Skip to content

Batch 802.1x status retrieval

Permissions

The public_api privilege is required to use this feature.

This guide outlines the steps involved in retrieving 802.1x authentication status for multiple devices, using the API. For demonstration purposes, we'll present a script that retrieves the status for all devices in the network and outputs the results as a CSV list of hostnames and their corresponding 802.1x status.

Prerequisites

  • An account with API access (public_api privilege) and access to the 'Check 802.1x' or '802.1x status' intent (this may require a user with the 'administrator' role or similar)
  • Tenant token (see Obtaining a tenant token)
  • For the purposes of this guide: cURL and jq for JSON processing

To check whether the API account has the required privileges, you can use the /api/intent endpoint to retrieve a list of available intents and see if the resulting list includes an intent with the dot1x_status tag.

curl "https://app.zem.com/api/intent" \
     -H 'X-Tenant: YOUR_TENANT_TOKEN' \
     -u 'username:password' | jq -r '.[] | select(.tag == "dot1x_status")'

Retrieving all devices

Get a list of all devices using the /api/device endpoint:

curl "https://app.zem.com/api/device" \
     -H 'X-Tenant: YOUR_TENANT_TOKEN' \
     -u 'username:password'

Each item in the response includes id and hostname fields, which we will use in the script.

Querying 802.1x status for a device

Query 802.1x status using the dot1x_status intent with a POST request to /api/intent/dot1x_status/fire, providing the device ID as targetId.

Make sure to include the additionalPayload field with {"json": true} to get a JSON response.

$DEVICE_ID=1

curl -X POST "https://app.zem.com/api/intent/dot1x_status/fire" \
     -H 'X-Tenant: YOUR_TENANT_TOKEN' \
     -H 'Content-Type: application/json' \
     -u 'username:password' \
     -d "{\"targetId\": $DEVICE_ID, \"additionalPayload\": {\"json\": true}}"

Response includes status, authMethod, username, and message. Example:

{
  "status": "AUTHENTICATED",
  "authMethod": "EAP-TLS",
  "username": "user1",
  "message": null
}

Bash script example

#!/bin/bash

BASE_URL="https://app.zem.com"
TENANT_TOKEN="YOUR_TENANT_TOKEN"
USERNAME="username"
PASSWORD="password"

get_devices() {
  curl -s "${BASE_URL}/api/device" \
       -H "X-Tenant: ${TENANT_TOKEN}" \
       -u "${USERNAME}:${PASSWORD}"
}

get_dot1x_status() {
  curl -s -X POST "${BASE_URL}/api/intent/dot1x_status/fire" \
       -H "X-Tenant: ${TENANT_TOKEN}" \
       -H 'Content-Type: application/json' \
       -u "${USERNAME}:${PASSWORD}" \
       -d "{\"targetId\": $1, \"additionalPayload\": {\"json\": true}}"
}

echo "hostname,status"
get_devices | jq -r '.[] | "\(.hostname),\(.id)"' | while IFS=, read -r hostname device_id; do
  response=$(get_dot1x_status "$device_id")
  status=$(echo "$response" | jq -r '.status // "UNKNOWN"')
  echo "${hostname},${status}"
done