Control-Plane API

The MikroCloud Control-Plane API is used to manage your MikroTik Control Plane. The objects that can be managed are: Policies, ApiCredentials and Transient Access.

Create Policy

If a resource already exists with the same resource_id for the logged in user, the policy will be updated / overwritten.

Parameters

Name
name
Type
string
Required
Required
Description
This is the name of the policy. It should always be present and be a string with a maximum length of 20 characters.
Name
winbox
Type
array
Required
Required
Description
This is the configuration for the Winbox service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
ssh
Type
array
Required
Required
Description
This is the configuration for the SSH service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
http
Type
array
Required
Required
Description
This is the configuration for the HTTP service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
https
Type
array
Required
Required
Description
This is the configuration for the HTTPS service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
telnet
Type
array
Required
Required
Description
This is the configuration for the Telnet service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
ftp
Type
array
Required
Required
Description
This is the configuration for the FTP service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
api
Type
array
Required
Required
Description
This is the configuration for the API service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
api_ssl
Type
array
Required
Required
Description
This is the configuration for the API SSL service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.

Request

curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {token}" \
-d '{
        "name": "My New Policy",
        "winbox": {
            "enabled": true,
            "port": 8291,
            "networks": [
                "10.0.0.0/8",
                "192.168.0.0/16",
                "172.16.0.0/12"
            ]
        },
        "ssh": {
            "enabled": true,
            "port": 22,
            "networks": [
                "10.0.0.0/8",
                "192.168.0.0/16",
                "172.16.0.0/12"
            ]
        },
        "http": {
            "enabled": false,
            "port": 80,
            "networks": []
        },
        "https": {
            "enabled": false,
            "port": 443,
            "networks": []
        },
        "telnet": {
            "enabled": false,
            "port": 23,
            "networks": []
        },
        "ftp": {
            "enabled": false,
            "port": 21,
            "networks": []
        },
        "api": {
            "enabled": true,
            "port": 8728,
            "networks": [
                "154.66.115.255/32"
            ]
        },
        "api_ssl": {
            "enabled": false,
            "port": 8729,
            "networks": []
        }
    }' https://api.mikrocloud.com/v1/control-plane/policies

Response

{
    "id": "9a8fe55d-b11c-4d0f-b4f2-6c6e7801da65",
    "name": "My New Policy",
    "slug": "my-new-policy-1R9lznKst4",
    "winbox": {
        "enabled": true,
        "port": 8291,
        "networks": [
            "10.0.0.0/8",
            "192.168.0.0/16",
            "172.16.0.0/12"
        ]
    },
    "ssh": {
        "enabled": true,
        "port": 22,
        "networks": [
            "10.0.0.0/8",
            "192.168.0.0/16",
            "172.16.0.0/12"
        ]
    },
    "http": {
        "enabled": false,
        "port": 80,
        "networks": []
    },
    "https": {
        "enabled": false,
        "port": 443,
        "networks": []
    },
    "telnet": {
        "enabled": false,
        "port": 23,
        "networks": []
    },
    "ftp": {
        "enabled": false,
        "port": 21,
        "networks": []
    },
    "api": {
        "enabled": true,
        "port": 8728,
        "networks": [
            "154.66.115.255/32"
        ]
    },
    "api_ssl": {
        "enabled": false,
        "port": 8729,
        "networks": []
    },
    "default": false,
    "created_at": "08 Nov 2023 18:23:11",
    "updated_at": "08 Nov 2023 18:23:11"
}

PUT/v1/control-plane/policies/:resource_id

Update Policy

Parameters

Name
name
Type
string
Required
Required
Description
This is the name of the policy. It should always be present and be a string with a maximum length of 20 characters.
Name
winbox
Type
array
Required
Required
Description
This is the configuration for the Winbox service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
ssh
Type
array
Required
Required
Description
This is the configuration for the SSH service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
http
Type
array
Required
Required
Description
This is the configuration for the HTTP service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
https
Type
array
Required
Required
Description
This is the configuration for the HTTPS service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
telnet
Type
array
Required
Required
Description
This is the configuration for the Telnet service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
ftp
Type
array
Required
Required
Description
This is the configuration for the FTP service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
api
Type
array
Required
Required
Description
This is the configuration for the API service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.
Name
api_ssl
Type
array
Required
Required
Description
This is the configuration for the API SSL service. Passed as an array of key-value pairs. The first key is enabled which should be a boolean. The second key is port which should be an integer (1-65535). The third key is networks which should be an array of valid CIDR strings.

Request

curl -X PUT \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {token}" \
-d '{
    "name": "My New Policy 2",
    "winbox": {
        "enabled": true,
        "port": 8295,
        "networks": [
            "10.0.0.0/8",
            "192.168.0.0/16",
            "172.16.0.0/12"
        ]
    },
    "ssh": {
        "enabled": true,
        "port": 22,
        "networks": [
            "10.0.0.0/8",
            "192.168.0.0/16",
            "172.16.0.0/12"
        ]
    },
    "http": {
        "enabled": false,
        "port": 80,
        "networks": []
    },
    "https": {
        "enabled": false,
        "port": 443,
        "networks": []
    },
    "telnet": {
        "enabled": false,
        "port": 23,
        "networks": []
    },
    "ftp": {
        "enabled": false,
        "port": 21,
        "networks": []
    },
    "api": {
        "enabled": true,
        "port": 8728,
        "networks": [
            "154.66.115.255/32"
        ]
    },
    "api_ssl": {
        "enabled": false,
        "port": 8729,
        "networks": []
    }
}' \
https://api.mikrocloud.com/v1/metadata/7de9960f-22f5-4658-aa33-8878c556220d

Response

{
    "id": "9a8fe55d-b11c-4d0f-b4f2-6c6e7801da65",
    "name": "My New Policy 2",
    "slug": "my-new-policy-1R9lznKst4",
    "winbox": {
        "enabled": true,
        "port": 8295,
        "networks": [
            "154.66.115.255/32",
            "10.0.0.0/8",
            "192.168.0.0/16",
            "172.16.0.0/12"
        ]
    },
    "ssh": {
        "enabled": true,
        "port": 22,
        "networks": [
            "154.66.115.255/32",
            "10.0.0.0/8",
            "192.168.0.0/16",
            "172.16.0.0/12"
        ]
    },
    "http": {
        "enabled": false,
        "port": 80,
        "networks": []
    },
    "https": {
        "enabled": false,
        "port": 443,
        "networks": []
    },
    "telnet": {
        "enabled": false,
        "port": 23,
        "networks": []
    },
    "ftp": {
        "enabled": false,
        "port": 21,
        "networks": []
    },
    "api": {
        "enabled": true,
        "port": 8728,
        "networks": [
            "154.66.115.255/32"
        ]
    },
    "api_ssl": {
        "enabled": false,
        "port": 8729,
        "networks": []
    },
    "default": false,
    "created_at": "08 Nov 2023 18:23:11",
    "updated_at": "08 Nov 2023 18:38:14"
}

DELETE/v1/control-plane/policies/:resource_id

Delete Policy

Parameters

No parameters are required for this endpoint.

Default policies cannot be deleted. Any sites currently attached to the policy will be detached and moved to the default policy. Successful deletion will return a 204 No Content response.

Request

curl -X DELETE \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {token}" \
https://api.mikrocloud.com/v1/policies/9a8fe55d-b11c-4d0f-b4f2-6c6e7801da65

Response

204 No Content

POST/v1/control-plane/policies/{policy_id}/sites

This is used to map sites to a control plane policy. The sites will inherit the policy's configuration. The customer must own the sites. Any site_id's that are not owned by the customer will result in an error.

Parameters

Name
sites
Type
array
Required
Required
Description
This is an array of site IDs that you want to attach to the policy. The sites must be owned by the customer.

Request

curl -X PUT \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {token}" \
-d '{
        "sites" : [
            "bea3bed5-e964-4a41-b367-3ab7108ff58b",
            "4ad2c83d-0976-482a-9627-51996e0f02ad"
        ]
}' \
https://api.mikrocloud.com/v1/control-plane/policies/9a8fe55d-b11c-4d0f-b4f2-6c6e7801da65/sites

Response

{
    "id": "9a8fe55d-b11c-4d0f-b4f2-6c6e7801da65",
    "name": "My New Policy 2",
    "slug": "my-new-policy-1R9lznKst4",
    "winbox": {
        "enabled": true,
        "port": 8291,
        "networks": [
            "154.66.115.255/32",
            "10.0.0.0/8",
            "192.168.0.0/16",
            "172.16.0.0/12"
        ]
    },
    "ssh": {
        "enabled": true,
        "port": 22,
        "networks": [
            "154.66.115.255/32",
            "10.0.0.0/8",
            "192.168.0.0/16",
            "172.16.0.0/12"
        ]
    },
    "http": {
        "enabled": false,
        "port": 80,
        "networks": []
    },
    "https": {
        "enabled": false,
        "port": 443,
        "networks": []
    },
    "telnet": {
        "enabled": false,
        "port": 23,
        "networks": []
    },
    "ftp": {
        "enabled": false,
        "port": 21,
        "networks": []
    },
    "api": {
        "enabled": true,
        "port": 8728,
        "networks": [
            "154.66.115.255/32"
        ]
    },
    "api_ssl": {
        "enabled": false,
        "port": 8729,
        "networks": []
    },
    "default": false,
    "sites": [
        "bea3bed5-e964-4a41-b367-3ab7108ff58b",
        "4ad2c83d-0976-482a-9627-51996e0f02ad"
    ],
    "created_at": "08 Nov 2023 18:23:11",
    "updated_at": "08 Nov 2023 18:38:14"
}

The Credentials Object

Name
id
Type
uuid
Description
This is the unique identifier for the credentials object.
Name
site_id
Type
uuid
Description
This is the unique identifier for the site that the credentials are for.
Name
username
Type
string
Description
This is the username that is used to login to the MikroTik.
Name
password
Type
string
Description
This is the password that is used to login to the MikroTik.
Name
deleted_at
Type
string
Description
This is the date that the credentials were deleted. If the credentials are not deleted, this will be null.

The Credentials Object

{
    "id": "9a900070-a671-421e-935f-1c7f6edde02a",
    "site_id": "bea3bed5-e964-4a41-b367-3ab7108ff58b",
    "username": "mikrocloud-api",
    "password": "GrGXXYxEhL97gktR1bWm4d6A9ryiSSq8"
}

GET/v1/control-plane/{site_id}/credentials

Fetching API Credentials

This endpoint can be used to fetch all Credentials(Current and Historical) for a site.

Parameters

No parameters are required for this endpoint.

The current credentials should be the only credentials that are not deleted. (deleted_at = null).

Request

curl -X GET \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {token}" \
https://api.mikrocloud.com/v1/control-plane/bea3bed5-e964-4a41-b367-3ab7108ff58b/credentials

Response

[
    {
        "id": "9a8e4ffe-2c51-4f8c-8154-824cf308a957",
        "site_id": "bea3bed5-e964-4a41-b367-3ab7108ff58b",
        "username": "mikrocloud-api",
        "password": "lp1fuLmVEHeGfSbPMu5DNabRGp8tnAFK",
        "deleted_at": "2023-11-08T08:49:32.000000Z"
    },
    {
        "id": "9a90046d-4fb4-4ca8-9d94-e4f387820352",
        "site_id": "bea3bed5-e964-4a41-b367-3ab7108ff58b",
        "username": "mikrocloud-api",
        "password": "yYIxmDXVfXqE4aVucFepguNkHuqaHTer",
        "deleted_at": null
    }
]

POST/v1/control-plane/{site}/credentials

Reset API Credentials Endpoint

Parameters

No parameters are required for this endpoint.

This endpoint is used to reset the API credentials for a site. The API credentials are used to authenticate with the MikroTik API and to login to the MikroTik.

Request

curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {token}" \
https://api.mikrocloud.com/v1/control-plane/bea3bed5-e964-4a41-b367-3ab7108ff58b/credentials

Response

{
    "id": "9a900070-a671-421e-935f-1c7f6edde02a",
    "site_id": "bea3bed5-e964-4a41-b367-3ab7108ff58b",
    "username": "mikrocloud-api",
    "password": "GrGXXYxEhL97gktR1bWm4d6A9ryiSSq8"
}

The Transient Access Object

Name
id
Type
uuid
Description
This is the unique identifier for the transient access object.
Name
username
Type
string
Description
This is the username that is used to login to the MikroTik.
Name
password
Type
string
Description
This is the password that is used to login to the MikroTik.
Name
port
Type
integer
Description
This is the port that is used to login to the MikroTik.
Name
type
Type
string
Description
This is the type of access that is granted. It can be one of the following: winbox/ssh.
Name
full_access
Type
boolean
Description
This is a boolean that indicates whether the access is full or read-only.
Name
allow_rfc1918
Type
boolean
Description
This is a boolean that indicates whether the access is allowed to RFC1918 addresses or not.
Name
config_committed_to_site
Type
string
Description
This is a timestamp that indicates when the configuration was committed to the site.
Name
config_removed_from_site
Type
boolean
Description
This is a boolean that indicates whether the configuration was removed from the site or not.
Name
config_removed_from_mpac
Type
boolean
Description
This is a boolean that indicates whether the configuration was removed from the MPAC or not.

The Transient Access Object

{
    "id": "9a90077e-a4d2-471c-87de-fb70bf0ce47e",
    "username": "wEmOUMwJGk6sUOgynIAVrSzO",
    "password": "pAXOvGBmBLZnAe89JeAsg8FZ",
    "port": 50450,
    "type": "winbox",
    "full_access": true,
    "allow_rfc1918": false,
    "config_committed_to_site": null,
    "config_removed_from_site": false,
    "config_removed_from_mpac": false,
    "revoked_early": false,
    "allow_only_ip": null,
    "allow_only_cidr": null,
    "authorized_at": null,
    "expires_at": "08 Nov 2023 20:58:36",
    "expired": false,
    "entry_point": "api.mkcld.com",
    "time_to_expire": "59 minutes from now"
}

GET/v1/control-plane/{site_id}/transient-access

Fetching Transient Access

This endpoint can be used to fetch all current Transient Access objects for a site.

Parameters

No parameters are required for this endpoint.

Example requests

# Make GET request to /v1/control-plane/bea3bed5-e964-4a41-b367-3ab7108ff58b/transient-access

curl -G https://api.mikrocloud.com/v1/control-plane/bea3bed5-e964-4a41-b367-3ab7108ff58b/transient-access \
-H "Authorization: Bearer {token}"

Example responses

[
    {
        "id": "9a900b5d-0ad7-4a3c-8935-0fe15971fa10",
        "username": "nvon2NHtV4GHRw6i99CR1rpH",
        "password": "JKSwzhkz5DlI4e2y1dLJKuD8",
        "port": 31336,
        "type": "winbox",
        "full_access": true,
        "allow_rfc1918": false,
        "config_committed_to_site": false,
        "config_removed_from_site": false,
        "config_removed_from_mpac": false,
        "revoked_early": false,
        "allow_only_ip": null,
        "allow_only_cidr": null,
        "authorized_at": null,
        "expires_at": "08 Nov 2023 21:09:25",
        "expired": false,
        "entry_point": "api.mkcld.com",
        "time_to_expire": "58 minutes from now"
    },
    {
        "id": "9a90077e-a4d2-471c-87de-fb70bf0ce47e",
        "username": "wEmOUMwJGk6sUOgynIAVrSzO",
        "password": "pAXOvGBmBLZnAe89JeAsg8FZ",
        "port": 50450,
        "type": "winbox",
        "full_access": true,
        "allow_rfc1918": false,
        "config_committed_to_site": false,
        "config_removed_from_site": false,
        "config_removed_from_mpac": false,
        "revoked_early": false,
        "allow_only_ip": null,
        "allow_only_cidr": null,
        "authorized_at": null,
        "expires_at": "08 Nov 2023 20:58:36",
        "expired": false,
        "entry_point": "api.mkcld.com",
        "time_to_expire": "48 minutes from now"
    }
]

POST/v1/control-plane/{site}/transient-access

Create Transient Access

This endpoint is used to create a new Transient Access for a site. The Transient Access is used to create temporary access to the MikroTik via Winbox or SSH.

Name
expire_after_minutes
Type
integer
Description
This is the number of minutes that the Transient Access should be valid for.
Name
type
Type
string
Description
This is the type of access that is granted. It can be one of the following: winbox/ssh.
Name
full_access
Type
boolean
Description
This is a boolean that indicates whether the access is full or read-only. True represents full access and false represents read-only access.
Name
allow_rfc1918
Type
boolean
Description
This is a boolean that indicates whether the access is allowed to RFC1918 addresses or not.

Request

curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {token}" \
-d '{
        "expire_after_minutes": 60,
        "type": "winbox",
        "full_access": true,
        "allow_rfc1918": false
}' \
https://api.mikrocloud.com/v1/control-plane/bea3bed5-e964-4a41-b367-3ab7108ff58b/transient-access

Response

{
    "id": "9a90077e-a4d2-471c-87de-fb70bf0ce47e",
    "username": "wEmOUMwJGk6sUOgynIAVrSzO",
    "password": "pAXOvGBmBLZnAe89JeAsg8FZ",
    "port": 50450,
    "type": "winbox",
    "full_access": true,
    "allow_rfc1918": false,
    "config_committed_to_site": null,
    "config_removed_from_site": false,
    "config_removed_from_mpac": false,
    "revoked_early": false,
    "allow_only_ip": null,
    "allow_only_cidr": null,
    "authorized_at": null,
    "expires_at": "08 Nov 2023 20:58:36",
    "expired": false,
    "entry_point": "api.mkcld.com",
    "time_to_expire": "59 minutes from now"
}

DELETE/v1/control-plane/{site}/transient-access/{resource_id}

Delete/Revoke Transient Access

Parameters

No parameters are required for this endpoint.

Deleting a Transient Access will revoke the access immediately.

Request

curl -X DELETE \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {token}" \
https://api.mikrocloud.com/v1/control-plane/bea3bed5-e964-4a41-b367-3ab7108ff58b/transient-access/9a90077e-a4d2-471c-87de-fb70bf0ce47e

Response

204 No Content

Control-Plane API

The Policies Object

Parameters

Example requests

Example responses

Parameters

Request

Response

Parameters

Request

Response

Parameters

Request

Response

Parameters

Request

Response

The Credentials Object

Parameters

Request

Response

Parameters

Request

Response

The Transient Access Object

Parameters

Example requests

Example responses

Request

Response

Parameters

Request

Response