Have there been any changes introduced with v25.7 concerning API permissions?
I run the OPNsense integration "hass-opnsense (https://github.com/travisghansen/hass-opnsense)" with Home Assistant that connects to OPNsense via API. Additionally, I have installed the respective OPNsense plugin "os-homeassistant-maxit (https://github.com/travisghansen/hass-opnsense?tab=readme-ov-file#opnsense-plugin)".
Until the update to v25.7 the integration via API went flawlessly. But now several entities don't get updated anymore. The OPNsense "Backend" log is full of API errors:
2025-07-26T12:27:30Errorapiuri /api/diagnostics/system/systemInformation not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:34:42Errorapiuri /api/diagnostics/system/systemTemperature not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:34:42Errorapiuri /api/diagnostics/system/systemDisk not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:34:40Errorapiuri /api/diagnostics/system/systemTime not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:34:39Errorapiuri /api/diagnostics/system/systemResources not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:34:37Errorapiuri /api/diagnostics/system/systemInformation not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:34:01Errorapiuri /api/diagnostics/system/systemTemperature not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:34:01Errorapiuri /api/diagnostics/system/systemDisk not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:33:58Errorapiuri /api/diagnostics/system/systemTime not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:33:57Errorapiuri /api/diagnostics/system/systemResources not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:33:55Errorapiuri /api/diagnostics/system/systemInformation not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:33:19Errorapiuri /api/diagnostics/system/systemTemperature not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:33:19Errorapiuri /api/diagnostics/system/systemDisk not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:33:17Errorapiuri /api/diagnostics/system/systemTime not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:33:16Errorapiuri /api/diagnostics/system/systemResources not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:33:14Errorapiuri /api/diagnostics/system/systemInformation not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:32:38Errorapiuri /api/diagnostics/system/systemTemperature not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:32:38Errorapiuri /api/diagnostics/system/systemDisk not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:32:36Errorapiuri /api/diagnostics/system/systemTime not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:32:35Errorapiuri /api/diagnostics/system/systemResources not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:32:33Errorapiuri /api/diagnostics/system/systemInformation not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:57Errorapiuri /api/diagnostics/system/systemTemperature not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:57Errorapiuri /api/diagnostics/system/systemDisk not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:55Errorapiuri /api/diagnostics/system/systemTime not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:54Errorapiuri /api/diagnostics/system/systemResources not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:52Errorapiuri /api/diagnostics/system/systemInformation not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:17Errorapiuri /api/diagnostics/system/systemTemperature not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:16Errorapiuri /api/diagnostics/system/systemDisk not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:14Errorapiuri /api/diagnostics/system/systemTime not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:13Errorapiuri /api/diagnostics/system/systemResources not accessible for user hass using api key xxxyyyyzzz
2025-07-26T09:31:11Errorapiuri /api/diagnostics/system/systemInformation not accessible for user hass using api key xxxyyyyzzz
Yes, see: https://forum.opnsense.org/index.php?topic=48092
Quote from: meyergru on July 26, 2025, 12:39:03 PMYes, see: https://forum.opnsense.org/index.php?topic=48092
Oh, thanks for pointing me to this post!
If I understand it correctly, adjustments would be needed on the side of the Home Assistant integration and plugin. Correct?
I guess you would have to refresh your user permissions, too, but you are correct, see: https://forum.opnsense.org/index.php?msg=242934
If the API permission matches:
https://github.com/opnsense/core/blob/b543665bea3e0b85e8d00f3193bd854f16d23f25/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml#L23
Then the call to the API must also be that exact pattern.
That is not the problem, Cedrik. I noticed the same thing with my reboot user where I thought that the URL had not changed: When you have a user that has limited permissions, it can happen that after the upgrade, those seem to be out of sync.
I suspect this to be because of snake_case changes, but frankly, IDK. Once I edited that user, giving the same permissions as before and saved again, my permission problem went away.
Oh, and BTW: yes, the URIs in those log entries have changed because of snake_case, too. E.g.:
/api/diagnostics/system/systemInformation is now /api/diagnostics/system/system_information
So, the HA integration has to be adapted.
That is what I said. :O
Thanks, @meyergru and @Monviech (Cedrik). The issues have been resolved with v0.4.5 of the OPNsense integration "hass-opnsense".