pfSense REST API v2.2.1

New

• Adds the override_sensitive_fields REST API setting to allow admins to override field's sensitive property. #582
• Add auto as a choice for the IPsecPhase1 myid_type and peerid_type fields. #584

Fixes

• Increases the maximum number of queued API sync processes to 1024. fd4471a
• Sort DHCPServerStaticMappings by ipaddr #583
• Fixes an issue that prevented the package from being built on FreeBSD versions that no longer have upstream port tree support. 39d017b

Full Changelog: v2.2.0...v2.2.1

pfSense REST API v2.2.0

New Features

• Introduced a new GraphQL API at /api/v2/graphql.
• Added /api/v2/services/bind* endpoints for managing the BIND DNS server package (#276).
• Added /api/v2/system/certificate/pkcs12/export endpoint to export certificates as PKCS#12 archives (#470).
• Added /api/v2/system/certificate/renew endpoint to renew internal certificates.
• Added /api/v2/system/crl/revoked_certificate endpoint to manage revoked certificates via CRL (#166).
• Added /api/v2/system/certificate_authority/generate endpoint to create new internal Certificate Authorities (CA) (#519).
• Added /api/v2/system/certificate/generate endpoint to create new internal certificates.
• Added /api/v2/system/certificate/signing_request endpoint to create new Certificate Signing Requests (CSR) (#250).
• Added /api/v2/system/certificate/signing_request/sign endpoint to sign existing CSRs (#250).
• Added support for deleting DHCP leases via /api/v2/status/dhcp_server/leases (#130).
• Added /api/v2/status/logs/settings endpoint for reading and updating log settings.
• Added /api/v2/status/ipsec/sa endpoints to retrieve IPsec tunnel statuses (#571).
• Added /api/v2/status/ipsec/child_sa endpoint to retrieve specific IPsec child SA status (#571).
• Added new sort_by and sort_order parameters to control object sorting in config or before writing to the pfSense configuration (#565).
• Introduced a new expose_sensitive_fields setting to allow exposure of sensitive fields in API responses.

Changes

• Updated the OpenVPNServer tls field to automatically generate a TLS key if one is not provided (#570).
• OpenVPNServer tls* fields are now only available when use_tls is set to true (#570).
• Replaced the pfsense-restapi generatedocs command with pfsense-restapi buildschemas.
• Marked the OpenVPN tls field as 'sensitive,' so it will no longer appear in API responses by default.

Bug Fixes

• Fixed an issue where large REST API configurations could interfere with the API sync feature.
• Fixed a bug where the REST API's config lock timeout failed to generate the expected error.
• Fixed an issue where the WireGuardPeer presharedkey field could not be empty. #581

Full Changelog: v2.1.3...v2.2.0

pfSense REST API v2.2.0-beta-e61f74d

Please refer to the announcement and the PR for details on this pre-release.

Full Changelog: v2.2.0-dev-f38d613...v2.2.0-beta-e61f74d

pfSense REST API v2.1.3

Fixes

• Prevents GitHub API communication issues from throwing certain exceptions when refreshing the RESTAPIVersionReleasesCache #543

Changes

• Security sanitization to silence some linters by @Dervish13 in #566

New Contributors

• @Dervish13 made their first contribution in #566

Full Changelog: v2.1.2...v2.1.3

pfSense REST API v2.2.0-dev-f38d613

Please refer to the announcement for more information on this development build.

pfSense REST API v2.1.2

Fixes

• Fixed an issue where an OpenVPNServer could not be assigned an authmode of Local Database. #561

Full Changelog: v2.1.1...v2.1.2

pfSense REST API v2.1.1

New

• Added the ability to assign gateway groups in DefaultGateway #558

Fixes

• Fixed an issue where the package could not accurately determine if it had an update available. #555
• Fixed an issue where the WireGuardPeer presharedkey field was not allowing empty values #541

Documentation

• Separated install commands for pfSense CE and pfSense Plus in documentation. #548

Full Changelog: v2.1.0...v2.1.1

pfSense REST API v2.1.0

New

• Adds endpoints for ACME package support #462
• Adds endpoints to gateway groups #189
• Adds endpoints for reading OpenVPN server statuses, connections and routes
• Adds endpoint for killing OpenVPN server connections
• Adds endpoints for reading OpenVPN client statuses #514
• Adds support for associated filter rules in port forward endpoints #275
• Adds format query filter to filter for values that match a specific format
• Allows DELETE requests to plural endpoints to delete objects via query #494
• Adds control parameter append to add a new item to an existing array value #517, #511
• Adds control parameter remove to remove a specific value from an existing array #517
• Adds control parameter reverse to reverse the order of objects returned by an endpoint
• Adds support for OpenAPI's deprecated directive
• Adds /api/v2/services/dhcp_server/apply endpoint

Changes

• URLContentHandler now supports more complex type inference #504
• URLContentHandler now supports parameters provided via request body #504
• DHCP server endpoints now support batching (no longer applies by default). You now must use /api/v2/services/dhcp_server/apply or the apply control parameter to apply changes.
• Status log endpoints can now read rotated logs #509
• Deprecates /api/v2/firewall/state endpoint in favor of /api/v2/firewall/states #494

Fixes

• Fixes an issue where some auxiliary interfaces were not seen as valid interface choices #536
• Fixes an issue where the WireGuardPeer::$descr field was unintentionally undefined #534
• Fixes a regression where DHCP server static mappings were not required to be within the interface's subnet #526

Performance

• Fixes a performance issue where Model's with a parent Model would reload the parent object for each child object, causing a gradual slow down as more objects were created #537
• Model::replace_all() now reuses certain ModelSets, preventing the need to reload all objects multiple times

Full Changelog: v2.0.3...v2.1.0

pfSense REST API v2.1.0-beta-5338ef4

See #544 for more details on this pre-release.

Full Changelog: v2.0.3...v2.1.0-beta-5338ef4

pfSense API v1.7.6

Changes

• Allows associated-rule-id in /api/v1/firewall/nat/port_forward to be empty string. #533
• Removes unnecessary type field from /api/v1/system/certificate. #540

New Contributors

• @Coffee-Processing-Unit made their first contribution in #542

Full Changelog: v1.7.5...v1.7.6