Python API to RouterBoard devices produced by MikroTik written by Social WiFi.
#!/usr/bin/python
import routeros_api
connection = routeros_api.RouterOsApiPool('IP', username='admin', password='')
api = connection.get_api()
routeros_api.RouterOsApiPool(
host,
username='admin',
password='',
port=8728,
use_ssl=False,
ssl_verify=True,
ssl_verify_hostname=True,
ssl_context=None,
proxy_socks_host=None,
proxy_socks_port=None,
)
Parameters:
host
- String - Hostname or IP of device
Optional Parameters:
username
- String - Login username - Default 'admin'password
- String - Login password - Default empty stringport
- Integer - TCP Port for API - Default 8728 or 8729 when using SSLplaintext_login
- Boolean - Try plaintext login (for RouterOS 6.43 onwards) - Default Falseuse_ssl
- Boolean - Use SSL or not? - Default Falsessl_verify
- Boolean - Verify the SSL certificate? - Default Truessl_verify_hostname
- Boolean - Verify the SSL certificate hostname matches? - Default Truessl_context
- Object - Pass in a custom SSL context object. Overrides other options. - Default Noneproxy_socks_host
- String - IP address for socks5 proxy - Default Noneproxy_socks_port
- Integer - Port number for socks5 proxy - Default None
If we want to use SSL, we can simply specify use_ssl
as True
:
connection = routeros_api.RouterOsApiPool('<IP>', username='admin', password='', use_ssl=True)
This will automatically verify SSL certificate and hostname.
The most flexible way to modify SSL parameters is to provide an SSL Context object using the
ssl_context
parameter, but for typical use-cases with self-signed certificates, the shorthand options of
ssl_verify
and ssl_verify_hostname
are provided.
e.g. if using a self-signed certificate, you can (but probably shouldn't) use:
connection = routeros_api.RouterOsApiPool(
'<IP>',
username='admin',
password='',
use_ssl=True,
ssl_verify=False,
ssl_verify_hostname=False,
)
RouterOS Versions v6.43 onwards now use a different login method.
The disadvantage is that it passes the password in plain text.
For security we only attempt the plaintext login if requested using the plaintext_login
parameter.
It is highly recommended only to use this option with SSL enabled.
routeros_api.RouterOsApiPool(host, username='admin', password='', plaintext_login=True)
Call this with a resource and parameters as name/value pairs.
api.get_binary_resource('/').call('<resource>',{ <dict of params> })
api.get_binary_resource('/').call('tool/fetch',{ 'url': "https://dummy.url" })
api.get_binary_resource('/').call('ping', { 'address': '192.168.56.1', 'count': '4' })
list = api.get_resource('/command')
list_queues = api.get_resource('/queue/simple')
list_queues.get()
list.add(attribute="vale", attribute_n="value")
NOTE: Atributes with -
, like max-limit
use underscore _
: max_limit
list_queues.add(name="001", max_limit="512k/4M", target="192.168.10.1/32")
list.set(id, attributes)
list_queues.set(id="*2", name="jhon")
list.get(attribute=value)
list_queues.get(name="jhon")
list.remove(id)
list_queues.remove(id="*2")
connection.disconnect()
list_address = api.get_resource('/ip/firewall/address-list')
list_address.add(address="192.168.0.1",comment="P1",list="10M")
list_address.get(comment="P1")
list_address.remove(id="*7")