API Access

Accessing Pritunl with the API

Pritunl has a RESTful api that can be accessed using the API token for an administrator. This is available with an enterprise subscription in the Adminstrators section of the web console. Chrome Developer Tools should be used to find API handlers. All PUT requests must include all fields that are returned from a GET request.

import requests, time, uuid, hmac, hashlib, base64
BASE_URL = 'https://localhost'
API_TOKEN = 'p7g444S3IZ5wmFvmzWmx14qACXdzQ25b'
API_SECRET = 'OpS9fjxkPI3DclkdKDDr6mqYVd0DJh4i'

def auth_request(method, path, headers=None, data=None):
    auth_timestamp = str(int(time.time()))
    auth_nonce = uuid.uuid4().hex
    auth_string = '&'.join([API_TOKEN, auth_timestamp, auth_nonce,
        method.upper(), path])
    auth_signature = base64.b64encode(hmac.new(
        API_SECRET, auth_string, hashlib.sha256).digest())
    auth_headers = {
        'Auth-Token': API_TOKEN,
        'Auth-Timestamp': auth_timestamp,
        'Auth-Nonce': auth_nonce,
        'Auth-Signature': auth_signature,
    }
    if headers:
        auth_headers.update(headers)
    return getattr(requests, method.lower())(
        BASE_URL + path,
        headers=auth_headers,
        data=data,
    )

Example Adding All AWS IP Ranges

The example below will add all AWS IP ranges to a the SERVER_ID set below. Uncomment the regions to add.

import requests
import time
import uuid
import hmac
import hashlib
import base64
import json
import sys

BASE_URL = 'https://server.domain'
API_TOKEN = 'Hv2FxEMoa3moTVuRahMsMK3VUCwdmjmt'
API_SECRET = 'zihea5hTIpIgxsPFboby4hctopxWQSKd'
SERVER_ID = '57e9e364fd632c233e86f827'
REGIONS = {
    # 'GLOBAL',
    #
    # 'us-east-1',
    # 'us-east-2',
    # 'us-west-1',
    # 'us-west-2',
    # 'us-gov-west-1',
    #
    # 'eu-central-1',
    # 'eu-west-1',
    #
    # 'ap-south-1',
    # 'ap-northeast-1',
    # 'ap-northeast-2',
    # 'ap-southeast-1',
    # 'ap-southeast-2',
    #
    # 'cn-north-1',
    #
    # 'sa-east-1',
    #
    # 'us-gov-west-1',
}

def auth_request(method, path, headers=None, data=None):
    auth_timestamp = str(int(time.time()))
    auth_nonce = uuid.uuid4().hex
    auth_string = '&'.join([API_TOKEN, auth_timestamp, auth_nonce,
        method.upper(), path])
    if sys.version_info[0] < 3:
        auth_signature = base64.b64encode(hmac.new(
            API_SECRET, auth_string, hashlib.sha256).digest())
    else:
        auth_signature = base64.b64encode(hmac.new(
            API_SECRET.encode('utf-8'), auth_string.encode('utf-8'), hashlib.sha256).digest())
    auth_headers = {
        'Auth-Token': API_TOKEN,
        'Auth-Timestamp': auth_timestamp,
        'Auth-Nonce': auth_nonce,
        'Auth-Signature': auth_signature,
    }
    if headers:
        auth_headers.update(headers)
    return getattr(requests, method.lower())(
        BASE_URL + path,
        headers=auth_headers,
        data=data,
    )

response = requests.get('https://ip-ranges.amazonaws.com/ip-ranges.json')
ranges = response.json()
routes = []

for range in ranges['prefixes']:
    if range['region'] not in REGIONS:
        continue

    routes.append({
        'network': range['ip_prefix'],
        'nat': True,
    })

response = auth_request(
    'POST',
    '/server/%s/routes' % SERVER_ID,
    headers={
        'Content-Type': 'application/json',
    },
    data=json.dumps(routes),
)
assert(response.status_code == 200)