We operate a maritime fleet (vessels with Pepwave routers + InControl appliance) and have built an automated usage-reporting and crew internet token system on top of the InControl2 REST API. Overall the API is workable, but we hit several limitations that forced workarounds. Sharing in case these can be improved:
1. POST /rest/o/{org}/g/{group_id}/cp/daily_usage ignores its parameters
The request body fields portal_id and report_date appear to be ignored — every call returns the current day’s data for ALL portals in the group, regardless of what is sent. Verified by sending {"portal_id":"29","report_date":"2026-06-09"}, {}, and other variants: all returned byte-identical responses stamped with today’s date.
Impact: there is no way to query yesterday’s captive portal usage. We were forced to run a scheduled snapshot job at 23:50 every night to capture the day’s data before it disappears. A working report_date parameter (even just yesterday) would remove this fragile workaround.
2. No endpoint returns historical per-client captive portal usage
GET .../d/{device_id}/client?bandwidth=true only returns currently connected clients. If a client is offline at query time, their usage that day is invisible. Combined with point 1, there is no reliable API way to answer “how much data did portal X’s clients use on date Y” — even though the InControl web UI clearly has this data in Captive Portal Reports.
Request: expose the same historical per-client / per-portal usage data the web UI reports, queryable by date range.
3. bandwidthUsed semantics are undocumented
The bandwidthUsed field in cp/daily_usage rows is a per-session cumulative counter that resets when a session restarts (e.g. at the portal’s daily quota reset). This is not documented anywhere — we had to reverse-engineer it from sample sequences. Consumers who treat it as a daily total will silently over- or under-count. Please document the counter semantics, or better, provide a pre-computed per-day delta.
4. captive_portal_user is lookup-only — no list mode
GET .../cp/{cp_id}/captive_portal_user requires token= or username= and returns a single record. There is no way to list all users/accounts of a captive portal with their quota and usage. For operators managing crew accounts across a fleet, a paginated list endpoint would be extremely useful.
5. No write operations for captive portal users
There are no PUT/POST/DELETE endpoints for captive portal user accounts — no way to create accounts, change passwords, adjust quotas, or disable users via API. Everything must be done manually in the web UI. For fleet operators with hundreds of crew accounts this is the single biggest gap. Even a password-change endpoint alone would enable crew self-service portals.
6. captive_portal_user_info is marketing-data only
The endpoint name suggests user account info, but it returns only social/email login marketing fields (email, gender, country, visit_count). No quota or usage. The naming is confusing next to captive_portal_user.
7. Minor: API doc gaps
The Swagger doc for cp/daily_usage describes the request body as just data (Raw, String) with no schema, no field list, and no response model. Several captive portal endpoints share this. Documenting request/response schemas would save a lot of trial and error.
Summary of requests, in priority order for us:
- Captive portal user write API (create / update password / set quota / disable)
- Historical per-client portal usage queryable by date (
report_datehonored oncp/daily_usage, or a new report endpoint) - List-all mode for
captive_portal_user - Documented counter semantics for
bandwidthUsed
Happy to provide request/response samples or test against beta endpoints. Setup: InControl appliance, OAuth2 client_credentials, org-level API access.