List all UniFi sites on this controller. Returns site UUIDs, names, and internal references.

List adopted devices (APs, switches, gateways) for a site via Integration API. Returns name, MAC, model, state (ONLINE/OFFLINE), IP, firmware version. Filters: only_online=True, model string (e.g. 'U7Pro'). site_id accepts 'default', UUID, or display name.

Get full details for a single device by its ID (Integration API).

List connected clients for a site (Integration API). Returns name, MAC, IP, type, connected-at, uplink device. Filters: type='WIRELESS'|'WIRED', uplink_device_id. Pagination: offset, limit (default 25).

Get details for a single client by client ID (Integration API).

Perform a guest-access action on a client. action: 'AUTHORIZE_GUEST_ACCESS' or 'UNAUTHORIZE_GUEST_ACCESS'.

List all networks (VLANs) for a site. Returns id, name, VLAN ID, management type, enabled state.

Get full details for a single network. Returns VLAN ID, isolation, internet access, mDNS, IPv4 config (subnet, DHCP range, lease time).

Create a new network (VLAN). management must be 'GATEWAY' or 'VLAN_ONLY'. Example ipv4_configuration: {'hostIpAddress':'10.10.20.1','prefixLength':24,'dhcpConfiguration':{'mode':'SERVER','ipAddressRange':{'start':'10.10.20.100','stop':'10.10.20.200'},'leaseTimeSeconds':86400}}.

Update an existing network. Fetches current state, merges your changes, and PUTs back. management is required ('GATEWAY' or 'VLAN_ONLY'). System-defined networks can be updated but not deleted.

Delete a network by ID. System-defined networks cannot be deleted.

List RADIUS profiles for a site (read-only via Integration API).

Get system information for the site: controller version, build, timezone, data retention settings, update status.

Get health status for all subsystems: wlan, wan, www, lan, vpn. Returns client counts, AP counts, and per-subsystem status (ok/warning/error).

Get detailed device statistics from the legacy API. Richer than unifi_list_devices — includes uptime, load, memory, radio channel/power, tx/rx bytes, client counts per radio band. mac: optional filter to a specific device MAC address.

Get detailed stats for currently connected clients (legacy API). Richer than unifi_list_clients — includes signal strength, tx/rx rate, channel, SSID, noise, satisfaction score, data usage.

Get all known clients (connected + historical) for a site. Includes first-seen/last-seen timestamps, total data usage, hostname, OUI. within: limit to clients seen in the last N hours (optional).

List rogue / neighboring access points detected by your APs. Returns SSID, BSSID, channel, signal strength, security type, and detecting AP.

Get Deep Packet Inspection statistics per client. Returns tx/rx bytes and packet counts broken down by application category.

Get site-level DPI statistics aggregated across all clients.

Get historical traffic statistics. report_type: 'daily.site' | 'hourly.site' | 'daily.ap' | 'hourly.ap' | 'daily.user' | 'hourly.user'. Returns bytes sent/received and number of clients per interval.

List all WLANs (SSIDs) configured on the site. Returns name, security, enabled state, VLAN, band, guest mode, user-group.

Get details for a single WLAN by its _id.

Create a new WLAN (SSID). security: 'open' | 'wpapsk' | 'wpa2' | 'wpa3'. passphrase required unless security='open'. wlan_band: '2g' | '5g' | 'both'. vlan_id: tag clients into a specific VLAN. is_guest: True marks this as a guest network.

Update a WLAN by its _id. Fetches current config and merges your fields. Common uses: change password, enable/disable SSID, change band, toggle guest mode.

Delete a WLAN by its _id. This removes the SSID from all APs.

List all firewall rules on the site.

Create a firewall rule. ruleset: 'WAN_IN'|'WAN_OUT'|'WAN_LOCAL'|'LAN_IN'|'LAN_OUT'|'LAN_LOCAL'|'GUEST_IN'|'GUEST_OUT'|'GUEST_LOCAL'. action: 'accept'|'drop'|'reject'. protocol: 'all'|'tcp'|'udp'|'tcp_udp'|'icmp'. src/dst: optional IP or network address. src_port/dst_port: optional port or range (e.g. '80' or '8080:8090').

Update a firewall rule by its _id. Fetches current state and merges your changes.

Delete a firewall rule by its _id.

List firewall groups (address/port sets used in firewall rules).

Create a firewall group. group_type: 'address-group' | 'port-group' | 'ipv6-address-group'. group_members: list of IPs/CIDRs (address-group) or ports/ranges (port-group).

Update a firewall group by its _id (add/remove members).

Delete a firewall group by its _id.

List all port forwarding rules on the site.

Create a port forwarding rule. protocol: 'tcp'|'udp'|'tcp_udp'. src_port / fwd_port: port numbers or ranges (e.g. '80', '8080:8090'). fwd: destination LAN IP address.

Update a port forwarding rule by its _id.

Delete a port forwarding rule by its _id.

List switch port profiles (port configs) for the site.

List all known client records (persistent user database). Returns hostname, MAC, IP, notes, is_blocked, is_guest, first_seen, last_seen, data usage. This is different from unifi_get_client_stats which shows only currently connected clients.

Update a known client record by its _id. Common uses: set a friendly name (note), block/unblock, assign fixed IP. blocked: True to block the client at the network level.

List static routes configured on the site.

List all site settings grouped by key (super_identity, country, locale, mgmt, connectivity, guest_access, ntp, radius, rsyslog, snmp, etc.).

List hotspot vouchers on the site.

Force-disconnect (kick) a wireless client by MAC address. The client will attempt to reconnect immediately. mac: client MAC address (e.g. 'aa:bb:cc:dd:ee:ff').

Block a client by MAC address — prevents it from connecting to any SSID on the site. Use unifi_unblock_client to reverse.

Unblock a previously blocked client by MAC address.

Authorize a client for guest portal access by MAC address. minutes: duration in minutes (default 60). up_kbps / down_kbps: optional bandwidth limits. mb_limit: optional data cap in MB.

Revoke guest portal authorization for a client by MAC address.

Restart (reboot) an AP or switch by its MAC address. The device will be offline for ~60 seconds while rebooting.

Trigger a firmware upgrade on an AP or switch by its MAC address. Only upgrades if a newer firmware is available. Device will reboot after upgrade.