From 4afbc4442db49fc0adae39713a6fd551bb7349bc Mon Sep 17 00:00:00 2001 From: netbirddev Date: Tue, 5 May 2026 18:39:56 +0000 Subject: [PATCH] Update API pages with v0.70.5 --- src/pages/ipa/resources/instance.mdx | 47 +++++++++++++++++----- src/pages/ipa/resources/posture-checks.mdx | 46 ++++++++++++++++++++- 2 files changed, 82 insertions(+), 11 deletions(-) diff --git a/src/pages/ipa/resources/instance.mdx b/src/pages/ipa/resources/instance.mdx index 05221d4c..11e9ff71 100644 --- a/src/pages/ipa/resources/instance.mdx +++ b/src/pages/ipa/resources/instance.mdx @@ -365,6 +365,9 @@ echo $response; Creates the initial admin user for the instance. This endpoint does not require authentication but only works when setup is required (no accounts exist and embedded IDP is enabled). + +When the management server is started with `NB_SETUP_PAT_ENABLED=true` and the request includes `create_pat: true`, the endpoint also provisions the NetBird account for the new owner user and returns the plain text Personal Access Token in `personal_access_token`. The optional `pat_expire_in` value applies only when `create_pat` is true and defaults to 1 day when omitted. If a post-user step fails, setup-created resources are rolled back when safe; if account cleanup fails, the owner user is left in place to avoid leaving an account without its admin user. + ### Request-Body Parameters @@ -382,6 +385,16 @@ echo $response; Display name for the admin user (defaults to email if not provided) + + + + If true and the server has setup-time PAT issuance enabled (NB_SETUP_PAT_ENABLED=true), create a Personal Access Token for the new owner user and return it in the response. Ignored when the server feature is disabled. + + + + + Expiration of the Personal Access Token in days. Applies only when create_pat is true and the server feature is enabled. Defaults to 1 day when omitted. + @@ -398,7 +411,9 @@ curl -X POST https://api.netbird.io/api/setup \ --data-raw '{ "email": "admin@example.com", "password": "securepassword123", - "name": "Admin User" + "name": "Admin User", + "create_pat": true, + "pat_expire_in": 30 }' ``` @@ -407,7 +422,9 @@ const axios = require('axios'); let data = JSON.stringify({ "email": "admin@example.com", "password": "securepassword123", - "name": "Admin User" + "name": "Admin User", + "create_pat": true, + "pat_expire_in": 30 }); let config = { method: 'post', @@ -438,7 +455,9 @@ url = "https://api.netbird.io/api/setup" payload = json.dumps({ "email": "admin@example.com", "password": "securepassword123", - "name": "Admin User" + "name": "Admin User", + "create_pat": true, + "pat_expire_in": 30 }) headers = { 'Content-Type': 'application/json', @@ -469,7 +488,9 @@ func main() { payload := strings.NewReader(`{ "email": "admin@example.com", "password": "securepassword123", - "name": "Admin User" + "name": "Admin User", + "create_pat": true, + "pat_expire_in": 30 }`) client := &http.Client { } @@ -518,7 +539,9 @@ request["Authorization"] = "Token " request.body = JSON.dump({ "email": "admin@example.com", "password": "securepassword123", - "name": "Admin User" + "name": "Admin User", + "create_pat": true, + "pat_expire_in": 30 }) response = https.request(request) puts response.read_body @@ -531,7 +554,9 @@ MediaType mediaType = MediaType.parse("application/json"); RequestBody body = RequestBody.create(mediaType, '{ "email": "admin@example.com", "password": "securepassword123", - "name": "Admin User" + "name": "Admin User", + "create_pat": true, + "pat_expire_in": 30 }'); Request request = new Request.Builder() .url("https://api.netbird.io/api/setup") @@ -560,7 +585,9 @@ curl_setopt_array($curl, array( CURLOPT_POSTFIELDS => '{ "email": "admin@example.com", "password": "securepassword123", - "name": "Admin User" + "name": "Admin User", + "create_pat": true, + "pat_expire_in": 30 }', CURLOPT_HTTPHEADER => array( 'Content-Type: application/json', @@ -582,13 +609,15 @@ echo $response; ```json {{ title: 'Example' }} { "user_id": "abc123def456", - "email": "admin@example.com" + "email": "admin@example.com", + "personal_access_token": "nbp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" } ``` ```json {{ title: 'Schema' }} { "user_id": "string", - "email": "string" + "email": "string", + "personal_access_token": "string" } ``` diff --git a/src/pages/ipa/resources/posture-checks.mdx b/src/pages/ipa/resources/posture-checks.mdx index 585b2897..8dbb005a 100644 --- a/src/pages/ipa/resources/posture-checks.mdx +++ b/src/pages/ipa/resources/posture-checks.mdx @@ -199,6 +199,8 @@ echo $response; "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -460,7 +462,10 @@ echo $response;
- Posture check for allow or deny access based on the peer's IP addresses. A range matches when it contains any of the peer's local network interface IPs or its public connection (NAT egress) IP, so ranges may target private subnets, public CIDRs, or single hosts via a /32 or /128. + Posture check for allow or deny access based on the peer's IP addresses. A range matches when it +contains any of the peer's local network interface IPs or its public connection (NAT egress) IP, +so ranges may target private subnets, public CIDRs, or single hosts via a /32 or /128. + @@ -573,6 +578,8 @@ curl -X POST https://api.netbird.io/api/posture-checks \ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -629,6 +636,8 @@ let data = JSON.stringify({ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -707,6 +716,8 @@ payload = json.dumps({ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -785,6 +796,8 @@ func main() { "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -881,6 +894,8 @@ request.body = JSON.dump({ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -941,6 +956,8 @@ RequestBody body = RequestBody.create(mediaType, '{ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -1017,6 +1034,8 @@ curl_setopt_array($curl, array( "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -1088,6 +1107,8 @@ echo $response; "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -1370,6 +1391,8 @@ echo $response; "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -1636,7 +1659,10 @@ echo $response;
- Posture check for allow or deny access based on the peer's IP addresses. A range matches when it contains any of the peer's local network interface IPs or its public connection (NAT egress) IP, so ranges may target private subnets, public CIDRs, or single hosts via a /32 or /128. + Posture check for allow or deny access based on the peer's IP addresses. A range matches when it +contains any of the peer's local network interface IPs or its public connection (NAT egress) IP, +so ranges may target private subnets, public CIDRs, or single hosts via a /32 or /128. + @@ -1749,6 +1775,8 @@ curl -X PUT https://api.netbird.io/api/posture-checks/{postureCheckId} \ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -1805,6 +1833,8 @@ let data = JSON.stringify({ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -1883,6 +1913,8 @@ payload = json.dumps({ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -1961,6 +1993,8 @@ func main() { "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -2057,6 +2091,8 @@ request.body = JSON.dump({ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -2117,6 +2153,8 @@ RequestBody body = RequestBody.create(mediaType, '{ "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -2193,6 +2231,8 @@ curl_setopt_array($curl, array( "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow" @@ -2264,6 +2304,8 @@ echo $response; "ranges": [ "192.168.1.0/24", "10.0.0.0/8", + "1.0.0.0/24", + "2.2.2.2/32", "2001:db8:1234:1a00::/56" ], "action": "allow"