Skip to main content

Cisco Umbrella APIs wrapper and command-line utility

Project description

Documentation Status
Travis Build Status Requirements Status
Appveyor Build Status coveralls
Codacy Code Quality Status Maintainability
Supported versions Supported implementation
Development status PyPI Package License
GitHub tag GitHub issues

umbr_api is Cisco Umbrella APIs wrapper and a command-line utility.

Cisco Umbrella uses the internet’s DNS infrastructure to block malicious destinations before a connection is ever established. By delivering security from the cloud, not only do you save money, but we also provide more effective security.

umbr_api supports Enforcement API, Reporting API, and Management API with limitations. With help of umbr_api you can add new sites and URLs to the black list, remove or show current entries, quickly check the latest security events, or check the status of registered computers or networks.

Using of command line tools, like umbr_api can immediately provide information to administrators of the system without myriads of clicks through GUI interfaces, two-factor authentications, etc.


Created mostly for educational purposes.


To install from a local folder execute at the ‘umbr_api’ root directory:

pip3 install -e .

To install extra requirements from a local folder execute at the ‘umbr_api’ root directory:

pip3 install -e .[dev]
pip3 install -e .[doc]
pip3 install -e .[dev_lint]

To install from production execute:

pip3 install umbr_api

To install from GitHub:

pip3 install git+

To install from local archive:

pip3 install filename.tar.gz

Please note, that you still need register and activate API key from Cisco to enable functionality.

Use of command-line utility

main() in registered as umbrella executable. So, you can run it directly.


umbrella add
umbrella add --force
umbrella del
umbrella del 555XXXXX --key YOUR-CUSTOMER-KEY-IS-HERE-0123456789
umbrella get 100
umbrella get --key YOUR-CUSTOMER-KEY-IS-HERE-0123456789

Use API wrapper

You need to import particular functions or modules from umbr_api. For example:

from umbr_api import get

from umbr_api.add import add
add(domain='', url='', key='YOUR-CUSTOMER-KEY-IS-HERE-0123456789')
There three main functions:
  • umbr_api.get.get_list
  • umbr_api.add.add
  • umbr_api.remove.remove

The API key should be specified via CLI, if not functions try to read it from enforcement.json within package data\ folder.

API key

How to obtain API key

You can sign up for 14 day free trial here:

How to use API key

  1. Provide as an argument for command-line utility
umbrella del --key YOUR-CUSTOMER-KEY-IS-HERE-0123456789
  1. Provide it as part of a program call
from umbr_api.get import get_list
response = get_list(key='YOUR-CUSTOMER-KEY-IS-HERE-0123456789')

3. Create data/enforcement.json file within umbr_api package directory. This is an unsecured and unsupported way because of keeping key in clear text format. To find package directory:

import os
import umbr_api

4. API key can be read from a keyring for command-line execution. To save API key you can use:

umbrella keyring --add YOUR-CUSTOMER-KEY-IS-HERE-0123456789
umbrella keyring --show


  • Only MacOS platform is tested for keyrings
  • By default all python apps can read the value of the key from a keyring
  • umbrella will try to use --key firstly, then keychain, and finally data/enforcement.json file within umbr_api package directory.

Supported methods

Enforcement API

  1. Add (POST)
  2. Get (GET)
  3. Remove (DELETE)

Management API

  1. Networks (GET)
  2. Roaming Computers (GET)
  3. Internal Networks (GET)
  4. Virtual Appliances (GET)
  5. Sites (GET)
  6. Users (GET)
  7. Roles (GET)

Reporting API

  1. Security Activity Report (GET)
  2. Destinations: Top Identities (GET)
  3. Destinations: Most recent requests (GET)


  1. Lack of documentation
  2. You heed to have an Umbrella subscription or active evaluation
  3. Storing API key within json file is not secure
  4. Asserts will be removed with compiling to optimized byte code. This caused various protections to be removed.
  5. Other methods for change or delete entities are not supported and no plans to do that


Documentation pages based on README.rst file and docstrings. Created for educational purposes.


A symbolic link README.rst –> docs/README.rst was used to create ToC in Sphinx, which doesn’t support relative paths for ToC.

Contribution guidelines

Who do I talk to

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for umbr-api, version 1.0.0
Filename, size File type Python version Upload date Hashes
Filename, size umbr_api-1.0.0.tar.gz (20.0 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page