Suggestion : Web API

joeyconcrete · Thu Aug 11, 2005 10:59 am

Something I'd like to see on RouterOS is the ability to access the inner workings via the web server.

Even if it was something as basic as providing a URL "http:///myMikrotik/cmd/cmd.cgi" where the admin could POST or GET console commands to that specific page, the script would then return the output.

e.g.

GET /cmd/cmd.cgi?interface print HTTP/1.0

HTTP/1.0 200 OK
Server: Mikrotik01
MIME-version: 1.0
Content-type: text/html

Flags: X - disabled, D - dynamic, R - running
 #    NAME                         TYPE             RX-RATE    TX-RATE    MTU
 0  R Ethernet0                   ether            0          0          1500

For the security concious you could restrict access by IP Address to this URL and you could also use SSL.

This would allow admins to access the inner workings or automate the process from an external host using their preferred scripting language (PHP, Python, VBScript etc)

I believe this additional feature would make RouterOS even more superior than it already is (and it would be very useful to me

Thu Aug 11, 2005 11:23 am

huh? have you even tried 2.9? there is a web interface for some time now.

http://ip_address/cfg

or do you mean something more advanced?

joeyconcrete · Thu Aug 11, 2005 11:38 am

Oops. Only very briefly and I never spotted it

I'll give it a go!

cmit · Thu Aug 11, 2005 11:43 am

i think he meant something more "general" - a general way to issue (arbitrary) commands to RouterOS via HTTP(S).

Which would be very nice

...

tneumann · Thu Aug 11, 2005 2:01 pm

Take a look at Juniper's XML based JunoScript API for some very advanced ideas...

joeyconcrete · Thu Aug 11, 2005 2:40 pm

The Barracuda SPAM firewall has a similar implementation.

Personally I'd be quite happy just passing raw commands and getting the response back. Of course it'd only be usable if the response was in a uniform format so that you can parse it.

I haven't tried the web interface in 2.9 so I'll give that a shot first.

Vadim · Mon Aug 15, 2005 7:09 pm

For automated administration tasks I use perl script, that logins into router via SSH, sends console commands and returns the RouterOS responses back to the script. This solution works fine for me and is more safe than http. This idea I picked somewhere on this forum.

joeyconcrete · Mon Aug 15, 2005 10:11 pm

Hi Vadim that's one method I was going to use. I'd certainly say http(s) is more simplistic to implement and doesn't require knowledge of socket programming or a requirement to call external programs. I'd also say that having a well defined http application protocol perhaps using XML would be more reliable, more scalable and easier to integrate into applications. I think if SSL was utilised and perhaps some kind of application level authentication using MD5/SHA1 it'd be just as secure.

Vadim · Tue Aug 16, 2005 4:25 pm

Hi Vadim that's one method I was going to use. I'd certainly say http(s) is more simplistic to implement and doesn't require knowledge of socket programming or a requirement to call external programs.

Hi joeyconcrete
Anyway you need any script to prepare a command that you send to router and to process the response from router. So, it doesn't matter, which protocol do you use to communicate with router. Perl has a set of libraries, that implements both protocols without calling any external programms. Here is a link to the thread, where the idea with SSH was discussed. http://forum.mikrotik.com/viewtopic.php?t=1348 You can see, that it is a very simple and safe method, that doesn't require deep knowledge of sockets and calls of external programms. If you want, I can share some fragments of my programms, that I use for daily management tasks.
I believe, guys from Microtik have a lot of more interesting and important ideas than design of another interfase for functions, that are already implemented in their software.