Here's how you can fetch your DNS and DHCP records from your pfSense box with IP address 192.168.0.1
using the API:
Use the following curl
command to fetch DNS Host Overrides:
curl -X GET "http://192.168.0.1/api/v1/services/dnsmasq/host_override" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your-api-key"
Replace your-api-key
with the actual API key you generated.
Use the following curl
command to fetch DHCP leases:
curl -X GET "http://192.168.0.1/api/v1/services/dhcpd/lease" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your-api-key"
Again, replace your-api-key
with the actual API key you generated.
Here's a step-by-step example for clarity:
-
Fetch DNS Host Overrides:
curl -X GET "http://192.168.0.1/api/v1/services/dnsmasq/host_override" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer your-api-key"
This command will return a JSON response similar to:
[ { "id": "1", "host": "server1", "domain": "example.com", "ip": "192.168.1.10", "descr": "Primary server" }, { "id": "2", "host": "server2", "domain": "example.com", "ip": "192.168.1.20", "descr": "Secondary server" } ]
-
Fetch DHCP Leases:
curl -X GET "http://192.168.0.1/api/v1/services/dhcpd/lease" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer your-api-key"
This command will return a JSON response similar to:
[ { "ip": "192.168.1.100", "mac": "00:11:22:33:44:55", "hostname": "client1", "start": "2024-06-12 12:34:56", "end": "2024-06-13 12:34:56", "state": "active" }, { "ip": "192.168.1.101", "mac": "66:77:88:99:aa:bb", "hostname": "client2", "start": "2024-06-12 12:34:56", "end": "2024-06-13 12:34:56", "state": "expired" } ]
These commands allow you to programmatically access and manage your pfSense DNS and DHCP records. If you have any specific configurations or additional parameters to include, refer to the pfSense API documentation for further details.
To get a bearer token for accessing the pfSense API, you need to follow these steps:
-
Login to your pfSense web interface: Open a web browser and go to
http://192.168.0.1
(replace with your pfSense IP address). -
Navigate to System > User Manager:
- Go to
System
->User Manager
. - Click on the
+Add
button to create a new user.
- Go to
-
Create a new user with API permissions:
- Fill in the username, password, and other necessary fields.
- Under
Effective Privileges
, add the necessary permissions for accessing the API. You can useWebCfg - All pages
for full access or specify more granular permissions. - Click
Save
.
-
Generate an API token for the user:
- After creating the user, go back to the
User Manager
. - Find the user you just created and click on the
e
(edit) button. - Scroll down to the
User Certificates
section and click+Add
to generate a new certificate. - Fill in the certificate details and click
Save
.
- After creating the user, go back to the
-
Export the user certificate:
- After creating the certificate, export it by clicking on the
Download
button next to the certificate entry.
- After creating the certificate, export it by clicking on the
To get the bearer token, you will use the generated certificate to authenticate via the API. Here’s how you can do it using curl
:
-
Convert the certificate to a format usable by curl:
- If the certificate is in
p12
format, you need to convert it topem
format.
openssl pkcs12 -in user_cert.p12 -out user_cert.pem -nodes
- If the certificate is in
-
Use the certificate to get a bearer token:
curl -X POST "http://192.168.0.1/api/v1/access_token" \ --cert user_cert.pem \ --key user_key.pem \ -H "Content-Type: application/json" \ -d '{"client_id":"your-client-id","client_secret":"your-client-secret"}'
Replace
user_cert.pem
anduser_key.pem
with the paths to your certificate and key files. You might also need to provideclient_id
andclient_secret
if your pfSense API setup requires it.
Here’s an example curl
command to get the bearer token:
curl -X POST "http://192.168.0.1/api/v1/access_token" \
--cert /path/to/user_cert.pem \
--key /path/to/user_key.pem \
-H "Content-Type: application/json" \
-d '{"username":"api-user","password":"api-password"}'
The response will include the bearer token you can use for subsequent API requests.
Once you have the bearer token, you can include it in the header of your API requests like this:
curl -X GET "http://192.168.0.1/api/v1/services/dnsmasq/host_override" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer your-bearer-token"
Replace your-bearer-token
with the actual token obtained from the previous step.
Creating an API user and generating a bearer token involves setting up a user with API permissions, generating a user certificate, and using the certificate to obtain a bearer token for API access. This token is then used in the Authorization
header for subsequent API requests. Make sure to secure your certificates and tokens properly to prevent unauthorized access.