Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term RESTCONF

Training Camp • Cybersecurity Glossary

What is RESTCONF?

An HTTP-based protocol (RFC 8040) for configuring and monitoring network devices via REST and YANG data models, a programmable alternative to CLI.

Glossary > Network Security > RESTCONF

Understanding RESTCONF

RESTCONF is an HTTP-based protocol, standardized in RFC 8040, for configuring and monitoring network devices using REST principles and YANG data models. It lets administrators and automation tools manage device configuration and operational state through familiar HTTP methods, offering a programmable, web-friendly alternative to manual CLI and SNMP.

RESTCONF maps CRUD operations onto HTTP verbs: GET to read configuration or state, POST to create resources, PUT and PATCH to modify them, and DELETE to remove them. Data is encoded as JSON or XML and structured according to YANG models, the same models used by NETCONF, so resources are addressed as hierarchical URIs under a /restconf root. It runs over HTTPS, separates configuration data from operational state, and integrates cleanly with REST tooling and CI/CD pipelines, making it central to network programmability and intent-based automation alongside NETCONF.

This matters for security in two ways. First, RESTCONF must be secured: because it exposes full device configuration over HTTP, it requires TLS, strong authentication (such as token or certificate-based auth), and role-based access control, an unsecured or poorly authenticated endpoint is a high-value target for attackers. Second, as a tool, it improves security by enabling consistent, auditable, automated configuration that reduces error-prone manual changes and configuration drift, and supports rapid, repeatable enforcement of secure baselines across many devices.

For example, a network automation pipeline uses RESTCONF over HTTPS to push a standardized ACL and SNMPv3 configuration to dozens of routers. The tool sends an authenticated PATCH request with a JSON payload conforming to the device's YANG model; each router applies the change and returns an HTTP status confirming success. The same interface is then used with GET requests to verify the running configuration matches the intended secure baseline, all logged for audit.

Learn More About RESTCONF:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →