Secure Programmable Router API (0.3.0)
Download OpenAPI specification:Download
The API service exists for communication between service containers and to support external requests from the web front end or CLI tools.
The internal APIs run over unix sockets and rely on filesystem namespaces for authentication.
Currently there are four internal APIs:
- Support for the wifid service accepting stations
- Support for dynamic networking configuration with DHCP
- Wireguard
- DHCP Tiny Subnets
The external API runs over port :80 or can optionally be configured to run over SSL on port :443.
Configuration
On the device, the following files contain credentials for access.
config/auth/auth_users.jsonis a JSON file with a dictionary for username, password pairsconfigs/auth/auth_tokens.jsonis a JSON file with a list of authentication tokensconfigs/auth/otp_settings.jsonis a JSON file with OTP user configuration.
OTP Notes
- Certain privileged operations require a valid OTP JWT. The OTP code is there to provide additional security hardening.
- A user can also require OTP codes for all operations.
- The default period is 1 hour for the JWT and can be customized
basicAuth
The API supports Basic Authentication based on the auth_users file, using the Basic Schema.
To implement this, a client should include an "Authorization: Basic" header with the credentials formatted as base64(username:password). For a javascript example, see the frontend's Api.js.
basicbearerAuth
The API also supports Bearer Tokens, based on the auth_tokens file.
To implement this, a client should include an "Authorization: Bearer" token. See Swagger's page for more examples.
bearerAPI extensions operate through a reverse proxy into a unix socket. They allow for hosting extensions to the API on the same web origin while running in a different process or container.
Extensions are configured in configs/base/api.json
This example shows the mapping of unix://state/dns/dns_block_plugin to http://APIHOST/plugins/dns/block/
{
"Plugins" : [{
"Name": "dns block extension",
"URI": "dns/block",
"UnixPath": "/state/dns/dns_block_plugin"
}]
}
See the API documentation for plugins here
Get Devices
Returns a map of registered devices, indexed by MAC address
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/devices"
Response samples
- 200
{- "11:22:33:44:55:61": {
- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Policies": [
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras",
- "tvs"
], - "DeviceTags": [
- "private"
]
}, - "11:22:33:44:55:62": {
- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Policies": [
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras",
- "tvs"
], - "DeviceTags": [
- "private"
]
}
}Get Device including PSK
Get a Device specified by the MAC address in the identity parameter. Requires OTP Code
Authorizations:
path Parameters
| identity required | string Example: 11:22:33:44:55:61 MAC address |
Responses
Request samples
- CLI
curl -u "admin:pass" -X DELETE -H "X-JWT-OTP:..." \ "http://192.168.2.1/device?identity=11:22:33:44:55:66"
Response samples
- 200
{- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Policies": [
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras",
- "tvs"
], - "DeviceTags": [
- "private"
]
}Update Device
Update information specified by the MAC address in the identity parameter. All fields are optional. If a PSKEntry.PskType is set and a PSKEntry.Psk is not set, one will be generated and returned. To create a wildcard PSK for adding a new device, use the string "pending" for the identity.
Authorizations:
path Parameters
| identity required | string Example: 11:22:33:44:55:61 MAC address |
Request Body schema: application/jsonrequired
Device object
| Name | string Client Name |
| MAC | string HW address |
| WGPubKey | string PubKey |
| VLANTag | string VLANTag |
| RecentIP | string RecentIP |
object (PSKEntry) | |
| Policies | Array of strings Policies for Device |
| Groups | Array of strings Interconnected Groups of Devices |
| DeviceTags | Array of strings Tags for Device |
Responses
Request samples
- Payload
- CLI
{- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Policies": [
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras",
- "tvs"
], - "DeviceTags": [
- "private"
]
}Response samples
- 200
{- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Policies": [
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras",
- "tvs"
], - "DeviceTags": [
- "private"
]
}Delete Device
Delete a Device specified by the MAC address in the identity parameter
Authorizations:
path Parameters
| identity required | string Example: 11:22:33:44:55:61 MAC address |
Responses
Request samples
- CLI
curl -u "admin:pass" -X DELETE \ "http://192.168.2.1/device?identity=11:22:33:44:55:66"
Add Group
If the group does not exist, it will be created. If it exists it will be updated. Fields are optional.
Authorizations:
Request Body schema: application/jsonrequired
Group object
| Name | string Unique Group Name |
| Disabled | bool If Group is disabled |
| GroupTags | Array of strings Tags for Group |
Responses
Request samples
- Payload
- CLI
{- "Name": "vpn",
- "Disabled": false,
- "GroupTags": [
- [
- "private"
]
]
}Delete Group
Authorizations:
Request Body schema: application/jsonrequired
Group object
| Name | string Unique Group Name |
| Disabled | bool If Group is disabled |
| GroupTags | Array of strings Tags for Group |
Responses
Request samples
- Payload
- CLI
{- "Name": "vpn",
- "Disabled": false,
- "GroupTags": [
- [
- "private"
]
]
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/ip/addr"
Response samples
- 200
[- {
- "ifindex": 1,
- "ifname": "eth0",
- "flags": [
- "BROADCAST"
], - "mtu": 1550,
- "qdisc": "mq",
- "operstate": "UP",
- "group": "default",
- "txqlen": 1000,
- "link_type": "ether",
- "address": "11:22:33:44:55:66",
- "broadcast": "ff:ff:ff:ff:ff:ff",
- "addr_info": [
- {
- "family": "inet6",
- "local": "::1",
- "prefixlen": 64,
- "scope": "link",
- "valid_life_time": 4294967295,
- "preferred_life_time": "preferred_life_time"
}
]
}
]NFTable Verdict Map
Returns the output of nft -j for the verdict map specificed by the name parameter
Authorizations:
path Parameters
| name required | string Name of the nfmap to fetch |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/nfmap/dns_access"
Response samples
- 200
{ }Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/arp"
Response samples
- 200
[- {
- "IP": "192.168.2.142",
- "HWType": "0x1",
- "Flags": "0x6",
- "MAC": "11:22:33:44:55:66",
- "Mask": "*",
- "Device": "wlan1.4097"
}
]Get Nearby Wifi Networks
Returns the output of iw dev iface scan in json format.
Note: the specified interface needs to be in managed mode.
Authorizations:
path Parameters
| iface required | string Example: wlan0 interface |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/iw/dev/wlan0/scan"
Response samples
- 200
[- {
- "bssid": "11:11:11:11:11:11",
- "interface": "wlan0",
- "freq": 2412,
- "ssid": "sample_ssid1",
- "authentication_suites": "PSK",
- "signal_dbm": -64
}
]Set Subnet Configuration
Sets or updates the subnet configuration. This will overwrite the existing configuration.
Authorizations:
Request Body schema: application/json
| TinyNets required | Array of strings List of subnet pools. |
| LeaseTime required | string Duration of the DHCP lease time. |
Responses
Request samples
- Payload
- CLI
{- "TinyNets": [
- "string"
], - "LeaseTime": "string"
}Update DNS Settings
Updates the DNS settings. This operation overwrites the existing settings.
Authorizations:
Request Body schema: application/json
| UpstreamTLSHost required | string DNS name of the upstream TLS host. |
| UpstreamIPAddress required | string IP address of the upstream DNS server. |
| TlsDisable required | boolean Flag to disable TLS. |
Responses
Request samples
- Payload
- CLI
{- "UpstreamTLSHost": "string",
- "UpstreamIPAddress": "string",
- "TlsDisable": true
}Perform an ICMP ping test
Performs an ICMP ping test from a specified interface to a given address
path Parameters
| interface required | string Network interface to use for the ping test |
| address required | string IP address to ping |
Responses
Request samples
- CLI
curl -X PUT http://localhost/ping/eth0/8.8.8.8
Response samples
- 200
[- "10.523ms",
- "9.872ms",
- "11.245ms",
- "10.101ms"
]Perform a UDP ping test
Performs a UDP ping test from a specified interface to a given address
path Parameters
| interface required | string Network interface to use for the UDP ping test |
| address required | string IP address and port to ping |
Responses
Request samples
- CLI
curl -X PUT http://localhost/ping/eth0/8.8.8.8:53/udp
Response samples
- 200
[- "15.789ms",
- "14.234ms",
- "16.012ms",
- "15.456ms"
]Retrieve firewall config
Returns the firewall API configuration
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/firewall/config"
Response samples
- 200
{- "ForwardingRules": [
- {
- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "SrcPort": "0-10",
- "DstPort": "any",
- "Protocol": "tcp"
}
], - "BlockRules": [
- {
- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "Protocol": "tcp"
}
], - "ForwardingBlockRules": [
- {
- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "DstPort": "0-65535",
- "Protocol": "tcp"
}
], - "ServicePorts": [
- {
- "UpstreamEnabled": false,
- "Port": "22",
- "Protocol": "tcp"
}
]
}Add a Forwarding Rule
Authorizations:
Request Body schema: application/jsonrequired
Use 'any' for the port to forward all ports. Specify a port or a port range otherwise
| DstIP | string |
| SrcIP | string |
| SrcPort | string/any|[0-9]+/ |
| DstPort | string/any|[0-9]+/ |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "SrcPort": "0-10",
- "DstPort": "any",
- "Protocol": "tcp"
}Delete a Forwarding Rule
Delete forwarding rule with matching contents
Authorizations:
Request Body schema: application/jsonrequired
Use 'any' for the port to forward all ports. Specify a port or a port range otherwise
| DstIP | string |
| SrcIP | string |
| SrcPort | string/any|[0-9]+/ |
| DstPort | string/any|[0-9]+/ |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "SrcPort": "0-10",
- "DstPort": "any",
- "Protocol": "tcp"
}Delete IP Block
Delete blocking rule with matching contents
Authorizations:
Request Body schema: application/jsonrequired
FirewallBlock
| DstIP | string |
| SrcIP | string |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "Protocol": "tcp"
}Add Forward Block
Add Forward Block Rule, to block outbound traffic
Authorizations:
Request Body schema: application/jsonrequired
FirewallBlockForward
| DstIP | string |
| SrcIP | string |
| DstPort | string |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "DstPort": "0-65535",
- "Protocol": "tcp"
}Delete Forward Block
Delete blocking rule with matching contents
Authorizations:
Request Body schema: application/jsonrequired
FirewallBlockForward
| DstIP | string |
| SrcIP | string |
| DstPort | string |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "DstPort": "0-65535",
- "Protocol": "tcp"
}Allow Service Port Access
Service Ports are ports that run on the SPR router itself. They can be for LAN clients only or for upstream also
Authorizations:
Request Body schema: application/jsonrequired
ServicePort
| UpstreamEnabled | boolean Reachable from WAN/Upstream Interface |
| Port | string |
| Protocol | string/tcp/ Only TCP services are currently supported |
Responses
Request samples
- Payload
- CLI
{- "UpstreamEnabled": false,
- "Port": "22",
- "Protocol": "tcp"
}Delete Service Port Access
Delete service port from allow list
Authorizations:
Request Body schema: application/jsonrequired
ServicePort
| UpstreamEnabled | boolean Reachable from WAN/Upstream Interface |
| Port | string |
| Protocol | string/tcp/ Only TCP services are currently supported |
Responses
Request samples
- Payload
- CLI
{- "UpstreamEnabled": false,
- "Port": "22",
- "Protocol": "tcp"
}Add Firewall Endpoint
Endpoints store common destinations for the UI to populate fields with
Authorizations:
Request Body schema: application/json
| RuleName | string |
| Disabled | boolean |
| Protocol | string |
| IP | string |
| Domain | string |
| Port | string |
| Tags | Array of strings Tags for Device |
Responses
Request samples
- Payload
- CLI
{- "RuleName": "string",
- "Disabled": true,
- "Protocol": "string",
- "IP": "1.2.3.4",
- "Domain": "www.domain.com",
- "Port": "22",
- "Tags": [
- "private"
]
}Delete Firewall Endpoint
Delete an existing endpoint from the firewall configuration.
Authorizations:
Request Body schema: application/json
| RuleName | string |
| Disabled | boolean |
| Protocol | string |
| IP | string |
| Domain | string |
| Port | string |
| Tags | Array of strings Tags for Device |
Responses
Request samples
- Payload
- CLI
{- "RuleName": "string",
- "Disabled": true,
- "Protocol": "string",
- "IP": "1.2.3.4",
- "Domain": "www.domain.com",
- "Port": "22",
- "Tags": [
- "private"
]
}Enable Multicast Port (UDP over a multicast IP/ethernet address)
Configures a multicast port in the firewall.
Authorizations:
Request Body schema: application/json
| Upstream | boolean Reachable from Uplinks |
| Port | string |
Responses
Request samples
- Payload
- CLI
{- "Upstream": true,
- "Port": "22"
}Add Custom Interface Rule to join an interface to the network
Adds a custom interface rule to the firewall.
Authorizations:
Request Body schema: application/json
| Interface | string interface name |
| SrcIP | string IP or CIDR assigned to interface |
| RouteDst | string IP destination to route to, for example container host IP |
| Policies | Array of strings Policies for Interface |
| Groups | Array of strings Groups to join Interfaces to Devices |
| Tags | Array of strings Tags to apply. NOTE, no impact for now |
Responses
Request samples
- Payload
- CLI
{- "Interface": "wlan1",
- "SrcIP": "172.16.0.0/16",
- "RouteDst": "172.12.0.2",
- "Policies": [
- "api",
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras"
], - "Tags": [
- "private"
]
}Remove Custom Interface Rule
Removes a custom interface rule from the firewall.
Authorizations:
Request Body schema: application/json
| Interface | string interface name |
| SrcIP | string IP or CIDR assigned to interface |
| RouteDst | string IP destination to route to, for example container host IP |
| Policies | Array of strings Policies for Interface |
| Groups | Array of strings Groups to join Interfaces to Devices |
| Tags | Array of strings Tags to apply. NOTE, no impact for now |
Responses
Request samples
- Payload
- CLI
{- "Interface": "wlan1",
- "SrcIP": "172.16.0.0/16",
- "RouteDst": "172.12.0.2",
- "Policies": [
- "api",
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras"
], - "Tags": [
- "private"
]
}Configure ICMP Options
Configures ICMP options in the firewall.
Authorizations:
Request Body schema: application/json
| PingLan required | boolean Allow ping from LAN |
| PingWan required | boolean Allow ping from WAN/upstream |
Responses
Request samples
- Payload
- CLI
{- "PingLan": true,
- "PingWan": false
}Request samples
- CLI
curl http://localhost/multicastSettings
Response samples
- 200
{- "Disabled": false,
- "Addresses": [
- {
- "Address": "224.0.0.251:5353"
}
], - "DisableMDNSAdvertise": false,
- "MDNSName": "MyDevice"
}Update multicast settings
Updates the multicast settings
Request Body schema: application/jsonrequired
| Disabled | boolean Whether multicast is disabled |
Array of objects (MulticastAddress) List of multicast addresses | |
| DisableMDNSAdvertise | boolean Whether MDNS advertisement is disabled |
| MDNSName | string MDNS name |
Responses
Request samples
- Payload
- CLI
{- "Disabled": false,
- "Addresses": [
- {
- "Address": "224.0.0.251:5353"
}
], - "DisableMDNSAdvertise": false,
- "MDNSName": "MyDevice"
}Response samples
- 200
{- "Disabled": false,
- "Addresses": [
- {
- "Address": "224.0.0.251:5353"
}
], - "DisableMDNSAdvertise": false,
- "MDNSName": "MyDevice"
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/iptraffic"
Response samples
- 200
[- {
- "Interface": "wlan1",
- "Src": "192.168.2.100",
- "Dst": "192.168.2.102",
- "Packets": 1024,
- "Bytes": 4096
}
]Retrieve traffic for LAN/WAN
Returns traffic information from the counter specified by the name parameter. Countermap can be one of incoming_traffic_lan | outgoing_traffic_lan | outgoing_traffic_wan | incoming_traffic_wan. See the accounting.sh NFT rules for additional information
Authorizations:
path Parameters
| countermap required | string Example: incoming_traffic_lan Name of counter |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/traffic/outgoing_traffic_lan"
Response samples
- 200
[- {
- "IP": "192.168.2.1",
- "Packets": 7544,
- "Bytes": 824606
}
]Retrieve historical traffic data for devices
Returns traffic information for all devices
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/traffic_history"
Response samples
- 200
{- "192.168.2.11": {
- "LanIn": 11125256532,
- "LanOut": 292437928,
- "WanIn": 52664,
- "WanOut": 52664
}, - "192.168.2.12": {
- "LanIn": 11125256532,
- "LanOut": 292437928,
- "WanIn": 52664,
- "WanOut": 52664
}
}Retrieve hostapd status
Returns current status for hostapd
Authorizations:
path Parameters
| interface required | string Name of wireless interface |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/hostapd/status"
Response samples
- 200
{- "beacon_int": "100",
- "bss[0]": "wlan1",
- "bssid[0]": "00:c0:ca:33:11:22",
- "cac_time_left_seconds": "N/A",
- "cac_time_seconds": "0",
- "channel": "36",
- "dtim_period": "2",
- "edmg_channel": "0",
- "edmg_enable": "0",
- "freq": "5180",
- "ht_caps_info": "01ff",
- "ht_mcs_bitmask": "ffff0000000000000000",
- "ht_op_mode": "0x6",
- "ieee80211ac": "1",
- "ieee80211ax": "0",
- "ieee80211n": "1",
- "max_txpower": "23",
- "num_sta[0]": "6",
- "num_sta_ht40_intolerant": "0",
- "num_sta_ht_20_mhz": "2",
- "num_sta_ht_no_gf": "6",
- "num_sta_no_ht": "0",
- "num_sta_no_short_preamble": "6",
- "num_sta_no_short_slot_time": "6",
- "num_sta_non_erp": "0",
- "olbc": "0",
- "olbc_ht": "0",
- "phy": "phy1",
- "rx_vht_mcs_map": "fffa",
- "secondary_channel": "1",
- "ssid[0]": "test_ap",
- "state": "ENABLED",
- "supported_rates": "0c 12 18 24 30 48 60 6c",
- "tx_vht_mcs_map": "fffa",
- "vht_caps_info": "318001b0",
- "vht_oper_centr_freq_seg0_idx": "42",
- "vht_oper_centr_freq_seg1_idx": "0",
- "vht_oper_chwidth": "1"
}Retrieve all_stations output
Returns current status for all stations
Authorizations:
path Parameters
| interface required | string Name of wireless interface |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/hostapd/all_stations"
Response samples
- 200
{- "11:22:33:44:55:61": {
- "AKMSuiteSelector": "00-0f-ac-2",
- "aid": "3",
- "capability": "0x11",
- "connected_time": "4946",
- "dot11RSNAStatsSTAAddress": "11:22:33:44:55:61",
- "dot11RSNAStatsSelectedPairwiseCipher": "00-0f-ac-4",
- "dot11RSNAStatsTKIPLocalMICFailures": "0",
- "dot11RSNAStatsTKIPRemoteMICFailures": "0",
- "dot11RSNAStatsVersion": "1",
- "flags": "[AUTH][ASSOC][AUTHORIZED][WMM][HT]",
- "hostapdWPAPTKGroupState": "0",
- "hostapdWPAPTKState": "11",
- "ht_caps_info": "0x016e",
- "ht_mcs_bitmask": "ff000000000000000000",
- "inactive_msec": "1584",
- "listen_interval": "1",
- "rx_bytes": "126055",
- "rx_packets": "2394",
- "rx_rate_info": "60",
- "signal": "-85",
- "supported_rates": "8c 12 98 24 b0 48 60 6c",
- "timeout_next": "NULLFUNC POLL",
- "tx_bytes": "485584",
- "tx_packets": "1957",
- "tx_rate_info": "1200 mcs 5 shortGI",
- "vlan_id": "4247",
- "wpa": "2"
}, - "11:22:33:44:55:62": {
- "AKMSuiteSelector": "00-0f-ac-2",
- "aid": "3",
- "capability": "0x11",
- "connected_time": "4946",
- "dot11RSNAStatsSTAAddress": "11:22:33:44:55:61",
- "dot11RSNAStatsSelectedPairwiseCipher": "00-0f-ac-4",
- "dot11RSNAStatsTKIPLocalMICFailures": "0",
- "dot11RSNAStatsTKIPRemoteMICFailures": "0",
- "dot11RSNAStatsVersion": "1",
- "flags": "[AUTH][ASSOC][AUTHORIZED][WMM][HT]",
- "hostapdWPAPTKGroupState": "0",
- "hostapdWPAPTKState": "11",
- "ht_caps_info": "0x016e",
- "ht_mcs_bitmask": "ff000000000000000000",
- "inactive_msec": "1584",
- "listen_interval": "1",
- "rx_bytes": "126055",
- "rx_packets": "2394",
- "rx_rate_info": "60",
- "signal": "-85",
- "supported_rates": "8c 12 98 24 b0 48 60 6c",
- "timeout_next": "NULLFUNC POLL",
- "tx_bytes": "485584",
- "tx_packets": "1957",
- "tx_rate_info": "1200 mcs 5 shortGI",
- "vlan_id": "4247",
- "wpa": "2"
}
}Set hostapd config
Set hostapd configuration
Authorizations:
path Parameters
| interface required | string Name of wireless interface |
Request Body schema: application/jsonrequired
Channel Parameters for WiFi
| Country_code | string 2-letter country code |
| Vht_capab | string Very High Throughput capabilities for 5ghz (802.11ac). Should be removed for 2.4ghz |
| Ht_capab | string High Throughput capabilities (802.11n) |
| Hw_mode | string/^(a/b/g)$/ a for 5ghz, b/g for 2.4ghz |
| Ieee80211ax | integer WiFi 6 support |
| He_su_beamformer | integer High Efficiency (WiFi 6) Single User Beamformer enable |
| He_su_beamformee | integer High Efficiency (WiFi 6) Single User Beamformee enable |
| He_mu_beamformer | integer High Efficiency (WiFi 6) Multiple User Beamformer enable |
| Ssid | string WiFi SSID Name |
| Channel | integer See the list of WLAN channels |
| Vht_oper_centr_freq_seg0_idx | integer |
| He_oper_centr_freq_seg0_idx | integer |
| Vht_oper_chwidth | integer |
| He_oper_chwidth | integer |
Responses
Request samples
- Payload
{- "Country_code": "US",
- "Vht_capab": "[RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN]",
- "Ht_capab": "[LDPC][HT40+][HT40-][GF][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1]",
- "Hw_mode": "a",
- "Ieee80211ax": 1,
- "He_su_beamformer": 1,
- "He_su_beamformee": 1,
- "He_mu_beamformer": 1,
- "Ssid": "8hzWANip",
- "Channel": 36,
- "Vht_oper_centr_freq_seg0_idx": 42,
- "He_oper_centr_freq_seg0_idx": 42,
- "Vht_oper_chwidth": 1,
- "He_oper_chwidth": 1
}Set WiFi Channel
Sets channel configuration
Authorizations:
path Parameters
| interface required | string Name of wireless interface |
Request Body schema: application/jsonrequired
Channel Parameters for WiFi
| Mode | string/^(a|b|g)$/ g for 2.4Ghz, a for 5Ghz |
| Channel | integer See the list of WLAN channels |
| Bandwidth | integer Channel width in Mhz. One of 20, 40, 80, 160, or 8080 for 80+80 |
| HT_Enable | boolean 802.11n support - High Throughput |
| VHT_Enable | boolean 802.11ac support - Very High Throughput (WiFi 5) |
| HE_Enable | boolean 802.11ax support - High Effiency (WiFi 6) |
Responses
Request samples
- Payload
- CLI
{- "Mode": "a",
- "Channel": 36,
- "Bandwidth": 80,
- "HT_Enable": true,
- "VHT_Enable": true,
- "HE_Enable": true
}Response samples
- 200
{- "Vht_oper_centr_freq_seg0_idx": 42,
- "He_oper_centr_freq_seg0_idx": 42,
- "Vht_oper_chwidth": 1,
- "He_oper_chwidth": 1
}Enable Additional BSS on Interface
Enables an additional BSS (Basic Service Set) on the specified interface. This supports WPA1, and disabled isolation. Requires card support
Authorizations:
path Parameters
| interface required | string Name of the network interface. |
Request Body schema: application/json
| Ssid | string |
| Bssid | string |
| Wpa | string |
| WpaKeyMgmt | string |
| DisableIsolation | boolean |
Responses
Request samples
- Payload
- CLI
{- "Ssid": "string",
- "Bssid": "string",
- "Wpa": "string",
- "WpaKeyMgmt": "string",
- "DisableIsolation": true
}Disable Extra BSS on Interface
Disables an additional BSS on the specified interface.
Authorizations:
path Parameters
| interface required | string Name of the network interface. |
Responses
Request samples
- CLI
curl -u "admin:pass" -X DELETE \ "http://192.168.2.1/hostapd/eth0/enableExtraBSS"
Retrieve interface configuration
SPR Tracks the state of interfaces to decide launching hostap
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/interfacesConfiguration"
Response samples
- 200
[- {
- "Name": "wlan1",
- "Type": "AP",
- "Enabled": true
}
]Get WPA Supplicant Configuration
Retrieves the current WPA supplicant configuration.
Authorizations:
Responses
Response samples
- 200
{- "WPAs": [
- {
- "Iface": "string",
- "Enabled": true,
- "Networks": [
- {
- "Disabled": true,
- "Password": "string",
- "SSID": "string",
- "KeyMgmt": "string",
- "Priority": "string",
- "BSSID": "string"
}
]
}
]
}Update or Add WPA Supplicant Interface Configuration
Updates an existing WPA interface configuration or adds a new one.
Authorizations:
Request Body schema: application/json
| Iface | string |
| Enabled | boolean |
Array of objects (WPANetwork) |
Responses
Request samples
- Payload
- CLI
{- "Iface": "string",
- "Enabled": true,
- "Networks": [
- {
- "Disabled": true,
- "Password": "string",
- "SSID": "string",
- "KeyMgmt": "string",
- "Priority": "string",
- "BSSID": "string"
}
]
}Update or Add PPP Interface Configuration
Updates an existing PPP interface configuration or adds a new one.
Authorizations:
Request Body schema: application/json
| Iface | string |
| PPPIface | string |
| Enabled | boolean |
| Username | string |
| Secret | string |
| VLAN | string or null |
| MTU | string or null |
Responses
Request samples
- Payload
- CLI
{- "Iface": "string",
- "PPPIface": "string",
- "Enabled": true,
- "Username": "string",
- "Secret": "string",
- "VLAN": "string",
- "MTU": "string"
}Update Interface IP Configuration for an existing interface
Updates the IP configuration of a network interface.
Authorizations:
Request Body schema: application/json
| Name | string |
| Enabled | boolean |
| DisableDHCP | boolean or null |
| IP | string or null |
| Router | string or null |
| VLAN | string or null |
Responses
Request samples
- Payload
- CLI
{- "Name": "string",
- "Enabled": true,
- "DisableDHCP": true,
- "IP": "string",
- "Router": "string",
- "VLAN": "string"
}Update Link Configuration
Updates the configuration of a LAN network interface.
Authorizations:
Request Body schema: application/json
| Name | string Interface name on system |
| Type | string Enum: "AP" "Uplink" "Downlink" "Other" |
| Subtype | string |
| Enabled | boolean |
Responses
Request samples
- Payload
- CLI
{- "Name": "string",
- "Type": "AP",
- "Subtype": "string",
- "Enabled": true
}Update VLAN Trunk State on Interface
Set an interface as a VLAN trunk, enabling or disabling it.
Authorizations:
path Parameters
| interface required | string Name of the network interface. |
| state required | string Enum: "enable" "disable" State of the VLAN trunk on the interface (enable or disable). |
Responses
Request samples
- CLI
# Example to enable VLAN trunk on eth0 curl -u "admin:pass" -X PUT \ "http://192.168.2.1/link/vlan/eth0/enable" # Example to disable VLAN trunk on eth0 curl -u "admin:pass" -X PUT \ "http://192.168.2.1/link/vlan/eth0/disable"
Get Version
Get latest tag from docker specified by the container parameter. If no container is specified version is fetched for superd
Authorizations:
query Parameters
| container | string container to get version for |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/version"
Response samples
- 200
"0.1.23"Retreive System Logs
Returns the output of journalctl in json format
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/logs"
Response samples
- 200
[- {
- "CONTAINER_NAME": "superapi",
- "MESSAGE": "192.168.2.101:1234 GET /logs",
- "__REALTIME_TIMESTAMP": 1651066188615770
}
]Get release settings
Returns an object with the current SPR version and Channel, Version settings
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/release"
Response samples
- 200
{- "CustomChannel": "-dev",
- "CustomVersion": "0.1.2",
- "Current": "0.1.2-dev"
}Set release settings
Set a custom Channel, Version to update into
Authorizations:
Request Body schema: application/json
| CustomChannel | string |
| CustomVersion | string |
| Current | string |
Responses
Request samples
- Payload
- CLI
{- "CustomChannel": "-dev",
- "CustomVersion": "0.1.3"
}Get releases available
Returns a list of tags available to update into
Authorizations:
path Parameters
| container required | string Example: super_superd Container name |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/releaseChannels"
Response samples
- 200
[- "latest",
- "0.1.23",
- "0.1.23-dev"
]Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins"
Response samples
- 200
[- {
- "Name": "dns-block",
- "URI": "dns/block",
- "UnixPath": "/state/dns/dns_block_plugin",
- "Enabled": true,
- "Plus": false,
- "ComposeFilePath": "plugins/plugin/docker-compose.yml",
- "HasUI": true,
- "SandboxedUI": true,
- "InstallTokenPath": "/config/plugins/dns-block/install-token",
- "ScopedPaths": [
- "/config/plugins/dns-block",
- "/state/plugins/dns-block"
]
}
]Add or Update Plugin
Add or update a plugin specified by the name parameter
Authorizations:
path Parameters
| name required | string Example: dns-block plugin name |
Request Body schema: application/jsonrequired
PluginEntry to be added or updated
| Name | string Plugin name |
| URI | string Plugin URI |
| UnixPath | string Plugin path for unix socket |
| Enabled | boolean Plugin state |
| Plus | boolean Indicates if this is a PLUS plugin |
| GitURL | string Git repository URL for the plugin |
| ComposeFilePath | string Relative path to docker compose file |
| HasUI | boolean Indicates if the plugin has a user interface |
| SandboxedUI | boolean Indicates if the plugin UI is sandboxed |
| InstallTokenPath | string Path to the installation token |
| ScopedPaths | Array of strings List of scoped paths for the plugin |
Responses
Request samples
- Payload
- CLI
{- "Name": "dns-block",
- "URI": "dns/block",
- "UnixPath": "/state/dns/dns_block_plugin",
- "Enabled": true,
- "Plus": false,
- "ComposeFilePath": "plugins/plugin/docker-compose.yml",
- "HasUI": true,
- "SandboxedUI": true,
- "InstallTokenPath": "/config/plugins/dns-block/install-token",
- "ScopedPaths": [
- "/config/plugins/dns-block",
- "/state/plugins/dns-block"
]
}Update Custom Docker Compose Paths for plugins
Updates the permit list of docker compose files that can be launched from disk
Authorizations:
Request Body schema: application/jsonrequired
Responses
Request samples
- Payload
[- "string"
]Get API Tokens
Get an array of all tokens
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" -H "X-JWT-OTP:..." \ "http://192.168.2.1/tokens"
Response samples
- 200
[- {
- "Name": "TestToken",
- "Token": "dG9rbnRva250b2tudG9rbnRva250b2tudG9rbnRva24K",
- "ScopedPaths": [
- "wifi"
], - "Expire": 1656440879
}
]Add API Token
Create a new token. If Expire is 0 or undefined the Token will never expire
Authorizations:
Request Body schema: application/json
| Expire | integer |
| ScopedPaths | Array of strings |
Responses
Request samples
- Payload
- CLI
{- "Expire": 1656440879,
- "ScopedPaths": [
- "/status",
- "/docker/info"
]
}Response samples
- 200
{- "Name": "TestToken",
- "Token": "dG9rbnRva250b2tudG9rbnRva250b2tudG9rbnRva24K",
- "ScopedPaths": [
- "wifi"
], - "Expire": 1656440879
}Request samples
- CLI
curl -X GET "http://192.168.2.1/alerts"
Response samples
- 200
[- {
- "TopicPrefix": "string",
- "MatchAnyOne": true,
- "InvertRule": true,
- "Conditions": [
- {
- "JPath": "string"
}
], - "Actions": [
- {
- "SendNotification": true,
- "StoreAlert": true,
- "StoreTopicSuffix": "string",
- "MessageTitle": "string",
- "MessageBody": "string",
- "NotificationType": "string",
- "ActionType": "string",
- "GrabEvent": true,
- "GrabValues": true,
- "GrabFields": [
- "string"
]
}
], - "Name": "string",
- "Disabled": true,
- "RuleId": "string"
}
]Add or Update Alerts
If an alert setting does not exist, it will be created, otherwise updated
Authorizations:
Request Body schema: application/jsonrequired
AlertSetting object that needs to be added
| TopicPrefix | string |
| MatchAnyOne | boolean |
| InvertRule | boolean |
Array of objects (ConditionEntry) | |
Array of objects (ActionConfig) | |
| Name | string |
| Disabled | boolean |
| RuleId | string |
Responses
Request samples
- Payload
- CLI
{- "TopicPrefix": "string",
- "MatchAnyOne": true,
- "InvertRule": true,
- "Conditions": [
- {
- "JPath": "string"
}
], - "Actions": [
- {
- "SendNotification": true,
- "StoreAlert": true,
- "StoreTopicSuffix": "string",
- "MessageTitle": "string",
- "MessageBody": "string",
- "NotificationType": "string",
- "ActionType": "string",
- "GrabEvent": true,
- "GrabValues": true,
- "GrabFields": [
- "string"
]
}
], - "Name": "string",
- "Disabled": true,
- "RuleId": "string"
}Update Alert by Index
Update an alert setting at a specific index. If the alert setting does not exist at this index, it will be created. Fields are optional.
Authorizations:
Request Body schema: application/jsonrequired
AlertSetting object that needs to be added
| TopicPrefix | string |
| MatchAnyOne | boolean |
| InvertRule | boolean |
Array of objects (ConditionEntry) | |
Array of objects (ActionConfig) | |
| Name | string |
| Disabled | boolean |
| RuleId | string |
Responses
Request samples
- Payload
- CLI
{- "TopicPrefix": "string",
- "MatchAnyOne": true,
- "InvertRule": true,
- "Conditions": [
- {
- "JPath": "string"
}
], - "Actions": [
- {
- "SendNotification": true,
- "StoreAlert": true,
- "StoreTopicSuffix": "string",
- "MessageTitle": "string",
- "MessageBody": "string",
- "NotificationType": "string",
- "ActionType": "string",
- "GrabEvent": true,
- "GrabValues": true,
- "GrabFields": [
- "string"
]
}
], - "Name": "string",
- "Disabled": true,
- "RuleId": "string"
}Configure OTP User
Updates an OTP user with the given details. If already registered, a valid code is required
Authorizations:
Request Body schema: application/jsonrequired
| Name | string |
| Code | string |
| UpdateAlwaysOn | boolean |
| AlwaysOn | boolean |
Responses
Request samples
- Payload
- CLI
{- "Name": "string",
- "Code": "string",
- "UpdateAlwaysOn": true,
- "AlwaysOn": true
}Delete OTP User
Deletes an OTP user. Valid code required
Authorizations:
Request Body schema: application/jsonrequired
| Name | string |
| Code | string |
| UpdateAlwaysOn | boolean |
| AlwaysOn | boolean |
Responses
Request samples
- Payload
- CLI
{- "Name": "string",
- "Code": "string",
- "UpdateAlwaysOn": true,
- "AlwaysOn": true
}Generate an OTP JWT
Validates the provided OTP user details and generates the X-JWT-OTP token
Authorizations:
Request Body schema: application/jsonrequired
| Name | string |
| Code | string |
| UpdateAlwaysOn | boolean |
| AlwaysOn | boolean |
Responses
Request samples
- Payload
- CLI
{- "Name": "string",
- "Code": "string",
- "UpdateAlwaysOn": true,
- "AlwaysOn": true
}Response samples
- 200
"string"Request samples
- CLI
curl -H "Authorization: Bearer [token]" -H "X-JWT-Token: [jwt-token]" \ "http://192.168.2.1/otp_status"
Response samples
- 200
{- "State": "string",
- "AlwaysOn": true
}Start PLUS extension
Start a PLUS extension. Currently this is the pfw plugin
Authorizations:
query Parameters
| name | string Example: name=pfw Name of plus extension |
Responses
Response samples
- 200
[- {
- "Conditions": {
- "Prefix": "drop:input",
- "Protocol": "tcp",
- "DstIP": "1.1.1.1",
- "DstPort": 80,
- "SrcIP": "192.168.2.10",
- "SrcPort": 1234
}, - "Notification": true
}
]Stop PLUS extension
Stop a PLUS extension. Currently this is the pfw plugin
Authorizations:
query Parameters
| name | string Example: name=pfw Name of plus extension |
Responses
Response samples
- 200
[- {
- "Conditions": {
- "Prefix": "drop:input",
- "Protocol": "tcp",
- "DstIP": "1.1.1.1",
- "DstPort": 80,
- "SrcIP": "192.168.2.10",
- "SrcPort": 1234
}, - "Notification": true
}
]Add override domain
Add domain to be blocked/permitted by DNS
Authorizations:
Request Body schema: application/jsonrequired
DNSDomainOverride object that needs to be added
| Type | string type of override (permit or block) |
| Domain | string domain name to override |
| ResultIP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ ip to return |
| ClientIP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ target to apply to, '*' for all |
| Expiration | integer if non zero has unix time for when the entry should disappear |
Responses
Request samples
- Payload
- CLI
{- "Type": "permit",
- "Domain": "example.com",
- "ResultIP": "1.2.3.4",
- "ClientIP": "192.168.2.102",
- "Expiration": 0
}Delete override domain
Delete domain to be blocked/permitted by DNS
Authorizations:
Request Body schema: application/jsonrequired
DNSDomainOverride object that needs to be added
| Type | string type of override (permit or block) |
| Domain | string domain name to override |
| ResultIP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ ip to return |
| ClientIP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ target to apply to, '*' for all |
| Expiration | integer if non zero has unix time for when the entry should disappear |
Responses
Request samples
- Payload
- CLI
{- "Type": "permit",
- "Domain": "example.com",
- "ResultIP": "1.2.3.4",
- "ClientIP": "192.168.2.102",
- "Expiration": 0
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/dns/block/blocklist"
Response samples
- 200
[
]Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/dns/log/config"
Response samples
- 200
[- {
- "HostPrivacyIPList": [
- "192.168.1.10"
]
}, - {
- "DomainIgnoreList": [
- "asdf.com",
- "asdf2.com",
- "test.com."
]
}
]Retrieve recent DNS history for a given IP
Authorizations:
path Parameters
| ip required | string Example: 1.1.1.1 ip address |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/dns/log/history/192.168.1.10"
Response samples
- 200
[- {
- "Q": [
- {
- "Name": "supernetworks.org.",
- "Qtype": 1,
- "Qclass": 1
}
], - "A": [
- {
- "Hdr": {
- "Name": "supernetworks.org.",
- "Rrtype": 1,
- "Class": 1,
- "Ttl": 30,
- "Rdlength": 4
}, - "A": "172.67.71.52"
}, - {
- "Hdr": {
- "Name": "supernetworks.org.",
- "Rrtype": 1,
- "Class": 1,
- "Ttl": 30,
- "Rdlength": 4
}, - "A": "104.26.7.38"
}, - {
- "Hdr": {
- "Name": "supernetworks.org.",
- "Rrtype": 1,
- "Class": 1,
- "Ttl": 30,
- "Rdlength": 4
}, - "A": "104.26.6.38"
}
], - "Type": "NOERROR",
- "FirstName": "supernetworks.org.",
- "FirstAnswer": "172.67.71.52",
- "Local": "[::]:53",
- "Remote": "127.0.0.1:60237",
- "Timestamp": "2022-03-28T21:47:49.563958-07:00"
}
]Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/wireguard/peers"
Response samples
- 200
[- {
- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "AllowedIPs": "192.168.3.3/32",
- "Endpoint": "192.168.2.1:51280",
- "PresharedKey": "w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=",
- "PersistentKeepalive": 25
}
]Peer
Creates a new peer
Authorizations:
Request Body schema: application/jsonoptional
Device object
| PublicKey | string Base64 public key |
| AllowedIPs | string Allowed IP address |
| Endpoint | string Endpoint to connect to |
| PresharedKey | any Preshared key |
| PersistentKeepalive | integer Keepalive timeout |
Responses
Request samples
- Payload
- CLI
{- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "AllowedIPs": "192.168.3.3/32",
- "Endpoint": "192.168.2.1:51280",
- "PresharedKey": "w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=",
- "PersistentKeepalive": 25
}Response samples
- 200
{- "Interface": {
- "PrivateKey": "6KVVbcmXanU/6mByHy17eNO9DXe9BQJWOyaA204JYH4=",
- "Address": "192.168.3.3/24",
- "DNS": "1.1.1.1"
}, - "Peer": {
- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "AllowedIPs": "192.168.3.3/32",
- "Endpoint": "192.168.2.1:51280",
- "PresharedKey": "w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=",
- "PersistentKeepalive": 25
}
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/wireguard/config"
Response samples
- 200
"[Interface]\nAddress = 192.168.3.1/24\nListenPort = 51280\nPrivateKey = 6KVVbcmXanU/6mByHy17eNO9DXe9BQJWOyaA204JYH4=\n\n[Peer]\nPublicKey = 7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=\nPresharedKey = w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=\nAllowedIPs = 192.168.3.2/32\n"Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/wireguard/status"
Response samples
- 200
{- "wg0": {
- "privateKey": "6KVVbcmXanU/6mByHy17eNO9DXe9BQJWOyaA204JYH4=",
- "publicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "listenPort": "51280,",
- "peers": {
- "HvtqvLJ1F33eHmR5Yk9PLZfTHg7w6sazPZtZi9u8pBQ=": {
- "presharedKey": "w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=",
- "allowedIps": [
- "192.168.3.2/32"
]
}
}
}
}IP ASN
Get ASN information for IP address
Authorizations:
path Parameters
| ips required | string Example: 1.1.1.1,2.2.2.2 ip address list, separated by , |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/lookup/asn/1.1.1.1"
Response samples
- 200
{- "IP": "1.1.1.1",
- "ASN": 13335,
- "Name": "CLOUDFLARENET",
- "Country": "US"
}IPs ASN
Get ASN information for IPs separated by ,
Authorizations:
path Parameters
| ips required | string Example: 1.1.1.1,2.2.2.2 ip address list, separated by , |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/lookup/asns/1.1.1.1,8.8.8.8"
Response samples
- 200
[- {
- "IP": "1.1.1.1",
- "ASN": 13335,
- "Name": "CLOUDFLARENET",
- "Country": "US"
}
]MAC OUI
Get OUI vendor information for MAC address
Authorizations:
path Parameters
| mac required | string Example: 11:22:33:44:55:66 MAC address |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/lookup/oui/00:11:22:33:44:55"
Response samples
- 200
{- "MAC": "00:11:22:33:44:66",
- "Vendor": "CIMSYS"
}MACs OUI
Get OUI vendor information for MACs separated by ,
Authorizations:
path Parameters
| macs required | string Example: 00:11:22:33:44:66 MAC address list separated by , |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/lookup/ouis/00:11:22:33:44:66"
Response samples
- 200
[- {
- "MAC": "00:11:22:33:44:66",
- "Vendor": "CIMSYS"
}
]Get mesh configuration
Retrieves the current mesh network configuration
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/mesh/config"
Response samples
- 200
{- "ParentCredentials": {
- "ParentIP": "string",
- "ParentAPIToken": "string",
- "ParentCA": "string"
}, - "LeafRouters": [
- {
- "APIToken": "string",
- "IP": "string",
- "TLSCA": "string"
}
]
}Get list of leaf routers
Retrieves a list of all leaf routers the main router has configured
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/mesh/leafRouters"
Response samples
- 200
[- {
- "APIToken": "string",
- "IP": "string",
- "TLSCA": "string"
}
]Add or update a leaf router
Adds a new leaf router or updates an existing one
Authorizations:
Request Body schema: application/jsonrequired
| APIToken | string |
| IP | string |
| TLSCA | string This field should be left empty when adding or updating a leaf router. |
Responses
Request samples
- Payload
- CLI
{- "APIToken": "string",
- "IP": "string",
- "TLSCA": "string"
}Remove a leaf router
Removes a leaf router from the main router's mesh network
Authorizations:
Request Body schema: application/jsonrequired
| APIToken | string |
| IP | string |
| TLSCA | string This field should be left empty when adding or updating a leaf router. |
Responses
Request samples
- Payload
- CLI
{- "APIToken": "string",
- "IP": "string",
- "TLSCA": "string"
}Mesh node reports station connection
Endpoint for mesh nodes to notify the main router/AP about a new station connection to the mesh network
Authorizations:
Request Body schema: application/jsonrequired
| Event | string Type of event (e.g., "connect" or "disconnect") |
| Iface | string Network interface on the mesh node where the event occurred |
| Mac | string MAC address of the station |
| Router | string IP address of the mesh node reporting the event |
Responses
Request samples
- Payload
- CLI
{- "Event": "string",
- "Iface": "string",
- "Mac": "string",
- "Router": "string"
}Mesh node reports station connection failure
Endpoint for mesh nodes to notify the main router/AP about a failed station connection attempt
Authorizations:
Request Body schema: application/jsonrequired
| Type | string Type of failure event (e.g., "connection_failure") |
| MAC | string MAC address of the station that failed to connect |
| Reason | string Reason for the connection failure |
| Status | string Status of the connection attempt (e.g., "failure") |
| Router | string IP address of the mesh node reporting the failure |
Responses
Request samples
- Payload
- CLI
{- "Type": "string",
- "MAC": "string",
- "Reason": "string",
- "Status": "string",
- "Router": "string"
}Mesh node reports station disconnection
Endpoint for mesh nodes to notify the main router/AP about a station disconnection from the mesh network
Authorizations:
Request Body schema: application/jsonrequired
| Event | string Type of event (e.g., "connect" or "disconnect") |
| Iface | string Network interface on the mesh node where the event occurred |
| Mac | string MAC address of the station |
| Router | string IP address of the mesh node reporting the event |
Responses
Request samples
- Payload
- CLI
{- "Event": "string",
- "Iface": "string",
- "Mac": "string",
- "Router": "string"
}Synchronize devices
Mesh nodes handle this request when the main AP/Router sends down the devices listing
Authorizations:
Request Body schema: application/jsonrequired
additional property | object (DeviceEntry) | ||||||||||||||||||
| |||||||||||||||||||
Responses
Request samples
- Payload
- CLI
{- "property1": {
- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Policies": [
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras",
- "tvs"
], - "DeviceTags": [
- "private"
]
}, - "property2": {
- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Policies": [
- "wan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras",
- "tvs"
], - "DeviceTags": [
- "private"
]
}
}Set OTP settings
The main router uses this call to sync the OTP login code on the mesh nodes
Authorizations:
Request Body schema: application/jsonrequired
| Token | string Authentication token for the request |
object (OTPSettings) |
Responses
Request samples
- Payload
- CLI
{- "Token": "string",
- "Settings": {
- "OTPUsers": [
- {
- "Name": "string",
- "Secret": "string",
- "Confirmed": true,
- "AlwaysOn": true
}
], - "JWTDurationSeconds": 0
}
}Set parent credentials
Sets the credentials for the parent node in the mesh network, used for informing the parent about connection events
Authorizations:
Request Body schema: application/jsonrequired
| ParentIP | string |
| ParentAPIToken | string |
| ParentCA | string |
Responses
Request samples
- Payload
- CLI
{- "ParentIP": "string",
- "ParentAPIToken": "string",
- "ParentCA": "string"
}Get mesh TLS certificate
Retrieves the TLS certificate for the mesh network. This endpoint implements HMAC Authentication using the mesh node's API key.
Authorizations:
header Parameters
| X-SPR-Mesh-TLS-Hash | string HMAC signature of the certificate file contents, using the Mesh's API Key. This header is used to verify the integrity and authenticity of the certificate. The client should validate this HMAC to ensure the certificate hasn't been tampered with. |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/mesh/cert
Report PSK auth failure
Request Body schema: application/jsonrequired
PSKAuthFailure object that needs to be added
| Type | string |
| MAC | string/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/ |
| Reason | string |
| Status | string |
Responses
Request samples
- Payload
{- "Type": "sae",
- "MAC": "11:22:33:44:55:66",
- "Reason": "mismatch",
- "Status": "Okay"
}Report PSK auth success
Request Body schema: application/jsonrequired
PSKAuthSuccess object that needs to be added
| Iface | string |
| Event | string |
| MAC | string/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/ |
| Status | string |
Responses
Request samples
- Payload
{- "Iface": "wlan1",
- "Event": "AP-STA-CONNECTED",
- "MAC": "11:22:33:44:55:66",
- "Status": "Okay"
}Update DHCP information
Handle networking tasks upon a DHCP
Request Body schema: application/jsonrequired
DHCPUpdate object that needs to be added
| IP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ |
| MAC | string/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/ |
| Name | string |
| Iface | string |
| Router | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ |
Responses
Request samples
- Payload
{- "IP": "192.168.2.102",
- "MAC": "11:22:33:44:55:66",
- "Name": "rpi4",
- "Iface": "wlan1",
- "Router": "192.168.2.1"
}Update Wireguard Peer
Handle networking tasks for a new wireguard peer
Request Body schema: application/jsonrequired
WireguardUpdate object that needs to be added
| IP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ |
| PublicKey | string Base64 public key |
| Iface | string |
| Name | string |
Responses
Request samples
- Payload
{- "IP": "192.168.2.102",
- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "Iface": "wg0",
- "Name": "wfh-laptop"
}Delete wireguard peer
Handle networking tasks for removing a wireguard peer
Request Body schema: application/jsonrequired
WireguardUpdate object that needs to be added
| IP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ |
| PublicKey | string Base64 public key |
| Iface | string |
| Name | string |
Responses
Request samples
- Payload
{- "IP": "192.168.2.102",
- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "Iface": "wg0",
- "Name": "wfh-laptop"
}Get Version from git
Get latest tag from git repository specified by the plugin parameter
query Parameters
| plugin | string plugin to get version for |
Responses
Request samples
- CLI
curl --unix-socket \ state/plugins/superd/socket \ http://localhost/git_version
Response samples
- 200
"v0.1.23"Get Version for docker container
Get latest tag from docker specified by the container parameter
query Parameters
| container | string container to get version for |
Responses
Request samples
- CLI
curl --unix-socket \ state/plugins/superd/socket \ http://localhost/container_version
Response samples
- 200
"0.1.23"DHCPRequest - Reserves an IP
Reserves an IP address for plugins like wireguard to assign to clients
Request Body schema: application/jsonrequired
AbstractDHCPRequest for requesting an IP by an Identifier
| Identifier | string |
Responses
Request samples
- Payload
{- "Identifier": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI="
}| Name | string Client Name |
| MAC | string HW address |
| WGPubKey | string PubKey |
| VLANTag | string VLANTag |
| RecentIP | string RecentIP |
object (PSKEntry) | |
| Policies | Array of strings Policies for Device |
| Groups | Array of strings Interconnected Groups of Devices |
| DeviceTags | Array of strings Tags for Device |
{- "Name": "mbp",
- "MAC": "11:22:33:44:55:66",
- "WGPubKey": "",
- "VLANTag": "",
- "RecentIP": "192.168.2.102",
- "PskEntry": {
- "Type": "sae",
- "Psk": "**"
}, - "Policies": [
- "wan",
- "lan",
- "dns",
- "lan_upstream"
], - "Groups": [
- "cameras",
- "lightbulbs"
], - "DeviceTags": [
- "private"
]
}| Name | string Unique Group Name |
| Disabled | bool If Group is disabled |
| GroupTags | Array of strings Tags for Group |
{- "Name": "vpn",
- "Disabled": false,
- "GroupTags": [
- "private"
]
}| Type | string Enum: "sae" "wpa" sae for WPA3 or wpa for WPA2 |
| Psk | string Password |
{- "Type": "sae",
- "Psk": "password"
}| Name | string Plugin name |
| URI | string Plugin URI |
| UnixPath | string Plugin path for unix socket |
| Enabled | boolean Plugin state |
| Plus | boolean Indicates if this is a PLUS plugin |
| GitURL | string Git repository URL for the plugin |
| ComposeFilePath | string Relative path to docker compose file |
| HasUI | boolean Indicates if the plugin has a user interface |
| SandboxedUI | boolean Indicates if the plugin UI is sandboxed |
| InstallTokenPath | string Path to the installation token |
| ScopedPaths | Array of strings List of scoped paths for the plugin |
{- "Name": "dns-block",
- "URI": "dns/block",
- "UnixPath": "/state/dns/dns_block_plugin",
- "Enabled": true
}