Secure Programmable Router API (0.3.0)
Download OpenAPI specification:Download
The API service exists for communication between service containers and to support external requests from the web front end or CLI tools.
The internal APIs run over unix sockets and rely on filesystem namespaces for authentication.
Currently there are four internal APIs:
- Support for the wifid service accepting stations
- Support for dynamic networking configuration with DHCP
- Wireguard
- DHCP Tiny Subnets
The external API runs over port :80 or can optionally be configured to run over SSL on port :443.
Configuration
On the device, the following files contain credentials for access.
config/auth/auth_users.jsonis a JSON file with a dictionary for username, password pairsconfigs/auth/auth_tokens.jsonis a JSON file with a list of authentication tokens
basicAuth
The API supports Basic Authentication based on the auth_users file, using the Basic Schema.
To implement this, a client should include an "Authorization: Basic" header with the credentials formatted as base64(username:password). For a javascript example, see the frontend's Api.js.
basicbearerAuth
The API also supports Bearer Tokens, based on the auth_tokens file.
To implement this, a client should include an "Authorization: Bearer" token. See Swagger's page for more examples.
bearerAPI extensions operate through a reverse proxy into a unix socket. They allow for hosting extensions to the API on the same web origin while running in a different process or container.
Extensions are configured in configs/base/api.json
This example shows the mapping of unix://state/dns/dns_block_plugin to http://APIHOST/plugins/dns/block/
{
"Plugins" : [{
"Name": "dns block extension",
"URI": "dns/block",
"UnixPath": "/state/dns/dns_block_plugin"
}]
}
See the API documentation for plugins here
Get Devices
Returns a map of registered devices, indexed by MAC address
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/devices"
Response samples
- 200
{- "11:22:33:44:55:61": {
- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Groups": [
- "lan",
- "dns"
], - "DeviceTags": [
- "private"
]
}, - "11:22:33:44:55:62": {
- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Groups": [
- "lan",
- "dns"
], - "DeviceTags": [
- "private"
]
}
}Update Device
Update information specified by the MAC address in the identity parameter. All fields are optional. If a PSKEntry.PskType is set and a PSKEntry.Psk is not set, one will be generated and returned. To create a wildcard PSK for adding a new device, use the string "pending" for the identity.
Authorizations:
path Parameters
| identity required | string Example: 11:22:33:44:55:61 MAC address |
Request Body schema: application/jsonrequired
Device object
| Name | string Client Name |
| MAC | string HW address |
| WGPubKey | string PubKey |
| VLANTag | string VLANTag |
| RecentIP | string RecentIP |
object (PSKEntry) | |
| Groups | Array of strings Groups for Device |
| DeviceTags | Array of strings Tags for Device |
Responses
Request samples
- Payload
- CLI
{- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Groups": [
- "lan",
- "dns"
], - "DeviceTags": [
- "private"
]
}Response samples
- 200
{- "Name": "rpi4",
- "MAC": "11:22:33:44:55:61",
- "WGPubKey": "pubkey",
- "VLANTag": "vlantag",
- "RecentIP": "192.168.2.102",
- "PSKEntry": {
- "Type": "sae",
- "Psk": "password"
}, - "Groups": [
- "lan",
- "dns"
], - "DeviceTags": [
- "private"
]
}Delete Device
Delete a Device specified by the MAC address in the identity parameter
Authorizations:
path Parameters
| identity required | string Example: 11:22:33:44:55:61 MAC address |
Responses
Request samples
- CLI
curl -u "admin:pass" -X DELETE \ "http://192.168.2.1/device?identity=11:22:33:44:55:66"
Add Group
If the group does not exist, it will be created. If it exists it will be updated. Fields are optional.
Authorizations:
Request Body schema: application/jsonrequired
Group object
| Name | string Unique Group Name |
| Disabled | bool If Group is disabled |
| GroupTags | Array of strings Tags for Group |
Responses
Request samples
- Payload
- CLI
{- "Name": "vpn",
- "Disabled": false,
- "GroupTags": [
- [
- "private"
]
]
}Delete Group
Authorizations:
Request Body schema: application/jsonrequired
Group object
| Name | string Unique Group Name |
| Disabled | bool If Group is disabled |
| GroupTags | Array of strings Tags for Group |
Responses
Request samples
- Payload
- CLI
{- "Name": "vpn",
- "Disabled": false,
- "GroupTags": [
- [
- "private"
]
]
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/ip/addr"
Response samples
- 200
[- {
- "ifindex": 1,
- "ifname": "eth0",
- "flags": [
- "BROADCAST"
], - "mtu": 1550,
- "qdisc": "mq",
- "operstate": "UP",
- "group": "default",
- "txqlen": 1000,
- "link_type": "ether",
- "address": "11:22:33:44:55:66",
- "broadcast": "ff:ff:ff:ff:ff:ff",
- "addr_info": [
- {
- "family": "inet6",
- "local": "::1",
- "prefixlen": 64,
- "scope": "link",
- "valid_life_time": 4294967295,
- "preferred_life_time": "preferred_life_time"
}
]
}
]NFTable Verdict Map
Returns the output of nft -j for the verdict map specificed by the name parameter
Authorizations:
path Parameters
| name required | string Name of the nfmap to fetch |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/nfmap/dns_access"
Response samples
- 200
{ }Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/arp"
Response samples
- 200
[- {
- "IP": "192.168.2.142",
- "HWType": "0x1",
- "Flags": "0x6",
- "MAC": "11:22:33:44:55:66",
- "Mask": "*",
- "Device": "wlan1.4097"
}
]Get Nearby Wifi Networks
Returns the output of iw dev iface scan in json format.
Note: the specified interface needs to be in managed mode.
Authorizations:
path Parameters
| iface required | string Example: wlan0 interface |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/iw/dev/wlan0/scan"
Response samples
- 200
[- {
- "bssid": "11:11:11:11:11:11",
- "interface": "wlan0",
- "freq": 2412,
- "ssid": "sample_ssid1",
- "authentication_suites": "PSK",
- "signal_dbm": -64
}
]Set Subnet Configuration
Sets or updates the subnet configuration. This will overwrite the existing configuration.
Authorizations:
Request Body schema: application/json
| TinyNets required | Array of strings List of subnet pools. |
| LeaseTime required | string Duration of the DHCP lease time. |
Responses
Request samples
- Payload
- CLI
{- "TinyNets": [
- "string"
], - "LeaseTime": "string"
}Update DNS Settings
Updates the DNS settings. This operation overwrites the existing settings.
Authorizations:
Request Body schema: application/json
| UpstreamTLSHost required | string DNS name of the upstream TLS host. |
| UpstreamIPAddress required | string IP address of the upstream DNS server. |
| TlsDisable required | boolean Flag to disable TLS. |
Responses
Request samples
- Payload
- CLI
{- "UpstreamTLSHost": "string",
- "UpstreamIPAddress": "string",
- "TlsDisable": true
}Retrieve firewall config
Returns the firewall API configuration
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/firewall/config"
Response samples
- 200
{- "ForwardingRules": [
- {
- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "SrcPort": "0-10",
- "DstPort": "any",
- "Protocol": "tcp"
}
], - "BlockRules": [
- {
- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "Protocol": "tcp"
}
], - "ForwardingBlockRules": [
- {
- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "DstPort": "0-65535",
- "Protocol": "tcp"
}
], - "ServicePorts": [
- {
- "UpstreamEnabled": false,
- "Port": "22",
- "Protocol": "tcp"
}
]
}Add a Forwarding Rule
Authorizations:
Request Body schema: application/jsonrequired
Use 'any' for the port to forward all ports. Specify a port or a port range otherwise
| DstIP | string |
| SrcIP | string |
| SrcPort | string/any|[0-9]+/ |
| DstPort | string/any|[0-9]+/ |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "SrcPort": "0-10",
- "DstPort": "any",
- "Protocol": "tcp"
}Delete a Forwarding Rule
Delete forwarding rule with matching contents
Authorizations:
Request Body schema: application/jsonrequired
Use 'any' for the port to forward all ports. Specify a port or a port range otherwise
| DstIP | string |
| SrcIP | string |
| SrcPort | string/any|[0-9]+/ |
| DstPort | string/any|[0-9]+/ |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "SrcPort": "0-10",
- "DstPort": "any",
- "Protocol": "tcp"
}Delete IP Block
Delete blocking rule with matching contents
Authorizations:
Request Body schema: application/jsonrequired
FirewallBlock
| DstIP | string |
| SrcIP | string |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "Protocol": "tcp"
}Add Forward Block
Add Forward Block Rule, to block outbound traffic
Authorizations:
Request Body schema: application/jsonrequired
FirewallBlockForward
| DstIP | string |
| SrcIP | string |
| DstPort | string |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "DstPort": "0-65535",
- "Protocol": "tcp"
}Delete Forward Block
Delete blocking rule with matching contents
Authorizations:
Request Body schema: application/jsonrequired
FirewallBlockForward
| DstIP | string |
| SrcIP | string |
| DstPort | string |
| Protocol | string/udp|tcp/ |
Responses
Request samples
- Payload
- CLI
{- "DstIP": "1.2.3.4",
- "SrcIP": "0.0.0.0/24",
- "DstPort": "0-65535",
- "Protocol": "tcp"
}Allow Service Port Access
Service Ports are ports that run on the SPR router itself. They can be for LAN clients only or for upstream also
Authorizations:
Request Body schema: application/jsonrequired
ServicePort
| UpstreamEnabled | boolean Reachable from WAN/Upstream Interface |
| Port | string |
| Protocol | string/tcp/ Only TCP services are currently supported |
Responses
Request samples
- Payload
- CLI
{- "UpstreamEnabled": false,
- "Port": "22",
- "Protocol": "tcp"
}Delete Service Port Access
Delete service port from allow list
Authorizations:
Request Body schema: application/jsonrequired
ServicePort
| UpstreamEnabled | boolean Reachable from WAN/Upstream Interface |
| Port | string |
| Protocol | string/tcp/ Only TCP services are currently supported |
Responses
Request samples
- Payload
- CLI
{- "UpstreamEnabled": false,
- "Port": "22",
- "Protocol": "tcp"
}Add Firewall Endpoint
Endpoints store common destinations for the UI to populate fields with
Authorizations:
Request Body schema: application/json
| RuleName | string |
| Disabled | boolean |
| Protocol | string |
| IP | string |
| Domain | string |
| Port | string |
| Tags | Array of strings Tags for Device |
Responses
Request samples
- Payload
- CLI
{- "RuleName": "string",
- "Disabled": true,
- "Protocol": "string",
- "IP": "1.2.3.4",
- "Domain": "www.domain.com",
- "Port": "22",
- "Tags": [
- "private"
]
}Delete Firewall Endpoint
Delete an existing endpoint from the firewall configuration.
Authorizations:
Request Body schema: application/json
| RuleName | string |
| Disabled | boolean |
| Protocol | string |
| IP | string |
| Domain | string |
| Port | string |
| Tags | Array of strings Tags for Device |
Responses
Request samples
- Payload
- CLI
{- "RuleName": "string",
- "Disabled": true,
- "Protocol": "string",
- "IP": "1.2.3.4",
- "Domain": "www.domain.com",
- "Port": "22",
- "Tags": [
- "private"
]
}Enable Multicast Port (UDP over a multicast IP/ethernet address)
Configures a multicast port in the firewall.
Authorizations:
Request Body schema: application/json
| Upstream | boolean Reachable from Uplinks |
| Port | string |
Responses
Request samples
- Payload
- CLI
{- "Upstream": true,
- "Port": "22"
}Add Custom Interface Rule to join an interface to the network
Adds a custom interface rule to the firewall.
Authorizations:
Request Body schema: application/json
| Interface | string interface name |
| SrcIP | string IP or CIDR assigned to interface |
| RouteDst | string IP destination to route to, for example container host IP |
| Groups | Array of strings Groups for Interface |
| Tags | Array of strings Tags to apply. NOTE, no impact for now |
Responses
Request samples
- Payload
- CLI
{- "Interface": "wlan1",
- "SrcIP": "172.16.0.0/16",
- "RouteDst": "172.12.0.2",
- "Groups": [
- "lan",
- "dns"
], - "Tags": [
- "private"
]
}Remove Custom Interface Rule
Removes a custom interface rule from the firewall.
Authorizations:
Request Body schema: application/json
| Interface | string interface name |
| SrcIP | string IP or CIDR assigned to interface |
| RouteDst | string IP destination to route to, for example container host IP |
| Groups | Array of strings Groups for Interface |
| Tags | Array of strings Tags to apply. NOTE, no impact for now |
Responses
Request samples
- Payload
- CLI
{- "Interface": "wlan1",
- "SrcIP": "172.16.0.0/16",
- "RouteDst": "172.12.0.2",
- "Groups": [
- "lan",
- "dns"
], - "Tags": [
- "private"
]
}Configure ICMP Options
Configures ICMP options in the firewall.
Authorizations:
Request Body schema: application/json
| PingLan required | boolean Allow ping from LAN |
| PingWan required | boolean Allow ping from WAN/upstream |
Responses
Request samples
- Payload
- CLI
{- "PingLan": true,
- "PingWan": false
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/iptraffic"
Response samples
- 200
[- {
- "Interface": "wlan1",
- "Src": "192.168.2.100",
- "Dst": "192.168.2.102",
- "Packets": 1024,
- "Bytes": 4096
}
]Retrieve traffic for LAN/WAN
Returns traffic information from the counter specified by the name parameter. Countermap can be one of incoming_traffic_lan | outgoing_traffic_lan | outgoing_traffic_wan | incoming_traffic_wan. See the accounting.sh NFT rules for additional information
Authorizations:
path Parameters
| countermap required | string Example: incoming_traffic_lan Name of counter |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/traffic/outgoing_traffic_lan"
Response samples
- 200
[- {
- "IP": "192.168.2.1",
- "Packets": 7544,
- "Bytes": 824606
}
]Retrieve historical traffic data for devices
Returns traffic information for all devices
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/traffic_history"
Response samples
- 200
{- "192.168.2.11": {
- "LanIn": 11125256532,
- "LanOut": 292437928,
- "WanIn": 52664,
- "WanOut": 52664
}, - "192.168.2.12": {
- "LanIn": 11125256532,
- "LanOut": 292437928,
- "WanIn": 52664,
- "WanOut": 52664
}
}Retrieve hostapd status
Returns current status for hostapd
Authorizations:
path Parameters
| interface required | string Name of wireless interface |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/hostapd/status"
Response samples
- 200
{- "beacon_int": "100",
- "bss[0]": "wlan1",
- "bssid[0]": "00:c0:ca:33:11:22",
- "cac_time_left_seconds": "N/A",
- "cac_time_seconds": "0",
- "channel": "36",
- "dtim_period": "2",
- "edmg_channel": "0",
- "edmg_enable": "0",
- "freq": "5180",
- "ht_caps_info": "01ff",
- "ht_mcs_bitmask": "ffff0000000000000000",
- "ht_op_mode": "0x6",
- "ieee80211ac": "1",
- "ieee80211ax": "0",
- "ieee80211n": "1",
- "max_txpower": "23",
- "num_sta[0]": "6",
- "num_sta_ht40_intolerant": "0",
- "num_sta_ht_20_mhz": "2",
- "num_sta_ht_no_gf": "6",
- "num_sta_no_ht": "0",
- "num_sta_no_short_preamble": "6",
- "num_sta_no_short_slot_time": "6",
- "num_sta_non_erp": "0",
- "olbc": "0",
- "olbc_ht": "0",
- "phy": "phy1",
- "rx_vht_mcs_map": "fffa",
- "secondary_channel": "1",
- "ssid[0]": "test_ap",
- "state": "ENABLED",
- "supported_rates": "0c 12 18 24 30 48 60 6c",
- "tx_vht_mcs_map": "fffa",
- "vht_caps_info": "318001b0",
- "vht_oper_centr_freq_seg0_idx": "42",
- "vht_oper_centr_freq_seg1_idx": "0",
- "vht_oper_chwidth": "1"
}Retrieve all_stations output
Returns current status for all stations
Authorizations:
path Parameters
| interface required | string Name of wireless interface |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/hostapd/all_stations"
Response samples
- 200
{- "11:22:33:44:55:61": {
- "AKMSuiteSelector": "00-0f-ac-2",
- "aid": "3",
- "capability": "0x11",
- "connected_time": "4946",
- "dot11RSNAStatsSTAAddress": "11:22:33:44:55:61",
- "dot11RSNAStatsSelectedPairwiseCipher": "00-0f-ac-4",
- "dot11RSNAStatsTKIPLocalMICFailures": "0",
- "dot11RSNAStatsTKIPRemoteMICFailures": "0",
- "dot11RSNAStatsVersion": "1",
- "flags": "[AUTH][ASSOC][AUTHORIZED][WMM][HT]",
- "hostapdWPAPTKGroupState": "0",
- "hostapdWPAPTKState": "11",
- "ht_caps_info": "0x016e",
- "ht_mcs_bitmask": "ff000000000000000000",
- "inactive_msec": "1584",
- "listen_interval": "1",
- "rx_bytes": "126055",
- "rx_packets": "2394",
- "rx_rate_info": "60",
- "signal": "-85",
- "supported_rates": "8c 12 98 24 b0 48 60 6c",
- "timeout_next": "NULLFUNC POLL",
- "tx_bytes": "485584",
- "tx_packets": "1957",
- "tx_rate_info": "1200 mcs 5 shortGI",
- "vlan_id": "4247",
- "wpa": "2"
}, - "11:22:33:44:55:62": {
- "AKMSuiteSelector": "00-0f-ac-2",
- "aid": "3",
- "capability": "0x11",
- "connected_time": "4946",
- "dot11RSNAStatsSTAAddress": "11:22:33:44:55:61",
- "dot11RSNAStatsSelectedPairwiseCipher": "00-0f-ac-4",
- "dot11RSNAStatsTKIPLocalMICFailures": "0",
- "dot11RSNAStatsTKIPRemoteMICFailures": "0",
- "dot11RSNAStatsVersion": "1",
- "flags": "[AUTH][ASSOC][AUTHORIZED][WMM][HT]",
- "hostapdWPAPTKGroupState": "0",
- "hostapdWPAPTKState": "11",
- "ht_caps_info": "0x016e",
- "ht_mcs_bitmask": "ff000000000000000000",
- "inactive_msec": "1584",
- "listen_interval": "1",
- "rx_bytes": "126055",
- "rx_packets": "2394",
- "rx_rate_info": "60",
- "signal": "-85",
- "supported_rates": "8c 12 98 24 b0 48 60 6c",
- "timeout_next": "NULLFUNC POLL",
- "tx_bytes": "485584",
- "tx_packets": "1957",
- "tx_rate_info": "1200 mcs 5 shortGI",
- "vlan_id": "4247",
- "wpa": "2"
}
}Set hostapd config
Set hostapd configuration
Authorizations:
path Parameters
| interface required | string Name of wireless interface |
Request Body schema: application/jsonrequired
Channel Parameters for WiFi
| Country_code | string 2-letter country code |
| Vht_capab | string Very High Throughput capabilities for 5ghz (802.11ac). Should be removed for 2.4ghz |
| Ht_capab | string High Throughput capabilities (802.11n) |
| Hw_mode | string/^(a/b/g)$/ a for 5ghz, b/g for 2.4ghz |
| Ieee80211ax | integer WiFi 6 support |
| He_su_beamformer | integer High Efficiency (WiFi 6) Single User Beamformer enable |
| He_su_beamformee | integer High Efficiency (WiFi 6) Single User Beamformee enable |
| He_mu_beamformer | integer High Efficiency (WiFi 6) Multiple User Beamformer enable |
| Ssid | string WiFi SSID Name |
| Channel | integer See the list of WLAN channels |
| Vht_oper_centr_freq_seg0_idx | integer |
| He_oper_centr_freq_seg0_idx | integer |
| Vht_oper_chwidth | integer |
| He_oper_chwidth | integer |
Responses
Request samples
- Payload
{- "Country_code": "US",
- "Vht_capab": "[RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN]",
- "Ht_capab": "[LDPC][HT40+][HT40-][GF][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1]",
- "Hw_mode": "a",
- "Ieee80211ax": 1,
- "He_su_beamformer": 1,
- "He_su_beamformee": 1,
- "He_mu_beamformer": 1,
- "Ssid": "8hzWANip",
- "Channel": 36,
- "Vht_oper_centr_freq_seg0_idx": 42,
- "He_oper_centr_freq_seg0_idx": 42,
- "Vht_oper_chwidth": 1,
- "He_oper_chwidth": 1
}Set WiFi Channel
Sets channel configuration
Authorizations:
path Parameters
| interface required | string Name of wireless interface |
Request Body schema: application/jsonrequired
Channel Parameters for WiFi
| Mode | string/^(a|b|g)$/ g for 2.4Ghz, a for 5Ghz |
| Channel | integer See the list of WLAN channels |
| Bandwidth | integer Channel width in Mhz. One of 20, 40, 80, 160, or 8080 for 80+80 |
| HT_Enable | boolean 802.11n support - High Throughput |
| VHT_Enable | boolean 802.11ac support - Very High Throughput (WiFi 5) |
| HE_Enable | boolean 802.11ax support - High Effiency (WiFi 6) |
Responses
Request samples
- Payload
- CLI
{- "Mode": "a",
- "Channel": 36,
- "Bandwidth": 80,
- "HT_Enable": true,
- "VHT_Enable": true,
- "HE_Enable": true
}Response samples
- 200
{- "Vht_oper_centr_freq_seg0_idx": 42,
- "He_oper_centr_freq_seg0_idx": 42,
- "Vht_oper_chwidth": 1,
- "He_oper_chwidth": 1
}Enable Additional BSS on Interface
Enables an additional BSS (Basic Service Set) on the specified interface. This supports WPA1, and disabled isolation. Requires card support
Authorizations:
path Parameters
| interface required | string Name of the network interface. |
Request Body schema: application/json
| Ssid | string |
| Bssid | string |
| Wpa | string |
| WpaKeyMgmt | string |
| DisableIsolation | boolean |
Responses
Request samples
- Payload
- CLI
{- "Ssid": "string",
- "Bssid": "string",
- "Wpa": "string",
- "WpaKeyMgmt": "string",
- "DisableIsolation": true
}Disable Extra BSS on Interface
Disables an additional BSS on the specified interface.
Authorizations:
path Parameters
| interface required | string Name of the network interface. |
Responses
Request samples
- CLI
curl -u "admin:pass" -X DELETE \ "http://192.168.2.1/hostapd/eth0/enableExtraBSS"
Retrieve interface configuration
SPR Tracks the state of interfaces to decide launching hostap
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/interfacesConfiguration"
Response samples
- 200
[- {
- "Name": "wlan1",
- "Type": "AP",
- "Enabled": true
}
]Get WPA Supplicant Configuration
Retrieves the current WPA supplicant configuration.
Authorizations:
Responses
Response samples
- 200
{- "WPAs": [
- {
- "Iface": "string",
- "Enabled": true,
- "Networks": [
- {
- "Disabled": true,
- "Password": "string",
- "SSID": "string",
- "KeyMgmt": "string",
- "Priority": "string",
- "BSSID": "string"
}
]
}
]
}Update or Add WPA Supplicant Interface Configuration
Updates an existing WPA interface configuration or adds a new one.
Authorizations:
Request Body schema: application/json
| Iface | string |
| Enabled | boolean |
Array of objects (WPANetwork) |
Responses
Request samples
- Payload
- CLI
{- "Iface": "string",
- "Enabled": true,
- "Networks": [
- {
- "Disabled": true,
- "Password": "string",
- "SSID": "string",
- "KeyMgmt": "string",
- "Priority": "string",
- "BSSID": "string"
}
]
}Update or Add PPP Interface Configuration
Updates an existing PPP interface configuration or adds a new one.
Authorizations:
Request Body schema: application/json
| Iface | string |
| PPPIface | string |
| Enabled | boolean |
| Username | string |
| Secret | string |
| VLAN | string or null |
| MTU | string or null |
Responses
Request samples
- Payload
- CLI
{- "Iface": "string",
- "PPPIface": "string",
- "Enabled": true,
- "Username": "string",
- "Secret": "string",
- "VLAN": "string",
- "MTU": "string"
}Update Interface IP Configuration for an existing interface
Updates the IP configuration of a network interface.
Authorizations:
Request Body schema: application/json
| Name | string |
| Enabled | boolean |
| DisableDHCP | boolean or null |
| IP | string or null |
| Router | string or null |
| VLAN | string or null |
Responses
Request samples
- Payload
- CLI
{- "Name": "string",
- "Enabled": true,
- "DisableDHCP": true,
- "IP": "string",
- "Router": "string",
- "VLAN": "string"
}Update Link Configuration
Updates the configuration of a LAN network interface.
Authorizations:
Request Body schema: application/json
| Name | string Interface name on system |
| Type | string Enum: "AP" "Uplink" "Downlink" "Other" |
| Subtype | string |
| Enabled | boolean |
Responses
Request samples
- Payload
- CLI
{- "Name": "string",
- "Type": "AP",
- "Subtype": "string",
- "Enabled": true
}Update VLAN Trunk State on Interface
Set an interface as a VLAN trunk, enabling or disabling it.
Authorizations:
path Parameters
| interface required | string Name of the network interface. |
| state required | string Enum: "enable" "disable" State of the VLAN trunk on the interface (enable or disable). |
Responses
Request samples
- CLI
# Example to enable VLAN trunk on eth0 curl -u "admin:pass" -X PUT \ "http://192.168.2.1/link/vlan/eth0/enable" # Example to disable VLAN trunk on eth0 curl -u "admin:pass" -X PUT \ "http://192.168.2.1/link/vlan/eth0/disable"
Get Version
Get latest tag from docker specified by the container parameter. If no container is specified version is fetched for superd
Authorizations:
query Parameters
| container | string container to get version for |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/version"
Response samples
- 200
"0.1.23"Retreive System Logs
Returns the output of journalctl in json format
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/logs"
Response samples
- 200
[- {
- "CONTAINER_NAME": "superapi",
- "MESSAGE": "192.168.2.101:1234 GET /logs",
- "__REALTIME_TIMESTAMP": 1651066188615770
}
]Get release settings
Returns an object with the current SPR version and Channel, Version settings
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/release"
Response samples
- 200
{- "CustomChannel": "-dev",
- "CustomVersion": "0.1.2",
- "Current": "0.1.2-dev"
}Set release settings
Set a custom Channel, Version to update into
Authorizations:
Request Body schema: application/json
| CustomChannel | string |
| CustomVersion | string |
| Current | string |
Responses
Request samples
- Payload
- CLI
{- "CustomChannel": "-dev",
- "CustomVersion": "0.1.3"
}Get releases available
Returns a list of tags available to update into
Authorizations:
path Parameters
| container required | string Example: super_superd Container name |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/releaseChannels"
Response samples
- 200
[- "latest",
- "0.1.23",
- "0.1.23-dev"
]Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins"
Response samples
- 200
[- {
- "Name": "dns-block",
- "URI": "dns/block",
- "UnixPath": "/state/dns/dns_block_plugin",
- "ComposeFilePath": "plugins/plugin/docker-compose.yml",
- "Enabled": true
}
]Add or Update Plugin
Add or update a plugin specified by the name parameter
Authorizations:
path Parameters
| name required | string Example: dns-block plugin name |
Request Body schema: application/jsonrequired
PluginEntry to be added or updated
| Name | string plugin name |
| URI | string plugin URI |
| UnixPath | string plugin path for unix socket |
| ComposeFilePath | string relative path to docker compose file |
| Enabled | boolean plugin state |
Responses
Request samples
- Payload
- CLI
{- "Name": "dns-block",
- "URI": "dns/block",
- "UnixPath": "/state/dns/dns_block_plugin",
- "ComposeFilePath": "plugins/plugin/docker-compose.yml",
- "Enabled": true
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/tokens"
Response samples
- 200
[- {
- "Name": "TestToken",
- "Token": "dG9rbnRva250b2tudG9rbnRva250b2tudG9rbnRva24K",
- "ScopedPaths": [
- "wifi"
], - "Expire": 1656440879
}
]Add API Token
Create a new token. If Expire is 0 or undefined the Token will never expire
Authorizations:
Request Body schema: application/json
| Expire | integer |
| ScopedPaths | Array of strings |
Responses
Request samples
- Payload
- CLI
{- "Expire": 1656440879,
- "ScopedPaths": [
- "/status",
- "/docker/info"
]
}Response samples
- 200
{- "Name": "TestToken",
- "Token": "dG9rbnRva250b2tudG9rbnRva250b2tudG9rbnRva24K",
- "ScopedPaths": [
- "wifi"
], - "Expire": 1656440879
}Get Notifications
Get list of conditions for notifications
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/notifications"
Response samples
- 200
[- {
- "Conditions": {
- "Prefix": "drop:input",
- "Protocol": "tcp",
- "DstIP": "1.1.1.1",
- "DstPort": 80,
- "SrcIP": "192.168.2.10",
- "SrcPort": 1234
}, - "Notification": true
}
]Add Notification
At least one condition is required to identify the packet
Authorizations:
Request Body schema: application/jsonrequired
Notification object
object | |
| Notification | boolean |
Responses
Request samples
- Payload
- CLI
{- "Conditions": {
- "Prefix": "drop:input",
- "Protocol": "tcp",
- "DstIP": "1.1.1.1",
- "DstPort": 80,
- "SrcIP": "192.168.2.10",
- "SrcPort": 1234
}, - "Notification": true
}Update Notification
At least one condition is required to identify the packet
Authorizations:
path Parameters
| id required | integer Notication ID |
Request Body schema: application/jsonrequired
Notification object
object | |
| Notification | boolean |
Responses
Request samples
- Payload
- CLI
{- "Conditions": {
- "Prefix": "drop:input",
- "Protocol": "tcp",
- "DstIP": "1.1.1.1",
- "DstPort": 80,
- "SrcIP": "192.168.2.10",
- "SrcPort": 1234
}, - "Notification": true
}Start PLUS extension
Start a PLUS extension. Currently this is the pfw plugin
Authorizations:
query Parameters
| name | string Example: name=pfw Name of plus extension |
Responses
Response samples
- 200
[- {
- "Conditions": {
- "Prefix": "drop:input",
- "Protocol": "tcp",
- "DstIP": "1.1.1.1",
- "DstPort": 80,
- "SrcIP": "192.168.2.10",
- "SrcPort": 1234
}, - "Notification": true
}
]Stop PLUS extension
Stop a PLUS extension. Currently this is the pfw plugin
Authorizations:
query Parameters
| name | string Example: name=pfw Name of plus extension |
Responses
Response samples
- 200
[- {
- "Conditions": {
- "Prefix": "drop:input",
- "Protocol": "tcp",
- "DstIP": "1.1.1.1",
- "DstPort": 80,
- "SrcIP": "192.168.2.10",
- "SrcPort": 1234
}, - "Notification": true
}
]Add override domain
Add domain to be blocked/permitted by DNS
Authorizations:
Request Body schema: application/jsonrequired
DNSDomainOverride object that needs to be added
| Type | string type of override (permit or block) |
| Domain | string domain name to override |
| ResultIP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ ip to return |
| ClientIP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ target to apply to, '*' for all |
| Expiration | integer if non zero has unix time for when the entry should disappear |
Responses
Request samples
- Payload
- CLI
{- "Type": "permit",
- "Domain": "example.com",
- "ResultIP": "1.2.3.4",
- "ClientIP": "192.168.2.102",
- "Expiration": 0
}Delete override domain
Delete domain to be blocked/permitted by DNS
Authorizations:
Request Body schema: application/jsonrequired
DNSDomainOverride object that needs to be added
| Type | string type of override (permit or block) |
| Domain | string domain name to override |
| ResultIP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ ip to return |
| ClientIP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ target to apply to, '*' for all |
| Expiration | integer if non zero has unix time for when the entry should disappear |
Responses
Request samples
- Payload
- CLI
{- "Type": "permit",
- "Domain": "example.com",
- "ResultIP": "1.2.3.4",
- "ClientIP": "192.168.2.102",
- "Expiration": 0
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/dns/block/blocklist"
Response samples
- 200
[
]Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/dns/log/config"
Response samples
- 200
[- {
- "HostPrivacyIPList": [
- "192.168.1.10"
]
}, - {
- "DomainIgnoreList": [
- "asdf.com",
- "asdf2.com",
- "test.com."
]
}
]Retrieve recent DNS history for a given IP
Authorizations:
path Parameters
| ip required | string Example: 1.1.1.1 ip address |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/dns/log/history/192.168.1.10"
Response samples
- 200
[- {
- "Q": [
- {
- "Name": "supernetworks.org.",
- "Qtype": 1,
- "Qclass": 1
}
], - "A": [
- {
- "Hdr": {
- "Name": "supernetworks.org.",
- "Rrtype": 1,
- "Class": 1,
- "Ttl": 30,
- "Rdlength": 4
}, - "A": "172.67.71.52"
}, - {
- "Hdr": {
- "Name": "supernetworks.org.",
- "Rrtype": 1,
- "Class": 1,
- "Ttl": 30,
- "Rdlength": 4
}, - "A": "104.26.7.38"
}, - {
- "Hdr": {
- "Name": "supernetworks.org.",
- "Rrtype": 1,
- "Class": 1,
- "Ttl": 30,
- "Rdlength": 4
}, - "A": "104.26.6.38"
}
], - "Type": "NOERROR",
- "FirstName": "supernetworks.org.",
- "FirstAnswer": "172.67.71.52",
- "Local": "[::]:53",
- "Remote": "127.0.0.1:60237",
- "Timestamp": "2022-03-28T21:47:49.563958-07:00"
}
]Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/wireguard/peers"
Response samples
- 200
[- {
- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "AllowedIPs": "192.168.3.3/32",
- "Endpoint": "192.168.2.1:51280",
- "PresharedKey": "w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=",
- "PersistentKeepalive": 25
}
]Peer
Creates a new peer
Authorizations:
Request Body schema: application/jsonoptional
Device object
| PublicKey | string Base64 public key |
| AllowedIPs | string Allowed IP address |
| Endpoint | string Endpoint to connect to |
| PresharedKey | any Preshared key |
| PersistentKeepalive | integer Keepalive timeout |
Responses
Request samples
- Payload
- CLI
{- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "AllowedIPs": "192.168.3.3/32",
- "Endpoint": "192.168.2.1:51280",
- "PresharedKey": "w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=",
- "PersistentKeepalive": 25
}Response samples
- 200
{- "Interface": {
- "PrivateKey": "6KVVbcmXanU/6mByHy17eNO9DXe9BQJWOyaA204JYH4=",
- "Address": "192.168.3.3/24",
- "DNS": "1.1.1.1"
}, - "Peer": {
- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "AllowedIPs": "192.168.3.3/32",
- "Endpoint": "192.168.2.1:51280",
- "PresharedKey": "w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=",
- "PersistentKeepalive": 25
}
}Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/wireguard/config"
Response samples
- 200
"[Interface]\nAddress = 192.168.3.1/24\nListenPort = 51280\nPrivateKey = 6KVVbcmXanU/6mByHy17eNO9DXe9BQJWOyaA204JYH4=\n\n[Peer]\nPublicKey = 7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=\nPresharedKey = w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=\nAllowedIPs = 192.168.3.2/32\n"Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/wireguard/status"
Response samples
- 200
{- "wg0": {
- "privateKey": "6KVVbcmXanU/6mByHy17eNO9DXe9BQJWOyaA204JYH4=",
- "publicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "listenPort": "51280,",
- "peers": {
- "HvtqvLJ1F33eHmR5Yk9PLZfTHg7w6sazPZtZi9u8pBQ=": {
- "presharedKey": "w9bfMAfqRnLjnlHofX+JSzaRDADrW1tvyW1UWzXJjrg=",
- "allowedIps": [
- "192.168.3.2/32"
]
}
}
}
}IP ASN
Get ASN information for IP address
Authorizations:
path Parameters
| ips required | string Example: 1.1.1.1,2.2.2.2 ip address list, separated by , |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/lookup/asn/1.1.1.1"
Response samples
- 200
{- "IP": "1.1.1.1",
- "ASN": 13335,
- "Name": "CLOUDFLARENET",
- "Country": "US"
}IPs ASN
Get ASN information for IPs separated by ,
Authorizations:
path Parameters
| ips required | string Example: 1.1.1.1,2.2.2.2 ip address list, separated by , |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/lookup/asns/1.1.1.1,8.8.8.8"
Response samples
- 200
[- {
- "IP": "1.1.1.1",
- "ASN": 13335,
- "Name": "CLOUDFLARENET",
- "Country": "US"
}
]MAC OUI
Get OUI vendor information for MAC address
Authorizations:
path Parameters
| mac required | string Example: 11:22:33:44:55:66 MAC address |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/lookup/oui/00:11:22:33:44:55"
Response samples
- 200
{- "MAC": "00:11:22:33:44:66",
- "Vendor": "CIMSYS"
}MACs OUI
Get OUI vendor information for MACs separated by ,
Authorizations:
path Parameters
| macs required | string Example: 00:11:22:33:44:66 MAC address list separated by , |
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/lookup/ouis/00:11:22:33:44:66"
Response samples
- 200
[- {
- "MAC": "00:11:22:33:44:66",
- "Vendor": "CIMSYS"
}
]Retrieve dyndns configuration
Returns the dyndns configuration
Authorizations:
Responses
Request samples
- CLI
curl -u "admin:pass" \ "http://192.168.2.1/plugins/dyndns/config"
Response samples
- 200
{- "Provider": "Cloudflare",
- "Password": "stringypassword",
- "LoginToken": "logintoken++",
- "IpType": "IPv4",
- "Interval": 300,
- "Socks5Proxy": "string",
- "Resolver": "8.8.8.8",
- "RunOnce": true,
- "Domains": [
- {
- "DomainName": "supernetworks.org",
- "SubDomains": [
- "dyndns"
]
}
]
}Updates the dyndns config
Authorizations:
Request Body schema: application/jsonrequired
Dyndns Configuration. See godns for details
| Provider | string |
string | |
| Password | string |
| LoginToken | string |
| IpUrl | string |
| Ipv6Url | string |
| IpType | string |
| Interval | integer How many seconds to wait before checking for an update |
| Socks5Proxy | string socks5 proxy to use |
| Resolver | string DNS Resolver to use |
| RunOnce | boolean Run once and exit (note always set to true) |
Array of objects (GodyndnsDomain) |
Responses
Request samples
- Payload
- CLI
{- "Provider": "Cloudflare",
- "Password": "stringypassword",
- "LoginToken": "logintoken++",
- "IpType": "IPv4",
- "Interval": 300,
- "Socks5Proxy": "string",
- "Resolver": "8.8.8.8",
- "RunOnce": true,
- "Domains": [
- {
- "DomainName": "supernetworks.org",
- "SubDomains": [
- "dyndns"
]
}
]
}Report PSK auth failure
Request Body schema: application/jsonrequired
PSKAuthFailure object that needs to be added
| Type | string |
| MAC | string/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/ |
| Reason | string |
| Status | string |
Responses
Request samples
- Payload
{- "Type": "sae",
- "MAC": "11:22:33:44:55:66",
- "Reason": "mismatch",
- "Status": "Okay"
}Report PSK auth success
Request Body schema: application/jsonrequired
PSKAuthSuccess object that needs to be added
| Iface | string |
| Event | string |
| MAC | string/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/ |
| Status | string |
Responses
Request samples
- Payload
{- "Iface": "wlan1",
- "Event": "AP-STA-CONNECTED",
- "MAC": "11:22:33:44:55:66",
- "Status": "Okay"
}Update DHCP information
Handle networking tasks upon a DHCP
Request Body schema: application/jsonrequired
DHCPUpdate object that needs to be added
| IP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ |
| MAC | string/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/ |
| Name | string |
| Iface | string |
| Router | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ |
Responses
Request samples
- Payload
{- "IP": "192.168.2.102",
- "MAC": "11:22:33:44:55:66",
- "Name": "rpi4",
- "Iface": "wlan1",
- "Router": "192.168.2.1"
}Update Wireguard Peer
Handle networking tasks for a new wireguard peer
Request Body schema: application/jsonrequired
WireguardUpdate object that needs to be added
| IP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ |
| PublicKey | string Base64 public key |
| Iface | string |
| Name | string |
Responses
Request samples
- Payload
{- "IP": "192.168.2.102",
- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "Iface": "wg0",
- "Name": "wfh-laptop"
}Delete wireguard peer
Handle networking tasks for removing a wireguard peer
Request Body schema: application/jsonrequired
WireguardUpdate object that needs to be added
| IP | string/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$/ |
| PublicKey | string Base64 public key |
| Iface | string |
| Name | string |
Responses
Request samples
- Payload
{- "IP": "192.168.2.102",
- "PublicKey": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI=",
- "Iface": "wg0",
- "Name": "wfh-laptop"
}Get Version from git
Get latest tag from git repository specified by the plugin parameter
query Parameters
| plugin | string plugin to get version for |
Responses
Request samples
- CLI
curl --unix-socket \ state/plugins/superd/socket \ http://localhost/git_version
Response samples
- 200
"v0.1.23"Get Version for docker container
Get latest tag from docker specified by the container parameter
query Parameters
| container | string container to get version for |
Responses
Request samples
- CLI
curl --unix-socket \ state/plugins/superd/socket \ http://localhost/container_version
Response samples
- 200
"0.1.23"DHCPRequest - Reserves an IP
Reserves an IP address for plugins like wireguard to assign to clients
Request Body schema: application/jsonrequired
AbstractDHCPRequest for requesting an IP by an Identifier
| Identifier | string |
Responses
Request samples
- Payload
{- "Identifier": "7SdFRh8o76RjUn/y4c7cQgCcCXA85s47/gVAdem3bBI="
}| Name | string Client Name |
| MAC | string HW address |
| WGPubKey | string PubKey |
| VLANTag | string VLANTag |
| RecentIP | string RecentIP |
object (PSKEntry) | |
| Groups | Array of strings Groups for Device |
| DeviceTags | Array of strings Tags for Device |
{- "Name": "mbp",
- "MAC": "11:22:33:44:55:66",
- "WGPubKey": "",
- "VLANTag": "",
- "RecentIP": "192.168.2.102",
- "PskEntry": {
- "Type": "sae",
- "Psk": "**"
}, - "Groups": [
- "wan",
- "lan",
- "dns"
], - "DeviceTags": [
- "private"
]
}| Name | string Unique Group Name |
| Disabled | bool If Group is disabled |
| GroupTags | Array of strings Tags for Group |
{- "Name": "vpn",
- "Disabled": false,
- "GroupTags": [
- "private"
]
}| Type | string Enum: "sae" "wpa" sae for WPA3 or wpa for WPA2 |
| Psk | string Password |
{- "Type": "sae",
- "Psk": "password"
}