You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I am working on a project that involves automating the deployment and configuration of opnsense VMs in the cloud. We use the opnsense API to update firewall configurations, but there is no easy way to manage API access without manual work; or at least none that is documented.
Describe the solution you like
I would like user management (at least API key creation and revoke) to be possible via an API, using the same authentication method as the rest of the API. This would allow me to create a VM template with temporary credentials that I could revoke immediately after the initial configuration.
Alternatively, this could be implemented through a configd action and used over an ssh connection.
Describe alternatives you considered
The main alternative is to write a script that handles key creation by making requests as if it were human. This is the "ugly" solution, as it requires parsing HTML forms to extract automatically generated CSRF tokens and may break if the web UI changes.
The text was updated successfully, but these errors were encountered:
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
I am working on a project that involves automating the deployment and configuration of opnsense VMs in the cloud. We use the opnsense API to update firewall configurations, but there is no easy way to manage API access without manual work; or at least none that is documented.
Describe the solution you like
I would like user management (at least API key creation and revoke) to be possible via an API, using the same authentication method as the rest of the API. This would allow me to create a VM template with temporary credentials that I could revoke immediately after the initial configuration.
Alternatively, this could be implemented through a configd action and used over an ssh connection.
Describe alternatives you considered
The main alternative is to write a script that handles key creation by making requests as if it were human. This is the "ugly" solution, as it requires parsing HTML forms to extract automatically generated CSRF tokens and may break if the web UI changes.
The text was updated successfully, but these errors were encountered: