Python API to RouterBoard devices produced by MikroTik written by Social WiFi.
import routeros_api
connection = routeros_api.RouterOsApiPool('IP', username='admin', password='', plaintext_login=True)
api = connection.get_api()
Use plaintext_login=True
option when connecting to RouterOS version 6.43 and newer.
routeros_api.RouterOsApiPool(
host,
username='admin',
password='',
port=8728,
plaintext_login=True,
use_ssl=False,
ssl_verify=True,
ssl_verify_hostname=True,
ssl_context=None,
)
Parameters:
host
- String - Hostname or IP of device
Optional Parameters:
username
- String - Login username - Default 'admin'password
- String - Login password - Default empty stringport
- Integer - TCP Port for API - Default 8728 or 8729 when using SSLplaintext_login
- Boolean - Try plaintext login (for RouterOS 6.43 onwards) - Default Falseuse_ssl
- Boolean - Use SSL or not? - Default Falsessl_verify
- Boolean - Verify the SSL certificate? - Default Truessl_verify_hostname
- Boolean - Verify the SSL certificate hostname matches? - Default Truessl_context
- Object - Pass in a custom SSL context object. Overrides other options. - Default None
If we want to use SSL, we can simply specify use_ssl
as True
:
connection = routeros_api.RouterOsApiPool('<IP>', username='admin', password='', use_ssl=True)
This will automatically verify SSL certificate and hostname.
The most flexible way to modify SSL parameters is to provide an SSL Context object using the
ssl_context
parameter, but for typical use-cases with self-signed certificates, the shorthand options of
ssl_verify
and ssl_verify_hostname
are provided.
e.g. if using a self-signed certificate, you can (but probably shouldn't) use:
connection = routeros_api.RouterOsApiPool(
'<IP>',
username='admin',
password='',
use_ssl=True,
ssl_verify=False,
ssl_verify_hostname=False,
)
RouterOS Versions v6.43 onwards now use a different login method.
The disadvantage is that it passes the password in plain text.
For security we only attempt the plaintext login if requested using the plaintext_login
parameter.
It is highly recommended only to use this option with SSL enabled.
routeros_api.RouterOsApiPool(host, username='admin', password='', plaintext_login=True)
The API does not assume any particular encoding, so non utf-8 characters will
not be shown correctly.
A default encoding can be specified if needed. For some cases the latin-1
encoding will be the best one to use, for others - windows-1250
will work
better.
Ref. https://forum.mikrotik.com/viewtopic.php?t=106053#p528460
It is possible to use specific encoding by defining custom default structure like this:
import collections
import routeros_api
from routeros_api.api_structure import StringField
connection = routeros_api.RouterOsApiPool('ip', username='admin', password='password', plaintext_login=True)
api = connection.get_api()
# This part here is important:
default_structure = collections.defaultdict(lambda: StringField(encoding='windows-1250'))
api.get_resource('/system/identity', structure=default_structure).get()
Call this with a resource and parameters as name/value pairs.
api.get_resource('/').call('<resource>', { <dict of params> })
You can also use the "binary" version, but in this case, all dict values should be encoded to bytes and the result will be returned as bytes.
api.get_binary_resource('/').call('<resource>', { <dict of params> })
>>> api.get_resource('/tool').call('fetch', {'url': 'http://example.com', 'dst-path': 'output.html'})
[{'status': 'connecting', '.section': '0'}, {'status': 'finished', 'downloaded': '1', 'total': '1', 'duration': '1s', '.section': '1'}]
>>> api.get_resource('/').call('ping', {'address': '8.8.8.8', 'count': '4'})
[
{'seq': '0', 'host': '8.8.8.8', 'size': '56', 'ttl': '58', 'time': '14ms612us', 'sent': '1', 'received': '1', 'packet-loss': '0', 'min-rtt': '14ms612us', 'avg-rtt': '14ms612us', 'max-rtt': '14ms612us'},
{'seq': '1', 'host': '8.8.8.8', 'size': '56', 'ttl': '58', 'time': '22ms237us', 'sent': '2', 'received': '2', 'packet-loss': '0', 'min-rtt': '14ms612us', 'avg-rtt': '18ms424us', 'max-rtt': '22ms237us'},
{'seq': '2', 'host': '8.8.8.8', 'size': '56', 'ttl': '58', 'time': '13ms823us', 'sent': '3', 'received': '3', 'packet-loss': '0', 'min-rtt': '13ms823us', 'avg-rtt': '16ms890us', 'max-rtt': '22ms237us'},
{'seq': '3', 'host': '8.8.8.8', 'size': '56', 'ttl': '58', 'time': '8ms614us', 'sent': '4', 'received': '4', 'packet-loss': '0', 'min-rtt': '8ms614us', 'avg-rtt': '14ms821us', 'max-rtt': '22ms237us'}
]
list = api.get_resource('/command')
list_queues = api.get_resource('/queue/simple')
list_queues.get()
list.add(attribute='vale', attribute_n='value')
NOTE: Attributes with -
, like max-limit
use underscore _
: max_limit
list_queues.add(name='001', max_limit='512k/4M', target='192.168.10.1/32')
list.set(id, attributes)
list_queues.set(id='*2', name='john')
list.get(attribute=value)
list_queues.get(name='john')
list.remove(id)
list_queues.remove(id='*2')
connection.disconnect()
Let's take DHCP leases as an example.
CLI: /ip/dhcp-server/lease/print
api.get_resource('/ip/dhcp-server/lease').get()
Now, let's use count-only
.
CLI: /ip/dhcp-server/lease/print count-only
(returns 13)
>>> api.get_resource('/ip/dhcp-server/lease').call('print', {'count-only': None}).done_message
{'ret': '13'}
Now, let's use count-only
and where
.
CLI: /ip/dhcp-server/lease/print count-only where server=developers
(returns 4)
>>> api.get_resource('/ip/dhcp-server/lease').call('print', {'count-only': None}, {'server': 'developers'}).done_message
{'ret': '4'}
Now, let's use count-only
and where
with boolean value.
CLI: /ip/route/pri count-only where static
(returns 1)
>>> api.get_resource('/ip/route').call('print', {'count-only': None}, {'static': 'yes'}).done_message
{'ret': '1'}
The example script only prints "hello". Here's a simplified example of how to run it and get the output:
>>> api.get_resource('/system/script').get()[0]['source']
'/put "hello"'
>>> response = api.get_resource('/system/script').call('run', {'number': '0'})
>>> response.done
True
>>> response.done_message['ret']
'hello'
CLI command: /interface/ethernet/poe/monitor numbers=0 once
>>> response = api.get_resource('/interface/ether/poe').call('monitor', {'numbers': '0', 'once': None})
>>> response
[{'name': 'ether10', 'poe-out': 'auto-on', 'poe-out-status': 'waiting-for-load'}]
CLI command: /interface/ethernet/poe set poe-out=off 0
api.get_resource('/interface/ethernet/poe').call('set', {'poe-out': 'off', 'numbers': '0'}
>> api.get_resource('/interface/ethernet/poe').call('print')
[{'id': '*B', 'name': 'ether10', 'poe-out': 'off', 'poe-priority': '10', 'poe-lldp-enabled': 'false', 'power-cycle-ping-enabled': 'false', 'power-cycle-interval': 'none'}]
>> api.get_resource('/interface/ethernet/poe').call('set', {'poe-out': 'off', '.id': "*B"})
list_address = api.get_resource('/ip/firewall/address-list')
list_address.add(address='192.168.0.1', comment='P1', list='10M')
response = list_address.get(comment='P1')
list_address.remove(id=response[0]['id'])