NAC web service interface

Sophos Mobile offers a RESTful web service to retrieve a list of the devices for a customer and their network access status.

For security reasons, the service only supports HTTPS access. Communication is encrypted with the same SSL/TLS certificate that is used for the Sophos Mobile web console and Self Service Portal.

Basically, you need to implement the following workflow in your third-party NAC system to retrieve the network access status of mobile devices from the web service:
  1. Perform a POST /rs/login request, sending the credentials (that is customer name, login name, password) of a Sophos Mobile administrator account.

    The service returns a session authentication token that is required to access the web service resources.

  2. Perform a GET /rs/nac/mac request.

    The service returns the MAC addresses of all devices for the customer, divided into devices with network access status Allow and Deny.

  3. Optionally, perform a GET /rs/nac/denieduser request.

    The service returns a list of users that are assigned one or more devices with network access status Denied.

  4. When you are finished, perform a POST /rs/logout request to log out from Sophos Mobile.

Note The session authentication token expires after 60 seconds of inactivity.