Critical-risk tools in API-Central
17 of the 175 tools in API-Central are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
delete_aaa_profileDestructiveDelete an AAA profile by name.
-
delete_auth_profileDestructiveDelete a Central NAC authentication profile by UUID.
-
delete_auth_serverDestructiveDelete a RADIUS/auth server profile by name.
-
delete_authz_policyDestructiveDelete a CNAC authz policy by ID.
-
delete_config_assignmentDestructiveUnassign a profile from a device function at a scope (required before delete_role).
-
delete_device_groupsDestructiveBulk-delete device groups by scope ID list.
-
delete_gw_policyDestructiveDelete a GW security policy by name.
-
delete_mac_registrationDestructiveDelete a MAC registration by ID.
-
delete_mpsk_registrationDestructiveDelete a Named MPSK registration by ID.
-
delete_overlay_ssidDestructiveDelete an overlay (tunneled/GRE) WLAN profile. Must precede underlay SSID deletion.
-
delete_roleDestructiveDelete a wireless/gateway role by name.
-
delete_role_aclDestructiveDelete a role ACL policy by name. Must precede delete_role.
-
delete_static_tagDestructiveDelete a static classification tag by UUID.
-
delete_underlay_ssidDestructiveDelete an underlay SSID and its scope-map.
-
delete_visitorDestructiveDelete a visitor account by ID.
-
delete_webhookDestructiveDelete a webhook by ID.
-
glp_archive_deviceDestructiveArchive a device in GLP (removes from Central, keeps in GLP inventory).
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.