.. _http-api:

########
HTTP-API
########

VyOS provide an HTTP API. You can use it to execute op-mode commands,
update VyOS, set or delete config.

Please take a look at the :ref:`vyosapi` page for an detailed how-to.

*************
Configuration
*************

.. cfgcmd:: set service https api keys id <name> key <apikey>

   Set a named api key. Every key has the same, full permissions
   on the system.

.. cfgcmd:: set service https api debug

   To enable debug messages. Available via :opcmd:`show log` or 
   :opcmd:`monitor log`

.. cfgcmd:: set service https api port

   Set the listen port of the local API, this has no effect on the
   webserver. The default is port 8080

.. cfgcmd:: set service https api strict

   Enforce strict path checking

.. cfgcmd:: set service https virtual-host <vhost> listen-address

   Address to listen for HTTPS requests

.. cfgcmd:: set service https virtual-host <vhost> listen-port <1-65535>

   Port to listen for HTTPS requests; default 443

.. cfgcmd:: set service https virtual-host <vhost> server-name <text>

   Server names for virtual hosts it can be exact, wildcard or regex.

.. cfgcmd:: set service https api-restrict virtual-host <vhost>

   By default, nginx exposes the local API on all virtual servers.
   Use this to restrict nginx to one or more virtual hosts.

.. cfgcmd:: set service https certificates certbot domain-name <text>

   Domain name(s) for which to obtain certificate

.. cfgcmd:: set service https certificates certbot email

   Email address to associate with certificate

.. cfgcmd:: set service https certificates system-generated-certificate

   Use an automatically generated self-signed certificate

.. cfgcmd:: set service https certificates system-generated-certificate
   lifetime <days>

   Lifetime in days; default is 365


*********************
Example Configuration
*********************

Set an API-KEY is the minimal configuration to get a working API Endpoint.

.. code-block:: none

   set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY


To use this full configuration we asume a public accessible hostname.

.. code-block:: none

   set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
   set service https certificates certbot domain-name rtr01.example.com
   set service https certificates certbot email mail@example.com
   set service https virtual-host rtr01 listen-address 198.51.100.2
   set service https virtual-host rtr01 listen-port 11443
   set service https virtual-host rtr01 server-name rtr01.example.com
   set service https api-restrict virtual-host rtr01.example.com