Cisco Expressway REST API Reference Guide (X8.10) · CiscoExpresswayRESTAPI ReferenceGuide...

Cisco Expressway RESTAPIReferenceGuideFirst Published: June 2016

Last Updated: August 2018

X8.10

Cisco Systems, Inc. www.cisco.com

http://www.cisco.com/

ContentsPreface 4

ChangeHistory 4Introduction 6

Schemas 6Authentication 6BaseURI 6Sample Requests and Responses 6

Example: Using API for DNS Server 6Example: Using API for NTP Server 8

Authentication 12/certs/generate_csr: 12/certs/root: 14/certs/server: 15

CommonBetweenCisco Expressway-C and Cisco Expressway-E 16/common/adminaccount/configuration: 16common/adminaccount/changepassword: 18/common/certs/sch: 19/common/credential: 19/common/current/active/firewallrules: 21/common/defaultlinks: 22/common/dns/dns: 23/common/dns/dnsperdomainserver: 25/common/dns/dnsserver: 27/common/domain: 29/common/firewallrules/activation: 32/common/firewallrules/configuration: 33/common/mra: 36/common/protocol/sip: 37/common/protocol/sip/advanced: 40/common/protocol/sip/certrevokecheck: 41/common/protocol/sip/configuration: 42/common/protocol/sip/registrationcontrol: 44/common/qos: 48/common/sch: 50/common/searchrule: 52/common/time/ntpserver: 58/common/time/status: 61/common/time/timezone: 62/common/transform: 63/common/zone/dnszone: 66/common/zone/neighborzone: 77/configuration/allowlist/autopaths: 90


2


/configuration/allowlist/control: 91/configuration/allowlist/manualpaths: 92/domaincerts/domain: 94/domaincerts/domain/<domain> 95/domaincerts/domain/<domain>/cert: 96/domaincerts/domain/<domain>/csr: 97

Cisco Expressway-C 100/controller/server/cucm: 100/controller/server/imp: 102/controller/zone/traversalclient: 104/controller/zone/unifiedcommunicationstraversal: 113

Cisco Expressway-E 120/edge/traversal/turn: 120/edge/xmpp: 122/edge/zone/traversalserver: 123/edge/zone/unifiedcommunicationstraversal: 133

/configuration/allowlist/control: 140/configuration/allowlist/autopaths: 141/configuration/allowlist/manualpaths: 142/optionkey: 144/restart: 145/sysinfo: 146Cisco Legal Information 147Cisco Trademark 148

3

Cisco Expressway REST API Reference Guide

Preface

Change History

Date Change Reason

August 2018 Included a note to generate the CSR before uploading the servercertificate.

Contentenhancement

June 2018 Included examples for Expressway API calls and link to the self-documented RAML.

Contentenhancement

July 2017 Phase three of REST API. Now includes firewall rules, SIP, anddomain certificates.

Released withX8.10

January 2017 Updated with HTTP allow list calls and get by filter option. Released withX8.9.1

December 2016 Phase two of REST API. Now includes B2B functionality and abilityto delete.

Released withX8.9

June 2016 First phase of REST API to set up Mobile and Remote Access(MRA).

Released withX8.8

Table 1 Reference Guide Change History

4


Preface

5


IntroductionThe Expressway REST API is compliant with RAML version 0.8 (raml.org/spec.html). Although the API is fullycompliant, it does not support nested APIs.

The API is self-documented using RESTful API Modeling Language (RAML). You can access the RAML definitions foryour system at https://<Expressway FQDN or IP address>/api/provisioning/raml. An experimental schema browseris embedded in the web user interface, and can be accessed from the Experimental menu.

SchemasAll request and response schema on the Expressway REST API use JSON Schema version 4 (json-schema.org/documentation.html) . Request parameters are not supported and only JSON schemas are used.

AuthenticationThe API is only accessible via HTTPS and requires authentication. The authentication credentials are theadministrator credentials on the Expressway node.

Base URIThe base URI to access the Expressway REST API is as follows: http://<external_address>/api/provisioning (forexample, http://10.0.0.1/api/provisioning).

The REST API is published in the following categories:

■ Cisco Expressway-E:/edge/ <remaining path> (for example, http://10.0.0.1/api/provisioning/edge/credential).

■ Cisco Expressway-C:/controller/ <remaining path> (for example, http://10.0.0.1/api/provisioning/controller/domain).

■ Common between Cisco Expressway-E and Cisco Expressway-C:/common/<remaining path> (for example, http://10.0.0.1/api/provisioning/common/certs/root).

■ You can also filter your Get requests in order to find a specific entry. For example,/controller/zone/traversalclient/name/myzone would return the traversal client zone called myzone.

Sample Requests and ResponsesThis section provides examples on how to use Expressway API methods. The examples relate to API methods for theDNS server and NTP server.

Example: Using API for DNS ServerRetrieving DNS Server information

This example retrieves the DNS server information using JSON API.

URI GET https://<Expressway FQDN or IP address>/api/provisioning/common/dns/dnsserver

Request body This operation does not require a request body.

6


Introduction

http://raml.org/spec.html

http://json-schema.org/documentation.html

http://json-schema.org/documentation.html

Response body {

"DefaultDNSServers":

{

"index": 1,

"address": "10.0.0.1"

}

}

This example retrieves the DNS server information using cURL.

curl -X GET -k -i 'https://<Expressway FQDN or IP address>/api/provisioning/v1/common/dns/dnsserver'

Adding DNS Server

This example adds a DNS server with an IP address 10.0.0.2 and index value 2 using JSON API.

URI POST https://<Expressway FQDN or IP address>/api/provisioning/common/dns/dnsserver'

Request body {


{

"index": 2,

"address": "10.0.0.2"

}

}

Response body {

"Message": "The operation was successful"

}

This example adds a DNS server with an IP address 10.0.0.2 and index value 2 using cURL.

curl -X POST -k -i 'https://<Expressway FQDN or IP address>/api/provisioning/v1/common/dns/dnsserver' --data'{"DefaultDNSServers": {"index": 2, "address": "10.0.0.2"}}'

Modify DNS Server

This example modifies the IP address of the DNS server with the index value 2 using JSON API.

URI PUT https://<Expressway FQDN or IP address>/api/provisioning/common/dns/dnsserver

7


Introduction

Request body {


{

"index": 2,

"address": "10.0.0.3"

}

}

Response body {


}

This example modifies the IP address of the DNS server with the index value 2 using cURL.

curl -X PUT -k -i 'https://<Expressway FQDN or IP address>/api/provisioning/v1/common/dns/dnsserver' --data'{"DefaultDNSServers": {"index": 2, "address": "10.0.0.3"}}'

Delete DNS Server

This example deletes the DNS server with the index value of 2 using JSON API.

URI DELETE https://<Expressway FQDN or IP address>/api/provisioning/common/dns/dnsserver

Request body {

"index": 2

}

Response body {


}

This example deletes the DNS server with the index value of 2 using cURL.

curl -X DELETE -k -i 'https://expc.cisco.com/api/provisioning/v1/common/dns/dnsserver' --data '{"index": 2}'}'

Example: Using API for NTP ServerRetrieving NTP Server information

This example retrieves the NTP server information using JSON API.

URI GET https://<Expressway FQDN or IP address>/api/provisioning/v1/common/time/ntpserver

Request body This operation does not require a request body.

8


Introduction

Response body {

"index": 5,

"KeyId": 1,

"Hash": "sha1",

"Authentication": "disabled",

"Address": "10.0.0.1"

}

This example retrieves the NTP server information using cURL.

curl -X GET -k -i 'https://<Expressway FQDN or IP address>/api/provisioning/v1/common/time/ntpserver'

Adding NTP Server

This example adds an NTP server with an IP address 10.0.0.2 using JSON API.

URI POST https://<ExpresswayFQDN-IPAddress>/api/provisioning/v1/common/time/ntpserver

Request body {

"index": 6,

"Address": "10.0.0.2",

"KeyId": 1,

"Hash": "sha1",

"Authentication": "disabled"

}

Response body {


}

This example adds an NTP server with an IP address 10.0.0.2 using cURL.

curl -X POST -k -i 'https://<Expressway FQDN or IP address>/api/provisioning/v1/common/time/ntpserver' --data '{"index": 6, "Address": "10.0.0.2", "KeyId": 1, "Hash": "sha1", "Authentication": "disabled"}'

Modify NTP Server information

This example modifies IP address of the NTP server with the index value 6 using JSON API.

URI PUT https://<Expressway FQDN or IP address>/api/provisioning/v1/common/time/ntpserver

9


Introduction

Request body {

"index": 6,

"Address": "10.0.0.3",

"KeyId": 1,

"Hash": "sha1",

"Authentication": "disabled"

}

Response body {


}

This example modifies IP address of the NTP server with the index value 6 using cURL.

curl -X POST -k -i 'https://<Expressway FQDN or IP address>/api/provisioning/v1/common/time/ntpserver' --data '{"index": 6, "Address": "10.0.0.3", "KeyId": 1, "Hash": "sha1", "Authentication": "disabled"}'

Delete NTP Server

This example deletes the NTP server with the index value of 6 using JSON API.

URI DELETE https://<Expressway FQDN or IP address>/api/provisioning/v1/common/time/ntpserver

Request body {

"index": 6

}

Response body {


}

This example deletes the DNS server with the index value of 6 using cURL.

curl -X DELETE -k -i 'https://<Expressway FQDN or IP address>/api/provisioning/v1/common/time/ntpserver' --data '{"index": 6}'}'

10


Introduction

11


Authentication

/certs/generate_csr:Generate, read or delete the Certificate Signing Request (CSR).

Method RequestBody

ResponseCode

Response Body Comment

GET None 200 {

Additional_FQDNS: Additional free-formhostnames included in the certificate.

Country: The two-letter ISO code for the countrywhere your organization is located.

KeyLength: The number of bits used for public andprivate key encryption. Default: 4096.

DigestAlgorithm: The Digest algorithm used for thesignature. Default: SHA-256.

Province: The province, region, county, or statewhere your organization is located.

Locality: The town or city where your organizationis located.

Organization: The name of the organization orbusiness.

OrganizationalUnit: The department name ororganizational unit handling the certificate.

Email: The email address to include in thecertificate.

}

Required: Country, Province, Locality,Organization, OrganizationalUnit.

Gets the generated CSR fromits path and displays it.

12


Authentication

Method Request Body ResponseCode


POST {

Additional_FQDNS: Additional free-formhostnames included in the certificate.

Country: The two-letter ISO code for thecountry where your organization islocated.

KeyLength: The number of bits used forpublic and private key encryption. Default:4096.

DigestAlgorithm: The Digest algorithmused for the signature. Default: SHA-256.

Province: The province, region, county, orstate where your organization is located.

Locality: The town or city where yourorganization is located.

Organization: The name of theorganization or business.

OrganizationalUnit: The department nameor organizational unit handling thecertificate.


}


200 {

Message:Success/Failure/Infomessage for the operation.

}

Generates the CSRand stores it in itspath.

Method RequestBody

ResponseCode


DELETE None 200 {

Message: Success/Failure/Info message for theoperation.

}

Discard the generatedCSR.

13


Authentication

/certs/root:Generate, read or delete the root certificate resource.

Method Request Body Response Code Response Body Comment

GET None 200 Certificate content. Get the root certificate from the default path.

Method RequestBody

ResponseCode


POST {

file: Filetoupload.

}

200 {

Message: Success/Failure/Infomessage for the operation.

}

Write the root certificate to the default path.The request body contains the root CA data.

Method RequestBody

ResponseCode


DELETE None 200 {

Message: Success/Failure/Info message forthe operation.

}

Reset the root CA to itsdefault state.

14


Authentication

/certs/server:Generate, read or delete the signed server certificate resource.


GET None 200 Certificate content. Get the server certificate from the default path.

Method RequestBody

ResponseCode


POST {

file: Filetoupload.

}

200 {

Message:Success/Failure/Info message forthe operation.

}

Write the server certificate to the default path. The requestbody contains the server certificate data.

Note: Before you upload the server certificate using the POSTmethod, you must generate the CSR for the server certificate.

Method RequestBody

ResponseCode


DELETE None 200 {

Message: Success/Failure/Info messagefor the operation.

}

Reset the server certificate to itsdefault state.

15


Authentication

Common Between Cisco Expressway-C and Cisco Expressway-E

/common/adminaccount/configuration:PUSH, GET or PUT onto local database for authentication.

Method RequestBody

ResponseCode


GET None 200 {

AccessLevel: The access level of the administrator account. Default:Read-Write.

ApiAccess: Determines whether this account is allowed to access thesystems status and configuration using the Application ProgrammingInterface. Default: Yes.

EmergencyAccount: Select Yes to make this the emergency account.This special local account can log in to the VCS even when theAdministrator authentication source is set to Remote only. Default: No.

Name: Enter the username of this administrator account. Administratoraccounts enable people or external systems to access this system.This field is case sensitive. Range 1 to 128 characters.

State: Disable the account if required. When you disable an account,all access is denied to that account. Default: Enabled.

WebAccess: Determines whether this account is allowed to log in tothe system using the web interface. Default: Yes.

}

Fetch theadminaccountdetails.



16



POST {

AccessLevel: The access level of the administratoraccount. Default: Read-Write.

ApiAccess: Determines whether this account isallowed to access the systems status andconfiguration using the Application ProgrammingInterface. Default: Yes.

ConfirmPassword: Enter the password of thisadministrator account. Range: 1 to 1024.

EmergencyAccount: Select Yes to make this theemergency account. This special local account canlog in to the Expressway even when the Administratorauthentication source is set to Remote only. Default:No.

Name: Enter the username of this administratoraccount. Administrator accounts enable people orexternal systems to access this system. This field iscase sensitive. Range 1 to 128 characters.

Password: Enter the password of this administratoraccount. Range: 1 to 1024.

State: Disable the account if required. When youdisable an account, all access is denied to thataccount. Default: Enabled.

WebAccess: Determines whether this account isallowed to log in to the system using the webinterface. Default: Yes.

}

200 {

Message:Success/Failure/Infomessage for theoperation.

}

Create anadminaccountconfiguration.



17



PUT {

AccessLevel: The access level of the administratoraccount. Default: Read-Write.

ApiAccess: Determines whether this account is allowed toaccess the systems status and configuration using theApplication Programming Interface. Default: Yes.

EmergencyAccount: Select Yes to make this theemergency account. This special local account can log into the Expressway even when the Administratorauthentication source is set to Remote only. Default: No.

Name: Enter the username of this administrator account.Administrator accounts enable people or external systemsto access this system. This field is case sensitive. Range 1to 128 characters.

NewName: Enter the new username of this administratoraccount. Administrator accounts enable people or externalsystems to access this system. This field is case sensitive.Range: 0 to 128.

State: Disable the account if required. When you disablean account, all access is denied to that account. Default:Enabled.

WebAccess: Determines whether this account is allowedto log in to the system using the web interface. Default:Yes.

}

200 {


}

Updatean adminaccount.

Method RequestBody

ResponseCode


DELETE None 200 {


}

Reset the root CA to itsdefault state.

common/adminaccount/changepassword:PUT on to the local database for authentication.



18



PUT {

ConfirmPassword: Enter the password of thisadministrator account. Range: 1 to 1024.

Name: Enter the username of this administrator account.Administrator accounts enable people or externalsystems to access this system. This field is casesensitive. Range: 0 to 128.

Password: Enter the password of this administratoraccount. Range: 1 to 1024.

YourCurrentPassword: Enter your current password toauthorize this change. Range: 1 to 1024.

}

Required: Name, Password, ConfirmPassword,YourCurrentPassword

200 {


}

Create anadminaccountpassword.

/common/certs/sch:Read or update the Smart Call Home (SCH) server certificate resource.

Method RequestBody

ResponseCode


GET None 200 Certificatecontent.

Get the Smart Call Home server certificate from itspath.

Method RequestBody

ResponseCode


PUT {

file: filetoupload.

}

200 {


}

Write the Smart Call Home server certificate to itspath. The request body contains the SCH servercertificate data.

/common/credential:Create, read, update or delete credentials.

Method RequestBody

ResponseCode


GET None 200 {

Name: The list of usernames used by the Expressway whenauthenticating with another system. Range: 1 to 1024characters.

}

Read locallyauthenticated namesof neighbors.

19





POST {

Name: The name required for entry in the localauthentication database. Range: 1 to 1024 characters.

Password: The password required for this entry in thelocal authentication database. The maximum plain textlength is 128 characters, which will then be encrypted.

}

Required: Name, Password.

200 {

Message:Success/Failure/Infomessage for theoperations.

}

Adds anewcredential.



PUT {

Name: The username used by the Expresswaywhen authenticating with another system.Range: 1 to 1024 characters.

NewName: Change the existing credentialname to another name. Range: 1 to 1024characters.

Password: Change password of the existingcredential. The maximum plaintext length is128 characters, which is then encrypted.

}

Required: Name.

200 {


}

Update either name,password or both foran existingcredential.



DELETE {

Name: The name of thecredential to be deleted.

}

Required: Name.

200 {


}

Delete acredential.

20



/common/current/active/firewallrules:Get the active firewall rules.

Method RequestBody

ResponseCode


GET None 200 {

action: The action to take against any IP traffic that matchesthe rule.

address: Determine the IP addresses to which the rule applies.Maximum: 1024. Minimum: 1.

description: An optional free-form description of the firewallrule. Range 0 to 255 characters.

end_port: The upper port in the range to which the rule applies.Maximum: 65535. Minimum: 0.

interface: The LAN interface on which you want to controlaccess. Default: LAN1.

prefix_length: The field determines the range of the range of IPadresses to which the rule applies. Maximum: 128. Minimum: 0.

priority: The order in which the firewall rules are applied.Maximum: 65534. Minimum: 1.

service: The service to which the rule applies, or chooseCustom to specify your own transport type and port ranges.

start_port: The lower port in the range to which the ruleapplies. Maximum: 65535. Minimum: 0.

transport: The transport protocol to which the rule applies.

}

Get the activefirewall rulespresent.

21



/common/defaultlinks:Check or create the default links.



POST DefaultLinksAdd 200 {


}

Performs the DefaultLinksAdd operation, whichchecks for the system-created default links andreturns a status OK. Creates the default links ifdeleted and returns status.

22



/common/dns/dns:Update or read the Domain Name System (DNS) data.

Method RequestBody

ResponseCode


GET None 200 {

DNSRequestsPortRange: Determines whether outgoing DNS queriesuse the system's normal ephemeral port range, or a custom port rangethat you can configure. Default: EphemeralPortRange.

DNSRequestsPortRangeEnd: The upper source port in the range usedfor sending DNS queries. Requests choose a random port from thisrange. Warning: setting a small source port range increases yourvulnerability to DNS spoofing attacks. Default: 65534.

DNSRequestsPortRangeStart: The lower source port in the range usedfor sending DNS queries. Requests choose a random port from thisrange. Warning: setting a small source port range increases yourvulnerability to DNS spoofing attacks. Default: 1024.

DomainName: The name to be appended to an unqualified host namebefore querying the DNS server. Used when attempting to resolveunqualified domain names for NTP, LDAP, external manager andremote syslog servers. May also be used along with the local Systemhost name to identify references to this system in SIP messaging.

SystemHostName: Defines the DNS hostname that this system is knownby. Note that this is not the Fully Qualified Domain Name, just the hostlabel portion. The name can only contain letters, digits, hyphens andunderscores. The first character must be a letter and the last charactermust be a letter or a digit. Range 0 to 63 characters.

}

Readsthe DNSdata.

23





PUT {

DNSRequestsPortRange: Determines whether outgoingDNS queries use the system's normal ephemeral portrange, or a custom port range that you can configure.Default: EphemeralPortRange.

DNSRequestsPortRangeEnd: The upper source port in therange used for sending DNS queries. Requests choose arandom port from this range. Warning: setting a smallsource port range increases your vulnerability to DNSspoofing attacks. Default: 65534.

DNSRequestsPortRangeStart: The lower source port in therange used for sending DNS queries. Requests choose arandom port from this range. Warning: setting a smallsource port range increases your vulnerability to DNSspoofing attacks. Default: 1024.

DomainName: The name to be appended to an unqualifiedhost name before querying the DNS server. Used whenattempting to resolve unqualified domain names for NTP,LDAP, external manager and remote syslog servers. Mayalso be used along with the local System host name toidentify references to this system in SIP messaging.

SystemHostName: Defines the DNS hostname that thissystem is known by. Note that this is not the Fully QualifiedDomain Name, just the host label portion. The name canonly contain letters, digits, hyphens and underscores. Thefirst character must be a letter and the last character mustbe a letter or a digit. Range 0 to 63 characters.

}

200 {


}

Updatethe DNSdata.

24



/common/dns/dnsperdomainserver:Create, read, update or delete the per domain DNS server information.

Method RequestBody

ResponseCode


GET None 201 {

address: The IP address of the DNS server to use only whenresolving hostnames for the associated domain names. Range: 1 to1024 characters.

domain1: The domain names to be resolved by this particular DNSserver. You can specify either 1 or 2 domain names. Range: 1 to1024 characters.

domain2: The domain names to be resolved by this particular DNSserver. You can specify either 1 or 2 domain names. Range: 1 to1024 characters.

index: Index is a priority parameter for the DNS server. Range 1 to5.

}

Read the perdomain DNSserver.



POST {

"PerDomainDNSServer":

{

address: The IP address of the DNS server to use only whenresolving hostnames for the associated domain names.Range: 1 to 1024 characters.

domain1: The domain names to be resolved by thisparticular DNS server. You can specify either 1 or 2 domainnames. Range: 1 to 1024 characters.


index: Index is a priority parameter for the DNS server.Range 1 to 5.

}

}

200 {


}

Update theper domainDNS server.

25





PUT {

"PerDomainDNSServer":

{

address: The IP address of the DNS server to use only whenresolving hostnames for the associated domain names.Range: 1 to 1024 characters.



index: Index is a priority parameter for the DNS server.Range 1 to 5.

}

}

200 {

Message:Success/Failure/Info message forthe operations.

}

Update theper domainDNS server.



DELETE index: Index is a priorityparameter for the DNSserver.

200 {


}

Delete the DNS per domainserver provided in the inputdata.

26



/common/dns/dnsserver:Create, read, update or delete the Domain Name System (DNS) server information

Method RequestBody

ResponseCode


GET None 200 {

address: The IP address of a default DNS server to use when resolvingdomain names. You can specify up to 5 servers. The API willupdate/create one server at a time. The default DNS servers are used ifthere is no per-domain DNS server defined for the domain being lookedup. Range 1 to 1024 characters.

index: Index is a priority parameter for the DNS server.

}

Read theDNSserverdata fromthe CDB.



POST {


{

address: The IP address of a default DNS server to use whenresolving domain names. You can specify up to 5 servers. TheAPI will update/create one server at a time. The default DNSservers are used if there is no per-domain DNS server definedfor the domain being looked up. Range 1 to 1024 characters.


}

}

201 {


}

Createthe perdomainDNSserver.



PUT {


{

address: The IP address of a default DNS server to use whenresolving domain names. You can specify up to 5 servers. TheAPI will update/create one server at a time. The default DNSservers are used if there is no per-domain DNS server definedfor the domain being looked up. Range 1 to 1024 characters.


}

}

200 {


}

Updatethe DNSserverdata.

27





DELETE index: Index is a priorityparameter for the DNS server

200 {


}

Delete the DNSserver provided.

28



/common/domain:Create, read or update the domain configuration.

Method RequestBody

ResponseCode


GET None 201 {

EdgeSip: Service status of EdgeSIP domain. Endpoint registration,call control and provisioning for this SIP domain is serviced by UnifiedCM. The Expressway acts as a Unified CM gateway to provide securefirewall traversal and line-side support for Cisco UnifiedCommunications Manager registrations.

EdgeXmpp: Service status of the XMPP domain. Cisco UnifiedCommunications Manager IM and Presence Service provides instantmessaging and presence services for this SIP domain.

Index: The index value of the domain. Range 1 to 200 characters.

Name: The name of the domain managed by this Expressway. Youmust configure which services are supported for this domain. Thedomain name can comprise multiple levels. Each level's name canonly contain letters, digits and hyphens, with each level separated bya period (dot). A level name cannot start or end with a hyphen, andthe final level name must start with a letter. An example valid domainname is 100.example-name.com. Range: 1 to 1024 characters.

XmppFederation: Indicates that XMPP federated services will beprovided for this local domain. Note that if static routes for federatedforeign domains are required, you can configure them on the CiscoExpressway-E.

}

Read thedomain andits otherrelatedinformation.

29




ResponseBody

Comment

POST {

EdgeSip: Endpoint registration, call control and provisioning for thisSIP domain is serviced by Cisco Unified Communications Manager.The Expressway acts as a Cisco Unified Communications Managergateway to provide secure firewall traversal and line-side supportfor Cisco Unified Communications Manager registrations.

EdgeXmpp:Cisco Unified Communications Manager IM andPresence Service provides instant messaging and presenceservices for this SIP domain.

XmppFederation: Indicates that XMPP federated services will beprovided for this local domain. Note that if static routes forfederated foreign domains are required, you can configure them onthe Cisco Expressway-E.

Name: The name of the domain managed by this Expressway. Youmust configure which services are supported for this domain. Thedomain name can comprise multiple levels. Each level's name canonly contain letters, digits and hyphens, with each level separatedby a period (dot). A level name cannot start or end with a hyphen,and the final level name must start with a letter. An example validdomain name is 100.example-name.com. Range: 1 to 1024characters.

}

201 {

Message:Success/Failure/Infomessage fortheoperations.

}

Add adomain.

30





PUT {

EdgeSip: Endpoint registration, call control and provisioning forthis SIP domain is serviced by Cisco Unified CommunicationsManager. The Expressway acts as a Cisco UnifiedCommunications Manager gateway to provide secure firewalltraversal and line-side support for Cisco UnifiedCommunications Manager registrations.

EdgeXmpp:Cisco Unified Communications Manager IM andPresence Service provides instant messaging and presenceservices for this SIP domain.

XmppFederation: Indicates that XMPP federated services willbe provided for this local domain. Note that if static routes forfederated foreign domains are required, you can configurethem on the Cisco Expressway-E.

Name: The name of domain. You must configure whichservices are supported for this domain. The domain name cancomprise multiple levels. Each level's name can only containletters, digits and hyphens, with each level separated by aperiod (dot). A level name cannot start or end with a hyphen,and the final level name must start with a letter. An examplevalid domain name is 100.example-name.com. Range: 1 to1024 characters.

NewName: The name of the new domain. You must configurewhich services are supported for this domain. The domainname can comprise multiple levels. Each level's name can onlycontain letters, digits and hyphens, with each level separatedby a period (dot). A level name cannot start or end with ahyphen, and the final level name must start with a letter. Anexample valid domain name is 100.example-name.com.Range: 1 to 1024 characters.

}

200 {

Message:Success/Failure/Info messagefor theoperations.

}

Updatethedomain.



DELETE {

Name: Name of the domain tobe deleted.

}

Required: Name.

200 {

Message: Success/Failure/Info messagefor the operations

}

Delete thedomain.

31



/common/firewallrules/activation:Activate a firewall rules.


PUT Activate firewall rules.

32



/common/firewallrules/configuration:CRUD for firewall rules.

Method RequestBody

ResponseCode


GET None 200 {

action: The action to take against any IP traffic that matches therule.

address: Determine the IP addresses to which the rule applies.Range 1 to 1024.

description: An optional free-form description of the firewall rule.Range 0 to 255.

end_port: The upper port in the range to which the rule applies.Range 0 to 65525.

index: The unique ID of the firewall rule.

interface: The LAN interface on which you want to controlaccess. Default: LAN1.

}prefix_length: The field determines the range of the range of IPadresses to which the rule applies. Range 1 to 6554.

priority: The order in which the firewall rules are applied.

service: The service to which the rule applies, or choose Customto specify your own transport type and port ranges.

start_port: The lower port in the range to which the rule applies.Range 0 to 65535.

transport: The transport protocol to which the rule applies.

}

Gets the firewallrules present.

33





POST {

action: The action to take against any IP trafficthat matches the rule.

address: Determine the IP addresses to which therule applies. Range 1 to 1024.

description: An optional free-form description ofthe firewall rule. Range 0 to 255.

end_port: The upper port in the range to which therule applies. Range 0 to 65525.


interface: The LAN interface on which you want tocontrol access. Default: LAN1.

prefix_length: The field determines the range ofthe range of IP adresses to which the rule applies.Range 0 to 128.

priority: The order in which the firewall rules areapplied. Range: 1 to 65534.

service: The service to which the rule applies, orchoose Custom to specify your own transport typeand port ranges.

start_port: The lower port in the range to whichthe rule applies. Range: 0 to 65535.

transport: The transport protocol to which the ruleapplies.

}

200 {


}

Create afirewall ruleconfiguration.

34





PUT {

action: The action to take against any IP traffic thatmatches the rule.

address: Determine the IP addresses to which therule applies. Range 1 to 1024.

description: An optional free-form description of thefirewall rule. Range 0 to 255.

end_port: The upper port in the range to which therule applies. Range 0 to 65525.


interface: The LAN interface on which you want tocontrol access. Default: LAN1.

}prefix_length: The field determines the range of therange of IP adresses to which the rule applies.Range 0 to 128.

priority: The order in which the firewall rules areapplied. Range: 1 to 65534.

service: The service to which the rule applies, orchoose Custom to specify your own transport typeand port ranges.

start_port: The lower port in the range to which therule applies. Range: 0 to 65535.

transport: The transport protocol to which the ruleapplies.

}

200 {


}

Updatethefirewallrules.



DELETE {

index: The unique ID ofthe firewall rule.

}

Required: index.

200 {


}

Delete a firewall ruleconfiguration.

35



/common/mra:Update or read the current Mobile and Remote Access (MRA) configuration.

Method RequestBody

ResponseCode


GET None 200 {

Enabled: Enable or disable Mobile and Remote Access (MRA).MRA allows endpoints such as Cisco Jabber to have theirregistration, call control, messaging and provisioning servicesprovided by Cisco Unified Communications Manager whenthe endpoint is not within the enterprise network. TheExpressway provides secure firewall traversal and line-sidesupport for Unified CM registrations.

IOSSafariPlugin: IOS Cisco Jabber client using Safari plugin.

SSO: Control SSO access.

SSODefaulted: Default SSO availability.

}

Required: Enabled.

Read theMRA configuration.


ResponseBody

Comment

PUT {

Enabled: Enable or disable Mobile and Remote Access (MRA).MRA allows endpoints such as Cisco Jabber to have theirregistration, call control, messaging and provisioning servicesprovided by Cisco Unified Communications Manager when theendpoint is not within the enterprise network. The Expresswayprovides secure firewall traversal and line-side support forUnified CM registrations.

IOSSafariPlugin: IOS Cisco Jabber client using Safari plugin.

SSO: Control SSO access.

SSODefaulted: Default SSO availability.

}

Required: Enabled.

200 {

Message:Success/Failure/Infomessagefor theoperation.

}

Update theMRAconfiguration.

36



/common/protocol/sip:CRUD operations for SIP STATUS Rest API.

Method RequestBody

ResponseCode


GET None 200 {

AllowCrlDownloadsFromCdps: Controls whether the download ofCRLs from the CDP URIs contained in X.509 certificates is allowed.Default: Yes.

CertRevocationCheckMode: Controls whether revocation checkingis performed for certificates exchanged during SIP TLS connectionestablishment. Default: On.

FallbackBehavior: Controls the revocation checking behavior.Default: TreatAsNotRevoked.

IPv4Mtls: status of IPv4 MTLS port.

IPv4Tcp: status of IPv4 TCP port.

IPv4TcpAddress: IPv4 TCP address.

IPv4Tls: status of IPv4 TLS port.

IPv4TlsAddress: IPv4 TLS address.

IPv4Udp: status of IPv4 UDP port.

IPv4UdpAddress: IPv4 UDP address.

iPv6Mtls: status of IPv6 MTLS port.

IPv6Tcp: status of IPv6 TCP port.

IPv6Tls: status of IPv6 TLS port.

IPv6Udp: status of IPv4 UDP port.

MinSessionRefreshInterval: Switch Mutual TLS mode on to enablea separate port to enforce Mutual TLS authentication on incomingSIP calls to this Expressway. Default: Off.

MutualTlsPort: The listening port for incoming SIP Mutual TLS calls.Default: 5062.

OutRegRefreshMax: The maximum allowed value for a SIPregistration refresh period for Outbound registrations. Requests fora value greater than this will result in a lower value being returned(calculated according to the Outbound registration refreshstrategy). Default: 3600. Range: 30 to 7200.

OutRegRefreshMin: The minimum allowed value for a SIPregistration refresh period for Outbound registrations. Requests fora value lower than this will result in the registration being rejectedwith a 423 Interval Too Brief response. Default: 600. Range 30 to3600.

Get the SIPconfiguration.

37



Method RequestBody

ResponseCode


OutRegRefreshStrategy: Method used to generate the SIP registrationexpiry period for Outbound registrations. The registration expiry periodis the period within which a SIP endpoint must re-register to prevent itsregistration expiring. Maximum: uses the lesser of the configuredmaximum refresh value and the value requested in the registration.Variable: generates a random value between the configured minimumrefresh value and the lesser of the configured maximum refresh valueand the value requested in the registration. Default: Variable.

SdpMaxSize: Specifies the maximum size of SDP payload that can behandled by the server (in bytes). Default: 32768. Range: 1 to 65536.

SessionRefreshInterval: The maximum time allowed between sessionrefresh requests for SIP calls. Default: 1800. Range 90 to 84600.

SessionRefreshInterval: The maximum time allowed between sessionrefresh requests for SIP calls. Default: 1800. Range 90 to 84600.

SipMode: "Determines whether or not the Expressway will provide SIPregistrar and SIP proxy functionality.This mode must be enabled inorder to use either the Presence Server or the Presence User Agent.Default: Off.

SipRegProxyMode: Specifies how the Expressway handles registrationrequests for domains for which it is not acting as a SIP registrar (non-local domains). Off: registration requests are not proxied. Proxy toknown only: registration requests are proxied in accordance withexisting call processing rules, but only to known neighbor, traversalclient and traversal server zones. Proxy to any: registration requests areproxied in accordance with existing call processing rules to all knownzones. Default: Off.

SipTcpConnectTimeout: Specifies the maximum number of seconds towait for an outgoing SIP TCP connection to be established. Default: 10.Range: 1 to 150.

StdRegRefreshMax: The maximum allowed value for a SIP registrationrefresh period for standard registrations. Requests for a value greaterthan this will result in a lower value being returned (calculatedaccording to the standard registration refresh strategy). Default: 60.Range: 30 to 7200.

StdRegRefreshMin: The minimum allowed value for a SIP registrationrefresh period for standard registrations. Requests for a value lowerthan this will result in the registration being rejected with a 423 IntervalToo Brief response. Default: 45. Range: 30 to 3600.

Method RequestBody

ResponseCode


38



StdRegRefreshStrategy: Method used to generate the SIP registrationexpiry period for standard registrations. The registration expiry period isthe period within which a SIP endpoint must re-register to prevent itsregistration expiring. Maximum: uses the lesser of the configuredmaximum refresh value and the value requested in the registration.Variable: generates a random value between the configured minimumrefresh value and the lesser of the configured maximum refresh valueand the value requested in the registration. Default: Maximum.

TcpMode: Determines whether incoming and outgoing SIP messagesusing the TCP protocol are allowed. Default: Off.

TcpOutboundPortEnd: Specifies the upper port in the range to be usedby outbound TCP/TLS SIP connections. Default: 29999. Range: 1024to 65534.

TcpOutboundPortStart: Specifies the lower port in the range to be usedby outbound TCP/TLS SIP connections. Default: 25000. Range: 1024to 65534.

TcpPort: The listening port for incoming SIP TCP connections. Default:5060. Range 1024 to 65534.

TlsHandshakeTimeout: Specifies the timeout period for TLS sockethandshake in seconds. Default: 5. Range: 1 to 120.

TlsMode: Determines whether incoming and outgoing SIP messagesusing the TLS protocol are allowed. Default: On.

TlsPort: The listening port for incoming SIP TLS connections. Default:5061. Range: 1024 to 65534.

UdpMode: Determines whether incoming and outgoing SIP messagesusing the UDP protocol are allowed. Default: On.

UdpPort: The listening port for incoming SIP UDP messages. Default:5060. Range: 1024 to 65534.

UseCrl: Controls whether the Certificate Revocation Lists (CRLs) maybe used to perform certificate revocation checking. Default: Yes.

UseOcsp: Controls whether the Online Certificate Status Protocol(OCSP) may be used to perform certificate revocation checking.Default: Yes.

Required: UdpPort, MutualTlsMode, TlsMode, TcpMode, UdpMode,SipMode, TcpPort, SessionRefreshInterval, TlsHandshakeTimeout,TcpOutboundPortEnd, TlsPort, MutualTlsPort, TcpOutboundPortStart,MinSessionRefreshInterval, CertRevocationCheckMode,OutRegRefreshStrategy, SipRegProxyMode, StdRegRefreshStrategy,StdRegRefreshMin, OutRegRefreshMin, StdRegRefreshMax,OutRegRefreshMax, SdpMaxSize, SipTcpConnectTimeout

}

39



/common/protocol/sip/advanced:CRUD operations for SIP Advanced Rest API.

Method RequestBody

ResponseCode


GET None 200 {

SdpMaxSize: Specifies the maximum size of SDP payload thatcan be handled by the server (in bytes). Default: 32768. Range 1to 65536.

SipTcpConnectTimeout: Specifies the maximum number ofseconds to wait for an outgoing SIP TCP connection to beestablished. Default: 10. Range 1 to 150.

}

Gets the SIPadvancedconfiguration.



PUT {

SdpMaxSize: Specifies the maximum size of SDPpayload that can be handled by the server (in bytes).Default: 32768. Range: 1 to 65536.

SipTcpConnectTimeout: Specifies the maximumnumber of seconds to wait for an outgoing SIP TCPconnection to be established. Default: 10. Range: 1 to150.

}

200 {


}

Update theSIP advancedconfiguration.

40



/common/protocol/sip/certrevokecheck:CRUD operations for SIP Certification Revoke Check Rest API.

Method RequestBody

ResponseCode


GET None 200 {

AllowCrlDownloadsFromCdps: Controls whether the download ofCRLs from the CDP URIs contained in X.509 certificates isallowed. Default: Yes.

CertRevocationCheckMode: Controls whether revocationchecking is performed for certificates exchanged during SIP TLSconnection establishment. Default: On.

FallbackBehavior: Controls the revocation checking behavior.Default: TreatAsNotRevoked.

UseCrl: Controls whether the Certificate Revocation Lists (CRLs)may be used to perform certificate revocation checking. Default:Yes.

UseOcsp: Controls whether the Online Certificate StatusProtocol (OCSP) may be used to perform certificate revocationchecking. Default: Yes.

}

Gets the SIPCertificationRevoke Check.



PUT {

AllowCrlDownloadsFromCdps: Controls whether thedownload of CRLs from the CDP URIs contained inX.509 certificates is allowed. Default: Yes.

CertRevocationCheckMode: Controls whetherrevocation checking is performed for certificatesexchanged during SIP TLS connection establishment.Default: On.

FallbackBehavior: Controls the revocation checkingbehavior. Default: TreatAsNotRevoked.

UseCrl: Controls whether the Certificate RevocationLists (CRLs) may be used to perform certificaterevocation checking. Default: Yes.

UseOcsp: Controls whether the Online CertificateStatus Protocol (OCSP) may be used to performcertificate revocation checking. Default: Yes.

}

200 {


}

Update theSIPconfiguration.

41



/common/protocol/sip/configuration:CRUD operations for SIP Configuration Rest API.

Method RequestBody

ResponseCode


GET None 200 {

MinSessionRefreshInterval: The minimum value the VCS willnegotiate for the session refresh interval for SIP calls. Default: 500.Range: 90 to 84600.

MutualTlsMode: Switch Mutual TLS mode on to enable a separateport to enforce Mutual TLS authentication on incoming SIP calls tothis Expressway. Default: Off.

MutualTlsPort: The listening port for incoming SIP Mutual TLScalls. Default: 5062. Range: 90 to 84600.

SessionRefreshInterval: The maximum time allowed betweensession refresh requests for SIP calls. Default: 1800. Range: 90 to84600.

SipMode: Determines whether or not the Expressway will provideSIP registrar and SIP proxy functionality. This mode must beenabled in order to use either the Presence Server or the PresenceUser Agent. Default: Off.

TcpMode: Determines whether incoming and outgoing SIPmessages using the TCP protocol are allowed. Default: Off.

TcpOutboundPortEnd: Specifies the upper port in the range to beused by outbound TCP/TLS SIP connections. Default: 29999.Range: 1024 to 65534.

TcpOutboundPortStart: Specifies the lower port in the range to beused by outbound TCP/TLS SIP connections. Default: 2500.Range: 1024 to 65534.

TcpPort: The listening port for incoming SIP TCP connections.Default: 5060. Range: 1024 to 65534.

TlsHandshakeTimeout: Specifies the timeout period for TLS sockethandshake in seconds. Default: 5. Range: 1 to 120.

TlsMode: Determines whether incoming and outgoing SIPmessages using the TLS protocol are allowed. Default: On.

TlsPort: The listening port for incoming SIP TLS connections.Default: 5061. Range: 1024 to 65534.

UdpMode: Determines whether incoming and outgoing SIPmessages using the UDP protocol are allowed. Default: On.

UdpPort: The listening port for incoming SIP UDP messages.Default: 5060. Range: 1024 to 65534.

}

Gets the SIPadvancedconfiguration.

42





PUT {

MinSessionRefreshInterval: The minimum value theVCS will negotiate for the session refresh interval forSIP calls. Default: 500. Range: 90 to 84600.

MutualTlsMode: Switch Mutual TLS mode on toenable a separate port to enforce Mutual TLSauthentication on incoming SIP calls to thisExpressway. Default: Off.

MutualTlsPort: The listening port for incoming SIPMutual TLS calls. Default: 5062. Range: 90 to 84600.

SessionRefreshInterval: The maximum time allowedbetween session refresh requests for SIP calls.Default: 1800. Range: 90 to 84600.

SipMode: Determines whether or not the Expresswaywill provide SIP registrar and SIP proxy functionality.This mode must be enabled in order to use either thePresence Server or the Presence User Agent. Default:Off.

TcpMode: Determines whether incoming and outgoingSIP messages using the TCP protocol are allowed.Default: Off.

TcpOutboundPortEnd: Specifies the upper port in therange to be used by outbound TCP/TLS SIPconnections. Default: 29999. Range: 1024 to 65534.

TcpOutboundPortStart: Specifies the lower port in therange to be used by outbound TCP/TLS SIPconnections. Default: 2500. Range: 1024 to 65534.

TcpPort: The listening port for incoming SIP TCPconnections. Default: 5060. Range: 1024 to 65534

TlsHandshakeTimeout: Specifies the timeout periodfor TLS socket handshake in seconds. Default: 5.Range: 1 to 120.

TlsMode: Determines whether incoming and outgoingSIP messages using the TLS protocol are allowed.Default: On.

TlsPort: The listening port for incoming SIP TLSconnections. Default: 5061. Maximum: 65534.Minimum: 1024. Range: 1024 to 65534.

UdpMode: Determines whether incoming and outgoingSIP messages using the UDP protocol are allowed.Default: On.

UdpPort: The listening port for incoming SIP UDPmessages. Default: 5060. Range: 1024 to 65534

}

200 {


}

Update theSIP advancedconfiguration.

43



/common/protocol/sip/registrationcontrol:CRUD operations for SIP Registration Control Rest API.

Method RequestBody

ResponseCode


GET None 200 {

OutRegRefreshMax: The maximum allowed value for a SIPregistration refresh period for Outbound registrations. Requests for avalue greater than this will result in a lower value being returned(calculated according to the Outbound registration refresh strategy).Default: 3600. Range 30 to 7200.

OutRegRefreshMin: The minimum allowed value for a SIP registrationrefresh period for Outbound registrations. Requests for a value lowerthan this will result in the registration being rejected with a 423Interval Too Brief response. Default: 600. Range: 30 to 3600.

OutRegRefreshStrategy: Method used to generate the SIP registrationexpiry period for Outbound registrations. The registration expiry periodis the period within which a SIP endpoint must re-register to preventits registration expiring. Maximum: uses the lesser of the configuredmaximum refresh value and the value requested in the registration.Variable: generates a random value between the configured minimumrefresh value and the lesser of the configured maximum refresh valueand the value requested in the registration. Default: Variable.

SipRegProxyMode: Specifies how the Expressway handlesregistration requests for domains for which it is not acting as a SIPregistrar (non-local domains). Off: registration requests are notproxied. Proxy to known only: registration requests are proxied inaccordance with existing call processing rules, but only to knownneighbor, traversal client and traversal server zones. Proxy to any:registration requests are proxied in accordance with existing callprocessing rules to all known zones. Default: Off.

StdRegRefreshMax: The maximum allowed value for a SIP registrationrefresh period for standard registrations. Requests for a value greaterthan this will result in a lower value being returned (calculatedaccording to the standard registration refresh strategy). Default: 60.Range: 30 to 3600.

Get the SIPregistrationcontrol.

44



Method RequestBody

ResponseCode


std_reg_refresh_min: The minimum allowed value for a SIP registrationrefresh period for standard registrations. Requests for a value lowerthan this will result in the registration being rejected with a 423 IntervalToo Brief response. Default: 45. Range: 30 to 3600.

std_reg_refresh_strategy: Method used to generate the SIP registrationexpiry period for standard registrations. The registration expiry period isthe period within which a SIP endpoint must re-register to prevent itsregistration expiring. Maximum: uses the lesser of the configuredmaximum refresh value and the value requested in the registration.Variable: generates a random value between the configured minimumrefresh value and the lesser of the configured maximum refresh valueand the value requested in the registration. Default: Maximum.

}

45





PUT {

out_reg_refresh_max: The maximum allowed value for aSIP registration refresh period for Outboundregistrations. Requests for a value greater than this willresult in a lower value being returned (calculatedaccording to the Outbound registration refresh strategy).Default: 3600. Range: 30 to 3600.

out_reg_refresh_min: The minimum allowed value for aSIP registration refresh period for Outboundregistrations. Requests for a value lower than this willresult in the registration being rejected with a 423Interval Too Brief response. Default: 600. Range: 30 to3600.

out_reg_refresh_strategy: Method used to generate theSIP registration expiry period for Outbound registrations.The registration expiry period is the period within which aSIP endpoint must re-register to prevent its registrationexpiring. Maximum: uses the lesser of the configuredmaximum refresh value and the value requested in theregistration. Variable: generates a random valuebetween the configured minimum refresh value and thelesser of the configured maximum refresh value and thevalue requested in the registration. Default: Variable.

sip_reg_proxy_mode: Specifies how the Expresswayhandles registration requests for domains for which it isnot acting as a SIP registrar (non-local domains). Off:registration requests are not proxied. Proxy to knownonly: registration requests are proxied in accordancewith existing call processing rules, but only to knownneighbor, traversal client and traversal server zones.Proxy to any: registration requests are proxied inaccordance with existing call processing rules to allknown zones. Default: Off.

200 {


}

Update theSIPregistrationcontrol.

46




ResponseBody

Comment

std_reg_refresh_max: The maximum allowed value for a SIPregistration refresh period for standard registrations. Requests for avalue greater than this will result in a lower value being returned(calculated according to the standard registration refresh strategy).Default: 60. Range: 30 to 3600.

std_reg_refresh_min: The minimum allowed value for a SIPregistration refresh period for standard registrations. Requests for avalue lower than this will result in the registration being rejected witha 423 Interval Too Brief response. Default: 45. Range: 30 to 3600.

std_reg_refresh_strategy: Method used to generate the SIPregistration expiry period for standard registrations. The registrationexpiry period is the period within which a SIP endpoint must re-register to prevent its registration expiring. Maximum: uses the lesserof the configured maximum refresh value and the value requested inthe registration. Variable: generates a random value between theconfigured minimum refresh value and the lesser of the configuredmaximum refresh value and the value requested in the registration.Default: Maximum.

}

47



/common/qos:Read or update the current Quality of Service(QoS) configuration.

Method RequestBody

ResponseCode


GET None 200 {

Audio: The DSCP value to be stamped onto SIP and H.323 audiomedia traffic routed through the Expressway. Note: you mustrestart the system for any changes to take effect. Default: 46.Range 0 to 63.

Signaling: The DSCP value to be stamped onto all SIP and H.323signaling traffic routed through the Expressway. Note: you mustrestart the system for any changes to take effect. Default: 24.Range 0 to 63.

Video: The DSCP value to be stamped onto SIP and H.323 videomedia traffic routed through theExpressway. Note: you must restartthe system for any changes to take effect. Default: 34. Range 0 to63.

XMPP: The DSCP value to be stamped onto XMPP traffic routedthrough theExpressway. Note: you must restart the system for anychanges to take effect. Default: 24. Range 0 to 63.

}

Read the QoSconfiguration.

48





PUT {

Audio: The DSCP value to be stamped onto SIP and H.323audio media traffic routed through the Expressway. Note:you must restart the system for any changes to take effect.Default: 46. Range 0 to 63.

Signaling: The DSCP value to be stamped onto all SIP andH.323 signaling traffic routed through the Expressway.Note: you must restart the system for any changes to takeeffect. Default: 24. Range 0 to 63.

Video: The DSCP value to be stamped onto SIP and H.323video media traffic routed through theExpressway. Note:you must restart the system for any changes to take effect.Default: 34. Range 0 to 63.

XMPP: The DSCP value to be stamped onto XMPP trafficrouted through theExpressway. Note: you must restart thesystem for any changes to take effect. Default: 24. Range 0to 63.

}

200 {

Message:Success/Failure/ Infomessage forthe operation.

}

Update QoSconfiguration.

49



/common/sch:Update or get the Smart Call Home configuration.

Method RequestBody

ResponseCode


GET None 200 {

ContactEmail: Contact email address. Range 1 to1024 characters.

ContactName: Contact name. Range 1 to 1024characters.

ContactTelephone: Contact telephone number.Range 1 to 1024 characters.

Message: Smart Call Home final configurationmessage. Range 1 to 1024 characters.

OrganizationAddress: Address of the organization.Range 1 to 1024 characters.

OrganizationName: Name of the organization. Range1 to 1024 characters.

SmartCallHome: Smart Call Home mode.

}

Reads the Smart CallHome configuration.

50





PUT {

ContactEmail: Contact email address. Range 1 to1024 characters.

ContactName: Contact name. Range 1 to 1024characters.

ContactTelephone: Contact telephone number.Range 1 to 1024 characters.

Message: Smart Call Home Final configurationmessage. Range 1 to 1024 characters.

OrganizationAddress: Address of the organization.Range 1 to 1024 characters.

OrganizationName: Name of the organization. Range1 to 1024 characters.

SmartCallHome: Smart Call Home mode.

SmartCallHome: Select your preferred Smart CallHome mode. Off: The Expressway does not call home.On: Turns on the Smart Call Home service. This optionrequires some contact details from you, so that wecan alert you to issues that the Expressway reports toSmart Call Home. On (Anonymous): Turns on theSmart Call Home service in Anonymous mode. TheExpressway still reports to Smart Call Home, but youdo not receive notifications.

}

200 {

ContactEmail:Contact emailaddress. Range 1 to1024 characters.

ContactName:Contact name.Range 1 to 1024characters.

ContactTelephone:Contact telephonenumber. Range 1 to1024 characters.

Message: Smart CallHome finalconfigurationmessage. Range 1 to1024 characters.

OrganizationAddress:Address of theorganization. Range1 to 1024 characters.

OrganizationName:Name of theorganization. Range1 to 1024 characters.

SmartCallHome:Smart Call Homemode.

}

Updates theSmart CallHomeconfiguration.

51



/common/searchrule:Create, read, update or delete the search rule information.

Method RequestBody

ResponseCode


GET None 201 {

Description: A free-form description of the search rule. Range 0 to64 characters.

Mode: The type of alias for which this search rule applies.AliasPatternMatch: the alias must match the specified pattern typeand string. AnyAlias: any alias (providing it is not an IP address) isallowed. AnyIPAddress: the alias must be an IP address. Default:AnyAlias.

MustAuthenticateRequest: Specifies whether this search ruleapplies only to authenticated search requests. Default: No.

Name: The name of the SearchRule. Range 0 to 50 characters.

OnSuccessfulMatch: Specifies the ongoing search behavior if thealias matches all of the search rule's conditions. Continue: continueapplying the remaining search rules (in priority order) until theendpoint identified by the alias is found. Stop: any remaining searchrules with a lower priority are not applied, even if the endpointidentified by the alias is ultimately not found. Default: Continue.

PatternBehavior: Determines whether the matched part of the aliasis modified before being sent to the target zone or policy service.(Applies to Alias Pattern Match mode only.) Leave: the alias is notmodified. Strip: the matching prefix or suffix is removed from thealias. Replace: the matching part of the alias is substituted with thetext in the replace string. Default: Strip.

PatternString: The pattern against which the alias is compared.(Applies to Alias pattern match mode only.) Note: if the pattern stringis a Regex, you can refer to the regular expressions reference tablein the online help.

PatternType: How the pattern string must match the alias for the ruleto be applied. (Applies to Alias Pattern Match mode only.) Exact: theentire string must exactly match the alias character for character.Prefix: the string must appear at the beginning of the alias. Suffix:the string must appear at the end of the alias. Regex: the string istreated as a regular expression. Default: Prefix.

Fetches (all/ by name)the searchrulesdefinedalong withtheirparameters.

52



Method RequestBody

ResponseCode


Priority: The order in the search process that this rule is applied, whencompared to the priority of the other search rules. All priority 1 searchrules are applied first, followed by all priority 2 search rules, and so on.Default 100. Range 1 to 65534.

Protocol: The source protocol for which this rule applies. Default: Any.

ReplaceString: The string to substitute for the part of the alias thatmatches the pattern. (Applies to Replace pattern behavior only). Range0 to 60.

SIPVariant: Select which type of SIP messages this search rule willprocess. Choose MicrosoftAny if you want the search rule to routeMicrosoftSIP and MicrosoftIMP. Choose Standard to ignore Microsofttypes and route standards-compliant SIP, or choose Any to route alltypes. Default: Any.

Source: The sources of the requests for which this rule applies. Any:locally registered devices, neighbor or traversal zones, and any non-registered devices. AllZones: locally registered devices plus neighboror traversal zones. LocalZone: locally registered devices only. Named:a specific zone or subzone. Default: Any.

SourceName: The specific source zone or subzone for which this ruleapplies. Choose from the Default Zone, Default Subzone or any otherconfigured zone or subzone.

State: Indicates if the search rule is enabled or disabled. Disabledsearch rules are ignored. Default: Enabled.

SystemGenerated: The status of the zone.

TargetName: The zone name or policy service name to query if the aliasmatches the search rule. Range 1 to 60.

}

Required: SIPVariant, Protocol, Name, ReplaceString,OnSuccessfulMatch, SourceName, TargetName, PatternString, State,Priority, Source, PatternType, Mode, PatternBehavior,MustAuthenticateRequest.

53




ResponseBody

Comment

POST {

Description: A free-form description of the search rule. Range 0 to 64characters.

Mode: The type of alias for which this search rule applies.AliasPatternMatch: the alias must match the specified pattern typeand string. AnyAlias: any alias (providing it is not an IP address) isallowed. AnyIPAddress: the alias must be an IP address. Default:AnyAlias.

MustAuthenticateRequest: Specifies whether this search rule appliesonly to authenticated search requests. Default: No.


OnSuccessfulMatch: Specifies the ongoing search behavior if thealias matches all of the search rule's conditions. Continue: continueapplying the remaining search rules (in priority order) until theendpoint identified by the alias is found. Stop: any remaining searchrules with a lower priority are not applied, even if the endpointidentified by the alias is ultimately not found. Default: Continue.

PatternBehavior: Determines whether the matched part of the alias ismodified before being sent to the target zone or policy service.(Applies to Alias Pattern Match mode only.) Leave: the alias is notmodified. Strip: the matching prefix or suffix is removed from thealias. Replace: the matching part of the alias is substituted with thetext in the replace string. Default: Strip.

PatternString: The pattern against which the alias is compared.(Applies to Alias pattern match mode only.) Note: if the pattern stringis a Regex, you can refer to the regular expressions reference table inthe online help.

PatternType: How the pattern string must match the alias for the ruleto be applied. (Applies to Alias Pattern Match mode only.) Exact: theentire string must exactly match the alias character for character.Prefix: the string must appear at the beginning of the alias. Suffix: thestring must appear at the end of the alias. Regex: the string is treatedas a regular expression. Default: Prefix.

200 {


}

Create anewsearchrule.

54




ResponseBody

Comment

Priority: The order in the search process that this rule is applied, whencompared to the priority of the other search rules. All priority 1 searchrules are applied first, followed by all priority 2 search rules, and soon. Default 100. Range 1 to 65534.

Protocol: The source protocol for which the rule applies. Default: Any.

ReplaceString: The string to substitute for the part of the alias thatmatches the pattern. (Applies to Replace pattern behavior only).Range 0 to 60.


Source: The sources of the requests for which this rule applies. Any:locally registered devices, neighbor or traversal zones, and any non-registered devices. AllZones: locally registered devices plus neighboror traversal zones. LocalZone: locally registered devices only.Named: a specific zone or subzone. Default: Any.



TargetName: The zone name or policy service name to query if thealias matches the search rule. Range 1 to 60.

}

Required: Name, Priority, TargetName.

55




ResponseBody

Comment

PUT Description: A free-form description of the search rule. Range 0to 64 characters.

Mode: The type of alias for which this search rule applies.AliasPatternMatch: the alias must match the specified patterntype and string. AnyAlias: any alias (providing it is not an IPaddress) is allowed. AnyIPAddress: the alias must be an IPaddress. Default: AnyAlias.

MustAuthenticateRequest: Specifies whether this search ruleapplies only to authenticated search requests. Default: No.


NewName: The name of the SearchRule. Range 0 to 50characters.

OnSuccessfulMatch: Specifies the ongoing search behavior if thealias matches all of the search rule's conditions. Continue:continue applying the remaining search rules (in priority order)until the endpoint identified by the alias is found. Stop: anyremaining search rules with a lower priority are not applied, evenif the endpoint identified by the alias is ultimately not found.Default: Continue.

PatternBehavior: Determines whether the matched part of thealias is modified before being sent to the target zone or policyservice. (Applies to Alias Pattern Match mode only.) Leave: thealias is not modified. Strip: the matching prefix or suffix isremoved. from the alias. Replace: the matching part of the alias issubstituted with the text in the replace string. Default: Strip.

PatternString: The pattern against which the alias is compared.(Applies to Alias pattern match mode only.) Note: if the patternstring is a Regex, you can refer to the regular expressionsreference table in the online help.

PatternType: How the pattern string must match the alias for therule to be applied. (Applies to Alias Pattern Match mode only.)Exact: the entire string must exactly match the alias character forcharacter. Prefix: the string must appear at the beginning of thealias. Suffix: the string must appear at the end of the alias. Regex:the string is treated as a regular expression. Default: Prefix.

200 {


}

Update theconfigurationof an existingsearch rule

56




ResponseBody

Comment

Priority: The order in the search process that this rule is applied, whencompared to the priority of the other search rules. All priority 1 searchrules are applied first, followed by all priority 2 search rules, and soon. Default 100. Range 1 to 65534.

Protocol: The source protocol for which this rule applies. Default:Any.

ReplaceString: The string to substitute for the part of the alias thatmatches the pattern. (Applies to Replace pattern behavior only).Range 0 to 60.


Source: The sources of the requests for which this rule applies. Any:locally registered devices, neighbor or traversal zones, and any non-registered devices. AllZones: locally registered devices plus neighboror traversal zones. LocalZone: locally registered devices only.Named: a specific zone or subzone. Default: Any.



TargetName: The zone name or policy service name to query if thealias matches the search rule. Range 1 to 60.

}

Required: Name.



DELETE {

Name: The name of the SearchRule.Range: 1 to 50.

}

Required: Name.

200 {


}

Deletinga searchrule.

57



/common/time/ntpserver:Read, update or delete the NTP server details.

Method RequestBody

ResponseCode


GET None. 200 {

Address: Sets the IP address or Fully Qualified Domain Name (FQDN) ofup to 5 NTP servers to be used when synchronizing system time. Range1 to 1024.

Authentication: The type of NTP server authentication to use. Disabled:no authentication is used. Symmetric key: uses key values entered herethat must match exactly the equivalent settings on the NTP server.Private key: uses an automatically generated private key with which toauthenticate messages sent to the NTP server. Default: disabled.

Hash: The cryptographic hash type to use with NTP symmetricauthentication. It must match the hash type for the specified key on theNTP server. Default: SHA-1.

KeyId: The key identifier to use with NTP symmetric authentication. Itmust match a trusted key on the NTP server.

PassPhrase: The pass phrase to use with NTP symmetricauthentication. It must match the pass phrase associated with thesame key ID on the NTP server. Range 1 to 1024.

index: The priority of the ntp server address. Range 1 to 5.

}

Required: Address, Authentication, KeyId, Hash, index.

Fetchesall NTPserverdetailsdefined.

58





POST {

Address: Sets the IP address or Fully Qualified Domain Name(FQDN) of up to 5 NTP servers to be used when synchronizingsystem time. Range 1 to 1024.

Authentication: The type of NTP server authentication to use.Disabled: no authentication is used. Symmetric key: uses keyvalues entered here that must match exactly the equivalentsettings on the NTP server. Private key: uses an automaticallygenerated private key with which to authenticate messagessent to the NTP server. Default: disabled.

Hash: The cryptographic hash type to use with NTP symmetricauthentication. It must match the hash type for the specifiedkey on the NTP server. Default: SHA-1.

KeyId: The key identifier to use with NTP symmetricauthentication. It must match a trusted key on the NTP server.

PassPhrase: The pass phrase to use with NTP symmetricauthentication. It must match the pass phrase associated withthe same key ID on the NTP server. Range 1 to 1024.


}

Required: Address, index.

201 {


}

Creates aNTPserveraddressentry.

59





PUT {

Address: Sets the IP address or Fully Qualified Domain Name(FQDN) of up to 5 NTP servers to be used when synchronizingsystem time. Range 1 to 1024.

Authentication: The type of NTP server authentication to use.Disabled: no authentication is used. Symmetric key: uses keyvalues entered here that must match exactly the equivalentsettings on the NTP server. Private key: uses an automaticallygenerated private key with which to authenticate messagessent to the NTP server. Default: disabled.

Hash: The cryptographic hash type to use with NTP symmetricauthentication. It must match the hash type for the specifiedkey on the NTP server. Default: SHA-1.

KeyId: The key identifier to use with NTP symmetricauthentication. It must match a trusted key on the NTP server.

PassPhrase: The pass phrase to use with NTP symmetricauthentication. It must match the pass phrase associated withthe same key ID on the NTP server. Range 1 to 1024.


}Required: Address, index.

200 {


}

Updatesthe NTPserverdetails.



DELETE {

index: The priority of the ntpserver address.

}

Required: index.

200 {


}

Deletes the NTPserver record.

60



/common/time/status:Read the time status.


GET None 200 {

NTP server status details.

}

Fetches all NTP server status details.

61



/common/time/timezone:Read or update the time zone.

Method RequestBody

ResponseCode


GET None 200 {

TimeZone: Sets the local time zone of the system. Time zonenames follow the POSIX naming convention e.g. Europe/Londonor America/New_York. Default UTC.

}

Required: TimeZone.

Fetches thetimezonedetailsdefined.



PUT {

TimeZone: Sets the local time zone of the system. Timezone names follow the POSIX naming convention e.g.Europe/London or America/New_York. Default UTC.

}

Required: TimeZone.

200 {


}

Fetchesthetimezonedetailsdefined.

62



/common/transform:Create, read, update or delete transforms.

Method RequestBody

ResponseCode


GET None 200 {

Description: A free-form description of the transform.

PatternBehavior: How the alias is modified. Strip:removes the matching prefix or suffix from the alias.Replace: substitutes the matching part of the alias withthe text in the replace string. AddPrefix: prepends theAdditional text to the alias. AddSuffix: appends theAdditional text to the alias. Default: Strip.

PatternReplaceString: The text string to use inconjunction with the selected Pattern behavior.

PatternString: The pattern against which the alias iscompared.

PatternType: How the pattern string must match the aliasfor the transform to be applied. Exact: the entire stringmust exactly match the alias character for character.Prefix: the string must appear at the beginning of thealias. Suffix: the string must appear at the end of thealias. Regex: the string is treated as a regular expression.Default: Prefix.

Priority: Assigns a priority to the specified transform.Transforms are compared with incoming aliases in orderof priority, and the priority must be unique for eachtransform. Default: 1.

State: Indicates if the transform is enabled or disabled.Disabled transforms are ignored. Default: Enabled.

}

Required: PatternType, PatternReplaceString,PatternString, Priority, State, PatternBehavior,Description.

Fetches (all / byPriority) transformsdefined along withtheir parameters.

63




ResponseBody

Comment

POST {


PatternBehavior: How the alias is modified. Strip: removes thematching prefix or suffix from the alias. Replace: substitutes thematching part of the alias with the text in the replace string.AddPrefix: prepends the Additional text to the alias. AddSuffix:appends the Additional text to the alias. Default: Strip.

PatternReplaceString: The text string to use in conjunction with theselected Pattern behavior.

PatternString: The pattern against which the alias is compared.

PatternType: How the pattern string must match the alias for thetransform to be applied. Exact: the entire string must exactly matchthe alias character for character. Prefix: the string must appear atthe beginning of the alias. Suffix: the string must appear at the endof the alias. Regex: the string is treated as a regular expression.Default: Prefix.

Priority: Assigns a priority to the specified transform. Transformsare compared with incoming aliases in order of priority, and thepriority must be unique for each transform. Default: 1.

State: Indicates if the transform is enabled or disabled. Disabledtransforms are ignored. Default: Enabled.

}

Required: Priority, PatternString, PatternBehavior.

201 {


}

Create anewtransform.

64




ResponseBody

Comment

PUT {


NewPriority: Assigns a priority to the specified transform.Transforms are compared with incoming aliases in order ofpriority, and the priority must be unique for each transform.Default:1.

PatternBehavior: How the alias is modified. Strip: removes thematching prefix or suffix from the alias. Replace: substitutes thematching part of the alias with the text in the replace string.AddPrefix: prepends the Additional text to the alias. AddSuffix:appends the Additional text to the alias. Default: Strip.

PatternReplaceString: The text string to use in conjunction withthe selected Pattern behavior.

PatternString: The pattern against which the alias is compared.

PatternType: How the pattern string must match the alias for thetransform to be applied. Exact: the entire string must exactlymatch the alias character for character. Prefix: the string mustappear at the beginning of the alias. Suffix: the string mustappear at the end of the alias. Regex: the string is treated as aregular expression. Default: Prefix.

Priority: Assigns a priority to the specified transform. Transformsare compared with incoming aliases in order of priority, and thepriority must be unique for each transform. Default: 1.

State: Indicates if the transform is enabled or disabled. Disabledtransforms are ignored. Default: Enabled.

}

Required: Priority.

200 {


}

Update theconfigurationof an existingtransform.



DELETE {

Priority: Assigns a priority to the specified transform.Transforms are compared with incoming aliases in order ofpriority, and the priority must be unique for each transform.Default: 1.

}

Required: Priority

200 {

Message:Success/Failure/ Infomessage for theoperation.

}

Delete atransform.

65



/common/zone/dnszone:Create, read, update or delete the DNS zone.

Method RequestBody

ResponseCode


GET None 200 {

AutomaticallyRespondToSIPSearches: Determines what happenswhen theExpressway receives a SIP search that originated as an H.323search, destined for this zone. Off: a SIP OPTIONS message is sentto the zone. On: searches are responded to automatically, withoutbeing forwarded to the zone. Default: Off.

H323Mode: Determines whether H.323 calls will be allowed to andfrom this zone. Default: Off.

HopCount: Specifies the hop count to be used when sending analias search request to this zone. Note: if the search request wasreceived from another zone and already has a hop count assigned,the lower of the two values will be used. Default: 15.

IncludeAddressRecord: Determines whether, if noNAPTR (SIP) or SRV (SIP and H.323) records have been found forthe dialed alias via this zone, the Expressway will then query for Aand AAAA DNS records. On: theExpressway will query for A orAAAA records. If any are found, the Expressway will not then queryany lower priority zones. Off: the Expressway will not query for Aand AAAA records and instead will continue with the search,querying the remaining lower priority zones. Default: Off.

Name: Name of the zone. Range 1 to 50.

SIPAuthenticationTrustMode: Used in conjunction with theAuthentication Policy to control whether pre-authenticated SIPmessages (ones containing a P-Asserted-Identity header) receivedfrom this zone are trusted and are subsequently treated asauthenticated or unauthenticated within the Expressway. On: pre-authenticated messages are trusted without further challenge andsubsequently treated as authenticated within the Expressway.Unauthenticated messages are challenged if the AuthenticationPolicy is set to Check credentials. Off: any existing authenticatedindicators (the P-Asserted-Identity header) are removed from themessage. Messages from a local domain are challenged if theAuthentication Policy is set to Check credentials. Default: Off.

SIPDomainToSearchFor: Enter a FQDN to find in DNS instead ofsearching for the domain on the outbound SIP URI. The original SIPURI is not affected.

Gets thezoneconfigurationdetails forDNS zone

66



Method RequestBody

ResponseCode


SIPFallbackTransportProtocol: Determines which transport type is usedfor SIP calls from the DNS zone, when DNS NAPTR records and SIP URIparameters do not provide the preferred transport information. RFC3263 suggests that UDP should be used. Default: UDP.

SIPMediaEncryptionMode: Controls the media encryption policy appliedby the Expressway for SIP calls (including interworked calls) to andfrom this zone. Default: Auto.

SIPMediaICESupport: Controls how the Expressway supports ICEmessages toand from the devices in this zone. The behavior depends upon theconfiguration of the ICE support setting on the incoming (ingress) andoutgoing (egress) zone or subzone. When there is a mismatch ofsettings i.e. On on one side and Off on the other side, the Expresswayinvokes its back-to-back user agent (B2BUA) to perform ICEnegotiation with the relevant host. When ICE support is enabled, youcan also configure the TURN servers to offer as ICE candidates, ifnecessary. Default: Off.

SIPMode: Determines whether SIP calls will be allowed to and from thiszone. Default: Off.

SIPModifyDnsRequest: Routes outbound SIP calls from this zone to amanually specified SIP domain instead of the domain in the dialeddestination. This option is primarily intended for use with Cisco SparkCall Service. See www.cisco.com/go/hybrid-services. Default: Off.

SIPParameterPreservationMode: Determines whether theExpressway'sB2BUA preserves or rewrites the parameters in SIP requests routed viathis zone. On preserves the SIP Request URI and Contact parameters ofrequests routing between this zone and the B2BUA. Off allows theB2BUA to rewrite the SIP Request URI and Contact parameters ofrequests routing between this zone and the B2BUA, if necessary.Default: Off.

SIPPoisonMode: Determines whether SIP requests sent out to this zoneare poisoned" such that if they are received by the localExpresswayagain they will be rejected. On: SIP requests sent out viathis zone that are received again by this Expressway will be rejected.Off: SIP requests sent out via this zone that are received by thisExpressway again will be processed as normal.

SIPPort: The port on the neighbor to use for outgoing SIP messagesinitiated from the Expressway. Default: 5061.

67



Method RequestBody

ResponseCode


SIPPreloadedSipRoutesSupport: Enable this zone to to process orreject SIP INVITE requests that contain Route header. Default: Off.

SIPRecordRouteAddressType: Controls whether the Cisco VCS uses itsIP address or host name in the record-route or path headers ofoutgoing SIP requests to this zone. Note: setting this value toHostname also requires a valid DNS system host name to be configuredon the Expressway. Default: IP.

SIPTLSVerifyInboundMapping: Switch Inbound TLS mapping On to mapinbound TLS connections to this zone if the peer certificate containsthe TLS verify subject name. If the received certificate does not containthe TLS verify subject name (as CN or SAN), then the connection is notmapped to this zone. Switch Inbound TLS mapping Off to prevent theExpressway from attempting to map inbound TLS connections to thiszone. Default: Off.

SIPTLSVerifyMode: Controls X.509 certificate checking and mutualauthentication between this Expressway and the traversal client. Ifenabled, a TLS verify subject name must be specified. Default: Off.

SIPTLSVerifySubjectName: The certificate holder's name to look for inthe traversal client's X.509 certificate (must be in either the SubjectCommon Name or the Subject Alternative Name attributes).

SIPUDPBFCPFilterMode: Determines whether INVITE requests sent tothis zone filter out UDP/BFCP. This option may be required to enableinteroperability with SIP devices that do not support the UDP/BFCPprotocol. On: any media line referring to the UDP/BFCP protocol isreplaced with TCP/BFCP and disabled. Off: INVITE requests are notmodified. Default: Off.

SIPUDPIXFilterMode: Determines whether INVITE requests sent to thiszone filter out UDP/UDT/IX or UDP/DTLS/UDT/IX. This option may berequired to enable interoperability with SIP devices that do not supportthe UDP/UDT/IX or UDP/DTLS/UDT/IX protocol. On: any media linereferring to the UDP/UDT/IX or UDP/DTLS/UDT/IX protocol is replacedwith RTP/AVP and disabled. Off: INVITE requests are not modified.Default: Off.

SendEmptyINVITEFor InterworkedCalls: Determines whether theExpressway generates a SIP INVITE message with no SDP to send tothis zone. INVITEs with no SDP mean that the destination device isasked to initiate the codec selection, and are used when the call hasbeen interworked locally from H.323. On: SIP INVITEs with no SDP aregenerated and sent to this neighbor. Off: SIP INVITEs are generatedand a pre-configured SDP is inserted before the INVITEs are sent to thisneighbor. Default: On.

68



Method RequestBody

ResponseCode


Status: Status of the zone.

ZoneProfile: Determines how the zone's advanced settings areconfigured. Default: uses the factory default profile. Custom: allowsyou to configure each setting individually. Alternatively, choose one ofthe preconfigured profiles to automatically use the appropriate settingsrequired for connections to that type of system. Default: Default.

}

69




ResponseBody

Comment

POST {

AutomaticallyRespondToSIPSearches: Determines what happens when the Expressway receivesa SIP search that originated as an H.323 search, destined for thiszone. Off: a SIP OPTIONS message is sent to the zone. On: searchesare responded to automatically, without being forwarded to the zone.Default: Off.


HopCount: Specifies the hop count to be used when sending an aliassearch request to this zone. Note: if the search request was receivedfrom another zone and already has a hop count assigned, the lowerof the two values will be used. Default: 15.

IncludeAddressRecord: Determines whether, if no NAPTR (SIP) orSRV (SIP and H.323) records have been found for the dialed alias viathis zone, the Expressway will then query for A and AAAA DNSrecords. On: theExpressway will query for A or AAAA records. If anyare found, the Expressway will not then query any lower priorityzones. Off: the Expressway will not query for A and AAAA records andinstead will continue with the search, querying the remaining lowerpriority zones. Default: Off.




SIPFallbackTransportProtocol: Determines which transport type isused for SIP calls from the DNS zone, when DNS NAPTR records andSIP URI parameters do not provide the preferred transportinformation. RFC 3263 suggests that UDP should be used. Default:UDP.

201 {


}

CreateDNSzone.

70




ResponseBody

Comment

SIPMediaEncryptionMode: Controls the media encryption policyapplied by the Expressway for SIP calls (including interworked calls)to and from this zone. Default: Auto.

SIPMediaICESupport: Controls how the Expressway supports ICEmessages to and from the devices in this zone. The behavior dependsupon the configuration of the ICE support setting on the incoming(ingress) and outgoing (egress) zone or subzone. When there is amismatch of settings i.e. On on one side and Off on the other side, theExpressway invokes its back-to-back user agent (B2BUA) to performICE negotiation with the relevant host. When ICE support is enabled,you can also configure the TURN servers to offer as ICE candidates, ifnecessary. Default: Off.

SIPMode: Determines whether SIP calls will be allowed to and fromthis zone. Default: Off.


SIPParameterPreservationMode: Determines whethertheExpressway's B2BUA preserves or rewrites the parameters in SIPrequests routed via this zone. On preserves the SIP Request URI andContact parameters of requests routing between this zone and theB2BUA. Off allows the B2BUA to rewrite the SIP Request URI andContact parameters of requests routing between this zone and theB2BUA, if necessary. Default: Off.

SIPPoisonMode: Determines whether SIP requests sent out to thiszone are poisoned" such that if they are received by the localExpresswayagain they will be rejected. On: SIP requests sent out viathis zone that are received again by this Expressway will be rejected.Off: SIP requests sent out via this zone that are received by thisExpressway again will be processed as normal.



SIPRecordRouteAddressType: Controls whether the Cisco VCS usesits IP address or host name in the record-route or path headers ofoutgoing SIP requests to this zone. Note: setting this value toHostname also requires a valid DNS system host name to beconfigured on the Expressway. Default: IP.

71




ResponseBody

Comment

SIPTLSVerifyInboundMapping: Switch Inbound TLS mapping On tomap inbound TLS connections to this zone if the peer certificatecontains the TLS verify subject name. If the received certificate doesnot contain the TLS verify subject name (as CN or SAN), then theconnection is not mapped to this zone. Switch Inbound TLS mappingOff to prevent the Expressway from attempting to map inbound TLSconnections to this zone. Default: Off.


SIPTLSVerifySubjectName: The certificate holder's name to look forin the traversal client's X.509 certificate (must be in either the SubjectCommon Name or the Subject Alternative Name attributes).


SIPUDPIXFilterMode: Determines whether INVITE requests sent to thiszone filter out UDP/UDT/IX or UDP/DTLS/UDT/IX. This option may berequired to enable interoperability with SIP devices that do notsupport the UDP/UDT/IX or UDP/DTLS/UDT/IX protocol. On: anymedia line referring to the UDP/UDT/IX or UDP/DTLS/UDT/IX protocolis replaced with RTP/AVP and disabled. Off: INVITE requests are notmodified. Default: Off.

SendEmptyINVITEForInterworkedCalls: Determines whether the Expressway generates a SIP INVITEmessage with no SDP to send to this zone. INVITEs with no SDP meanthat the destination device is asked to initiate the codec selection,and are used when the call has been interworked locally from H.323.On: SIP INVITEs with no SDP are generated and sent to this neighbor.Off: SIP INVITEs are generated and a pre-configured SDP is insertedbefore the INVITEs are sent to this neighbor. Default: On.


ZoneProfile: Determines how the zone's advanced settings areconfigured. Default: uses the factory default profile. Custom: allowsyou to configure each setting individually. Alternatively, choose oneof the preconfigured profiles to automatically use the appropriatesettings required for connections to that type of system. Default:Default.

}

Required: Name.

72




ResponseBody

Comment

PUT {

AutomaticallyRespondToSIPSearches: Determines what happenswhen the Expressway receives a SIP search that originated as anH.323 search, destined for this zone. Off: a SIP OPTIONS message issent to the zone. On: searches are responded to automatically,without being forwarded to the zone. Default: Off.



IncludeAddressRecord: Determines whether, if no NAPTR (SIP) orSRV (SIP and H.323) records have been found for the dialed alias viathis zone, the Expressway will then query for A and AAAA DNSrecords. On: theExpressway will query for A or AAAA records. If anyare found, the Expressway will not then query any lower priorityzones. Off: the Expressway will not query for A and AAAA records andinstead will continue with the search, querying the remaining lowerpriority zones. Default: Off.


NewName: New name of the zone. Range 1 to 50.



SIPFallbackTransportProtocol: Determines which transport type isused for SIP calls from the DNS zone, when DNS NAPTR records andSIP URI parameters do not provide the preferred transportinformation. RFC 3263 suggests that UDP should be used. Default:UDP.

200 {


}

CreateDNSzone.

73




ResponseBody

Comment





SIPParameterPreservationMode: Determines whethertheExpressway's B2BUA preserves or rewrites the parameters in SIPrequests routed via this zone. On preserves the SIP Request URI andContact parameters of requests routing between this zone and theB2BUA. Off allows the B2BUA to rewrite the SIP Request URI andContact parameters of requests routing between this zone and theB2BUA, if necessary. Default: Off.

SIPPoisonMode: Determines whether SIP requests sent out to thiszone are poisoned" such that if they are received by the localExpresswayagain they will be rejected. On: SIP requests sent out viathis zone that are received again by this Expressway will be rejected.Off: SIP requests sent out via this zone that are received by thisExpressway again will be processed as normal.



SIPRecordRouteAddressType: Controls whether the Cisco VCS usesits IP address or host name in the record-route or path headers ofoutgoing SIP requests to this zone. Note: setting this value toHostname also requires a valid DNS system host name to beconfigured on the Expressway. Default: IP.

74




ResponseBody

Comment

SIPTLSVerifyInboundMapping: Switch Inbound TLS mapping On tomap inbound TLS connections to this zone if the peer certificatecontains the TLS verify subject name. If the received certificate doesnot contain the TLS verify subject name (as CN or SAN), then theconnection is not mapped to this zone. Switch Inbound TLS mappingOff to prevent the Expressway from attempting to map inbound TLSconnections to this zone. Default: Off.





SendEmptyINVITEForInterworkedCalls: Determines whether the Expressway generates a SIP INVITEmessage with no SDP to send to this zone. INVITEs with no SDP meanthat the destination device is asked to initiate the codec selection,and are used when the call has been interworked locally from H.323.On: SIP INVITEs with no SDP are generated and sent to this neighbor.Off: SIP INVITEs are generated and a pre-configured SDP is insertedbefore the INVITEs are sent to this neighbor. Default: On.



}

Required: Name.

75





DELETE {

Name: The name of the zoneto be deleted.

}

Required: Name.

200 {


}

Deleting theDNS zone.

76



/common/zone/neighborzone:Create, read, update or delete the client zone.

Method RequestBody

ResponseCode


GET None 200 {

AcceptProxiedRegistrations: Controls whether proxied SIP registrationsrouted through this zone are accepted. Default: Allow.

AuthenticationMode: Controls how the Expressway authenticatesincoming messages from this zone and whether they are subsequentlytreated as authenticated, unauthenticated, or are rejected. Thebehavior varies for H.323 messages, SIP messages that originate from alocal domain and SIP messages that originate from non-local domains.Default: DoNotCheckCredentials.

AutomaticallyRespondToH323Searches: Determines what happenswhen the Expressway receives an H.323 search, destined for this zone.Off: an LRQ message is sent to the zone. On: searches are respondedto automatically, without being forwarded to the zone. Default: Off.

AutomaticallyRespondToSIPSearches: Determines what happens whenthe Expressway receives a SIP search that originated as an H.323search, destined for this zone. Off: a SIP OPTIONS message is sent tothe zone. On: searches are responded to automatically, without beingforwarded to the zone. Default: Off.

CallSignalingRoutedMode: Specifies how the Expressway handles thesignaling for calls to and from this neighbor. Auto: signaling is taken asdetermined by the Call routed mode configuration. Always: signaling isalways taken for calls to or from this neighbor, regardless of the Callrouted mode configuration. Default: Auto.

H323Mode: Determines whether H.323 calls will be allowed to and fromthis zone. Default: Off.

H323Port: Specifies the port on the traversal server to be used forH.323 firewall traversal calls from this Expressway. If the traversalserver is a Cisco Expressway-E, this must be the port number that hasbeen configured on the Cisco Expressway-E's Traversal Server zoneassociated with this Expressway. It will be used for H323 calls to andfrom the traversal client.

HopCount: Specifies the hop count to be used when sending an aliassearch request to this zone. Note: if the search request was receivedfrom another zone and already has a hop count assigned, the lower ofthe two values will be used. Default: 15.

Readsthe zonedata.

77



Method RequestBody

ResponseCode


InterworkingSIPSearchStrategy: Determines how the Expresswaysearches for SIP endpoints when interworking an H.323 call. Default:Options.

MonitorPeerStatus: Specifies whether the Expressway monitors thestatus of the zones peers. If enabled, H.323 LRQs and/or SIP OPTIONSare periodically sent to the peers. If a peer fails to respond, that peer ismarked as inactive. If all peers fail to respond the zone is marked asinactive. Default: Yes.

Name: Name of the zone.

PeerAddress: Enter the Fully Qualified Domain Name (FQDN) of thetraversal server. If you are using secure traversal, then this value mustbe either the Common Name or one of the Subject Alternate Names onthe traversal servers certificate. IP addresses or hostnames aretherefore not recommended. If the traversal server is a cluster of CiscoExpressway-Es , this is the FQDN of one of the peers in that cluster.

SIPAuthenticationTrustMode: Used in conjunction with theAuthentication Policy to control whether pre-authenticated SIPmessages (ones containing a P-Asserted-Identity header) receivedfrom this zone are trusted and are subsequently treated asauthenticated or unauthenticated within the Expressway. On: pre-authenticated messages are trusted without further challenge andsubsequently treated as authenticated within theExpressway.Unauthenticated messages are challenged if the Authentication Policyis set to Check credentials. Off: any existing authenticated indicators(the P-Asserted-Identity header) are removed from the message.Messages from a local domain are challenged if the AuthenticationPolicy is set to Check credentials. Default: Off.

SIPEncryptionMode: Determines whether or not the Expressway allowsencrypted SIP calls on this zone. Auto: SIP calls are encrypted if asecure SIP transport (TLS) is used. Microsoft: SIP calls are encryptedusing MS-SRTP. Off: SIP calls are never encrypted. Default: Auto.

SIPMediaEncryptionMode: Controls the media encryption policyapplied by the Expressway for SIP calls (including interworked calls) toand from this zone. Auto: no specific media encryption policy is appliedby the Expressway. Media encryption is purely dependent on endpointrequests. Best effort: use encryption if available, otherwise fall back tounencrypted media. ForceEncrypted (Force encrypted): all media mustbe encrypted. ForceunEncrypted (Force unencrypted): all media mustbe unencrypted. Default: Auto.

78



Method RequestBody

ResponseCode




SIPMultipartMIMEStripMode: Controls whether multipart MIME strippingis performed on requests from this zone. This must be set to On forconnections to a Microsoft Office Communications Server 2007.Default: Off.

SIPMultistreamMode: Controls if the Expressway allows Multistream toand from devices in this zone. On: allow Multistream. Off: disallowMultistream. Default: On.

SIPParameterPreservation: Determines whether B2BUA in this nodepreserves or rewrites the parameters in SIP requests routed via thiszone. Default: Off.

SIPPoisonMode: Determines whether SIP requests sent out to this zonewill be poisoned such that if they are received by the local Expresswayagain they will be rejected. Default: Off.



SIPProxyRequireHeaderStripList: A comma separated list of option tagsto search for and remove from Proxy-Require headers in SIP requestsreceived from this zone. By default, no option tags are specified.

SIPREFERMode: Determines how SIP REFER requests are handled.Forward: SIP REFER requests are forwarded to the target. Terminate:SIP REFER requests are terminated by the Expressway. Default:Forward.

79



Method RequestBody

ResponseCode


SIPRecordRouteAddressType: Controls whether the Expressway usesits IP address or host name in the record-route or path headers ofoutgoing SIP requests to this zone. Note: setting this value toHostname also requires a valid DNS system host name to be configuredon the Expressway. Default: IP.

SIPTLSVerifyMode: Controls X.509 certificate checking and mutualauthentication between this Expressway and the traversal client. Ifenabled, aTLS verify subject name must be specified. Default: Off.

SIPTransport: The transport protocol to use for SIP calls to and from thetraversal client. Default: TLS.

SIPUDPBFCPFilterMode: Determines whether INVITE requests sent tothis zone filter out UDP/BFCP This option may be required to enableinteroperability with SIP devices that do not support the UDP/BFCPprotocol. On: any media line referring to the UDP/BFCP protocol isreplaced with TCP/BFCP and disabled. Off: INVITE requests are notmodified. Default: Off.

SIPUDPIXFilterMode: Determines whether INVITE requests sent to thiszone filter out UDP/UDT/IX or UDP/DTLS/UDT/IX. This option may berequired to enable interoperability with SIP devices that do not supportthe UDP/UDT/IX or UDP/DTLS/UDT/IX protocol. On: any media linereferring to the UDP/UDT/IX or UDP/DTLS/UDT/IX protocol is replacedwith RTP/AVP and disabled. Off: INVITE requests are not modified.Default: Off.

SIPUPDATEStripMode: Determines whether or not the Expresswaystrips the UPDATE method from the Allow header of all requests andresponses received from, and sent to, this zone. Default: Off.

SendEmptyINVITEForInterworkedCalls: Determines whether theExpressway generates a SIP INVITE message with no SDP to send tothis zone. INVITEs with no SDP mean that the destination device isasked to initiate the codec selection, and are used when the call hasbeen interworked locally from H.323. On: SIP INVITEs with no SDP aregenerated and sent to this neighbor. Off: SIP INVITEs are generatedand a pre-configured SDP is inserted before the INVITEs are sent to thisneighbor.

Status: The status of the zone.

ZoneProfile: Determines how the zone's advanced settings areconfigured. Default: uses the factory default profile. Custom: allowsyou to configure each setting individually. Alternatively, choose one ofthe preconfigured profiles to automatically use the appropriate settingsrequired for connections to that type of system. Default: Default.

}

80




ResponseBody

Comment

POST {

AcceptProxiedRegistrations: Controls whether proxied SIPregistrations routed through this zone are accepted. Default: Allow.

AuthenticationMode: Controls how the Expressway authenticatesincoming messages from this zone and whether they aresubsequently treated as authenticated, unauthenticated, or arerejected. The behavior varies for H.323 messages, SIP messages thatoriginate from a local domain and SIP messages that originate fromnon-local domains. Default: DoNotCheckCredentials.

AutomaticallyRespondToH323Searches: Determines what happenswhen the Expressway receives an H.323 search, destined for thiszone. Off: an LRQ message is sent to the zone. On: searches areresponded to automatically, without being forwarded to the zone.Default: Off.

AutomaticallyRespondToSIPSearches: Determines what happenswhen the Expressway receives a SIP search that originated as anH.323 search, destined for this zone. Off: a SIP OPTIONS message issent to the zone. On: searches are responded to automatically,without being forwarded to the zone. Default: Off.

CallSignalingRoutedMode: Specifies how the Expressway handlesthe signaling for calls to and from this neighbor. Auto: signaling istaken as determined by the Call routed mode configuration. Always:signaling is always taken for calls to or from this neighbor, regardlessof the Call routed mode configuration. Default: Auto.




201 {

Message:Success /Failure/Infomessagefor theoperation.

}

Createsneighborzone.

81




ResponseBody

Comment


MonitorPeerStatus: Specifies whether the Expressway monitors thestatus of the zones peers. If enabled, H.323 LRQs and/or SIPOPTIONS are periodically sent to the peers. If a peer fails to respond,that peer is marked as inactive. If all peers fail to respond the zone ismarked as inactive. Default: Yes.

Name: Name of the zone. Range 1 to 50 characters.

PeerAddress: Enter the Fully Qualified Domain Name (FQDN) of thetraversal server. If you are using secure traversal, then this value mustbe either the Common Name or one of the Subject Alternate Nameson the traversal servers certificate. IP addresses or hostnames aretherefore not recommended. If the traversal server is a cluster ofCisco Expressway-Es , this is the FQDN of one of the peers in thatcluster.

SIPAuthenticationTrustMode: Used in conjunction with theAuthentication Policy to control whether pre-authenticated SIPmessages (ones containing a P-Asserted-Identity header) receivedfrom this zone are trusted and are subsequently treated asauthenticated or unauthenticated within the Expressway. On: pre-authenticated messages are trusted without further challenge andsubsequently treated as authenticated within theExpressway.Unauthenticated messages are challenged if the AuthenticationPolicy is set to Check credentials. Off: any existing authenticatedindicators (the P-Asserted-Identity header) are removed from themessage. Messages from a local domain are challenged if theAuthentication Policy is set to Check credentials. Default: Off.

SIPEncryptionMode: Determines whether or not the Expresswayallows encrypted SIP calls on this zone. Auto: SIP calls are encryptedif a secure SIP transport (TLS) is used. Microsoft: SIP calls areencrypted using MS-SRTP. Off: SIP calls are never encrypted.Default: Auto.

SIPMediaEncryptionMode: Controls the media encryption policyapplied by the Expressway for SIP calls (including interworked calls)to and from this zone. Auto: no specific media encryption policy isapplied by the Expressway. Media encryption is purely dependent onendpoint requests. Best effort: use encryption if available, otherwisefall back to unencrypted media. ForceEncrypted (Force encrypted):all media must be encrypted. ForceunEncrypted (Force unencrypted):all media must be unencrypted. Default: Auto.

82




ResponseBody

Comment



SIPMultipartMIMEStripMode: Controls whether multipart MIMEstripping is performed on requests from this zone. This must be set toOn for connections to a Microsoft Office Communications Server2007. Default: Off.

SIPMultistreamMode: Controls if the Expressway allows Multistreamto and from devices in this zone. On: allow Multistream. Off: disallowMultistream. Default: On.


SIPPoisonMode: Determines whether SIP requests sent out to thiszone will be poisoned such that if they are received by the localExpressway again they will be rejected. Default: Off.



SIPProxyRequireHeaderStripList: A comma separated list of optiontags to search for and remove from Proxy-Require headers in SIPrequests received from this zone. By default, no option tags arespecified.


SIPRecordRouteAddressType: Controls whether the Expressway usesits IP address or host name in the record-route or path headers ofoutgoing SIP requests to this zone. Note: setting this value toHostname also requires a valid DNS system host name to beconfigured on the Expressway. Default: IP.

83




ResponseBody

Comment


SIPTransport: The transport protocol to use for SIP calls to and fromthe traversal client. Default: TLS.




SendEmptyINVITEForInterworkedCalls: Determines whether theExpressway generates a SIP INVITE message with no SDP to send tothis zone. INVITEs with no SDP mean that the destination device isasked to initiate the codec selection, and are used when the call hasbeen interworked locally from H.323. On: SIP INVITEs with no SDP aregenerated and sent to this neighbor. Off: SIP INVITEs are generatedand a pre-configured SDP is inserted before the INVITEs are sent tothis neighbor.


}

Required: Name, PeerAddress.

84





PUT {

AcceptProxiedRegistrations: Controls whether proxied SIPregistrations routed through this zone are accepted.Default: Allow.

AuthenticationMode: Controls how the Expresswayauthenticates incoming messages from this zone andwhether they are subsequently treated as authenticated,unauthenticated, or are rejected. The behavior varies forH.323 messages, SIP messages that originate from a localdomain and SIP messages that originate from non-localdomains. Default: DoNotCheckCredentials.

AutomaticallyRespondToH323Searches: Determines whathappens when the Expressway receives an H.323 search,destined for this zone. Off: an LRQ message is sent to thezone. On: searches are responded to automatically,without being forwarded to the zone. Default: Off.

AutomaticallyRespondToSIPSearches: Determines whathappens when the Expressway receives a SIP search thatoriginated as an H.323 search, destined for this zone. Off:a SIP OPTIONS message is sent to the zone. On: searchesare responded to automatically, without being forwardedto the zone. Default: Off.

CallSignalingRoutedMode: Specifies how the Expresswayhandles the signaling for calls to and from this neighbor.Auto: signaling is taken as determined by the Call routedmode configuration. Always: signaling is always taken forcalls to or from this neighbor, regardless of the Call routedmode configuration. Default: Auto.

H323Mode: Determines whether H.323 calls will beallowed to and from this zone. Default: Off.

H323Port: Specifies the port on the traversal server to beused for H.323 firewall traversal calls from thisExpressway. If the traversal server is a Cisco Expressway-E, this must be the port number that has been configuredon the Cisco Expressway-E's Traversal Server zoneassociated with this Expressway. It will be used for H323calls to and from the traversal client.

HopCount: Specifies the hop count to be used whensending an alias search request to this zone. Note: if thesearch request was received from another zone andalready has a hop count assigned, the lower of the twovalues will be used. Default: 15.

200 {


}

Update zoneconfiguration

85




ResponseBody

Comment


MonitorPeerStatus: Specifies whether the Expressway monitors thestatus of the zones peers. If enabled, H.323 LRQs and/or SIPOPTIONS are periodically sent to the peers. If a peer fails to respond,that peer is marked as inactive. If all peers fail to respond the zone ismarked as inactive. Default: Yes.

Name: Name of the zone. Range 1 to 50 characters.

NewName: New name of the zone. Range 1 to 50 characters.

PeerAddress: Enter the Fully Qualified Domain Name (FQDN) of thetraversal server. If you are using secure traversal, then this value mustbe either the Common Name or one of the Subject Alternate Nameson the traversal servers certificate. IP addresses or hostnames aretherefore not recommended. If the traversal server is a cluster ofCisco Expressway-Es , this is the FQDN of one of the peers in thatcluster.

SIPAuthenticationTrustMode: Used in conjunction with theAuthentication Policy to control whether pre-authenticated SIPmessages (ones containing a P-Asserted-Identity header) receivedfrom this zone are trusted and are subsequently treated asauthenticated or unauthenticated within the Expressway. On: pre-authenticated messages are trusted without further challenge andsubsequently treated as authenticated within theExpressway.Unauthenticated messages are challenged if the AuthenticationPolicy is set to Check credentials. Off: any existing authenticatedindicators (the P-Asserted-Identity header) are removed from themessage. Messages from a local domain are challenged if theAuthentication Policy is set to Check credentials. Default: Off.

SIPEncryptionMode: Determines whether or not the Expresswayallows encrypted SIP calls on this zone. Auto: SIP calls are encryptedif a secure SIP transport (TLS) is used. Microsoft: SIP calls areencrypted using MS-SRTP. Off: SIP calls are never encrypted.Default: Auto.


86




ResponseBody

Comment



SIPMultipartMIMEStripMode: Controls whether multipart MIMEstripping is performed on requests from this zone. This must be set toOn for connections to a Microsoft Office Communications Server2007. Default: Off.



SIPPoisonMode: Determines whether SIP requests sent out to thiszone will be poisoned such that if they are received by the localExpressway again they will be rejected. Default: Off.



SIPProxyRequireHeaderStripList: A comma separated list of optiontags to search for and remove from Proxy-Require headers in SIPrequests received from this zone. By default, no option tags arespecified.


SIPRecordRouteAddressType: Controls whether the Expressway usesits IP address or host name in the record-route or path headers ofoutgoing SIP requests to this zone. Note: setting this value toHostname also requires a valid DNS system host name to beconfigured on the Expressway. Default: IP.

87




ResponseBody

Comment






SendEmptyINVITEForInterworkedCalls: Determines whether theExpressway generates a SIP INVITE message with no SDP to send tothis zone. INVITEs with no SDP mean that the destination device isasked to initiate the codec selection, and are used when the call hasbeen interworked locally from H.323. On: SIP INVITEs with no SDP aregenerated and sent to this neighbor. Off: SIP INVITEs are generatedand a pre-configured SDP is inserted before the INVITEs are sent tothis neighbor.


}

Required: Name, PeerAddress.

88





DELETE {

Name: Name of the zone to be deleted.Range 1 to 50 characters.

}

200 {


}

Delete thezone.

89



/configuration/allowlist/autopaths:Moebius API endpoint for HTTPAllowListAuto resource.

Method RequestBody

ResponseCode


GET None 200 {

methods: Comma-separated list of the HTTPmethods allowed by this rule. An empty string willconfigure default methods.

pattern:

path: The URL path to allow Mobile and RemoteAccess clients to access the URL from outside of theenterprise network.

ports: Ports for which this HTTP allow rule is applied.

protocol: Protocol for which this HTTP allow rule isapplied.

servertype: The type of server for this HTTP allowrule.

uuid: Unique identifier for record.

}

HTTP Get endpoint logic toretrieve auto generatedHTTP allow list.

90



/configuration/allowlist/control:Moebius API Endpoint for HTTPAllowListControl resource.

Method RequestBody

ResponseCode

ResponseBody

Comment

GET None 200 {

methods:

pattern:

}

This is a single record endpoint. Perform a HTTP GET againstthis resource

Method RequestBody

ResponseCode


PUT {

methods:

pattern:

}

200 {


}

Update the singleton control record data. It will alreadybe matched against a valid regular expression for thisfield at this point.

91



/configuration/allowlist/manualpaths:API endpoint for creating, reading, updating or deleting the HTTP allow list records

Method RequestBody

ResponseCode


GET None 200 {

description: A meaningful description for thisrule, to help you recognize its purpose.

methods: Comma-separated list of the HTTPmethods allowed by this rule. An empty stringwill configure default methods.

pattern:

url: The URL path to allow Mobile and RemoteAccess clients to access the URL from outsideof the enterprise network.

pattern:


}

Read all manually created HTTPallow list rules and modify themso they are consistent.


ResponseBody

Comment

POST {

description: A meaningful description for this rule, to helpyou recognize its purpose.

methods: Comma-separated list of the HTTP methodsallowed by this rule. An empty string will configure defaultmethods.

pattern:

url: The URL path to allow Mobile and Remote Accessclients to access the URL from outside of the enterprisenetwork.


}

200 None Create a newmanual HTTPallow list rule.

92





PUT {


methods: Comma-separated list of the HTTPmethods allowed by this rule. An empty stringwill configure default methods.methods.

pattern:

url: URL to allow Mobile and Remote Accessclients access to outside of enterprisenetwork.

pattern:


}

200 {


}

Update record. Mustprovide the uuid and allfields needing to beupdated



DELETE {

description: A meaningful description for this rule, tohelp you recognize its purpose.

methods: Comma-separated list of the HTTP methodsallowed by this rule. An empty string will configuredefault methods.

pattern:


pattern:


}

200 {


}

Deleterecord.

93



/domaincerts/domain:Get the list of defined multidomain certificate domains.

Method RequestBody

ResponseCode


GET None 200 {

Message: Success/Failure/Info messagefor the operations.

domains: List of multidomain cert domains.

items: One domain in a list of multidomaincert domains.

}

Read the list of defined multidomaincert domains.

94



/domaincerts/domain/<domain>Create, read, and delete a multidomain certificate domain. Note that read

is only an existence check; no domain-specific data is returned, only the HTTP

status code (OK or Not Found).


GET None 200 {

Message: Success/Failure/Info message for the operations.

}



POST None 200 {

Message: Success/ Failure/ Info message for theoperations.

}

Method RequestBody

ResponseCode


DELETE None 200 {


}

95



/domaincerts/domain/<domain>/cert:Create, read, and delete a domain's certificate information. There is no separate update operation, create is alsoused to update.


GET None 200 {


cert-pem: JSON-encoded certificate PEM.

}



POST {

cert-pem: JSON-encodedcertificate PEM.

key-pem: JSON-encodedprivate key PEM.

}

Required: cert-pem

200 {

Message: Success/ Failure/ Info message forthe operations.

}

Method RequestBody

ResponseCode


DELETE None 200 {


}

96



/domaincerts/domain/<domain>/csr:Create, read, and delete a certificate signing request for a domain. Update operation is not allowed for CSRs.


GET None 200 {


cert-pem: JSON-encoded certificate PEM.

}



POST {

CommonName: The common name field in thesubject of the signing request.

Country: The two-letter ISO code for thecountry where your organization is located.

DigestAlgorithm: The Digest algorithm used forthe signature. Default: sha256.


KeyLength: The number of bits used for publicand private key encryption. Default: 4096.

Locality: The town or city where yourorganization is located.

Organization: The name of the organization orbusiness.

OrganizationalUnit: The department name ororganizational unit handling the certificate.

Province: The province, region, county, or statewhere your organization is located.

SubjectAlternativeNames: Additional SANhostnames included in the signing request.


200 {

Message: Success/ Failure/Info message for theoperations.

}

97



Method RequestBody

ResponseCode


DELETE None 200 {


}

98



99


Cisco Expressway-C

/controller/server/cucm:Update or read the Cisco Unified Communications Manager configuration.

Method RequestBody

ResponseCode


GET None 200 {

AxlUsername: The username used by the Expressway to accessthe Unified CM publisher. The user must have the Standard AXLAPI Access role. Range: 1 to 1024 characters.

Publisher: The FQDN or IP address of the Unified CM node. Range:1 to 1024 characters.

TlsVerify: State of the TLS verify mode. If TLS verify mode isenabled, the Unified CM system's FQDN or IP address must becontained within the X.509 certificate presented by that system (ineither the Subject Common Name or the Subject Alternative Nameattributes of the certificate). The certificate itself must also be validand signed by a trusted certificate authority.

}

Read theavailableconfiguration.


ResponseBody

Comment

POST {

AxlPassword: The AXL password of the Unified CM. Range: 1 to1024 characters.

AxlUsername: The username used by the Expressway to accessthe Unified CM publisher. The user must have the Standard AXLAPI Access role. Range: 1 to 1024 characters.

Publisher: The FQDN or IP address of the Unified CM node.Range 1 to 1024 characters.

TlsVerify: State of the TLS verify mode. If TLS verify mode isenabled, the Unified CM system's FQDN or IP address must becontained within the X.509 certificate presented by that system(in either the Subject Common Name or the Subject AlternativeName attributes of the certificate). The certificate itself mustalso be valid and signed by a trusted certificate authority.

}

Required: Publisher, AxlUsername, AxlPassword.

200 {

Message:Success/ Failure/Infomessagefor theoperation.

}

Create a newconfiguration.

100


Cisco Expressway-C



DELETE {

Publisher: The FQDN or IP address of theUnified CM node. Range 1 to 1024characters.

}

Required: Publisher.

200 {


}

Deleting theUnified CMconfiguration.

101


Cisco Expressway-C

/controller/server/imp:Update or read the Cisco Unified Communications Manager IM and Presence Service configuration.

Method RequestBody

ResponseCode


GET None 200 {

AxlUsername: The username used by the Expressway to accessthe Cisco Unified Communications Manager IM and PresenceService publisher. The user must have the Standard AXL APIAccess role. Range: 1 to 255 characters.

Publisher: The FQDN or IP address of the Cisco UnifiedCommunications Manager IM and Presence Service databasepublisher node. Range: 1 to 1024 characters.

TlsVerify: State of the TLS verify mode. If TLS verify mode isenabled, the Cisco Unified Communications Manager IM andPresence Service node's FQDN or IP address must be containedwithin the X.509 certificate presented by that system (in either theSubject Common Name or the Subject Alternative Name attributesof the certificate). The certificate itself must also be valid andsigned by a trusted certificate authority. Default: On.

}

Reads theavailableconfiguration.


ResponseBody

Comment

POST {

AxlPassword: The password used by the Expressway to accessthe Cisco Unified Communications Manager IM and PresenceService publisher. Range: 1 to 1024 characters.

AxlUsername: The username used by the Expressway to accessthe Cisco Unified Communications Manager IM and PresenceService publisher. The user must have the Standard AXL APIAccess role. Range: 1 to 255 characters.

Publisher: The FQDN or IP address of the Cisco UnifiedCommunications Manager IM and Presence Service databasepublisher node. Range: 1 to 1024 characters.

TlsVerify: State of the TLS verify mode. If TLS verify mode isenabled, the Cisco Unified Communications Manager IM andPresence Service node's FQDN or IP address must be containedwithin the X.509 certificate presented by that system (in eitherthe Subject Common Name or the Subject Alternative Nameattributes of the certificate). The certificate itself must also bevalid and signed by a trusted certificate authority. Default: On.

}

Required: Publisher, AxlUsername, AxlPassword.

200 {


}

Create a newconfiguration.

102


Cisco Expressway-C



DELETE {

Publisher: The FQDN or IP address of the CiscoUnified Communications Manager IM andPresence Service database publisher node tobe deleted. Range: 1 to 1024 characters.

}

Required: Publisher.

200 {


}

Delete the CiscoUnifiedCommunicationsManager IM andPresence Serviceconfiguration.

103


Cisco Expressway-C

/controller/zone/traversalclient:Create, read, update or delete the traversal client configuration.

Method RequestBody

ResponseCode


GET None 200 {AcceptProxiedRegistrations: Controls whether proxied SIP registrationsrouted through this zone are accepted. Default: Allow.

AuthenticationMode: Controls how the Expressway authenticatesincoming messages from this zone and whether they are subsequentlytreated as authenticated, unauthenticated, or are rejected. Thebehavior varies for H.323 messages, SIP messages that originate froma local domain, and SIP messages that originate from non-localdomains.Default: Do not check credentials.

AuthenticationUserName: The username used by the Expressway whenconnecting to the traversal server. Range: 1 to 1024 characters.

H323Mode: Determines whether H.323 calls will be allowed to and fromthis zone. Default Off.


H323Protocol: Determines which of the two firewall traversal protocolswill be used for H323 calls to and from the traversal server. Note: thesame protocol must be set on the server for calls to and from thistraversal client. It will be used for H323 calls to and from the traversalclient. Default: Assent.

HopCount: Specifies the hop count used when sending an alias searchrequest to this zone. Note if the search request comes from anotherzone, and already has a hop count assigned, the lower of the twovalues is used.Default: 15. Range: 1 to 255.


Peer Address: Enter the Fully Qualified Domain Name (FQDN) of thetraversal server. If you are using secure traversal, then this value mustbe either the Common Name or one of the Subject Alternate Names onthe traversal servers certificate. IP addresses or hostnames aretherefore not recommended. If the traversal server is a cluster of CiscoExpressway-Es, this is the FQDN of one of the peers in that cluster.

104


Cisco Expressway-C

Method RequestBody

ResponseCode


RetryInterval: The interval (in seconds) with which a failed attempt toestablish a connection to the traversal server should be retried. Default:120. Range: 1 to 65534.

SIPMediaEncryptionMode: Controls the media encryption policy appliedby the Expressway for SIP calls (including interworked calls) to andfrom this zone. Auto: no specific media encryption policy is applied bythe Expressway. Media encryption is purely dependent on endpointrequests. Best effort: use encryption if available, otherwise fall back tounencrypted media. ForceEncrypted (Force encrypted): all media mustbe encrypted. ForceunEncrypted (Force unencrypted): all media mustbe unencrypted. Default: Auto.




SIPParameterPreservationMode: Determines whether the Expressway'sB2BUA preserves or rewrites the parameters in SIP requests routed viathis zone. On preserves the SIP Request URI and Contact parameters ofrequests routing between this zone and the B2BUA. Off allows theB2BUA to rewrite the SIP Request URI and Contact parameters ofrequests routing between this zone and the B2BUA, if necessary.Default: off.

SIPPoisonMode: Determines if SIP requests sent to this zone are"poisoned" and, if received by the local Expressway again, thenrejected. On: SIP requests sent out via this zone that are received againby this Expressway will be rejected. Off: SIP requests sent out via thiszone that are received by this Expressway again will be processed asnormal. Default: Off.

105


Cisco Expressway-C

Method RequestBody

ResponseCode


SIPPort: The port on the neighbor to use for outgoing SIP messagesinitiated from the Expressway. Default: 5061, Range: 1024 to 65534Default: 7001. Range: 1024 to 65534.

SIPPreloadedSipRoutesSupport: Enable this zone to process or rejectSIP INVITE requests that contain Route header. Default: Off.




}

106


Cisco Expressway-C


ResponseBody

Comment

POST {

AcceptProxiedRegistrations: Controls whether proxied SIPregistrations routed through this zone are accepted. Default:Allow.

AuthenticationMode: Controls how the Expresswayauthenticates incoming messages from this zone andwhether they are subsequently treated as authenticated,unauthenticated, or are rejected. The behavior varies forH.323 messages, SIP messages that originate from a localdomain, and SIP messages that originate from non-localdomains.Default: Do not check credentials.

AuthenticationUserName: The username used by theExpressway when connecting to the traversal server. Range:1 to 1024 characters.

H323Mode: Determines whether H.323 calls will be allowedto and from this zone. Default Off.

H323Port: Specifies the port on the traversal server to beused for H.323 firewall traversal calls from this Expressway. Ifthe traversal server is a Cisco Expressway-E, this must be theport number that has been configured on the CiscoExpressway-E's Traversal Server zone associated with thisExpressway. It will be used for H323 calls to and from thetraversal client.

H323Protocol: Determines which of the two firewall traversalprotocols will be used for H323 calls to and from the traversalserver. Note: the same protocol must be set on the server forcalls to and from this traversal client. It will be used for H323calls to and from the traversal client. Default: Assent.

201 {

Message:Success/Failure/Infomessagefor theoperations.

}

Creates UnifiedCommunicationstraversal client.

107


Cisco Expressway-C


ResponseBody

Comment

HopCount: Specifies the hop count used when sending an aliassearch request to this zone. Note if the search request comes fromanother zone, and already has a hop count assigned, the lower of thetwo values is used.Default: 15. Range: 1 to 255.


Peer Address: Enter the Fully Qualified Domain Name (FQDN) of thetraversal server. If you are using secure traversal, then this value mustbe either the Common Name or one of the Subject Alternate Nameson the traversal servers certificate. IP addresses or hostnames aretherefore not recommended. If the traversal server is a cluster ofCisco Expressway-Es, this is the FQDN of one of the peers in thatcluster.

RetryInterval: The interval (in seconds) with which a failed attempt toestablish a connection to the traversal server should be retried.Default: 120. Range: 1 to 65534.





108


Cisco Expressway-C


ResponseBody

Comment

SIPParameterPreservationMode: Determines whether theExpressway's B2BUA preserves or rewrites the parameters in SIPrequests routed via this zone. On preserves the SIP Request URI andContact parameters of requests routing between this zone and theB2BUA. Off allows the B2BUA to rewrite the SIP Request URI andContact parameters of requests routing between this zone and theB2BUA, if necessary. Default: off

SIPPoisonMode: Determines if SIP requests sent to this zone are"poisoned" and, if received by the local Expressway again, thenrejected. On: SIP requests sent out via this zone that are receivedagain by this Expressway will be rejected. Off: SIP requests sent outvia this zone that are received by this Expressway again will beprocessed as normal. Default: Off.






}

Required: Name, AuthenticationUserName, AuthenticationPassword,PeerAddress.

109


Cisco Expressway-C


ResponseBody

Comment

PUT {




H323Mode: Determines whether H.323 calls will be allowedto and from this zone. Default Off.

H323Port: Specifies the port on the traversal server to beused for H.323 firewall traversal calls from this Expressway. Ifthe traversal server is a Cisco Expressway-E, this must bethe port number that has been configured on the CiscoExpressway-E's Traversal Server zone associated with thisExpressway. It will be used for H323 calls to and from thetraversal client.

H323Protocol: Determines which of the two firewall traversalprotocols will be used for H323 calls to and from the traversalserver. Note: the same protocol must be set on the server forcalls to and from this traversal client. It will be used for H323calls to and from the traversal client. Default: Assent.

HopCount: Specifies the hop count used when sending analias search request to this zone. Note if the search requestcomes from another zone, and already has a hop countassigned, the lower of the two values is used.Default: 15. Range: 1 to 255.


NewName: The new name to the zone. Range: 0 to 50characters.

200 {


}


110


Cisco Expressway-C


ResponseBody

Comment

Peer Address: Enter the Fully Qualified Domain Name (FQDN) of thetraversal server. If you are using secure traversal, then this value mustbe either the Common Name or one of the Subject Alternate Nameson the traversal servers certificate. IP addresses or hostnames aretherefore not recommended. If the traversal server is a cluster ofCisco Expressway-Es, this is the FQDN of one of the peers in thatcluster.

RetryInterval: The interval (in seconds) with which a failed attempt toestablish a connection to the traversal server should be retried.Default: 120. Range: 1 to 65534.

SIPMediaEncryptionMode: Controls the media encryption policyapplied by the Expressway for SIP calls (including interworked calls)to and from this zone. Auto: no specific media encryption policy isapplied by the Expressway. Media encryption is purely dependent onendpoint requests. Best effort: use encryption if available, otherwisefall back to unencrypted media. ForceEncrypted (Force encrypted): allmedia must be encrypted. ForceunEncrypted (Force unencrypted): allmedia must be unencrypted. Default: Auto.




111


Cisco Expressway-C


ResponseBody

Comment

SIPParameterPreservationMode: Determines whether theExpressway's B2BUA preserves or rewrites the parameters in SIPrequests routed via this zone. On preserves the SIP Request URI andContact parameters of requests routing between this zone and theB2BUA. Off allows the B2BUA to rewrite the SIP Request URI andContact parameters of requests routing between this zone and theB2BUA, if necessary. Default: off






}

Required: Name.


ResponseBody

Comment

DELETE {

Name: Name of the zone to be deleted.

}

Required: Name.

200 {


}

Deletethe zone.

112


Cisco Expressway-C

/controller/zone/unifiedcommunicationstraversal:Create, read, update or delete the unified communications traversal client zone.

Method RequestBody

ResponseCode


GET None {


AuthenticationMode: Controls how the Expressway authenticatesincoming messages from this zone and whether they are subsequentlytreated as authenticated, unauthenticated, or are rejected. Thebehavior varies for H.323 messages, SIP messages that originate from alocal domain, and SIP messages that originate from non-local domains.Default: Do not check credentials.


HopCount: Specifies the hop count used when sending an alias searchrequest to this zone. Note if the search request comes from anotherzone, and already has a hop count assigned, the lower of the twovalues is used.Default: 15. Range: 1 to 255.

Name: Name of the zone. Range: 0 to 50 characters.

Peer Address: Enter the Fully Qualified Domain Name (FQDN) of thetraversal server. If you are using secure traversal, then this value mustbe either the Common Name or one of the Subject Alternate Names onthe traversal servers certificate. IP addresses or hostnames aretherefore not recommended. If the traversal server is a cluster of CiscoExpressway-Es, this is the FQDN of one of the peers in that cluster.

RetryInterval: The interval (in seconds) with which a failed attempt toestablish a connection to the traversal server should be retried. Default:120. Range: 1 to 65534.

SIPMediaICESupport: Controls how the Expressway supports ICEmessages to and from the device in this zone. The behavior dependsupon the configuration of the ICE support setting on the incoming(ingress) and outgoing (egress) zone or subzone. When there is amismatch of settings i.e. On on one side and Off on the other side, theExpressway invokes its back-to-back user agent (B2BUA) to performICE negotiation with the relevant host. When ICE support is enabled,you can also configure the TURN servers to offer as ICE candidates, ifnecessary. Default: Off.

Readsthe zonedata.

113


Cisco Expressway-C

Method RequestBody

ResponseCode



SIPParameterPreservationMode: Determines whether the B2BUA in thisnode preserves or rewrites the parameters in SIP requests routed viathis zone. On: Preserves the SIP Request URI and Contact parametersof requests routing between this zone and the B2BUA. Off: Allows theB2BUA to rewrite the SIP Request URI and Contact parameters ofrequests routing between this zone and the B2BUA, if necessary.Default: Off.

SIPPoisonMode: Determines if SIP requests sent to this zone are"poisoned" and, if received by the local Expressway again, thenrejected. On: SIP requests sent out via this zone that are receivedagain by this Expressway will be rejected. Off: SIP requests sent out viathis zone that are received by this Expressway again will be processedas normal. Default: Off.

SIPPort: The port on the neighbor to use for outgoing SIP messagesinitiated from the Expressway. Default: 5061, Range: 1024 to 65534.



}

114


Cisco Expressway-C


ResponseBody

Comment

POST {






Peer Address: Enter the Fully Qualified Domain Name (FQDN)of the traversal server. If you are using secure traversal, thenthis value must be either the Common Name or one of theSubject Alternate Names on the traversal servers certificate.IP addresses or hostnames are therefore not recommended.If the traversal server is a cluster of Cisco Expressway-Es,this is the FQDN of one of the peers in that cluster.

RetryInterval: The interval (in seconds) with which a failedattempt to establish a connection to the traversal servershould be retried. Default: 120. Range: 1 to 65534.

201 {


}


115


Cisco Expressway-C


ResponseBody

Comment



SIPParameterPreservationMode: Determines whether the B2BUA inthis node preserves or rewrites the parameters in SIP requests routedvia this zone. On: Preserves the SIP Request URI and Contactparameters of requests routing between this zone and the B2BUA.Off: Allows the B2BUA to rewrite the SIP Request URI and Contactparameters of requests routing between this zone and the B2BUA, ifnecessary. Default: Off.




}

Required: Name, AuthenticationUserName, AuthenticationPassword,PeerAddress.

116


Cisco Expressway-C


ResponseBody

Comment

PUT {


AuthenticationMode: Controls how the Expresswayauthenticates incoming messages from this zone and whetherthey are subsequently treated as authenticated,unauthenticated, or are rejected. The behavior varies for H.323messages, SIP messages that originate from a local domain,and SIP messages that originate from non-local domains.Default: Do not check credentials.

AuthenticationUserName: The username used by theExpressway when connecting to the traversal server. Range: 1to 1024 characters.

HopCount: Specifies the hop count used when sending an aliassearch request to this zone. Note if the search request comesfrom another zone, and already has a hop count assigned, thelower of the two values is used.Default: 15. Range: 1 to 255.


NewName: The new name of zone.

Peer Address: Enter the Fully Qualified Domain Name (FQDN) ofthe traversal server. If you are using secure traversal, then thisvalue must be either the Common Name or one of the SubjectAlternate Names on the traversal servers certificate. IPaddresses or hostnames are therefore not recommended. If thetraversal server is a cluster of Cisco Expressway-Es, this is theFQDN of one of the peers in that cluster.

RetryInterval: The interval (in seconds) with which a failedattempt to establish a connection to the traversal server shouldbe retried. Default: 120. Range: 1 to 65534.

{


}

Updates theUnified CMtraversalclient zoneconfiguration.

117


Cisco Expressway-C


ResponseBody

Comment







}

Required: Name.



DELETE {

Name: Name of thezone to be deleted.

}

Required: Name.

200 {

Message: Success/Failure/Infomessage for the operations.

}

Delete the unifiedcommunication traversal clientzone.

118


Cisco Expressway-C

119


Cisco Expressway-E

/edge/traversal/turn:CRUD operations for TURN Rest API.

Method RequestBody

ResponseCode


GET None 200 {

AuthenticationRealm: The realm sent by the server in itsauthentication challenges. Default: TANDBERG. Range 1 to 255.

DelegatedCredentialChecking: Controls whether the credentialchecking of TURN server requests is delegated. Default: Off.

MediaPortRangeEnd: The upper port in the range used for TURNrelays. Default: 29999. Range: 1024 to 65534.

MediaPortRangeStart: The lower port in the range used for TURNrelays. Default: 2400. Range: 1024 to 65534.

ServerStatus: status of listening address.

NumberOfActiveTurnClients: status of active turn clients.

NumberOfActiveTurnRelaysViaTCP: status of active turn relaysconnected via TCP.

NumberOfActiveTurnRelaysViaUDP: status of active turn relaysconnected via UDP.

Status: status of TURN.

TURNRegPort: The listening port for TURN requests. Restart theTURN services if you change this value. Default: 3479. Range:1024 to 65534.

TurnReqPortRangeEnd: The listening port for TURN requests.Restart the TURN services if you change this value. Default: 3483.Range: 1024 to 65534.

TurnReqPortRangeStart: The listening port for TURN requests.Restart the TURN services if you change this value. Default: 3478.Range: 1024 to 65534.

TurnServices: Determines whether the Expressway offers TURNservices to traversal clients. Default: Off.

Required: TurnServices, AuthenticationRealm,MediaPortRangeStart, MediaPortRangeEnd.

}

Get the TURN configuration.

120


Cisco Expressway-E


ResponseBody

Comment

PUT {

AuthenticationRealm: The realm sent by the server in itsauthentication challenges. Default: TANDBERG. Range 1 to255.

DelegatedCredentialChecking: Controls whether the credentialchecking of TURN server requests is delegated. Default: Off.

MediaPortRangeEnd: The upper port in the range used for TURNrelays. Default: 29999. Range: 1024 to 65534.

MediaPortRangeStart: The lower port in the range used forTURN relays. Default: 2400. Range: 1024 to 65534.

TURNRegPort: The listening port for TURN requests. Restart theTURN services if you change this value. Default: 3479. Range:1024 to 65534.

TurnReqPortRangeEnd: The listening port for TURN requests.Restart the TURN services if you change this value. Default:3483. Maximum: 65534. Minimum: 1024.

TurnReqPortRangeStart: The listening port for TURN requests.Restart the TURN services if you change this value. Default:3478. Range: 1024 to 65534.

TurnServices: Determines whether the Expressway offers TURNservices to traversal clients. Default: Off.

Required: TurnServices, AuthenticationRealm,MediaPortRangeStart, MediaPortRangeEnd.

}

200 {


}

Update theTURN configuration.

121


Cisco Expressway-E

/edge/xmpp:Read or update the XMPP configuration.

Method RequestBody

ResponseCode


GET None. 200 {

PrivacyMode: Controls whether restrictions are applied to the setof federated domains. Default: Allow list.

RequireClientSideSecurityCerts: Controls whether the certificatepresented by the client is verified against Expressway's currenttrusted CA list and the revocation list if loaded.

SecurityMode: Indicates if a TLS connection to servers is required,preferred, or not required. Default: TLS required.

UseStaticRoutes: Indicates whether a controlled list of staticroutes, rather than DNS lookup, are used to locate federationXMPP addresses. Default: Off.

XmppFederationSupport: Enable or disable support for XMPPfederation.

}

Required: XmppFederationSupport.

Read theXMPPconfiguration.


ResponseBody

Comment

PUT {

DialBackSecret: The dialback secret used for identityverification with federated XMPP servers. Range 1 to 1024.

PrivacyMode: Controls whether restrictions are applied to theset of federated domains. Default: Allow list.

RequireClientSideSecurityCerts: Controls whether thecertificate presented by the client is verified againstExpressway's current trusted CA list and the revocation list ifloaded.

SecurityMode: Indicates if a TLS connection to servers isrequired, preferred, or not required. Default: TLS required.

UseStaticRoutes: Indicates whether a controlled list of staticroutes, rather than DNS lookup, are used to locate federationXMPP addresses. Default: Off.

XmppFederationSupport: Enable or disable support for XMPPfederation.

}

Required: XmppFederationSupport.

200 {

Message:Success/Failure/Infomessage fortheoperation.

}

Update theXMPPconfiguration.

122


Cisco Expressway-E

/edge/zone/traversalserver:Create, read, update or delete the traversal server zone.

Method RequestBody

ResponseCode


GET None 200 {


AuthenticationMode: Controls how the Expressway authenticatesincoming messages from this zone and whether they aresubsequently treated as authenticated, unauthenticated, or arerejected. The behavior varies for H.323 messages, SIP messagesthat originate from a local domain, and SIP messages that originatefrom non-local domains.Default: Do not check credentials.

AuthenticationUserName: The username used by the Expresswaywhen connecting to the traversal server. Range: 1 to 1024characters.

H323H46019DemultiplexingMode: Determines whether theExpressway will operate in demultiplexing mode for calls from thetraversal client. Default: Off.


H323Port: Specifies the port on the traversal server to be used forH.323 firewall traversal calls from this Expressway. If the traversalserver is a Cisco Expressway-E, this must be the port number thathas been configured on the Cisco Expressway-E's Traversal Serverzone associated with this Expressway will be used for H.323 callsto and from the traversal client.

H323Protocol: Determines which of the two firewall traversalprotocols will be used for H.323 calls to and from the traversalclient. Default: Assent.

HopCount: Specifies the hop count used when sending an aliassearch request to this zone. Note if the search request comes fromanother zone, and already has a hop count assigned, the lower ofthe two values is used.Default: 15. Range: 1 to 255.

Gets the zoneconfigurationdetails fortraversalserver zone.

123


Cisco Expressway-E

Method RequestBody

ResponseCode



SIPMediaEncryptionMode: Controls the media encryption policyapplied by the Expressway for SIP calls (including interworked calls) toand from this zone. Default: Auto.




SIPParameterPreservationMode: Determines whether the B2BUA in thisnode preserves or rewrites the parameters in SIP requests routed viathis zone. On: Preserves the SIP Request URI and Contact parametersof requests routing between this zone and the B2BUA. Off: Allows theB2BUA to rewrite the SIP Request URI and Contact parameters ofrequests routing between this zone and the B2BUA, if necessary.Default: Off.

SIPPoisonMode: Determines if SIP requests sent to this zone are"poisoned" and, if received by the local Expressway again, thenrejected. On: SIP requests sent out via this zone that are receivedagain by this Expressway will be rejected. Off: SIP requests sent out viathis zone that are received by this Expressway again will be processedas normal. Default: Off.

SIPPort: The port on the neighbor to use for outgoing SIP messagesinitiated from the Expressway. Default: 7001. Range: 1024 to 65534.



124


Cisco Expressway-E

Method RequestBody

ResponseCode


SIPTLSVerifySubjectName: The certificate holder's name to look for inthe traversal client's X.509 certificate (must be in either the SubjectCommon Name or the Subject Alternative Name attributes).



TCPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a TCP probe to the Expressway once a callis established, in order to keep the firewalls NAT bindings open.Default: 20.

TCPProbeRetryCount: Sets the number of times the traversal client willattempt to send a TCP probe to the Expressway. Default: 5.

TCPProbeRetryInterval: Sets the frequency (in seconds ) with whichthe traversal client will send a TCP probe to the Expressway. Default: 2.

UDPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a UDP probe to the Expressway once a callis established, in order to keep the firewalls NAT bindings open.Default: 20.

UDPProbeRetryCount: Sets the number of times the traversal client willattempt to send a UDP probe to the Expressway. Default:5.

UDPProbeRetryInterval: Sets the frequency (in seconds) with which thetraversal client will send a UDP probe to the Expressway. Default: 2.

}

125


Cisco Expressway-E



POST {



AuthenticationUserName: The username used by theExpressway when connecting to the traversal server.Range: 1 to 1024 characters.

H323H46019DemultiplexingMode: Determines whether theExpressway will operate in demultiplexing mode for callsfrom the traversal client. Default: Off.

H323Mode: Determines whether H.323 calls will be allowedto and from this zone. Default: Off.

H323Port: Specifies the port on the traversal server to beused for H.323 firewall traversal calls from this Expressway.If the traversal server is a Cisco Expressway-E, this must bethe port number that has been configured on the CiscoExpressway-E's Traversal Server zone associated with thisExpressway will be used for H.323 calls to and from thetraversal client.

H323Protocol: Determines which of the two firewalltraversal protocols will be used for H.323 calls to and fromthe traversal client. Default: Assent.



201 {


}

Createstraversalserver zoneand sets itsparameters.

126


Cisco Expressway-E


ResponseBody

Comment










127


Cisco Expressway-E


ResponseBody

Comment




TCPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a TCP probe to the Expressway once acall is established, in order to keep the firewalls NAT bindings open.Default: 20.

TCPProbeRetryCount: Sets the number of times the traversal clientwill attempt to send a TCP probe to the Expressway. Default: 5.

TCPProbeRetryInterval: Sets the frequency (in seconds ) with whichthe traversal client will send a TCP probe to the Expressway. Default:2.

UDPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a UDP probe to the Expressway once acall is established, in order to keep the firewalls NAT bindings open.Default: 20.

UDPProbeRetryCount: Sets the number of times the traversal clientwill attempt to send a UDP probe to the Expressway. Default:5.

UDPProbeRetryInterval: Sets the frequency (in seconds) with whichthe traversal client will send a UDP probe to the Expressway. Default:2.

}

Required: Name, AuthenticationUserName.

128


Cisco Expressway-E



PUT {



AuthenticationUserName: The username used by theExpressway when connecting to the traversal server.Range: 1 to 1024 characters.

H323H46019DemultiplexingMode: Determines whether theExpressway will operate in demultiplexing mode for callsfrom the traversal client. Default: Off.

H323Mode: Determines whether H.323 calls will beallowed to and from this zone. Default: Off.

H323Port: Specifies the port on the traversal server to beused for H.323 firewall traversal calls from thisExpressway. If the traversal server is a Cisco Expressway-E, this must be the port number that has been configuredon the Cisco Expressway-E's Traversal Server zoneassociated with this Expressway will be used for H.323calls to and from the traversal client.

H323Protocol: Determines which of the two firewalltraversal protocols will be used for H.323 calls to and fromthe traversal client. Default: Assent.

HopCount: Specifies the hop count used when sending analias search request to this zone. Note if the searchrequest comes from another zone, and already has a hopcount assigned, the lower of the two values is used.Default: 15. Range: 1 to 255.


NewName: The new name of zone. Range: 1 to 50characters.

200 {


}

Updateszoneconfigurationfor TraversalServer.

129


Cisco Expressway-E


ResponseBody

Comment










130


Cisco Expressway-E


ResponseBody

Comment




TCPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a TCP probe to the Expressway once acall is established, in order to keep the firewalls NAT bindings open.Default: 20.

TCPProbeRetryCount: Sets the number of times the traversal clientwill attempt to send a TCP probe to the Expressway. Default: 5.

TCPProbeRetryInterval: Sets the frequency (in seconds ) with whichthe traversal client will send a TCP probe to the Expressway. Default:2.

UDPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a UDP probe to the Expressway once acall is established, in order to keep the firewalls NAT bindings open.Default: 20.

UDPProbeRetryCount: Sets the number of times the traversal clientwill attempt to send a UDP probe to the Expressway. Default:5.

UDPProbeRetryInterval: Sets the frequency (in seconds) with whichthe traversal client will send a UDP probe to the Expressway. Default:2.

}

Required: Name.

131


Cisco Expressway-E



DELETE {


}

Required: Name.

200 {


}

Deletethetraversalserverzone.

132


Cisco Expressway-E

/edge/zone/unifiedcommunicationstraversal:Create, read, update or delete the unified communications traversal server.

Method RequestBody

ResponseCode


GET None 200 {


AuthenticationMode: Controls how the Expressway authenticatesincoming messages from this zone and whether they are subsequentlytreated as authenticated, unauthenticated, or are rejected. Thebehavior varies for H.323 messages, SIP messages that originate from alocal domain, and SIP messages that originate from non-local domains.Default: Do not check credentials.


HopCount: Specifies the hop count used when sending an alias searchrequest to this zone. Note: If the search request comes from anotherzone, and already has a hop count assigned, the lower of the twovalues is used. Default: 15. Range: 1 to 255.



SIPMultistreamMode: Controls if the Expresswayallows Multistream toand from devices in this zone. Default: On.

SIPParameterPreservationMode: Determines whether the B2BUA in thisnode preserves or rewrites the parameters in SIP requests routed viathis zone. Default: Off.

SIPPoisonMode: Determines whether SIP requests sent out to this zoneare "poisoned" and, if received by the local Expressway again, thenrejected. Default: Off.

Readsthe zonedata.

133


Cisco Expressway-E

Method RequestBody

ResponseCode


SIPPort: The port on this Expressway to use for SIP firewall traversal toand from the traversal client. Note: This must be different from thelistening ports used for incoming TCP, TLS and UDP SIP calls (typically5060 and 5061). Default: 7001. Range: 1024 to 65534.


SIPTLSVerifySubjectName: The certificate holder's name to look for inthe traversal client's X.509 certificate (must be in either the SubjectCommon Name or the Subject Alternative Name attributes). Range 1 to128.


TCPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a TCP probe to the Expressway once a callis established, in order to keep the firewalls NAT bindings open.Default: 20. Range: 1 to 65534.

TCPProbeRetryCount: Sets the number of times the traversal client willattempt to send a TCP probe to the Expressway. Default: 5. Range: 1 to65534.

TCPProbeRetryInterval: Sets the frequency (in seconds) with which thetraversal client will send a TCP probe to the Expressway. Default: 2.Range: 1 to 65534.

UDPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a UDP probe to the Expressway once a callis established, in order to keep the firewalls NAT bindings open.Default: 20. Range: 1 to 65534.

UDPProbeRetryCount: Sets the number of times the traversal client willattempt to send a UDP probe to the Expressway. Default: 5. Range: 1 to65534.

UDPProbeRetryInterval: Sets the frequency (in seconds) with which thetraversal client will send a UDP probe to the Expressway. Default: 2.Range: 1 to 65534.

}

134


Cisco Expressway-E


ResponseBody

Comment

POST {




HopCount: Specifies the hop count used when sending analias search request to this zone. Note: If the search requestcomes from another zone, and already has a hop countassigned, the lower of the two values is used. Default: 15.Range: 1 to 255.


SIPMediaICESupport: Controls how the Expressway supportsICE messages to and from the devices in this zone. Thebehavior depends upon the configuration of the ICE supportsetting on the incoming (ingress) and outgoing (egress) zoneor subzone. When there is a mismatch of settings i.e. On onone side and Off on the other side, the Expressway invokesits back-to-back user agent (B2BUA) to perform ICEnegotiation with the relevant host. When ICE support isenabled, you can also configure the TURN servers to offer asICE candidates, if necessary. Default: Off.

SIPMultistreamMode: Controls if the ExpresswayallowsMultistream to and from devices in this zone. Default: On.

SIPParameterPreservationMode: Determines whether theB2BUA in this node preserves or rewrites the parameters inSIP requests routed via this zone. Default: Off.

201 {


}

Creates unifiedcommunicationstraversal server.

135


Cisco Expressway-E


ResponseBody

Comment

SIPPoisonMode: Determines whether SIP requests sent out to thiszone are "poisoned" and, if received by the local Expressway again,then rejected. Default: Off.

SIPPort: The port on this Expressway to use for SIP firewall traversalto and from the traversal client. Note: This must be different from thelistening ports used for incoming TCP, TLS and UDP SIP calls(typically 5060 and 5061). Default: 7001. Range: 1024 to 65534.


SIPTLSVerifySubjectName: The certificate holder's name to look forin the traversal client's X.509 certificate (must be in either the SubjectCommon Name or the Subject Alternative Name attributes). Range 1to 128.


TCPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a TCP probe to the Expressway once acall is established, in order to keep the firewalls NAT bindings open.Default: 20. Range: 1 to 65534.

TCPProbeRetryCount: Sets the number of times the traversal clientwill attempt to send a TCP probe to the Expressway. Default: 5.Range: 1 to 65534.

TCPProbeRetryInterval: Sets the frequency (in seconds) with whichthe traversal client will send a TCP probe to the Expressway. Default:2. Range: 1 to 65534.

UDPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a UDP probe to the Expressway once acall is established, in order to keep the firewalls NAT bindings open.Default: 20. Range: 1 to 65534.

UDPProbeRetryCount: Sets the number of times the traversal clientwill attempt to send a UDP probe to the Expressway. Default: 5.Range: 1 to 65534.

UDPProbeRetryInterval: Sets the frequency (in seconds) with whichthe traversal client will send a UDP probe to the Expressway. Default:2. Range: 1 to 65534.

}

Required: Name, AuthenticationUserName,SIPTLSVerifySubjectName.

136


Cisco Expressway-E


ResponseBody

Comment

PUT {


AuthenticationMode: Controls how the Expresswayauthenticates incoming messages from this zone and whetherthey are subsequently treated as authenticated,unauthenticated, or are rejected. The behavior varies for H.323messages, SIP messages that originate from a local domain,and SIP messages that originate from non-local domains.Default: Do not check credentials.

AuthenticationUserName: The username used by theExpressway when connecting to the traversal server. Range: 1to 1024 characters.

HopCount: Specifies the hop count used when sending an aliassearch request to this zone. Note: If the search request comesfrom another zone, and already has a hop count assigned, thelower of the two values is used. Default: 15. Range: 1 to 255.


SIPMediaICESupport: Controls how the Expressway supportsICE messages to and from the devices in this zone. Thebehavior depends upon the configuration of the ICE supportsetting on the incoming (ingress) and outgoing (egress) zone orsubzone. When there is a mismatch of settings i.e. On on oneside and Off on the other side, the Expressway invokes its back-to-back user agent (B2BUA) to perform ICE negotiation with therelevant host. When ICE support is enabled, you can alsoconfigure the TURN servers to offer as ICE candidates, ifnecessary. Default: Off.

SIPMultistreamMode: Controls if the ExpresswayallowsMultistream to and from devices in this zone. Default: On.

SIPParameterPreservationMode: Determines whether theB2BUA in this node preserves or rewrites the parameters in SIPrequests routed via this zone. Default: Off.

200 {


}

Updates zoneconfiguration.

137


Cisco Expressway-E


ResponseBody

Comment

SIPPoisonMode: Determines whether SIP requests sent out to thiszone are "poisoned" and, if received by the local Expressway again,then rejected. Default: Off.

SIPPort: The port on this Expressway to use for SIP firewall traversalto and from the traversal client. Note: This must be different from thelistening ports used for incoming TCP, TLS and UDP SIP calls(typically 5060 and 5061). Default: 7001. Range: 1024 to 65534.


SIPTLSVerifySubjectName: The certificate holder's name to look forin the traversal client's X.509 certificate (must be in either the SubjectCommon Name or the Subject Alternative Name attributes). Range 1to 128.


TCPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a TCP probe to the Expressway once acall is established, in order to keep the firewalls NAT bindings open.Default: 20. Range: 1 to 65534.

TCPProbeRetryCount: Sets the number of times the traversal clientwill attempt to send a TCP probe to the Expressway. Default: 5.Range: 1 to 65534.

TCPProbeRetryInterval: Sets the frequency (in seconds) with whichthe traversal client will send a TCP probe to the Expressway. Default:2. Range: 1 to 65534.

UDPProbeKeepAliveInterval: Sets the interval (in seconds) with whichthe traversal client will send a UDP probe to the Expressway once acall is established, in order to keep the firewalls NAT bindings open.Default: 20. Range: 1 to 65534.

UDPProbeRetryCount: Sets the number of times the traversal clientwill attempt to send a UDP probe to the Expressway. Default: 5.Range: 1 to 65534.

UDPProbeRetryInterval: Sets the frequency (in seconds) with whichthe traversal client will send a UDP probe to the Expressway. Default:2. Range: 1 to 65534.

}

Required: Name.

138


Cisco Expressway-E


ResponseBody

Comment

DELETE {


}

Required: Name.

200 {


}

DeletetheUnifiedCMtraversalserverzone. .

139


Cisco Expressway-E

/configuration/allowlist/control:Moebius API Endpoint for HTTPAllowListControl resource.

Method RequestBody

ResponseCode

ResponseBody

Comment

GET None 200 {

methods:

pattern:

}

This is a single record endpoint. Perform a HTTP GET againstthis resource

Method RequestBody

ResponseCode


PUT {

methods:

pattern:

}

200 {


}

Update the singleton control record data. It will alreadybe matched against a valid regular expression for thisfield at this point.

140


/configuration/allowlist/control:

/configuration/allowlist/autopaths:Moebius API endpoint for HTTPAllowListAuto resource.

Method RequestBody

ResponseCode


GET None 200 {

methods: Comma-separated list of the HTTPmethods allowed by this rule. An empty string willconfigure default methods.

pattern:


ports: Ports for which this HTTP allow rule is applied.

protocol: Protocol for which this HTTP allow rule isapplied.

servertype: The type of server for this HTTP allowrule.


}

HTTP Get endpoint logic toretrieve auto generatedHTTP allow list.

141


/configuration/allowlist/autopaths:

/configuration/allowlist/manualpaths:API endpoint for creating, reading, updating or deleting the HTTP allow list records

Method RequestBody

ResponseCode


GET None 200 {


methods: Comma-separated list of the HTTPmethods allowed by this rule. An empty stringwill configure default methods.

pattern:

url: The URL path to allow Mobile and RemoteAccess clients to access the URL from outsideof the enterprise network.

pattern:


}

Read all manually created HTTPallow list rules and modify themso they are consistent.


ResponseBody

Comment

POST {

description: A meaningful description for this rule, to helpyou recognize its purpose.

methods: Comma-separated list of the HTTP methodsallowed by this rule. An empty string will configure defaultmethods.

pattern:

url: The URL path to allow Mobile and Remote Accessclients to access the URL from outside of the enterprisenetwork.


}

200 None Create a newmanual HTTPallow list rule.

142


/configuration/allowlist/manualpaths:



PUT {


methods: Comma-separated list of the HTTPmethods allowed by this rule. An empty stringwill configure default methods.methods.

pattern:

url: URL to allow Mobile and Remote Accessclients access to outside of enterprisenetwork.

pattern:


}

200 {


}

Update record. Mustprovide the uuid and allfields needing to beupdated



DELETE {

description: A meaningful description for this rule, tohelp you recognize its purpose.

methods: Comma-separated list of the HTTP methodsallowed by this rule. An empty string will configuredefault methods.

pattern:


pattern:


}

200 {


}

Deleterecord.

143


/configuration/allowlist/manualpaths:

/optionkey:Read, update or delete option keys.


GET None 200 {

OptionKey: The value of the key.

Status: Current status of the key.

}

Required: OptionKey.

Read the option key available.



POST {

OptionKey: The value ofthe key.

}


200 {


}

Add an optionkey.



DELETE {

OptionKey: The value of theoption key.

}


200 {


}

Delete anoption key.

144


/optionkey:

/restart:Perform a system restart.

Method RequestBody

ResponseCode


POST None 200 {

Message: Success/Failure/Info message for theoperation.

}

Systemrestarts.

145


/restart:

/sysinfo:Get the system information.

Method RequestBody

ResponseCode


GET None 200 {

Product Mode: Mode is either Cisco Telepresence VideoCommunication Server Control/ Cisco Telepresence VideoCommunication Server Expressway/Expressway-C/Expressway-E

Restapi Version: RestApi Component version

Software Version: The software version.

}

Provides softwareversion, REST APIversion, productmode.

146


/sysinfo:

Cisco Legal InformationTHE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGEWITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVEDTO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUSTTAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THEINFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THISREFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOURCISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University ofCalifornia, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved.Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESESUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALLWARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING,USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, ORINCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATAARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEENADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actualaddresses and phone numbers. Any examples, command display output, network topology diagrams, and otherfigures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phonenumbers in illustrative content is unintentional and coincidental.

All printed copies and duplicate soft copies are considered un-Controlled copies and the original on-line versionshould be referred to for latest version.

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Ciscowebsite at www.cisco.com/go/offices.

© 2017 Cisco Systems, Inc. All rights reserved.


147

http://www.cisco.com/go/offices


Cisco TrademarkCisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and othercountries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarksmentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)

148


Cisco Trademark

http://www.cisco.com/go/trademarks

Cisco Expressway REST API Reference Guide (X8.10) · CiscoExpresswayRESTAPI ReferenceGuide...

Documents

Transcript of Cisco Expressway REST API Reference Guide (X8.10) · CiscoExpresswayRESTAPI ReferenceGuide...