---
name: reference_unifi_site_manager_api
description: UniFi Site Manager cloud API (api.ui.com) + its CONNECTOR proxy give remote access to the WHOLE ACG UniFi fleet (~36 consoles) outside UOS - AND full UOS-parity RF/client data via the connector. Key vaulted at services/unifi-site-manager; backend = unifi-wifi skill gw-sitemanager.sh.
metadata:
  type: reference
---

ACG has a **UniFi Site Manager / Cloud API** key (account owner mike@azcomputerguru.com)
that reaches every ACG UniFi console remotely - no UOS server, no on-site/LAN access. This is
the "access a UDM outside the UOS environment" path, and via the connector it reaches
**UOS-parity depth**. Backend: `.claude/skills/unifi-wifi/scripts/gw-sitemanager.sh`.
Full catalog: `.claude/skills/unifi-wifi/references/site-manager-api.md`.

- **Base:** `https://api.ui.com`  -  **Auth:** header `X-API-KEY: <key>` + `Accept: application/json`.
- **Key:** vault `services/unifi-site-manager` (`credentials.api_key`).
- **Tier 1 (Site Manager, fleet overview):** `GET /v1/hosts` (~36 consoles: id, WAN ipAddress,
  controllers+integrationApis), `/v1/sites` (health counts, IPS, ISP/ASN), `/v1/devices`
  (inventory: name/model/ip/state/fw), `/v1/isp-metrics/{5m,1h}` (WAN latency/throughput/downtime
  time-series). Inventory + health + WAN, NOT per-radio/per-client.
- **Tier 2 (CONNECTOR -> console LOCAL Network API = UOS PARITY):**
  `https://api.ui.com/v1/connector/consoles/{hostId}/proxy/network/<path>` with the SAME account key.
  - `/proxy/network/api/s/{site}/stat/device` -> `radio_table_stats` (cu_total airtime, channel, bw,
    tx_power, num_sta, satisfaction) - the SAME depth as UOS Mongo `ace_stat`.
  - `/proxy/network/api/s/{site}/stat/sta` -> per-client rssi/signal/noise/satisfaction/rates.
  - `/proxy/network/integration/v1/...` -> official Integration API (sites/devices/clients + POST
    actions: device restart, client block/unblock).
  - site short name is usually `default`. Confirmed live on Brooklyn/Skybar 2026-06-17.
  - == parity for ANY console remotely (broader than UOS, which only sees UOS-adopted sites).
- **Standalone consoles:** direct WAN SSH/HTTPS to a UDM is usually FIREWALLED (e.g. Brooklyn/Skybar
  67.1.139.219 - 22/443/8443 filtered). Use the connector; per-console device SSH pw under
  `clients/<slug>/udm-ssh` (e.g. clients/brooklyn-skybar/udm-ssh).

Relevant to extending `unifi-wifi` to non-UOS sites. See [[reference_resource_map]].