No API access through User Manager authentication

N1bble · December 30, 2025, 9:52am

Hello,

We are using the User- Manager for management authentication on a range of routers.

We would like to retrieve information from the routers through the rest-api.
When I do a api request I get an error message not authorized and in the router Log there is a authentication failure via rest-api.

When using the same api request with an user that is locally defined, it works!

The credentials are correct and the correct user group is applied.
I’m able to login through Winbox without a problem.

Is this a configuration error of maybe a build-in restriction or a bug?

We don’t want to add local users in over 40 routers, that’s why we use the User-Manager.

Any help is appreciated.

Regards,
Edwin

pe1chl · December 30, 2025, 3:03pm

You need to configure local user authentication via RADIUS.

(AAA under System→Users, possibly RADIUS settings as well)

Amm0 · December 30, 2025, 3:19pm

@pe1chl is right.

You do need enable AAA in /user and enable RADIUS locally to user-manager:

/user aaa set default-group=read use-radius=yes
/radius add address=127.0.0.1 service=login
/radius incoming set accept=yes

And firewall may need to allow localhost on chain=input.

You can control the group assigned in user manager via MikroTik-Group attribute:

/user-manager user set [find name="umadmin"] attributes=Mikrotik-Group:full

N1bble · December 30, 2025, 3:19pm

This is set and the Radius authorization works!

Winbox and Web login also works fine!
It’s just de API that giving a login error.

Amm0 · December 30, 2025, 3:24pm

Do you mean the native API, or the REST API?

I tested REST API using 7.21rc3 with a UM user and it works.

N1bble · December 30, 2025, 3:33pm

I updated to 7.21rc4, but no change.
I just give a simple request: http://192.168.88.1/rest/system/clock

I’ll have a look next week again.

Amm0 · December 30, 2025, 3:39pm

Odd problem.

I'd check the firewall to make sure it allows localhost (for RADIUS access from router processes). Perhaps winbox auth acts different, IDK.

Can also add debug log topic while testing to see what's actually happening.

N1bble · January 5, 2026, 12:29pm

Hello,

Happy new year!

Just want to let you know, I found the problem.

In the log I found an error, saying maximum sessions reached.
The user limit was set to 1. I don’t know why, but it seems this needs to be set to at least 2 sessions.

After this, the authentication works.

Thanks for the help!