# Cisco meraki SureCloud connects to the Cisco Meraki Dashboard API to retrieve network device inventory, security appliance configuration, firewall rule status, and client connection data. This allows SureCloud to verify that Meraki network devices are online and correctly configured, that firewall and content filtering policies are active, and that the network estate is accounted for in your asset inventory. ## Authentication and setup The Meraki Dashboard API authenticates requests using an API key. SureCloud uses a read-only API key associated with a Meraki Dashboard administrator account. {% stepper %} {% step %} ### Enable API access in Meraki Log in to the Meraki Dashboard at [dashboard.meraki.com](https://dashboard.meraki.com/) with an Organisation Administrator account. Navigate to **Organisation → Settings** and confirm **Dashboard API access** is enabled. Click **Save**. {% endstep %} {% step %} ### Generate an API key Navigate to your profile by clicking your username in the top right. Select **My Profile** and scroll to **API access**. Click **Generate new API key**. Copy the key — it is only shown once. {% endstep %} {% step %} ### Enter the API key in SureCloud Navigate to **SureCloud → Integrations → Cisco Meraki → Connect**. Paste the API key and click **Save**. Click **Test Connection** to confirm access. {% endstep %} {% endstepper %} {% hint style="warning" %} Store the API key securely — it is only shown once at generation. SureCloud encrypts it at rest, but treat it as a sensitive credential. Revoke and regenerate the key every 90 days in **Meraki Dashboard → My Profile → API access** and update it in **SureCloud → Integrations → Cisco Meraki → Edit Connection**. {% endhint %} ## Endpoints | API Call | Use Case | | --------------------------------------------------------------------- | -------------------------------------------------------------------- | | `GET /api/v1/organizations` | Enumerate organisations accessible to the API key | | `GET /api/v1/organizations/{orgId}/devices` | List all network devices across the organisation | | `GET /api/v1/organizations/{orgId}/networks` | Enumerate networks and their configuration | | `GET /api/v1/networks/{networkId}/appliance/firewall/l3FirewallRules` | Retrieve Layer 3 firewall rules for network security policy evidence | | `GET /api/v1/networks/{networkId}/appliance/contentFiltering` | Retrieve content filtering configuration | | `GET /api/v1/organizations/{orgId}/admins` | Enumerate organisation administrators and their roles | | `GET /api/v1/organizations/{orgId}/configurationChanges` | Retrieve configuration change history for audit evidence | ## Pagination `GET /api/v1/organizations/{orgId}/devices` and `GET /api/v1/organizations/{orgId}/configurationChanges` use Link header pagination. SureCloud follows the `rel="next"` link from each response until no `next` link is present. ``` Link: ; rel="next" ``` ## Required permissions SureCloud requires a Meraki Dashboard API key for an account with at minimum **Organisation Read** access. This provides: * Read access to device inventory * Read access to network configuration * Read access to firewall and security appliance policies * Read access to configuration change history No write, configure, or claim permissions are required. ## Polling frequency | Data Type | Interval | | ---------------------------------- | -------------- | | Device inventory and online status | Every 24 hours | | Network and firewall configuration | Every 24 hours | | Organisation administrators | Every 24 hours | | Configuration change history | Every 6 hours | ## Troubleshooting
Connection test returns 401 Unauthorized The API key is invalid or has been revoked. Navigate to **Meraki Dashboard → My Profile → API access**, revoke the existing key, and generate a new one. Update it in **SureCloud → Integrations → Cisco Meraki → Edit Connection**.
Some networks or devices are missing from SureCloud The API key account must have access to all organisations and networks you want SureCloud to collect. If the account is scoped to a sub-set of networks via network admin access, devices in inaccessible networks will not appear. Confirm the account has Organisation Administrator access in **Meraki → Organisation → Administrators**.
Firewall rule endpoint returns empty for some networks Firewall rules are only available on networks with a Meraki MX security appliance. Networks without an MX device (e.g. switch-only or wireless-only networks) will return empty firewall rule lists. This is expected behaviour.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://surecloud.gitbook.io/surecloud-docs/integrations/ccm-and-evidence-collection-integrations/cisco-meraki.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.