(http-api)= # HTTP API VyOS provide an HTTP API. You can use it to execute op-mode commands, update VyOS, set or delete config. Please take a look at the {ref}`vyosapi` page for an detailed how-to. ## Configuration ```{cfgcmd} set service https allow-client address \ Only allow certain IP addresses or prefixes to access the https webserver. ``` ```{cfgcmd} set service https certificates ca-certificate \ Use CA certificate from PKI subsystem ``` ```{cfgcmd} set service https certificates certificate \ Use certificate from PKI subsystem ``` ```{cfgcmd} set service https certificates dh-params \ Use {abbr}`DH (Diffie–Hellman)` parameters from PKI subsystem. Must be at least 2048 bits in length. ``` ```{cfgcmd} set service https listen-address \ Webserver should only listen on specified IP address ``` ```{cfgcmd} set service https port \ Webserver should listen on specified port. Default: 443 ``` ```{cfgcmd} set service https enable-http-redirect Enable automatic redirect from http to https. ``` ```{cfgcmd} set service https tls-version \<1.2 | 1.3\> Select TLS version used. This defaults to both 1.2 and 1.3. ``` ```{cfgcmd} set service https vrf \ Start Webserver in given VRF. ``` ```{cfgcmd} set service https request-body-size-limit \ Set the maximum request body size in megabytes. Default is 1MB. ``` ### API ```{cfgcmd} set service https api keys id \ key \ Set a named api key. Every key has the same, full permissions on the system. ``` ### REST ```{cfgcmd} set service https api rest Enable REST API ``` ```{cfgcmd} set service https api rest debug To enable debug messages. Available via {opcmd}`show log` or {opcmd}`monitor log` ``` ```{cfgcmd} set service https api rest strict Enforce strict path checking. ``` ### GraphQL ```{cfgcmd} set service https api graphql introspection Enable GraphQL Schema introspection. ``` :::{note} Do not leave introspection enabled in production, it is a security risk. ::: ```{cfgcmd} set service https api graphql authentication type \ Set the authentication type for GraphQL, default option is key. Available options are: * ``key`` use API keys configured in ``service https api keys`` * ``token`` use JWT tokens. ``` ```{cfgcmd} set service https api graphql authentication expiration Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. ``` ```{cfgcmd} set service https api graphql authentication secret-length Set the byte length of the JWT secret. Default is 32. ``` ```{cfgcmd} set service https api graphql cors allow-origin \ Allow cross-origin requests from \. ``` ## Example Configuration Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint. ```none set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY set service https api rest ```