from Cisco PAM by registering a callback interface with the Cisco PAM web service.
Step 1 Step 2
Implement a service interface on the client. Register the service interface (endpoint) on Cisco PAM using either SOAP/HTTP or XML/HTTP.
To implement a SOAP/HTTP binding on the client, use registerAcEventCallback. This is used to register a W3CEndPointReference for an endpoint service that implements AcEventPortType. To implement an XML/HTTP binding, use registerAcEventXMLCallback to register an endpoint URL.
Tip Step 3
Use the notifyAcEvent API to notify a client application when an event or alarm occurs.
registerAcEventCallback, page 2-32 registerAcEventXMLCallback, page 2-33 unregisterAcEventCallback, page 2-34 notifyAcEvent, page 2-35 Example to Implement and Register a Service Interface, page 2-35
registerAcEventCallback
Function name Description registerAcEventCallback Registers an event callback endpoint for clients using a SOAP/HTTP binding. When the specified events or alarms occur, a notification is sent to the registered endpoint.
Note
If an error is encountered in notifying events/alarms to the endpoint, the endpoint reference is automatically removed from the callback registry. secCtx: (required) the security context object returned by authenticateUser. evtTypes: (required) one or more event types for the notification. evtCallback: (required) the callback interface used to notify event/alarms. alarmsOnly: (required) true if only alarms are sent. False if events and alarm notifications are sent.
Method Parameters
Post
2-32
OL-21512-02
Chapter 2
Sample request
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <ns2:registerAcEventCallback xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <secCtx token="8413945" /> <eventCallback> <ns3:Address>http://localhost:8090/callback/notifyacevent </ns3:Address> <ns3:ReferenceParameters> <wsa:ReferenceParameters xmlns:wsa="http://www.w3.org/2005/08/addressing"> <testParameter1>testValue1</testParameter1> <testParameter2>testValue2</testParameter2> </wsa:ReferenceParameters> </ns3:ReferenceParameters> <ns3:Metadata> <wsaw:ServiceName xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:wsa="http://www.w3.org/2005/08/addressing" EndpointName="AcEventPortTypePort"> ns2:AcEventService</wsaw:ServiceName> </ns3:Metadata> </eventCallback> <alarmsOnly>false</alarmsOnly> </ns2:registerAcEventCallback> </soap:Body> </soap:Envelope>
Return result
registrationKey: the key that identifies the callback registration. This value is returned when callback is registered successfully. This key is also used to unregister the event callback. See unregisterAcEventCallback.
Sample response
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <ns2:registerAcEventCalbackResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <return>1001</return> </ns2:registerAcEventCalbackResponse> </soap:Body> </soap:Envelope>
registerAcEventXMLCallback
Function name Description registerAcEventXMLCallback Registers an event callback endpoint URL for clients using an XML/HTTP binding. When the specified events or alarms occur, a notification is sent to the registered URL.
Note
If a notification error occurs, the endpoint is automatically removed from the callback registry.
Method
Post
2-33
API Functions
Parameters
secCtx: (required) the security context object returned by authenticateUser. evtTypes: (AcEventTypeList: required) one or more event types that will be notified. serviceUrl: (string: required) the callback URL. This URL points to an endpoint which implements AcEventPortType interface. alarmsOnly: (bool:required) if true only alarms are notified.
Sample request
<ns2:registerAcEventXMLCallback xmlns:ns3=http://www.w3.org/2005/08/addressing xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="9507071" /> <evtTypes> <evtType unid="VX.ALMCLEAR" /> <evtType unid="GW.EV_DOOR_FORCED_OPEN" /> </evtTypes> <serviceUrl>http://localhost:8090/callback/notifyaceventxml </serviceUrl> <alarmsOnly>false</alarmsOnly> </ns2:registerAcEventXMLCallback>
registrationKey: the key that identifies the callback registration. This value is returned when callback is registered successfully. See unregisterAcEventCallback.
<ns2:registerAcEventXMLCallbackResponse xmlns:ns3=http://www.w3.org/2005/08/addressing xmlns:ns2="http://cisco.com/physec/acws/"> <return>1001</return> </ns2:registerAcEventXMLCallbackResponse>
unregisterAcEventCallback
Function name Description Method Parameters unregisterAcEventCallback Unregisters an event callback. This is called when application is no loner interested getting notifications using the callback registered earlier. Post
secCtx: (required) the security context object returned by authenticateUser. registrationKey: (required) the key that identifies the callback registration. This value is returned when callback is registered successfully. See registerAcEventCallback.
Sample request
None.
<ns2:unregisterAcEventCallbackResponse xmlns:ns3="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://cisco.com/physec/acws/" />
2-34
OL-21512-02
Chapter 2
notifyAcEvent
Function name Description notifyAcEvent Notifies a client application when an event or alarm occurs. The client must have previously registered a notification callback using either registerAcEventCallback or registerAcEventXMLCallback. Post AcEvent: event or alarm
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <ns2:notifyAcEvent xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <event evtTime="1229014038427" isAlarm="true "type="GW.EV_DOOR_FORCED_OPEN" deviceId="GgXIKOh2Rciu33wuB5jXdA==" unid="168"> <description>Door Forced Open</description> </event> </ns2:notifyAcEvent> </soap:Body> </soap:Envelope>
For example:
public boolean notifyAcEvent(AcEvent event) { System.out.println("notifyAcEvent is called"); // handle event/alarm as the case may be System.out.println(" Event = " + eventToString(event)); return true; } }
To create a service end point (for AcEventPortTypeImpl) and register it with PSIMWsPortType (ACWS web service), create an element referenceParameters: (<wsa:ReferenceParameters>) In the following XML fragment, the service endpoint is created and registered using the API registerAcEventCallback.
<wsa:EndpointReference xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsa:Address>http://localhost:8090/callback/notifyacevent</wsa:Address> <wsa:ReferenceProperties></wsa:ReferenceProperties>
2-35
API Functions
<wsa:ReferenceParameters> <testParameter1>testValue1</testParameter1> <testParameter2>testValue2</testParameter2> </wsa:ReferenceParameters> <wsa:Metadata xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance" xmlns:wsaw="http://www.w3.org/2005/02/addressing/wsdl" xmlns:ns="http://cisco.com/physec/acws/"> <wsaw:ServiceName EndpointName="CallbackPort">ns:AcEventService </wsaw:ServiceName> </wsa:Metadata> </wsa:EndpointReference> // code fragments for getting an endpoint reference // and registering a callback. m_cbEndpointReference = (W3CEndpointReference)m_evtEndpoint. getEndpointReference(referenceParameters); m_portType.registerAcEventCallback(m_ctx, null, m_cbEndpointReference, false);
2-36
OL-21512-02
Chapter 2
secCtx: the security context object returned by authenticateUser. doorId: door unique ID
setDoorMode
Function name Description Method Parameters setDoorMode Sets the door mode for a specified door and overrides the current door mode. Post
secCtx: the security context object returned by authenticateUser. doorId: door unique ID. mode: defines the new door mode (DoorModeType).
Sample request
None
<ns2:setDoorModeResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing" />
resetDoorMode
Function name Description Method resetDoorMode Resets the door mode to the original Cisco PAM configuration. Post
2-37
API Functions
Parameters
Note
secCtx: the security context object returned by authenticateUser. doorId: door unique ID This function overrides the door mode set using setDoorMode.
Sample request
None.
<ns2:resetDoorModeResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing" />
getDoorMode
Function name Description Method Parameters Sample request getDoorMode Returns the current door mode for a specified door. Post
secCtx: the security context object returned by authenticateUser. doorId: door unique ID
setDoorModeConfig
Function name Description Method setDoorModeConfig Sets the door mode configuration for a specified door. Any outstanding configuration changes from Cisco PAM are also applied. Post
2-38
OL-21512-02
Chapter 2
Parameters
secCtx: the security context object returned by authenticateUser. doorId: unique ID of a door device in Cisco PAM. The door mode will be configured for the door specified in this parameter. defMode: the default door mode. The default mode can be one of the following:
OPEN LOCK SECURE
schName: the name of the door schedule for changing door mode. schMode: the door mode used by the specified schedule.
OPEN LOCK SECURE
Sample request
<ns2:setDoorModeConfig xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <ctx token="31410451" /> <doorId>PpDjVmWMSP69gjW/4nAvCg==</doorId> <defMode>OPEN</defMode> <schName>Always Scheduled</schName> <schMode>LOCK</schMode> </ns2:setDoorModeConfig>
None.
<ns2:setDoorModeConfigResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing" />
2-39
API Functions
getAllAccessLevelNames
Function name Description Method Parameters Sample request getAllAccessLevelNames Returns names of all the access level defined in Cisco PAM. Post
getAccessLevelByName
Function name Description Method Parameters Sample request getAccessLevelByName Returns detailed information for a specified access level. Post
secCtx: the security context object returned by authenticateUser. alname: name of access level.
2-40
OL-21512-02
Chapter 2
getAllSchedules
Function name Description Method Parameters Sample request getAllSchedules Returns information for all schedules defined in Cisco PAM. Post
2-41
API Functions
getAllScheduleNames
Function name Description Method Parameters Sample request getAllScheduleNames Returns names of all the access schedules defined in Cisco PAM. Post
2-42
OL-21512-02
Chapter 2
getScheduleByName
Function name Description Method Parameters Sample request getScheduleByName Returns detailed information for a specified access schedule. Post
2-43
API Functions
enrollBadge
Function name Description enrollBadge Adds one or more new badge credentials to an existing personnel record, or a new personnel record. If a new personnel record is specified, a picture in JPEG format can be included. Only new badges can be added using this API.
Usage Notes
A badge credential defines the properties for a user badge including one or more badge extensions. For example:
Note
The gwBadge extension defines properties such as credential template, use limit, and role. The HsBadge extension defines properties relevant for HSPD Badges. The HsBadge extension is experimental and may be changed or removed in future Cisco PAM releases. For this reason, the extension should not be used in a production setting. secCtx: the security context object returned by authenticateUser. personInfo: information for the personnel record for the assigned badge. templateName: the credential template name used to create the badge. Once the badge is created, a badge template specifies the intiail properties of the badge. BadgeList: List of Badges where each of the badge can have one or more badge extensions specified.
Method Parameters
Post
2-44
OL-21512-02
Chapter 2
Sample request
A personId identifies the person in the Cisco PAM. If the personId exists, the record is updated with the properties and badges information. If the personId does not exist in Cisco PAM, a new record is created for the personId. A Base64 encoded (JPEG) image is added to the record. A Badge Template (TestTemplate) is used to create the badges.
Sample request:
<ns2:enrollBadge xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="22627865" /> <person statusId="ACTIVE" type="Standard" lname="Last_5000" fname="First_5000" personId="247595849"> <picture> <picture> /9j/4.... Note : Truncated base64 encoded JPEG Image .. . 2Q== </picture> <type>JPEG</type> </picture> </person> <templateName>TestTemplate</templateName> <badge> <badges cardNumber="1322936685508915001"> <expDate>1252628974196</expDate> <validityType>VX.ACTIVE</validityType> <extensions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:HsBadge" ici="2" crlLatestDate="1252628974196" crlInitialDate="1247444974196" credentialSeries="1" credentialNumber="123456789" hsCardType="PIV" agencyCode="123"> <fascnHex>0123456789ABCDEF0123456789ABCDEF0123456789ABCDFFF0 </fascnHex> <cuidHex>0123456789ABCDEF0123</cuidHex> <sha1HashHex>0123456789ABCDEF01230123456789ABCDEF0123 </sha1HashHex> </extensions> <extensions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:gwBadge"> <credTemplateName>26BitWiegandCT</credTemplateName> <role>EMPLOYEE</role> <adaEnabled>true</adaEnabled> </extensions> </badges> <badges cardNumber="1322936685508915002"> <expDate>1252628974196</expDate> <validityType>VX.ACTIVE</validityType> </badges> </badge> </ns2:enrollBadge>
2-45
API Functions
assignAccessLevel
Function name Description Method Parameters assignAccessLevel Assigns one or more access levels to a specified badge associated with a person.
Note
This API replaces all the access levels on the specified badge. secCtx: the security context object returned by authenticateUser. personUnid: the unique ID of the personnel record. badgeId: the badge ID assigned to the specified person. accessLevel: a list of access level unique IDs assigned to the badge.
Post
Sample request
<ns2:assignAccessLevel xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <secCtx token="18492755" /> <personUnid>D/DRqX4uToSMtLLXKO42LA==</personUnid> <badgeId>ObuzbsVOTQOECwkZ38v0uA==</badgeId> <accessLevel>iw3wxU4lSfSimYKGCFr+Ig== </accessLevel> <accessLevel>85MMlASIQFOxSkJeWrT6JA== </accessLevel> </ns2:assignAccessLevel>
None or void.
<ns2:assignAccessLevelResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing" />
getAllBadgesByPerson
Function name Description Method Parameters Sample request getAllBadgesByPerson Returns badge details for the badges assigned to a specified person. Post
secCtx: the security context object returned by authenticateUser. personId: the person unique ID.
2-46
OL-21512-02
Chapter 2
Detailed information for the badges assigned to the personnel unique ID.
<ns2:getAllBadgesByPersonResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <badgeList> <badges cardNumber="5306" badgeId="ZrOXe9ozQFeqvrD9+nTNRQ=="> <expDate>1263715200000</expDate> <type>VX.STANDARD</type> <useCount>0</useCount> <effectiveDate>1105948800000</effectiveDate> <site>VtkNkl4hR5e/taeTsJEOKQ==</site> <summaryData>5306</summaryData> <extensions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:HsBadge" ici="0" credentialSeries="0" credentialNumber="0" hsCardType="CARD_TYPE_NONE" agencyCode="0" /> </badges> </badgeList> </ns2:getAllBadgesByPersonResponse>
getBadgeValidityTypes
Function name Description Method Parameters Sample request getBadgeValidityTypes Returns a list of Cisco PAM badge Validity types. Post
Return result
Returns a list of Cisco PAM badge Validity types. For example: Blacklist and Revoked.
Tip
To view the list in Cisco PAM, open the Badges module, click the General tab, and select the Validity drop-menu.
<ns2:getBadgeValidityTypesResponse xmlns:ns2="http://cisco.com/physec/acws/"> <types>GW.BLACKLIST</types> <types>HS.REVOKED</types> <types>VX.ACTIVE</types> <types>VX.DESTROYED</types> <types>VX.INACTIVE</types> <types>VX.LOST</types> <types>VX.STOLEN</types> </ns2:getBadgeValidityTypesResponse>
Sample response
getCredentialTemplateNames
Function name Description Method Parameters getCredentialTemplateNames Returns a list of names of Credential templates defined in CPAM Post
2-47
API Functions
Sample request
Return result
To view the list in Cisco PAM, select Doors: Templates: Credential Templates.
Sample response
getBadgeRoles
Function name Description Method Parameters Sample request getBadgeRoles Returns the Badge type (roles) defined in Cisco PAM. Post
Return result
List of Badge type (roles) in Cisco PAM. For example: Employee, Contractor, Vendor, and Temporary.
Tip
To view the list in Cisco PAM, open the Badges module, click the General tab, and select the Badge type drop-menu.
Sample response
getAllBadgeTemplateNames
Function name Description Method Parameters getAllBadgeTemplateNames Returns the Badge Template names defined in Cisco PAM. The names are used as a parameter in the enrollBadge API. Post
2-48
OL-21512-02
Chapter 2
Sample request
List of the Badge Template names used as a parameter in the enrollBadge API. To view the template names in Cisco PAM, select the Badge Templates from the Users menu.
<ns2:getAllBadgeTemplateNamesResponse xmlns:ns2="http://cisco.com/physec/acws/"> <badgeTemplates>TestTemplate</badgeTemplates> </ns2:getAllBadgeTemplateNamesResponse>
getAccessLevelByPerson
Function name Description Method Parameters Sample request getAccessLevelByPerson Returns a list of the access levels for all badges assigned to a person. The person is identified by a unique ID. Post
secCtx: the security context object returned by authenticateUser. personUnid: unique ID that identifies the person.
A list of the access levels for all badges held by the specified access control user.
<ns2:getAccessLevelByPersonResponse xmlns:ns2="http://cisco.com/physec/acws/"> <accessLevels>LimitedAccess</accessLevels> </ns2:getAccessLevelByPersonResponse>
getBadgeByCardNum
Function name Description Method Parameters Sample request getBadgeByCardNum Retrieves a badge record for a specified card number. Post
secCtx: the security context object returned by authenticateUser. cardNumber: the unique card number for the badge.
2-49
API Functions
updateBadge
Function name Description Method Parameters updateBadge Updates a list of badge credential in the Cisco PAM database. All properties on a badge in Cisco PAM are replaced by the new properties for the specified badge. Post
secCtx: the security context object returned by authenticateUser. BadgeList: the list of badges to update. personUnid: unique ID of person associated with the badges. If the specified ID does not exist, a fault is returned. assign:
enter true if the specified badges are associated with the specified person enter false the association is removed.
Sample request
<ns2:updateBadge xmlns:ns2="http://cisco.com/physec/acws/"> <secCtx token="23402047" /> <badge> <badges pin="5300" facilityCode="1" cardNumber="5300" badgeId="Zi3b2oe+TtuxLGEvyBSIWQ=="> <expDate>1263715200000</expDate> <type>VX.STANDARD</type> <validityType>VX.INACTIVE</validityType> <effectiveDate>1105948800000</effectiveDate> <site>qq09fJRiQqGmAPgaVkF+wQ==</site> <summaryData>5300</summaryData> <accessLevels>TestPolicy1</accessLevels> </badges> </badge> <assign>true</assign> </ns2:updateBadge>
2-50
OL-21512-02
Chapter 2
getAccessLevelByUnid
Function name Description Method Parameters Sample request getAccessLevelByUnid Returns information about an access level specified by the access level unid. Post
secCtx: the security context object returned by authenticateUser. unid: the unique ID of an access level.
Access level configuration based on the unid. If an invalid unid is specified, null is returned (the response is returned with no records).
<ns2:getAccessLevelByUnidResponse xmlns:ns2="http://cisco.com/physec/acws/"> <accessLevel> <ns2:accessLevelInfo unid="467cWZt+SK2EwMXXeTpUYw==" deActivationDuration="0" enable="true" name="TestPolicy2"> <ns2:accessLevelEntry doorId="rfghaHzARcu8E4Fhvv7hIw==" accesslevelentrytype="DOOR" scheduleName="Always Permit" /> </ns2:accessLevelInfo> </accessLevel> </ns2:getAccessLevelByUnidResponse>
getAllBadgeTypeIds
Function name Description Method Parameters Sample request getAllBadgeTypeIds Returns the unique identifiers for Cisco PAM badge types. Post
Return result
Sample response
2-51
API Functions
getAllBadgeRefs
Function name Description getAllBadgeRefs Returns a range of badge references based on required beginning and ending card number parameters.
Note
A Badge Reference is an object that includes a badge unique ID and card number. The badge reference is used with the getBadgeByCardNum API to obtain complete badge information. The beginCardNumber and endCardNumber parameters are required. The other parameters are optional and are used to further filter the results. secCtx: the security context object returned by authenticateUser. beginCardNumber: (long: required) Card numbers equal to or greater than this number are included in the results. endCardNumber: (long: required) Card numbers equal to or less than this number are included in the results. A long parameter is a signed 64 bit number. badgeTypeId: (string: optional) Only badges with the specified badge type are included in the results. If the specified badge type is invalid, a fault is returned. validityTypeId: (string: optional) Only badges with the specified validity type are included in the results. If the specified validity type is invalid, a fault is returned. onlyUnassigned: (boolean: required) if the value is true, only badges not associated to any person are included in the result. If the value is false, all badges are included.
Method Parameters
Post
Note
Tip
Sample request
List of badges references, including the badge unique ID and card number for the reference.
<ns2:getAllBadgeRefsResponse xmlns:ns2="http://cisco.com/physec/acws/"> <badgeRef> <unid>vVPfk6p+Sc6rA/cVpWGmWg==</unid> <cardNumber>5305</cardNumber> </badgeRef> </ns2:getAllBadgeRefsResponse>
2-52
OL-21512-02
Chapter 2
Define External Event Types Using the Event Definition Format, page 2-53. This file also defines the categories for the log codes. Create a Text File to Define the Event Names in Cisco PAM, page 2-53. Import the Files into Cisco PAM, page 2-54. Add external events and alarms to Cisco PAM using recordExtEvent, page 2-55.
The concatenation rule is: AE.<logcode_prefix>_<logcode> Event category: AE.Cisco_VSM The log codes for the category are: AE.VS_VSM_Sample1 and AE.VS_VSM_Sample2
<appext_eventdefns xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <appext_entry appname="Cisco_VSM" logcode_prefix="VS"> <ext_event_defn logcode="VSM_Sample1" priority="10" description="VSM Sample Event-1"/> <ext_event_defn logcode="VSM_Sample2" priority="10" description="VSM Sample Event-2" isAlarm="true"/> </appext_entry> </appext_eventdefns>
The file is saved with the .xml extension. For example: SampleExtEventDefns.xml.
2-53
API Functions
The file is saved with the .properties extension. For example: AppExtMessages.properties.
Step 2
Step 3
Click Import.
2-54
OL-21512-02
Chapter 2
To do this
Step 4 a.
Select the XML and Properties files. The XML file defines the event log codes and category for the external events. The Properties file defines the text string for each code and category. The text string is the name that appears in Cisco PAM. Click Next to preview the settings, or click Finish to save the changes. Define External Event Types Using the Event Definition Format, page 2-53 Create a Text File to Define the Event Names in Cisco PAM, page 2-53
b.
(Optional) Preview the settings. Click Finish to save the changes Click Back to select a different file.
Step 6
The new log codes are displayed in the main External Events window.
recordExtEvent
Function name Description Method recordExtEvent Records an external event or alarm in Cisco PAM. Post
2-55
API Functions
Parameters
secCtx: the security context object returned by authenticateUser. appName: the application name that calls the recordExtEvent API. This information is saved in the data field of the event. AcEvent: event to be recorded. The following fields are required:
srcDeviceName: the source device where the event originated. If the device name matches
an existing entry (device of type AE.DEVICE) the event is associated with the existing device. If the device name does not exist, a new device of type AE.DEVICE with the specified name is created.
eventTime: the time the event occurred (in milliseconds, since epoch time). type: specifies the event type for the event being recorded. This type must be imported in
Cisco PAM before an event that belongs to the type can be recorded.
srcDeviceType: the type of source device where event originated. This information is saved in the data field of the event.
<ns2:recordExtEvent xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <appName>Cisco_VSM</appName> <event evtTime="1251242603168" type="AE.VS_VSM_Sample1"> <srcDeviceName>FrontDomeCamera</srcDeviceName> </event> <srcDeviceType>External_Camera</srcDeviceType> </ns2:recordExtEvent>
Sample request
Once an event is recorded, it is displayed in the Cisco PAM Event Monitoring module.
<ns2:recordExtEventResponse xmlns:ns2="http://cisco.com/physec/acws/" xmlns:ns3="http://www.w3.org/2005/08/addressing"> <result isAnnotation="false" siteId="XFAx5kFhQ9CYGQCltUCLGg==" priority="10" evtTime="1251242603168" isAlarm="false" name="Sample Event-1" type="AE.VS_VSM_Sample1" deviceId="Uf4lTSWYSe+1RF1CRCHhCQ==" unid="159"> <description>Sample Event-1</description> </result> </ns2:recordExtEventResponse>
2-56
OL-21512-02
CH A P T E R
Fault Codes
API errors return major and minor fault codes. The major fault codes are described in the following table:
Fault Code AUTHENTICATION_FAILED COMMAND_FAILURE CPAM_CONNECTION_FAILURE DATA_ACCESS_EXCEPTION GENERIC_FAILURE INCOMPATIBLE_DEV_STATE INVALID_BADGE_PROPERTY INVALID_DEV_TYPE INVALID_METHOD_PARAM INVALID_PERSON_PROPERTY INVALID_SECURITY_CONTEXT METHOD_NOT_IMPLEMENTED TARGET_DEVICE_NOT_FOUND WSAPI_NO_LICENSE
Description User authentication failed. Invalid credentials. The command could not be invoked. The Cisco PAM connection failed. An error occurred when accessing data in the database. A generic function failure. The device state is incompatible for the command. Invalid badge property value is specified. Device type specified is invalid. An method argument contains an invalid parameter. Invalid person property value is specified. The security context object is invalid. The object may be expired or incorrect. The requested method is not yet implemented. The specified target device could not be found. The WSAPI Feature License is not found.
3-1
Chapter 3
Fault Codes
3-2
OL-21512-02
INDEX
A
ackAlarm API authentication function list, See function overview summary license security service URLs
1-3 1-10 1-2 1-7 1-6 2-4 2-1 1-2, 1-9, 1-10 2-30
F
fault codes
3-1
G
getAccessEventsByDoor getAccessLevelByName getAccessLevelByPerson getAccessLevelByUnid getAcDeviceTypes getAlarmDuplicates getAllAccessLevels getAllAcDevices
2-6 2-31 2-40 2-23 2-40 2-49 2-51
getAllAccessLevelNames
2-39 2-46 2-5 2-10
getAllAlarmsByCategory getAllAlarmsByType
1-9 2-25 2-26
2-24
C
clearAlarm
2-27
E
enrollBadge enrollPerson
getAllEventsByCategory
2-20
getAllEventsCategories
2-8
2-17
getAllPersonByType getAllPersonStatusIds
2-15 2-15
IN-1
Index
2-14 2-42
R
recordExtEvent
2-55 2-32 2-33
getBadgeByCardNum
2-48
2-49
registerAcEventCallback resetDoorMode
2-47 2-37
registerAcEventXMLCallback
2-47
getCredentialTemplateNames
S
secCtx security
1-9 1-10 1-9
2-43 2-21
2-38 1-7
H
HTTP POST method
1-7
U
unid
1-10 1-10 2-34
I
idle time
1-9
unique ID
unregisterAcEventCallback updateBadge
2-50 2-16
J
Java client
1-10
updatePerson URLs
1-7
1-9
L
license for API functionality logging
1-11 2-5 1-3
W
Web Services
1-2 1-8
logoutUser
X N
namespaces
1-8 2-35
X.509 certificate
1-10 1-7
XML/HTTP binding
notifyAcEvent
IN-2
OL-21512-02