跳到主要内容

Endpoint Reference

This page lists every REST API endpoint in the NetRecon platform, grouped by service category. All endpoints require JWT Bearer token authentication unless noted otherwise. See the API Overview for authentication and rate limiting details.

Base URL: https://probe.netreconapp.com/api/

Probe Endpoints

Served by the Go backend running on the probe appliance (Orange Pi R2S, Raspberry Pi, or x86_64 mini PC).

Health

MethodPathAuthDescription
GET/api/healthNoProbe health check. Returns {"status": "ok", "version": "1.0.0"}.

Scanning

MethodPathDescription
POST/api/scan/discoverStart ARP host discovery on the configured subnet.
POST/api/scan/portsStart a port scan against discovered hosts.
GET/api/scan/statusGet current scan status (idle, running, complete).

Devices

MethodPathDescription
GET/api/devicesList all discovered devices. Supports pagination (?page=&per_page=).
GET/api/devices/:macGet details for a single device by MAC address.
PUT/api/devices/:mac/noteUpdate the user note on a device. Body: {"note": "..."}.

Baseline

MethodPathDescription
GET/api/baselineList all saved network baselines.
POST/api/baselineCreate a new baseline snapshot from the current device list.
GET/api/baseline/:id/diffCompare a baseline against the current network state.

Neighbors (CDP/LLDP)

MethodPathDescription
GET/api/neighborsList discovered CDP/LLDP neighbors.
POST/api/neighbors/startStart the neighbor discovery listener.

Config Backup (Probe-local)

MethodPathDescription
GET/api/config/targetsList configured backup target devices.
POST/api/config/targetsAdd a new backup target device.
POST/api/config/targets/:id/checkTrigger an immediate config check for a target.

PCAP Capture

MethodPathDescription
POST/api/pcap/startStart packet capture. Body: {"interface": "eth0", "filter": "tcp port 80"}.
POST/api/pcap/stopStop the running packet capture.
GET/api/pcap/filesList available PCAP capture files.
GET/api/pcap/download/:idDownload a PCAP file by ID. Returns application/octet-stream.

IDS (Suricata)

MethodPathDescription
GET/api/ids/statusGet IDS service status (running, stopped, rule count).
POST/api/ids/startStart Suricata IDS monitoring.
POST/api/ids/stopStop IDS monitoring.
GET/api/ids/alertsList IDS alerts. Supports ?since=24h time filter.

Vulnerability Scanning (Nuclei)

MethodPathDescription
POST/api/vuln/scanStart a vulnerability scan against specified targets.
POST/api/vuln/stopStop the running vulnerability scan.
GET/api/vuln/resultsGet vulnerability scan results.
GET/api/vuln/statusGet vulnerability scanner status.

Honeypot

MethodPathDescription
GET/api/honeypot/statusGet honeypot service status.
POST/api/honeypot/startStart the honeypot service.
POST/api/honeypot/stopStop the honeypot service.
GET/api/honeypot/hitsList honeypot interaction events.

Rogue Detection

MethodPathDescription
GET/api/rogue/statusGet rogue detection service status.
POST/api/rogue/startStart rogue DHCP/ARP detection.
POST/api/rogue/stopStop rogue detection.
GET/api/rogue/alertsList rogue DHCP and ARP spoofing alerts.

Network Monitor

MethodPathDescription
POST/api/monitor/targetsAdd a monitoring target (IP or hostname).
GET/api/monitor/targetsList configured monitoring targets.
POST/api/monitor/startStart network monitoring.
POST/api/monitor/stopStop network monitoring.
GET/api/monitor/latencyGet latency measurements for monitored targets.
GET/api/monitor/packetlossGet packet loss data for monitored targets.
GET/api/monitor/statusGet monitor service status.

VPN (WireGuard)

MethodPathDescription
POST/api/vpn/setupConfigure WireGuard VPN parameters.
GET/api/vpn/statusGet VPN connection status.
POST/api/vpn/startStart the VPN tunnel.
POST/api/vpn/stopStop the VPN tunnel.
GET/api/vpn/configDownload the WireGuard configuration.

DNS Sinkhole

MethodPathDescription
GET/api/dns/statusGet DNS sinkhole service status.
POST/api/dns/startStart the DNS sinkhole.
POST/api/dns/stopStop the DNS sinkhole.
GET/api/dns/threatsList blocked DNS threat entries.

System Health

MethodPathDescription
GET/api/system/healthDetailed system health (CPU, RAM, disk, temperature).
GET/api/system/historyHistorical system health data points.
GET/api/system/alertsList system health threshold alerts.
POST/api/system/thresholdsConfigure health alert thresholds (CPU %, RAM %, disk %).

Backup & Restore

MethodPathDescription
POST/api/backup/createCreate a full probe backup (config + database).
GET/api/backup/listList available backup files.
GET/api/backup/download/:idDownload a backup archive. Returns application/octet-stream.
POST/api/backup/restoreRestore the probe from a backup file.

Ticketing

MethodPathDescription
GET/api/ticketing/configGet current ticketing integration configuration.
POST/api/ticketing/configSet ticketing configuration (ServiceNow, Jira, webhook URL).
POST/api/ticketing/testSend a test ticket to validate integration.
POST/api/ticketing/createCreate a ticket from an alert or event.
GET/api/ticketing/historyList previously created tickets.

WebSocket

MethodPathDescription
GET/ws/eventsWebSocket connection for real-time probe events. Pass token via query: ?token=<jwt>.

WebSocket Event Types

EventDescription
host_foundNew device discovered
port_foundOpen port detected on a device
scan_completeNetwork scan finished
neighbor_discoveredCDP/LLDP neighbor found
config_changedDevice configuration changed
baseline_diff_alertNetwork baseline deviation detected
ids_alertIDS rule triggered
honeypot_hitHoneypot interaction detected
rogue_detectedRogue DHCP or ARP activity
pcap_readyPCAP file ready for download
vuln_foundVulnerability discovered
dns_threatDNS threat blocked
probe_health_alertProbe resource threshold exceeded
errorError event

API Gateway Endpoints

Served by the FastAPI API Gateway (port 8000). Handles authentication, user management, RBAC, and proxy routing to backend services.

Authentication

MethodPathDescription
POST/api/auth/loginAuthenticate with username/password, receive a JWT token.
POST/api/auth/refreshRefresh an expiring JWT token.

Users

MethodPathDescription
GET/api/usersList users in the organization.
POST/api/usersCreate a new user account.
GET/api/users/:idGet user details.
PUT/api/users/:idUpdate a user.
DELETE/api/users/:idDelete a user.

RBAC (Role-Based Access Control)

MethodPathDescription
GET/api/rbac/rolesList all defined roles.
POST/api/rbac/rolesCreate a custom role with specific permissions.
PUT/api/rbac/roles/:idUpdate role permissions.
DELETE/api/rbac/roles/:idDelete a role.
GET/api/rbac/permissionsList all available permissions.

API Keys

MethodPathDescription
GET/api/keysList API keys for the organization.
POST/api/keysCreate a new long-lived API key.
DELETE/api/keys/:idRevoke an API key.

IP Allowlist

MethodPathDescription
GET/api/ip-allowlistList allowed IP ranges.
POST/api/ip-allowlistAdd an IP or CIDR range to the allowlist.
DELETE/api/ip-allowlist/:idRemove an IP range from the allowlist.

Monitoring (Prometheus Proxy)

MethodPathDescription
GET/api/monitoring/metricsProxy to Prometheus metrics endpoint.
GET/api/monitoring/queryProxy a PromQL query to Prometheus.

Oxidized (Config Backup Proxy)

MethodPathDescription
GET/api/oxidized/nodesList Oxidized-managed network nodes.
GET/api/oxidized/nodes/:nameGet configuration history for a node.
POST/api/oxidized/nodesAdd a node to Oxidized management.

Vault Config

MethodPathDescription
GET/api/vault/configGet vault integration settings.
POST/api/vault/configUpdate vault integration settings.

IPAM Service Endpoints

IP Address Management service (port 8009). All paths are prefixed with /api/v1/ipam.

Prefixes (Subnets)

MethodPathDescription
GET/api/v1/ipam/prefixesList all managed prefixes/subnets.
POST/api/v1/ipam/prefixesCreate a new prefix. Body: prefix (CIDR notation), description, site, status, optional vlan_id.
GET/api/v1/ipam/prefixes/:idGet a single prefix with recalculated utilization percentage.
PUT/api/v1/ipam/prefixes/:idUpdate a prefix.
DELETE/api/v1/ipam/prefixes/:idDelete a prefix. Returns 204 No Content.
GET/api/v1/ipam/prefixes/:id/availableList unallocated IPs in the prefix. Capped at 256 results.
POST/api/v1/ipam/prefixes/:id/next-availableAllocate the next free IP in the prefix. Returns the new address record.

Addresses

MethodPathDescription
GET/api/v1/ipam/addressesList addresses. Filters: ?prefix_id=, ?status=, ?vendor=, ?search=. Max 1000 results.
POST/api/v1/ipam/addressesCreate a new IP address record.
GET/api/v1/ipam/addresses/:idGet a single address by UUID.
PUT/api/v1/ipam/addresses/:idUpdate an address record.
DELETE/api/v1/ipam/addresses/:idDelete an address record. Returns 204 No Content.
POST/api/v1/ipam/addresses/bulk-importBulk upsert addresses by IP. Existing records are updated, new ones are created.

VLANs

MethodPathDescription
GET/api/v1/ipam/vlansList all VLANs, ordered by VLAN ID.
POST/api/v1/ipam/vlansCreate a new VLAN record. Body: vlan_id, name, description, status.
PUT/api/v1/ipam/vlans/:idUpdate a VLAN.
DELETE/api/v1/ipam/vlans/:idDelete a VLAN. Returns 204 No Content.

Analytics

MethodPathDescription
GET/api/v1/ipam/statsOverall IPAM statistics: total prefixes, total addresses, average utilization, conflict count.
GET/api/v1/ipam/utilizationPer-prefix utilization breakdown with address counts.
GET/api/v1/ipam/conflictsFind conflicting assignments (duplicate MACs with different IPs).

Import / Export

MethodPathDescription
POST/api/v1/ipam/import/scanImport devices from a NetRecon scan payload. Upserts by IP with automatic prefix matching.
GET/api/v1/ipam/export/csvExport all addresses as CSV. Returns text/csv with Content-Disposition header.
GET/api/v1/ipam/export/jsonExport all IPAM data (prefixes, addresses, VLANs) as JSON.

CMod Service Endpoints

Configuration Management on Demand (port 8008). Provides SSH and serial console access to network devices. All paths are prefixed with /api/v1/cmod.

Sessions

MethodPathDescription
POST/api/v1/cmod/connectOpen a new SSH or serial session. Body: host, device_type, username, password, optional port, serial_port. Returns session info with session_id.
POST/api/v1/cmod/disconnectClose a session. Query: ?session_id=.
GET/api/v1/cmod/sessionsList all active sessions.
GET/api/v1/cmod/sessions/:session_idGet session details and full command log.
DELETE/api/v1/cmod/sessions/:session_idTerminate a session.

Commands

MethodPathDescription
POST/api/v1/cmod/send-commandSend a single command. Body: session_id, command, optional expect_string, read_timeout.
POST/api/v1/cmod/send-batchSend multiple commands sequentially. Body: session_id, commands[], optional delay_factor.

Config Operations

MethodPathDescription
POST/api/v1/cmod/backupRetrieve running config from a device. Auto-selects the correct command per vendor (Cisco IOS/NX-OS/XR, Huawei, Juniper, Arista, HP).
POST/api/v1/cmod/rollbackPush a configuration snippet to the device in config mode. Body: session_id, config (multiline string).

Templates

MethodPathDescription
GET/api/v1/cmod/templatesList command templates. Filters: ?vendor=cisco_ios, ?category=backup. Pre-seeded templates for Cisco IOS, Huawei, and Juniper JunOS.
POST/api/v1/cmod/templatesCreate a custom command template. Body: name, vendor, category, commands[], description.

Agent Registry Endpoints

Agent management service (port 8006). Handles enrollment, heartbeats, inventory, and deployment for Windows, macOS, and Linux agents.

Agent Lifecycle

MethodPathDescription
POST/agents/enrollEnroll a new agent using a deployment token. Body: deployment_token, hostname, os_type, os_version, arch, agent_version.
POST/agents/heartbeatAgent heartbeat. Headers: X-Agent-ID, X-Session-Key.
POST/agents/inventoryPush hardware/software inventory. Headers: X-Agent-ID, X-Session-Key.
GET/agentsList all agents in the organization. Header: X-Org-ID.
GET/agents/:agent_idGet full agent details including hardware specs and warranty status.
DELETE/agents/:agent_idRemove an agent from the registry.

Deployment Tokens

MethodPathDescription
POST/agents/tokensCreate a deployment token. Headers: X-Org-ID, X-User-ID. Body: expires_in_hours, max_uses, label, optional site_id, metadata. Returns token string and platform-specific install commands.
GET/agents/tokensList deployment tokens for the organization. Header: X-Org-ID.
DELETE/agents/tokens/:token_idRevoke a deployment token.

Deployment Package Generator

MethodPathDescription
POST/agents/deploy/generateGenerate platform-specific deployment artifacts. Body: platform (windows, linux, macos, ios, android), method (msi, powershell, sccm, intune, gpo, pkg, brew, jamf, mdm, deb, rpm, bash, docker, qr, email, mdm_app, managed_play), role. Returns enrollment token, install commands, scripts, or manifest content.
GET/agents/deploy/quotaGet device quota usage for the organization. Header: X-Org-ID.
GET/agents/deploy/platformsList all supported platforms and their available deployment methods. No auth required.

Remote Connect

MethodPathDescription
POST/agents/:agent_id/remote/requestRequest a new remote session (RDP, SSH, VNC, ADB) to an enrolled agent. Header: X-User-ID. Body: session_type, optional credential_id, timeout_hours.
GET/agents/:agent_id/remote/statusGet remote-readiness status (online state, Headscale IP, available session types).
POST/agents/:agent_id/remote/endEnd the active remote session for an agent. Header: X-User-ID.
GET/remote/sessionsList remote sessions for the organization. Header: X-Org-ID. Query: ?active_only=true (default).
POST/agents/:agent_id/remote/readyAgent callback when remote service is prepared. Headers: X-Agent-ID, X-Session-Key.
POST/remote/cleanupExpire stale remote sessions. Intended for internal scheduler/cron use.

Diplomat Service Endpoints

Email classification and log analysis service (port 8010). All paths are prefixed with /api/v1/diplomat.

Classification

MethodPathDescription
POST/api/v1/diplomat/classifyClassify input text (ticket, alert, email) into a category and priority level.
POST/api/v1/diplomat/summarizeGenerate a summary of the provided text.
POST/api/v1/diplomat/translateTranslate text to a specified target language.
POST/api/v1/diplomat/analyze-logAnalyze a log snippet and extract key events, errors, and patterns.

Email Pipeline

MethodPathDescription
GET/api/v1/diplomat/emails/statsGet email processing statistics (received, classified, responded counts).
GET/api/v1/diplomat/emails/recentList recently processed emails.

Health

MethodPathAuthDescription
GET/api/v1/diplomat/healthNoDiplomat service health check.

Service Health Endpoints

Each microservice exposes a /health endpoint for internal monitoring and load balancer checks.

ServiceURLPort
API Gateway/health8000
Vault Server/health8001
License Server/health8002
Email Service/health8003
Notification Service/health8004
Update Server/health8005
Agent Registry/health8006
Warranty Service/health8007
CMod Service/health8008
IPAM Service/health8009
Diplomat Service/health8010

Support

For API-related questions or issues, contact [email protected].