pfSense API v1.5.1

Fixes

• Addresses bug that prevented HA sync peers from capturing API configuration backups when persist is enabled. (#288)
• Addresses bug that prevented API configuration backups from being captured during PUT requests to /api/v1/system/api. (#288)
• Addresses bug that prevented hasync_hosts, hasync_username, and hasync_password from being set during PUT requests to /api/v1/system/api. (#290)

Changes

• API Login Protection no longer logs successful authentication attempts by default, only failed authentication attempts. (#287)

New

• Adds the log_successful_auth field to /api/v1/system/api and System > API to optionally enable logging successful API authentication attempts. (#287)

Full Changelog: v1.5.0...v1.5.1

pfSense API v1.5.0

New

• Adds /api/v1/interface/group endpoint to create, read, update and delete interfaces groups. (#242, by @dihedral)
• Allows interface groups to be specified in /api/v1/firewall/rule creations and updates. (#241, by @dihedral)
• Adds /api/v1/services/openvpn/server endpoint. (#228, by @pincher95)
• Adds /api/v1/services/openvpn/client endpoint. (#262, by @pincher95)
• Adds /api/v1/status/ipsec endpoint to fetch IPsec tunnel status and metrics. (#245)
• Adds /api/v1/services/ipsec/phase1 to manage IPsec phase 1 entries. (#245)
• Adds /api/v1/services/ipsec/phase1/encryption to add supported encryption settings to existing IPsec phase 1 entries. (#245)
• Adds /api/v1/services/ipsec/phase2 to manage IPsec phase 2 entries. (#245)
• Adds /api/v1/services/ipsec/apply to apply pending IPsec changes. (#245)
• Adds /api/v1/status/log/settings endpoint to configure logging.
• Adds the tcpflags_any, tcpflags1, tcpflags2, statetype, and quick fields to /api/v1/firewall/rule. (#270)
• Adds the ability for multiple interfaces on floating rules via /api/v1/firewall/rule. (#260)
• Adds /api/v1/firewall/alias/advanced endpoint to configure advanced alias settings. (#204)
• Adds the /api/v1/services/service_watchdog endpoint to read and update Service Watchdog configurations. (#273)
• Adds the installed, installed_version and update_available fields to /api/v1/system/package to show whether a package is currently installed, the version installed currently, and whether updates are available.
• Adds the /api/v1/system/version/upgrade endpoint to check for available pfSense upgrades.
• Allows clients to generate API tokens via /api/v1/access_token when auth_mode is set to token. (#281)
• Integrates pfSense Login Protection into API authentication to help prevent brute-force attacks. Note: Login Protection is now enabled by default for all new installations of pfSense API. If you are upgrading or restoring from a previous installation of pfSense API, you will need to explicitly enable this setting.

Fixes

• Fixes bug in /api/v1/access_token that allowed a JWT to be obtained before the JWT server key had been created.

Changes

• Migrates to composer for dependency management and utilizes dependabot for both composer (PHP) and pip dependencies.
• Refactors /api/v1/system/package endpoint to use built-in pfSense functions instead of manually parsing pkg output.

New Contributors

• @dihedral made their first contribution in #242

Full Changelog: v1.4.3...v1.5.0

pfSense API v1.4.3

New

• Adds support for pfSense 22.05-RELEASE (AMD64).
• Adds async property to /api/v1/interface/apply to apply pending interface changes in the background. (#254)
• Adds support for GET requests to /api/v1/interface/apply to read the interface apply status. (#254)
• Adds async property to /api/v1/services/unbound/apply to apply pending DNS Resolver (Unbound) changes in the background. (#255)
• Adds support for GET requests to /api/v1/services/unbound/apply to read the DNS Resolver (Unbound) apply status. (#255)
• Adds /api/v1/services/wol/send endpoint to send a Wake-on-LAN packet. By @wuarmin. (#237)

Fixes

• Addresses issue that incorrectly allowed a port range to be specified in the local-port property of /api/v1/firewall/nat/port_forward. (#253)
• Addresses typo in documentation that incorrectly listed the /api/v1/services/openvpn/csc endpoint as /api/v1/openvpn/csc (#251)
• Addresses typo in documentation for /api/v1/system/api that wrongfully displayed the allowed_interfaces property as available_interfaces. By @robindbe. (#247, #246)

Removes

• File overrides for pfSense 2.4 as support has been deprecated since pfSense API v1.3.0.

Full Changelog: v1.4.2...v1.4.3

pfSense API v1.4.2

New

• Adds support for PUT requests to /api/v1/firewall/rule/flush to replace all rules with a specified set of rules.
• Adds support for PUT requests to /api/v1/services/unbound/host_override/flush to replace all host overrides with a specified set of host overrides.
• Adds /api/v1/routing/gateway/default to set the default gateways for both IPv4 and IPv6 traffic. (#231)

Fixes

• Addresses missing documentation on conditional field validation for PUT requests to /api/v1/interface. (#229)
• General housekeeping adjustments on project documentation.

Full Changelog: v1.4.1...v1.4.2

pfSense API v1.4.1

New

• Adds /api/v1/interface/available endpoint to read details on all interfaces available to the system. (#216)
• Adds /api/v1/services/unbound/host_override/flush endpoint to delete all existing host overrides from the DNS Resolver.

Fixes

• Fixes favicons within API documentation to correctly display pfSense native icons.
• Fixes bug that prevented API package from being updated on pfSense Plus.
• Fixes bug that prevented menu items from being installed for packages installed via /api/v1/system/package.
• Fixes bug that allowed certificates to be updated without specifying a refid value on PUT requests to /api/v1/system/certificate.
• Fixes bug that prevented updated certificates from being stored in the required Base64 format on PUT requests to /api/v1/system/certificate (#218, #219)

Removes

• Removes ability to install packages via external URLs using /api/v1/system/package. Use the /api/v1/diagnostics/command_prompt endpoint to do this going forward.

Full Changelog: v1.4.0...v1.4.1

pfSense API v1.4.0

New

• Adds support for pfSense Plus 22.01.*
• Adds API access list to restrict which IPs can interact with the API.
• Adds numberoptions, defaultleasetime and maxleasetime to /api/v1/services/dhcpd. (#176)
• Adds /api/v1/services/dhcpd/options endpoint to add DHCP options.
• Adds support for DELETE requests to /api/v1/firewall/states to kill firewall states. (#160)
• Adds /api/v1/firewall/rule/sort endpoint to sort firewall rules based on specified criteria. (#133)
• Adds floating and direction fields to /api/v1/firewall/rule to support floating rules. (#188)
• Adds /api/v1/system/package endpoint to read installed packages, install new packages, or remove existing packages.
• Adds support for PUT requests to /api/v1/system/certificate to update certificates (#210)
• Adds /api/v1/system/crl endpoint to create, read and delete certificate revocation lists. (#191)
• Adds service field to /api/v1/services to restart a single service by name. (#209)
• Adds /api/v1/user/group endpoint to manage groups.

Changes

• Implements basic authentication for Local Database auth type. (#174)
• Moves /api/v1/user/group endpoint to /api/v1/user/group/member. This may be a breaking change for existing integrations!
• Converts documentation from Postman collection to OpenAPIv3. (#179)
• Embedded API documentation migrated to Swagger. Endpoint documentation is no longer available within the README.md, refer to the Swagger documentation within the pfSense webConfigurator going forward.
• Changes /api/v1/services/unbound/host_override to allow the ip field to be passed in as an array of multiple IP addresses to resolve in the DNS entry. (#105)

Full Changelog: v1.3.5...v1.4.0

pfSense API v1.3.5

Changes

• Addresses issue that prevented the gateway field from being reverted to it's default value on /api/v1/firewall/rule. (#202)
• Upgrades the php-jwt dependency to v.6.0.0.

Full Changelog: v1.3.4...v1.3.5

pfSense API v1.3.4

Adds

• Full support for pfSense 2.6.0-RELEASE.
• Minor documentation enhancements.

Changes

• Interface creations and updates on /api/v1/interface now allow the default spoofmac value. (#195)

Fixes

• Addresses bug that prevented email notification data from being read using /api/v1/system/notifications/email. (#196)
• Addresses issue that threw array errors due to the ntpd configuration now being defaulted as empty string on pfSense 2.6 instead of null like previous releases.

Full Changelog: v1.3.3...v1.3.4

pfSense API v1.3.3

Adds

• Adds staticarp field to /api/v1/services/dhcpd and adds notes regarding issues with static ARP via API. (#129)

Fixes

• Addresses issue within /api/v1/services/dhcpd that prevented DHCP server configurations from being updated when the default interface DHCP configuration was not initialized. (#178)
• Minor documentation typos.

Full Changelog: v1.3.2...v1.3.3

pfSense API v1.3.2

Fixes

• Addresses bug that caused imported CA certificates to be Base64 encoded twice before saving to configuration (#165)
• Addresses bug that sometimes caused the API UI page to hang indefinitely when no internet access was present
• Relaxes input validation on the cert field for the /api/v1/user endpoint that prevented assigning users 'server' type certificates (#165)

Changes

• 'Report an Issue' UI button now redirects to the issue type selection screen instead of a blank issue creation form

Full change log: v1.3.1...v1.3.2