pfSense-pkg-RESTAPI
pfSense-pkg-RESTAPI is an unofficial, community-maintained PHP package that adds REST and GraphQL APIs to pfSense firewalls. It provides 200+ endpoints for automation and management, with built-in Swagger documentation and configurable authentication.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | pfrest/pfSense-pkg-RESTAPI |
| Owner | pfrest |
| Primary language | PHP |
| License | Apache-2.0 — OSI-approved |
| Stars | 828 |
| Forks | 130 |
| Open issues | 21 |
| Latest release | v2.8.2 (2026-06-09) |
| Last updated | 2026-07-07 |
| Source | https://github.com/pfrest/pfSense-pkg-RESTAPI |
What pfSense-pkg-RESTAPI is
Written in PHP, the package exposes pfSense firewall configuration and operations via REST and GraphQL endpoints with HATEOAS support, Swagger/OpenAPI documentation, and flexible query/filter capabilities. It runs as a package on pfSense CE and Plus, requiring compatible pfSense versions.
Get the pfSense-pkg-RESTAPI source
Clone the repository and explore it locally.
git clone https://github.com/pfrest/pfSense-pkg-RESTAPI.gitcd pfSense-pkg-RESTAPI# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Verify your pfSense version (CE or Plus) is listed in supported versions before installation to avoid system instability.
- Plan authentication and authorization configuration carefully; review available options (API keys, tokens, etc.) to match your security policy.
- Test API functionality in a non-production environment to confirm endpoint coverage for your specific firewall use cases before production rollout.
- Monitor GitHub issues and releases to stay informed of bug fixes and security updates; set a maintenance schedule for patching.
- Document which 200+ endpoints your automation will use; not all pfSense configurations may have REST/GraphQL equivalents.
When to avoid it — and what to weigh
- Requires Official Netgate Support — This is a community project with no affiliation or support from Netgate or the pfSense team. If vendor support is mandatory for your environment, this is not suitable.
- Mission-Critical Production Without Prior Testing — The package warns that installation on unsupported pfSense versions may cause unexpected behavior or system instability. Thorough testing in non-production is essential before deployment.
- Requires Immediate Commercial SLA or Guarantees — As an open-source community project, there is no guaranteed response time, uptime SLA, or commercial indemnification. Production deployments should assess maintenance risk.
- Complex Custom pfSense Configuration Not Yet Documented — If your deployment uses undocumented pfSense features or non-standard configurations, API endpoint coverage and compatibility are uncertain and may require source code review.
License & commercial use
Licensed under Apache License 2.0 (Apache-2.0), a permissive, well-established OSI-approved license allowing commercial use, modification, and distribution with proper attribution and notice.
Apache-2.0 permits commercial use of the software. However, this is an unofficial, community-maintained project without vendor backing or commercial support agreements. Organizations using this for commercial purposes should assess the risk of relying on community maintenance for mission-critical firewall automation and establish internal support capabilities.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | High |
The package exposes firewall configuration via API. Security posture depends on: (1) authentication method strength and credential management, (2) network access controls (who can reach the API), (3) timely patching of the package and underlying pfSense, (4) review of RBAC/authorization controls, and (5) monitoring for unauthorized API access. No third-party security audit data provided. Assess threat model in your environment.
Alternatives to consider
Netgate pfSense Plus REST API (official, if available)
Official Netgate solution may offer vendor support and guaranteed compatibility, but feature scope and release schedule unknown; check Netgate's current offerings.
Terraform/Ansible pfSense Modules
Infrastructure-as-code frameworks with pfSense plugins; may offer more mature tooling integration and community modules, though potentially less direct API access.
OPNsense (REST API built-in)
OPNsense, a pfSense fork, includes native REST API support; if you control firewall selection and can migrate, this eliminates third-party package dependency.
Build on pfSense-pkg-RESTAPI with DEV.co software developers
Evaluate pfSense-pkg-RESTAPI for your DevOps and network automation needs. Review supported versions, test thoroughly in non-production, and consider community maintenance risk. Contact Devco to discuss integration strategy.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
pfSense-pkg-RESTAPI FAQ
Is this package supported by Netgate?
Can I use this in production?
What pfSense versions are supported?
Do I need to choose between REST and GraphQL?
Software development & web development with DEV.co
Adopting pfSense-pkg-RESTAPI is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.
Ready to Automate Your pfSense Firewall?
Evaluate pfSense-pkg-RESTAPI for your DevOps and network automation needs. Review supported versions, test thoroughly in non-production, and consider community maintenance risk. Contact Devco to discuss integration strategy.