Pyfsense Client is a Python API client for interacting with pfSense REST API endpoints provided by the package at https://github.com/jaredhendrickson13/pfsense-api.
This project now provides two versions of the API client:
- V2 API (Current): Developed entirely from scratch, this is the actively maintained version. It supports modern authentication methods (API key and JWT-based) and targets the latest pfSense API implementations.
- V1 API (Legacy Support): Full support for the original V1 endpoints remains available for backward compatibility, though new development is focused on V2.
The V1 code is currently being tested against pfSense 24.03 and the v1.7.6 API endpoints. The V2 code is currently being tested against pfSense 24.11 and the v2.3.3 API endpoints.
- Installation
- Using the V2 API (Current)
- Using the V1 API (Legacy Support)
- Configuring Authentication
- Ignoring Certificate Validation
- Development
Install via pip:
pip install pyfsense-client
The V2 API is the recommended and actively maintained version of the Pyfsense Client. It supports both API key and JWT-based authentication.
from pyfsense_client.v2 import PfSenseV2Client, ClientConfig
# Configure your connection
config_data = {
"host": "example.com", # Base URL or IP of your pfSense instance
"verify_ssl": False, # Disable SSL verification if needed
"timeout": 30, # Request timeout in seconds
"username": "your_username", # For JWT-based auth (optional if using API key)
"password": "your_password", # For JWT-based auth (optional if using API key)
# "api_key": "your_api_key", # Alternatively, use API key based authentication
}
config = ClientConfig(**config_data)
client = PfSenseV2Client(config=config)
# For JWT-based authentication, you can call:
jwt_token = client.authenticate_jwt()
print("JWT token:", jwt_token)
# Example: Retrieve all firewall aliases
aliases = client.get_firewall_aliases()
for alias in aliases:
print(alias)
For additional endpoints (such as DHCP leases, applying firewall changes, etc.), refer to the V2 API documentation in the project docs.
If you need to interact with legacy systems or prefer the older endpoints, the V1 API client is still fully supported.
from pyfsense_client.v1 import PfSenseV1Client, ClientConfig
# Configure your connection for V1
config_data = {
"hostname": "example.com",
"mode": "api_token", # Options include "local", "jwt", or "api_token"
"client_id": "your_client_id", # Required for API token mode
"client_token": "your_client_token", # Required for API token mode
"verify_ssl": False,
}
config = ClientConfig(**config_data)
client = PfSenseV1Client(config=config)
# Example: Execute a shell command on the firewall
response = client.execute_shell_command("ls -la")
print(response)
Keep in mind that while the V1 API is still available, new features and improvements will be added only to the V2 implementation.
- API Key Authentication: Pass your API key in the configuration via the
api_keyfield. - JWT-based Authentication: Provide
usernameandpassword(or callauthenticate_jwt()to obtain a token). The token will be automatically attached to subsequent requests.
The V1 client supports multiple authentication modes:
- Local: Requires
usernameandpassword. - JWT: Requires a valid
jwttoken. - API Token: Requires both
client_idandclient_token.
If your pfSense instance uses self-signed certificates or you wish to disable SSL certificate validation, set verify_ssl=False in your client configuration.
You can build a Docker image for development. This image will install all dependencies and mount the source code for live development.
docker compose -f local.yml build
docker compose -f local.yml up
The V1 implementation is a heavy rewrite of (https://github.com/yaleman/pfsense-api-client).
This README should help you get started with the new V2 API while still providing guidance for legacy V1 usage. Happy coding!