rConfig V8 REST API Overview

rConfig V8 REST API Overview

The rConfig V8 REST API provides comprehensive programmatic access to all core network configuration management functionality. Built on modern RESTful principles, the API enables organizations to integrate rConfig with existing tools, automate operations, build custom interfaces, and create sophisticated workflows extending beyond the web interface.

Organizations can leverage the REST API to automate device management, retrieve configuration data, trigger compliance checks, manage users and permissions, and synchronize data with external systems—all using standard HTTP methods and JSON payloads accessible from any programming language or automation platform. Pair REST-driven automations with Custom Commands and Custom Workflows to orchestrate advanced multi-system solutions.

Tip

The REST API is available in rConfig V8 Professional and Enterprise licenses. API access requires valid authentication tokens with appropriate permissions. Review the Developer Notice for security requirements and best practices before implementing API integrations.

API Capabilities

The REST API provides programmatic access to rConfig’s complete feature set:

Device management: Create, read, update, and delete devices in inventory. Manage device properties including hostnames, IP addresses, vendors, models, credentials, tags, and custom attributes. Bulk operations enable efficient management of large device populations.

Configuration retrieval: Download device configurations programmatically. Access current configurations, historical versions, and configuration diffs. Retrieve configurations in multiple formats for integration with version control systems or analysis tools.

Credential management: Manage device credentials including passwords, SSH keys, SNMP community strings, and enable passwords. Secure credential storage and retrieval through encrypted API endpoints.

Compliance operations: Define policies, assign policies to devices, trigger compliance checks, and retrieve compliance results. Build custom compliance workflows and integrate compliance data with external reporting systems.

Task management: Create, schedule, and monitor configuration download tasks and compliance checks. Query task execution history and results. Trigger on-demand operations programmatically.

User and role management: Manage user accounts, assign roles, configure permissions, and audit user activity. Integrate rConfig user management with external identity systems.

Reporting and analytics: Query system metrics, device statistics, configuration change history, and compliance trends. Extract data for custom dashboards and business intelligence platforms.

System configuration: Manage system settings, backup configurations, and integration parameters programmatically for infrastructure-as-code deployments.

Tip

You can review all available endpoints, request/response formats, and authentication details in the complete API documentation accessible within the rConfig interface. You may also visit https://v8demo.rconfig.com/settings/restapi-docs/get-started for a live demo instance with API documentation.

Authentication

API authentication uses bearer tokens providing secure, stateless authentication suitable for automated integrations:

Token generation: Generate API tokens through the rConfig web interface under Settings → REST API. Each token inherits the permissions of the user account that created it, ensuring role-based access control applies to API operations.

Token security: Treat API tokens as sensitive credentials equivalent to passwords. Store tokens securely using secrets management systems (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) rather than hardcoding in scripts or version control. Rotate tokens regularly according to security policies.

Token usage: Include tokens in the Authorization header of all API requests using the bearer authentication scheme:

Authorization: Bearer YOUR_API_TOKEN

Token revocation: Revoke compromised or unused tokens immediately through the REST API settings interface. Revocation takes effect immediately, terminating access for all integrations using that token.

Token permissions: API tokens inherit the role and permissions of the creating user. Ensure user accounts used for API access have least-privilege permissions appropriate for intended operations. Create dedicated service accounts for API integrations rather than using personal user accounts.

Caution

Security Critical: API tokens provide full access equivalent to interactive login. Never commit tokens to version control, share tokens between integrations, or expose tokens in logs or error messages. Implement token rotation and auditing for production integrations.

API Versioning

The rConfig API implements versioning ensuring backward compatibility as the API evolves:

Current version: The current API version is a mix of v1 and v2, accessible at base URL:

https://your-rconfig-server.com/api/v1/

Version strategy: Major version increments (v1 to v2) indicate breaking changes requiring integration updates. Minor updates within versions maintain backward compatibility. Organizations can continue using older API versions during migration periods.

Version specification: Specify API version in the request URL path. All endpoints use version prefix (/api/v1/devices, /api/v1/policies, etc.). Version is mandatory in all requests.

Deprecation policy: When introducing breaking changes requiring new API versions, rConfig provides advance notice and migration documentation. Deprecated versions remain available for minimum 12 months after successor version release, allowing planned migration.

Version documentation: Each API version maintains separate complete documentation detailing endpoints, request/response formats, and behavioral differences from other versions.

API Design Principles

The rConfig REST API follows industry-standard RESTful design patterns:

Resource-oriented: API exposes resources (devices, configurations, policies) as URLs. HTTP methods define operations on resources (GET retrieves, POST creates, PUT/PATCH updates, DELETE removes).

Stateless operations: Each API request contains all information necessary for processing. No session state maintained on server. Enables horizontal scaling and simplifies client implementation.

Standard HTTP methods: GET for retrieval, POST for creation, PUT/PATCH for updates, DELETE for removal. Idempotent operations (GET, PUT, DELETE) produce same result regardless of repetition count.

JSON payloads: Request and response bodies use JSON format. All endpoints accept Content-Type: application/json and return JSON responses. JSON provides universal language support and human readability.

HTTP status codes: Standard HTTP status codes indicate operation results (200 success, 201 created, 400 bad request, 401 unauthorized, 404 not found, 500 server error). Consistent status codes simplify error handling.

Pagination: List operations return paginated results for performance. Pagination parameters control page size and navigation. Response metadata includes total counts and navigation links.

Filtering and sorting: List endpoints support query parameters for filtering (by tags, vendors, status) and sorting results. Reduces data transfer and client-side processing requirements.

Rate limiting: API implements rate limiting preventing abuse and ensuring fair resource allocation. Rate limits are per-token and enforce reasonable usage patterns. Response headers indicate current rate limit status.

Common Integration Patterns

Organizations implement the REST API for diverse integration scenarios:

CI/CD Integration

Integrate rConfig with continuous integration/continuous deployment pipelines for network-as-code workflows. Validate configuration changes in pre-production, automatically download configurations after deployments, trigger compliance checks verifying changes meet policies, and rollback configurations if validation fails.

Custom Dashboards

Build custom visualization and reporting interfaces displaying rConfig data. Create executive dashboards with compliance KPIs, network operations centers with real-time device status, and security operations centers with configuration drift detection.

CMDB Synchronization

Synchronize rConfig device inventory with Configuration Management Databases (ServiceNow, Device42, NetBox). Maintain bidirectional synchronization ensuring device data consistency. Trigger configuration backups when CMDB records change.

Security Auditing

Programmatically retrieve configurations for security analysis. Feed configurations to security scanning tools, detect configuration drift from security baselines, alert on introduction of insecure configurations, and generate audit reports demonstrating compliance.

ChatOps Integration

Integrate rConfig with collaboration platforms (Slack, Microsoft Teams) enabling network operations through chat interfaces. Query device information, trigger configuration downloads, review compliance status, and receive alerts—all without leaving chat applications.

Automated Remediation

Build closed-loop automation triggering remediation when compliance violations detected. API enables retrieving compliance results, identifying violating devices, executing remediation scripts, and validating remediation success.

Multi-Tenant Management

MSPs managing multiple customer environments use API to aggregate data across rConfig instances. Build unified portals displaying all customers, automate customer provisioning, and generate consolidated reporting.

Getting Started

Begin API integration following this approach:

Step 1: Review documentation: Access comprehensive API documentation at Settings → REST API → API Documentation in rConfig web interface. Documentation includes endpoint listings, request/response examples, and authentication details.

Step 2: Generate API token: Navigate to Settings → REST API and generate authentication token. Securely store token in secrets management system. Note token permissions match your user account role.

Step 3: Test basic requests: Start with simple GET requests retrieving device lists or system information. Verify authentication works correctly and responses match documentation. Use tools like curl, Postman, or Insomnia for manual testing.

Step 4: Implement error handling: Build robust error handling for HTTP status codes and API error responses. Implement retry logic for transient failures. Log errors with sufficient context for troubleshooting.

Step 5: Develop incrementally: Begin with read-only operations before implementing write operations. Test thoroughly in non-production environments. Validate integrations with small data sets before scaling to production volumes.

Step 6: Monitor and optimize: Instrument API integrations with logging and metrics. Monitor response times, error rates, and rate limit consumption. Optimize request patterns reducing unnecessary API calls.

API Documentation Access

Complete API documentation is available within the rConfig interface:

Location: Settings → REST API → API Documentation

Documentation includes:

• Complete endpoint reference with URLs, methods, and parameters
• Request and response schemas with example payloads
• Authentication requirements and header specifications
• Pagination, filtering, and sorting capabilities
• Rate limiting policies and headers
• Error response formats and troubleshooting guidance
• Code examples in multiple programming languages
• Interactive API explorer for testing requests

Interactive testing: Documentation includes interactive API explorer enabling immediate testing of endpoints without writing code. Input parameters, execute requests, and view responses in real-time.

OpenAPI specification: API documentation follows OpenAPI (Swagger) specification, enabling automatic client library generation for multiple programming languages and integration with API management platforms.

Note

API documentation is version-specific. Ensure you reference documentation matching the API version used in your integrations. Documentation URL is (/settings/restapi-docs/get-started).

Best Practices

Security

Secure token storage: Never hardcode API tokens in source code or configuration files committed to version control. Use environment variables or secrets management systems. Rotate tokens quarterly or after personnel changes.

Use dedicated service accounts: Create dedicated user accounts specifically for API integrations rather than using personal accounts. Assign least-privilege roles providing minimum permissions necessary. Simplifies auditing and revocation.

Implement TLS: Always use HTTPS (TLS) for API requests protecting tokens and data in transit. Never use HTTP for production integrations. Verify TLS certificate validity preventing man-in-the-middle attacks.

Rate limit awareness: Respect API rate limits avoiding throttling or blocking. Implement exponential backoff when encountering rate limit errors. Cache data locally reducing redundant API calls.

Audit API usage: Log all API operations including who executed, when, what resources accessed, and outcomes. Review logs regularly detecting unusual patterns indicating compromise or misuse.

Reliability

Implement retry logic: Network failures and transient errors are inevitable. Implement exponential backoff retry for failed requests. Distinguish between retryable errors (500, 503) and non-retryable errors (400, 401, 404).

Handle pagination: Don’t assume all data fits in single response. Implement pagination handling for list operations. Use response metadata determining when additional pages exist.

Validate responses: Verify response structure matches expectations before processing. Handle missing or null fields gracefully. Log unexpected response formats for investigation.

Set appropriate timeouts: Configure reasonable request timeouts (30-60 seconds) preventing indefinite hangs. Longer timeouts appropriate for operations known to be slow (large configuration downloads, bulk operations).

Monitor integration health: Implement health checks and monitoring for API integrations. Alert on elevated error rates, increased latency, or integration failures. Include API integration status in overall system monitoring.

Performance

Batch operations: When performing multiple operations, use batch endpoints where available rather than individual requests. Reduces network overhead and improves throughput.

Request only needed data: Use field selection parameters limiting response payload to required fields. Reduces data transfer, parsing overhead, and response time.

Implement caching: Cache API responses when data doesn’t change frequently. Use ETags or Last-Modified headers implementing conditional requests reducing unnecessary data transfer.

Parallelize when appropriate: Use concurrent requests for independent operations improving overall throughput. Respect rate limits when parallelizing avoiding throttling.

Avoid polling: Instead of continuously polling for status updates, use webhooks (when available) for event-driven updates. If polling necessary, implement reasonable intervals (minutes, not seconds).

Support and Resources

Getting Help

API documentation: Primary reference for endpoint specifications, examples, and troubleshooting available in rConfig interface.

Community forums: rConfig community provides support for API integration questions, sharing solutions, and discussing best practices.

Professional services: For complex integrations, custom API development, or architecture guidance, engage rConfig Professional Services at [email protected].

Bug reports: Report API bugs or documentation issues through rConfig support portal including reproduction steps and request/response examples.

Additional Resources

Example integrations: Sample code and reference implementations available in rConfig GitHub repositories demonstrating common integration patterns.

API changelog: Review API changelog documenting additions, changes, and deprecations in each release. Plan integration updates around API evolution.

Postman collection: Import pre-configured Postman collection containing example requests for all endpoints. Accelerates API exploration and testing.

SDKs and libraries: Community-contributed client libraries for popular languages (Python, JavaScript, Go) simplify API integration with native language constructs.

Related Documentation

• Developer Notice - Security requirements and best practices for custom development
• Script Integration Engine - Executing custom scripts with device parameters (Coming soon)
• Custom Commands - Building custom Artisan commands (Coming soon)
• System Encryption Key - Protecting API tokens and credentials
• User Management - Creating service accounts for API access
• Roles and Permissions - Understanding API permission inheritance

Summary

The rConfig V8 REST API provides comprehensive programmatic access to network configuration management functionality, enabling organizations to build sophisticated integrations, automate operations, and create custom workflows. The API’s RESTful design, secure token-based authentication, and complete documentation make integration accessible while maintaining enterprise-grade security and reliability.

Key takeaways for API integration:

• Authentication uses bearer tokens inheriting permissions from user accounts—treat tokens as sensitive credentials
• API follows RESTful principles using standard HTTP methods, JSON payloads, and status codes for universal compatibility
• Comprehensive documentation available in rConfig interface includes interactive testing and code examples
• Versioning ensures stability allowing integrations to continue functioning as API evolves
• Follow security best practices including secure token storage, TLS usage, and dedicated service accounts

The REST API unlocks rConfig’s full potential for organizations requiring programmatic access, enabling network-as-code workflows, custom automation, and deep integration with existing operational ecosystems. For detailed endpoint specifications, authentication procedures, and implementation examples, access the complete API documentation within your rConfig installation.