-
Notifications
You must be signed in to change notification settings - Fork 98
REST connection
🆕 New in tik4net 4.0 — first released as
v4.0.0-alpha. Alpha: API and behaviour are stable for testing but may still change before the final 4.0 release. See Connection types & capabilities.
REST (TikConnectionType.Rest / TikConnectionType.RestSsl) talks to the RouterOS HTTP REST API
(http://<host>/rest on port 80, or https://<host>/rest on port 443). It is handy when only the web
service is reachable, or when you already front the router with an HTTPS reverse proxy.
Each call is an independent, stateless HTTP request (HTTP Basic auth, JSON bodies/replies). The library
maps the normal CRUD operations — LoadAll / LoadList / Save / Delete — onto GET / PUT / PATCH
/ DELETE against /rest/<path>, so the O/R mapper and the ADO.NET-like API work
unchanged.
ℹ️ Requires RouterOS 7.1+. The REST API does not exist on RouterOS 6.x — use the binary API there.
Enable the www (HTTP) or www-ssl (HTTPS) service:
# plain HTTP (port 80) — Rest
/ip/service set www disabled=no
# HTTPS (port 443) — RestSsl; needs a certificate assigned
/ip/service set www-ssl disabled=no certificate=<your-cert>
For RestSsl, see SSL connection for creating a self-signed certificate on
the router (the same certificate plumbing applies to www-ssl).
using tik4net;
// plain HTTP (port 80)
using (var conn = ConnectionFactory.OpenConnection(
TikConnectionType.Rest, "192.168.4.1", "admin", ""))
{
var ifaces = conn.LoadAll<tik4net.Objects.Interface.Interface>().ToList();
Console.WriteLine($"Found {ifaces.Count} interfaces");
}
// HTTPS (port 443)
using (var conn = ConnectionFactory.OpenConnection(
TikConnectionType.RestSsl, "192.168.4.1", "admin", ""))
{
// ...
}ConnectionFactory knows REST out of the box — no Register() call is needed (unlike the satellite
SSH package).
var setup = new TikConnectionSetup("192.168.4.1", "admin", "");
using (var conn = setup.CreateRestConnection()) // HTTP
{
var identity = conn.CreateCommand("/system/identity/print").ExecuteScalar();
Console.WriteLine(identity);
}
// HTTPS; AllowInvalidCertificate controls whether self-signed certs are accepted
var sslSetup = new TikConnectionSetup("192.168.4.1", "admin", "") { AllowInvalidCertificate = true };
using (var conn = sslSetup.CreateRestSslConnection())
{
// ...
}
// async
using (var conn = await setup.CreateRestConnectionAsync())
{
// ...
}The HTTPS connection does not verify the certificate chain when
AllowInvalidCertificateistrue(the default) — the traffic is encrypted, but you are not protected against a man-in-the-middle. Assign a trusted certificate and setAllowInvalidCertificate = falsefor stronger guarantees.
CRUD only — REST reports Crud and nothing else. Because every call is a separate stateless HTTP
request, there is no Listen/Streaming (no server push) and no Safe Mode (RouterOS cannot bind
rollback-on-disconnect to "the connection"). The SafeMode* methods and the async/listen APIs throw
TikConnectionCapabilityNotSupportedException.
bool hasCrud = conn.Supports(TikConnectionCapability.Crud); // true
bool hasListen = conn.Supports(TikConnectionCapability.Listen); // false
bool hasSafeMode = conn.Supports(TikConnectionCapability.SafeMode); // falseNeed live notifications, streaming monitors or Safe Mode? Use the binary API transport.
- Authentication is HTTP Basic (
user:password, Base64) over the chosen scheme — preferRestSslso the credentials are not sent in clear text. - The open call probes
GET /rest/system/resourceto verify connectivity and credentials; a 401 surfaces asTikConnectionLoginException. - Router-reported errors are mapped to the usual exception tree (
TikNoSuchItemException,TikAlreadyHaveSuchItemException, …) withTikCommandTrapExceptionas the generic fallback — see Exception handling.
- Connection types & capabilities — full capability matrix
-
SSL-connection — encrypted binary API (and
www-sslcertificate setup) -
Command translation on non-API transports — how
ExecuteXxxmaps to HTTP - Roadmap-4x — transport roadmap