API Access with Examples
The API Access section provides configuration options for enabling and managing API integrations. It includes controls for enabling HTTP API methods, viewing API endpoints, and managing API keys for controlled interaction with operator-approved third-party applications.
⚠️ Security Notice
Use the local API endpoint only within a trusted LAN or over a secure VPN.
Do not expose the API to the public internet. Avoid placing API keys in URL query strings. Prefer POST requests for authenticated actions and keep API keys confidential. The API interface is intended for controlled, operator-managed integrations.
When enabled, the API provides access to operational and authentication-related data and must be protected accordingly.
For security reasons:
-
The API is disabled by default
-
Remote access over the internet should be performed only via the randomized HTTPS Cloud API Endpoint.
-
Authentication is enforced using a secret API key
- GET-based API access is intended strictly for trusted local network (LAN) or VPN environments. It must not be exposed to the public internet.
Features
-
Enable API POST Method
- Toggle this setting to allow the use of HTTP POST requests.
- Toggle this setting to allow the use of HTTP POST requests.
-
Enable API GET Method
- Toggle this setting to enable the use of HTTP GET requests.
- Toggle this setting to enable the use of HTTP GET requests.
-
Current API Endpoint
- Displays the local API endpoint for integration within the local network. (LAN/MGMT Ports)
- Example:
http://192.168.10.1/api/
-
Cloud API Endpoint
- Displays a HTTPS API endpoint for use over the internet.
- Example:
https://2b080b3af6.w-router.com/api/
Recommended: Use this endpoint when accessing the API outside the local network. Do not use public IP/forwarding.
-
API Key
- Shows the API key required for authentication.
- The API key is required for request authentication and access control.
-
API Documentation
- Detailed API documentation, including parameters.
Configure API Settings
-
Login to Admin Panel:
- Go to Integrations > API Access page
- Go to Integrations > API Access page
-
Enable Methods:
- Toggle Enable API POST Method and/or Enable API GET Method based on your integration requirements.
- Toggle Enable API POST Method and/or Enable API GET Method based on your integration requirements.
-
View and Copy Endpoints:
- Use the Current API Endpoint for local network integrations.
- Use the Cloud API Endpoint when accessing the API over the internet.
-
Manage API Key:
- Ensure the API key is securely stored and used in all requests. Avoid sharing the key publicly.
- Ensure the API key is securely stored and used in all requests. Avoid sharing the key publicly.
-
Access Documentation:
- Refer to the API Documentation for detailed instructions on API usage.
- Refer to the API Documentation for detailed instructions on API usage.
API Documentation
The API accepts requests using the GET and POST methods, or a combination of both, depending on the specific configuration. This flexibility allows integration with voucher credentials and authentication records in accordance with the configured API settings.
1 - Managing voucher credentials
1.1 - Create a new voucher
|
Parameter |
Required |
Value |
|---|---|---|
|
api-key |
Yes |
The API key defined in settings. |
|
action |
Yes |
'create_voucher' |
|
username |
No |
The username to create. If empty, a random username will be generated. |
|
passcode |
No |
The passcode to use. If empty, a random passcode will be generated. |
|
fullname |
No |
The fullname for the new user. If empty, a random name will be generated. |
|
valid_for * |
No |
The validity of the new user. If empty, the preset in settings will be used. |
|
valid_from |
No |
The date/time this user will be valid from in "Ym:d H:i:s" format. ex. 2018-08-24 00:00:00. If not set, the user will be available immediately. |
|
download_limit |
No |
The amount of data available for download by this user (in MB from 1 to 9437184). If unset or out of bounds, the user traffic will be unlimited. |
|
upload_limit |
No |
The amount of data available for upload by this user (in MB from 1 to 9437184). If unset or out of bounds, the user traffic will be unlimited. |
* Must be one of the following values - 'always', '1 hour', '2 hours' to '23 hours', '1 day', '2 days' to '30 days', '35 days', '40 days', '45 days', '50 days', '55 days', '60 days', '90 days', '120 days', '150 days', '180 days', '365 days'
1.2 - Remove an existing voucher
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'remove_voucher' |
| username | Yes | The username to delete. |
1.3 - Fetch vouchers list
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'get_voucher_users' |
2 - Fetching stored user data
2.1 - Fetch Email users list
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'get_email_users' |
2.2 - Fetch Facebook users list
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'get_fb_users' |
2.3 - Fetch Mobile users list
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'get_mobile_users' |
2.4 - Fetch Free users list
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'get_free_users' |
2.5 - Fetch Login log list
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'get_logins' |
3 - Fetching live data
3.1 - Fetch current Guest network hosts
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'get_guest_hosts' |
3.2 - Fetch current Active guest users
| Parameter | Required | Value |
|---|---|---|
| api-key | Yes | The API key defined in settings. |
| action | Yes | 'get_active_guests' |
4. API Messages
API is not enabled - API does not accept requests because it is disabled
API Key is incorrect - API Key provided does not match the one set
API Key not set or method not allowed - API key is not provided in the requested method
Username already exists - User with the same username already exists in the database
User added successfully - User creation confirmation. It will return an array with the following data: username, passcode, fullname, valid_for, and valid_from values
Username doesn't exist - Username selected for deletion doesn't exist
No username set - No username set for deletion
User removed successfully - User was successfully removed
An error occurred - An unknown error occurred
API Usage Examples
1. Create a New Voucher
POST Request:
POST http://192.168.10.1/api/
Content-Type: application/json
Body:
{
"api-key": "your-api-key",
"action": "create_voucher",
"username": "user123",
"passcode": "pass123",
"fullname": "John Doe",
"valid_for": "1 day",
"valid_from": "2025-01-17 10:00:00",
"download_limit": 1024,
"upload_limit": 512
}or GET Request:
GET http://192.168.10.1/api/?api-key=your-api-key&action=create_voucher&username=user123&passcode=pass123&fullname=John%20Doe&valid_for=1%20day&valid_from=2025-01-17%2010:00:00&download_limit=1024&upload_limit=512Response Example:
{
"message": "User added successfully",
"user": {
"id": 43,
"username": "user123",
"passcode": "pass123",
"fullname": "John Doe",
"valid_for": "1 day",
"valid_from": "2025-01-17 10:00:00",
"download_limit": "1024",
"upload_limit": "512"
},
"error": false
}
2. Remove an Existing Voucher
POST Request:
POST http://192.168.10.1/api/
Content-Type: application/json
Body:
{
"api-key": "your-api-key",
"action": "remove_voucher",
"username": "user123"
}or GET Request:
GET http://192.168.10.1/api/?api-key=your-api-key&action=remove_voucher&username=user123{
"message": "User removed successfully",
"error": false
}
3. Fetch Vouchers List
GET Request:
GET http://192.168.10.1/api/?api-key=your-api-key&action=get_voucher_users
Response Example:
{
"users": [
{
"id": 45,
"username": "user1234",
"password": "pass1234",
"fullname": "John Doe2",
"created_at": "2025-02-21 02:31:30",
"last_modified": "2025-02-21 02:31:30",
"first_login": null,
"last_login": null,
"valid_for": "1 day",
"valid_from": "2025-01-17 10:00:00",
"MAC": null,
"download_limit": 1024,
"upload_limit": 512
},
{
"id": 46,
"username": "user12345",
"password": "pass12345",
"fullname": "John Doe3",
"created_at": "2025-02-21 02:32:12",
"last_modified": "2025-02-21 02:32:12",
"first_login": null,
"last_login": null,
"valid_for": "5 days",
"valid_from": "2025-01-18 10:00:00",
"MAC": null,
"download_limit": 0,
"upload_limit": 0
}
]
}
4. Fetch Email Users List
GET Request:
GET http://192.168.10.1/api/?api-key=your-api-key&action=get_email_users
Response Example:
{
"users": [
{
"id": 1,
"email": "john.doe@gmail.com",
"created_at": "2025-01-14 08:38:10",
"last_login": "2025-01-16 09:41:27",
"MAC": "98:01:A7:CB:BB:00",
"visits": 7,
"comments": "John",
"comments1": "New York",
"comments2": "Male",
"last_modified": "2025-01-16 09:41:27",
"marketing": 0,
"verified": 1
},
{
"id": 2,
"email": "jane.smith@yahoo.com",
"created_at": "2025-02-01 10:15:30",
"last_login": "2025-02-05 12:25:43",
"MAC": "74:D2:46:AC:EE:11",
"visits": 3,
"comments": "Jane",
"comments1": "Los Angeles",
"comments2": "Female",
"last_modified": "2025-02-05 12:25:43",
"marketing": 1,
"verified": 0
}
]
}
5. Fetch Active Guest Users
GET Request:
GET http://192.168.10.1/api/?api-key=your-api-key&action=get_active_guests
Response Example:
{
"data": [
{
"logins": "user1@example.com",
"address": "192.168.0.200",
"mac-address": "A1:B2:C3:D4:E5:F6",
"uptime": "9h12m45s",
"idle-time": "2h30m10s",
"bytes-out": "1056738924",
"bytes-in": "87456321"
},
{
"logins": "15559876543",
"address": "192.168.0.201",
"mac-address": "F6:E5:D4:C3:B2:A1",
"uptime": "12h05m30s",
"idle-time": "1h15m20s",
"bytes-out": "2098475632",
"bytes-in": "156483920"
}
]
}
Notes for Developers
- POST Requests: Used for actions like creating or removing vouchers. Ensure
Content-Typeis set toapplication/json. - GET Requests: Used for retrieving data (e.g., user lists, logs, or live sessions). Parameters are passed as query strings.
- Authentication: The
api-keyis mandatory for all requests. Keep it secure and do not share it publicly. - HTTPS Usage: When accessing the API over the internet, use the Cloud API Endpoint. Do not share this endpoint publicly.