What Is RESTCONF Protocol in Networking?
Also known as: RESTCONF protocol, RESTCONF definition, RESTCONF ENCOR, RESTCONF vs NETCONF, network automation RESTCONF
On This Page
Quick Definition
RESTCONF is a way for network engineers to talk to routers and switches using the same kind of web requests that websites use. Instead of logging into a device and typing commands, you send HTTP messages like GET, POST, PUT, and DELETE to change settings. It is built on the YANG data model, which organises all the device settings in a structured way.
Must Know for Exams
RESTCONF is a key topic in the Cisco CCNP Enterprise ENCOR (350-401) exam, which is a core exam for the CCNP Enterprise certification. The exam objectives explicitly include network automation topics, and RESTCONF is listed as one of the protocols candidates need to understand. Specifically, the exam covers YANG data models, RESTCONF operations, and how to use RESTCONF for network configuration and monitoring.
In the exam, questions typically test your understanding of the differences between RESTCONF and NETCONF, the HTTP methods used for CRUD operations, and the data formats supported (JSON and XML). You may also be asked about the relationship between RESTCONF and YANG, including how YANG models define the structure of data that RESTCONF accesses. The exam expects you to know that RESTCONF runs over HTTPS (port 443) and uses HTTP methods like GET, POST, PUT, PATCH, and DELETE.
Additionally, the ENCOR exam includes scenario-based questions where you must choose the correct RESTCONF method or URL to accomplish a specific task. For example, you might be asked what HTTP method to use to retrieve the configuration of an interface, or what URL path to use to update a VLAN configuration. Understanding the base path convention /restconf/data/ is important, as is knowing that the device uses YANG modules defined by the IETF or Cisco.
RESTCONF also appears in the context of Cisco DNA Center and software-defined access (SD-Access) on the exam. You may need to understand how RESTCONF enables programmatic control of network devices in an intent-based network architecture. While the ENCOR exam is the primary place you will see RESTCONF, it may also appear in other Cisco certification exams as automation becomes more integrated into all networking roles.
Simple Meaning
Think of a large hotel that has thousands of rooms, each with its own thermostat, lights, and door locks. In the old way of managing the hotel, a maintenance worker would have to walk to every room, unlock the door, and adjust the thermostat by hand. That is like logging into each network device and typing commands one by one.
RESTCONF is like giving the hotel manager a smartphone app that can control every room at once. Instead of walking to each room, the manager sends a simple request through the app, like "set room 204 temperature to 72 degrees." The app talks to a central system, and that system changes the thermostat in room 204 instantly. RESTCONF does the same thing for network devices. It uses HTTP, which is the same technology behind every website you visit. When you type a URL into your browser, your computer sends an HTTP request to a web server, and the server sends back a web page. RESTCONF works the same way, but instead of sending back a web page, the network device sends back its configuration settings or changes them based on your request.
RESTCONF uses a structured language called YANG to organise all the settings on a router or switch. YANG is like a recipe book that lists every ingredient and step in a clear order. For example, YANG defines exactly how an IP address, a subnet mask, or a routing protocol setting should be stored. RESTCONF then uses this recipe book to make sure the HTTP requests you send match the correct settings. This makes it much easier for beginners to automate network tasks because they do not need to learn dozens of different command-line syntaxes for different devices. They only need to understand HTTP methods and the YANG data model.
Full Technical Definition
RESTCONF is a network management protocol defined by the Internet Engineering Task Force (IETF) in RFC 8040. It provides a RESTful interface for accessing and manipulating configuration data, state data, and operational information on network devices. The protocol uses HTTP methods such as GET, POST, PUT, PATCH, and DELETE to perform Create, Read, Update, and Delete (CRUD) operations on data defined by the YANG data modeling language.
RESTCONF operates on top of HTTP or HTTPS, typically using port 443 for secure communication. It uses URL paths to identify the resources being accessed, with the base path typically following the pattern /restconf/data/ for configuration data and /restconf/operations/ for operational commands. The data is encoded in either XML or JSON format, with JSON being more common in modern implementations due to its simplicity and widespread use in web development.
Under the hood, RESTCONF relies on the YANG data model to define the structure of the configuration data. Every setting on a network device, from interface IP addresses to routing protocol parameters, is defined in a YANG module. When you send a GET request to a specific URL like /restconf/data/interfaces/interface=GigabitEthernet0/1, the device responds with the current configuration for that interface in JSON or XML format. If you send a PUT request with new data, the device updates that interface configuration accordingly.
RESTCONF is closely related to NETCONF, another network management protocol. However, RESTCONF is designed to be simpler and more accessible, especially for web developers and automation engineers. NETCONF uses XML-based Remote Procedure Calls (RPCs) over SSH, while RESTCONF uses standard HTTP methods over HTTPS. This makes RESTCONF easier to integrate with existing automation tools like Ansible, Postman, and programming languages like Python that have built-in HTTP support.
In Cisco implementations, RESTCONF is supported on devices running IOS XE, IOS XR, and NX-OS, starting from specific software releases. For example, Cisco Catalyst 9000 series switches support RESTCONF starting from IOS XE 16.x. The protocol is commonly used in conjunction with YANG data models to automate configuration tasks, perform compliance checks, and collect operational data for monitoring and troubleshooting.
Real-Life Example
Imagine you work in a large office building with hundreds of employee badge access points. In the old system, if an employee needed access to a new floor, the security team had to walk to each door, press some buttons, and manually program the badge reader. That is a lot of walking and time, especially when 50 employees need changes at once.
Now, consider a modern building with a central security server. Each badge reader is connected to this server over the network. The security manager uses a computer application that sends HTTP requests to the server. For example, when a new employee named Sarah joins, the manager creates a new record by sending a POST request to the server with Sarah's name and badge number. When Sarah loses her badge, the manager sends a DELETE request to remove her access. If Sarah gets promoted and needs access to the executive floor, the manager sends a PATCH request to update just her access level. The server then sends the updated permissions to every badge reader in the building. This is exactly how RESTCONF works.
In this analogy, the central security server is the network device (router or switch). The badge readers are the different features or settings on the device. The HTTP requests (GET, POST, PUT, DELETE, PATCH) are the same ones RESTCONF uses to read or change configurations. The structured way the server organises employee data, with fields for name, badge number, and access levels, is like the YANG data model that organises network device settings. Just as the security manager never has to walk to a single door, a network engineer never has to log into a device to change a setting when using RESTCONF.
Why This Term Matters
RESTCONF matters because it simplifies and accelerates network management, which is critical in modern IT environments where networks are growing larger and more complex every day. Traditional network management requires engineers to log into each device individually using SSH or Telnet and type command-line interface (CLI) commands. This is time-consuming and error-prone, especially when you have hundreds or thousands of devices in a data center, campus network, or service provider network.
With RESTCONF, network automation becomes practical and accessible. Engineers can write scripts in Python, use tools like Ansible, or even use simple HTTP clients like curl to manage devices at scale. For example, if you need to change the VLAN configuration on 200 switches, you can write a script that sends the same RESTCONF request to every device, completing the task in seconds instead of hours. This reduces human error because the same configuration is applied consistently across all devices.
RESTCONF also plays a key role in the broader shift toward network automation and intent-based networking. In a modern network, administrators define the desired state of the network using high-level policies, and automation tools use protocols like RESTCONF to translate those policies into device configurations. This approach reduces downtime, improves security by ensuring consistent configurations, and frees network engineers to focus on strategic tasks rather than repetitive manual work.
For cloud infrastructure and data center environments, RESTCONF enables integration with orchestration platforms like Cisco DNA Center, VMware vCenter, and Kubernetes. These platforms can automatically provision network resources as virtual machines or containers are deployed. Without RESTCONF, this level of integration would require custom scripts or manual intervention, slowing down application deployment and increasing operational costs.
How It Appears in Exam Questions
In the ENCOR exam, RESTCONF questions appear in several formats. The most common type is multiple-choice questions that ask you to identify the correct HTTP method for a given operation. For example, a question might ask, "Which HTTP method does RESTCONF use to retrieve the running configuration of a router?" The correct answer is GET. Another might ask, "Which HTTP method is used to create a new VLAN on a switch using RESTCONF?" The answer is POST.
You will also see questions that test your knowledge of RESTCONF URLs. A typical question might present a URL like /restconf/data/interfaces/interface=GigabitEthernet0/1 and ask what resource it refers to. The answer would be the configuration of a specific interface. Another variation might ask what the correct URL is to access all interfaces on a device, with options like /restconf/data/interfaces or /restconf/operations/interfaces.
Scenario-based questions are also common. For example, the exam might describe a situation where a network engineer needs to update the IP address of an interface on 50 switches. The engineer decides to use RESTCONF. The question might ask, "Which combination of HTTP method and URL should the engineer use to update the IP address?" The correct answer would be a PUT or PATCH request to the specific interface URL with the new IP address data in the body.
You may also encounter comparison questions that ask you to distinguish RESTCONF from NETCONF. For instance, a question might state, "What is a key difference between RESTCONF and NETCONF?" The correct answer is that RESTCONF uses HTTP while NETCONF uses SSH and XML-based RPCs. Another comparison point is that RESTCONF uses JSON or XML, while NETCONF is XML-only.
Finally, troubleshooting questions might present a scenario where a RESTCONF request fails and ask you to identify the cause. For example, if a GET request to /restconf/data/interfaces returns a 404 error, the question might ask what is wrong. The answer could be that the device does not support the YANG model for interfaces, or that the URL path is incorrect.
Study encor
Test your understanding with exam-style practice questions.
Example Scenario
AlphaTech, a medium-sized company, has 20 switches in its office network. The network administrator, Priya, needs to add a new VLAN for the marketing department on all 20 switches. In the past, she would have to SSH into each switch, enter configuration mode, and type the same 4 lines of commands 20 times. This would take about 30 minutes and she might make a typo on one switch.
Instead, Priya uses RESTCONF. She writes a small Python script that sends a POST request to each switch. The request goes to the URL /restconf/data/vlan/vlan-list with a JSON body that contains the new VLAN ID and name. The script also uses authentication credentials that she set up on the switches earlier. Within 10 seconds, all 20 switches have the new VLAN configured exactly the same way. Priya verifies by sending GET requests to each switch and checking the response data.
RESTCONF makes this possible because it provides a standard way to programmatically access and modify switch settings. The YANG data model for VLANs defines exactly what fields are needed, like vlan-id and name. Priya does not need to worry about different command syntaxes across switch models because the YANG model is consistent. This scenario shows how RESTCONF saves time, reduces errors, and makes network management more efficient.
Common Mistakes
Thinking RESTCONF uses SSH like NETCONF does.
RESTCONF uses HTTP or HTTPS, not SSH. NETCONF uses SSH for transport, but RESTCONF is designed to be simpler by using standard web protocols.
Remember that RESTCONF is like a website API: it uses HTTP methods and ports 80 or 443. NETCONF is like an old-school terminal session over SSH.
Believing that RESTCONF only supports XML data format.
RESTCONF supports both JSON and XML data encoding. The client can specify which format it prefers using the Accept header in the HTTP request.
Both JSON and XML are valid. In practice, JSON is more common because it is lighter and easier to work with in programming languages like Python.
Confusing the HTTP methods: using GET to change configuration or POST to read data.
GET is only for reading existing data, not for modifying it. POST is for creating new resources. Using the wrong method will result in an error or unintended behavior.
Learn the CRUD mapping: Create uses POST, Read uses GET, Update uses PUT or PATCH, Delete uses DELETE. Think of a library: you GET a book to read it, you POST a new book to add it.
Assuming all network devices support the same YANG models by default.
Different vendors and even different device models from the same vendor support different sets of YANG models. Not all YANG models are available on all devices.
Check the device documentation to confirm which YANG models are supported. Use a GET request to /restconf/data/modules to list available models on a specific device.
Thinking RESTCONF replaces the CLI entirely.
RESTCONF is an alternative interface for automation, but the CLI remains available and is still used for many tasks. RESTCONF is best for programmatic, repeatable operations, not for one-off troubleshooting.
Use RESTCONF for automation, bulk changes, and integration. Use the CLI for interactive troubleshooting, initial setup, and emergency situations where speed is critical.
Exam Trap — Don't Get Fooled
A question asks, "Which port does RESTCONF use by default?" and offers options like 22, 80, 443, and 830. Many learners pick 830 because it is close to the NETCONF port (830) or 22 because they associate SSH with network protocols.
Remember that RESTCONF is based on HTTP. It runs over HTTPS on port 443 by default, or sometimes HTTP on port 80. The port is the same as for web traffic. Associate RESTCONF with web technology, not with SSH or remote terminal sessions.
Commonly Confused With
A REST API is a general concept for any web service that follows REST principles, while RESTCONF is a specific protocol defined by RFC 8040 for network device management. RESTCONF is a type of REST API, but with specific rules about how to structure URLs and what data formats to use.
Think of REST API as the broad category of all smartphone apps, and RESTCONF as a specific app designed only for controlling network switches.
NETCONF is an older network management protocol that uses XML-based Remote Procedure Calls (RPCs) over SSH. RESTCONF is newer and uses HTTP methods over HTTPS. NETCONF is more powerful for advanced operations like locking databases, but RESTCONF is simpler and more web-friendly.
NETCONF is like sending a detailed typed letter through a secure courier, while RESTCONF is like sending a quick text message over the internet. Both deliver the same information, but one is simpler and faster.
SNMP (Simple Network Management Protocol) is an older protocol used primarily for monitoring network devices, not for configuring them. RESTCONF is designed for both reading and writing configuration. SNMP uses a flat data structure (MIB), while RESTCONF uses the hierarchical YANG model.
SNMP is like a security camera that only lets you watch what is happening. RESTCONF is like a remote control that lets you both watch and change the channels.
YANG is a data modeling language that defines the structure of the data, while RESTCONF is a protocol that transports that data. You cannot use RESTCONF without YANG models, but YANG models can be used with other protocols like NETCONF as well.
YANG is the blueprint for a house, showing where the walls and doors go. RESTCONF is the construction crew that uses the blueprint to build the house and make changes to it.
Step-by-Step Breakdown
Client Authentication and Connection Setup
The automation tool or script establishes an HTTPS connection to the network device using its IP address or hostname. The client provides credentials, typically a username and password, using HTTP basic authentication or token-based authentication. This step ensures only authorised users can access the device configuration.
Client Sends an HTTP Request
The client sends an HTTP request to a specific URL on the device. The URL path starts with /restconf/data/ and then follows the hierarchy defined by the YANG model. For example, to read the hostname, the URL might be /restconf/data/Cisco-IOS-XE-native:native/hostname. The request includes an HTTP method (GET, POST, PUT, PATCH, DELETE) and optionally a message body with the data in JSON or XML format.
Device Processes the Request
The network device receives the HTTP request and interprets it based on the URL and the YANG data model. The device checks that the requested resource exists and that the client is authorised. If the request is a GET, the device reads the current configuration from its running datastore. If the request is a PUT or PATCH, the device validates the new data against the YANG model to ensure it is correct before applying it.
Device Sends an HTTP Response
After processing the request, the device sends an HTTP response back to the client. The response includes a status code, such as 200 OK for successful reads, 201 Created for successful resource creation, 204 No Content for successful deletions, or 400 Bad Request if the data is invalid. For GET requests, the response body contains the requested configuration or operational data in JSON or XML format.
Client Interprets the Response
The automation tool or script receives the HTTP response and checks the status code to confirm success or identify errors. If successful, the client may parse the returned data to verify the configuration or use it for further processing. For example, after a GET request, the script might extract the hostname and compare it to a desired value. If an error occurred, the client logs the error and may retry or alert the administrator.
Practical Mini-Lesson
RESTCONF is a protocol that allows you to manage network devices using HTTP requests. To use it in practice, you first need a device that supports RESTCONF, such as a Cisco Catalyst switch running IOS XE. You enable RESTCONF in the device configuration by entering the commands restconf and ip http secure-server (or ip http server for HTTP). After that, you can communicate with the device from any computer on the network.
To test RESTCONF, you can use a tool like curl from a command line. For example, to retrieve the hostname of a switch, you would run:
curl -X GET https://192.168.1.1/restconf/data/Cisco-IOS-XE-native:native/hostname -u admin:password -k
The -k flag ignores SSL certificate errors for testing. The response will be JSON like {"Cisco-IOS-XE-native:hostname": "Switch1"}. To change the hostname, you would use:
curl -X PUT https://192.168.1.1/restconf/data/Cisco-IOS-XE-native:native/hostname -u admin:password -k -H "Content-Type: application/yang-data+json" -d '{"Cisco-IOS-XE-native:hostname": "NewName"}'
In a professional environment, you would write Python scripts using the requests library to perform complex automation tasks. A common pattern is to first authenticate, then send a series of requests to configure multiple devices. For example, you could loop through a list of switch IP addresses and send a POST request to create a new VLAN on each one. Error handling is important: you should check HTTP status codes and retry on failure.
What can go wrong? The most common issues are incorrect URLs, missing YANG modules, authentication failures, and HTTP method misuse. Always verify the exact YANG model names and paths by checking the device documentation. Also, note that changes made via RESTCONF are applied to the running configuration. To save them, you may need to send a request to copy the running config to the startup config, often using a separate RPC operation.
RESTCONF connects to broader IT concepts like Infrastructure as Code (IaC) and DevOps. By using RESTCONF, network configurations become version-controllable code that can be stored in Git, tested in CI/CD pipelines, and deployed automatically. This is the foundation of modern network automation and a key skill for CCNP-level engineers.
Memory Tip
Remember the five HTTP methods with the word CREPUD: Create (POST), Read (GET), Update (PUT), Update alternative (PATCH), Delete (DELETE). Associate REST with web browsing, not terminal commands.
Covered in These Exams
Related Glossary Terms
802.1Q is the networking standard that allows multiple virtual LANs (VLANs) to share a single physical network link by tagging Ethernet frames with VLAN identification information.
802.1X is a network access control standard that authenticates devices before they are allowed to connect to a wired or wireless network.
An A record is a DNS record that maps a domain name to the IPv4 address of the server hosting that domain.
Frequently Asked Questions
Do I need to know programming to use RESTCONF?
Not necessarily. You can test RESTCONF with tools like curl or Postman without writing code. However, for real automation, some scripting knowledge in Python or Ansible is very helpful.
Is RESTCONF faster than using the CLI?
For one-off tasks, the CLI is usually faster. For bulk changes across many devices, RESTCONF is much faster because you can automate the process with scripts.
Does RESTCONF work on all Cisco devices?
No. RESTCONF is supported on newer platforms running IOS XE, IOS XR, and NX-OS. Check your device software version and documentation to confirm support.
What is the difference between RESTCONF and NETCONF in terms of security?
Both support encryption. NETCONF uses SSH, while RESTCONF uses HTTPS (TLS). Both are secure when properly configured with strong authentication and certificates.
Can I use RESTCONF to monitor network devices?
Yes. You can use GET requests to retrieve operational data like interface statistics, routing tables, and CPU usage. It is a viable option for monitoring alongside SNMP.
What happens if I send a PUT request to a URL that does not exist?
The device will return an HTTP 404 Not Found error. You should verify the correct URL path using the device documentation or by exploring the YANG model tree.
Is RESTCONF replacing the CLI in Cisco certifications?
Not yet, but it is becoming more important. The ENCOR exam tests both CLI and automation protocols. Understanding both is essential for passing the exam and working in modern networks.
Summary
RESTCONF is a modern network management protocol that uses standard HTTP methods to read and change configurations on network devices. It relies on YANG data models to organise the configuration data in a structured, predictable way. For beginners preparing for the Cisco ENCOR exam, understanding RESTCONF means knowing the five HTTP methods, the base URL structure starting with /restconf/data/, and the two supported data formats (JSON and XML).
This protocol is a cornerstone of network automation, enabling engineers to manage hundreds of devices with scripts and tools rather than manual CLI commands. In the exam, expect questions that test your ability to choose the correct HTTP method for a task, identify the proper URL path, and distinguish RESTCONF from NETCONF and SNMP. Mastering RESTCONF not only helps you pass the certification but also prepares you for real-world network automation roles where efficiency and consistency are critical.