> ## Documentation Index > Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create a walled garden entry > Adds a new IP address or subnet to the walled garden for a specific site, allowing users to access it before authenticating. ## OpenAPI ````yaml /api/en/captive-portal.yaml post /captive/walled-garden/{siteId} openapi: 3.0.3 info: title: Altostrat Captive Portal API version: 1.0.0 description: >- The Altostrat Captive Portal API is the microservice responsible for managing user authentication, access control, and branding for guest Wi-Fi networks. It acts as the control plane for guest network experiences on MikroTik devices within the Altostrat SDX platform, integrating with network automation to dynamically manage user sessions and access policies. This API allows you to programmatically manage: - **Instances:** A complete configuration for a captive portal, including its appearance (theme), authentication method (OAuth2 or coupon-based), and session rules. - **Auth Integrations:** Reusable configurations for third-party identity providers (e.g., Google, Azure AD) used in OAuth2 authentication strategies. - **Coupons & Schedules:** Time-limited access codes and the automated schedules that generate them for coupon-based guest access. - **Walled Garden:** Granular rules defining which domains or IP addresses users can access *before* authenticating, essential for identity provider logins. Developers use this API to programmatically create, configure, and manage bespoke guest Wi-Fi experiences across their entire network of sites. servers: - url: https://v1.api.altostrat.io description: Altostrat Production API security: - bearerAuth: [] tags: - name: Captive Portal Instances description: >- Manage captive portal configurations, including themes, authentication strategies, and associated sites. - name: Auth Integrations description: >- Configure third-party Identity Providers (IDPs) for OAuth2-based authentication. - name: Coupons description: Generate and manage single-use access coupons for guest networks. - name: Coupon Schedules description: Automate the generation of access coupons on a recurring schedule. - name: Walled Garden description: Control which destinations users can access before authentication. - name: Site Users description: >- View and manage users who have authenticated through the captive portal at a specific site. - name: Public Coupon URLs description: Signed public URLs for coupon schedule exports. paths: /captive/walled-garden/{siteId}: post: tags: - Walled Garden summary: Create a walled garden entry description: >- Adds a new IP address or subnet to the walled garden for a specific site, allowing users to access it before authenticating. operationId: createWalledGardenEntry parameters: - $ref: '#/components/parameters/siteId' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WalledGardenCreate' responses: '201': description: The walled garden entry was created successfully. content: application/json: schema: $ref: '#/components/schemas/WalledGardenEntry' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/ServerError' components: parameters: siteId: name: siteId in: path required: true description: The unique identifier for the site. schema: type: string format: uuid example: a1b2c3d4-e5f6-a7b8-c9d0-e1f2a3b4c5d6 schemas: WalledGardenCreate: type: object required: - name - ip_address properties: name: type: string description: A descriptive name for the entry. example: Google Authentication Servers ip_address: type: string description: >- The IP address or subnet in CIDR notation to allow. Must be a valid RFC 4632 address. example: 172.217.16.0/24 type: type: string description: An optional type to categorize the entry. enum: - captive-auth - captive-portal nullable: true example: captive-auth WalledGardenEntry: type: object properties: id: type: string format: uuid description: The unique identifier for the walled garden entry. example: f1e2d3c4-b5a6-9876-5432-10fedcba9876 name: type: string description: A descriptive name for the entry. example: Google Authentication Servers type: type: string description: The type of service this entry is for. enum: - captive-auth - captive-portal nullable: true example: captive-auth ip_address: type: string description: >- The IP address or subnet in CIDR notation that is allowed pre-authentication. example: 172.217.16.0/24 created_at: type: string format: date-time description: The timestamp when the entry was created. example: '2025-10-27T18:00:00Z' ErrorResponse: type: object properties: type: type: string description: A broad category for the error (e.g., 'invalid_request_error'). example: invalid_request_error code: type: string description: A short, unique string identifying the specific error. example: parameter_missing message: type: string description: A human-readable description of what went wrong. example: The 'name' parameter is required for this request. doc_url: type: string description: >- A direct link to the documentation page for this specific error code. example: https://docs.altostrat.io/errors/parameter_missing responses: BadRequest: description: >- Bad Request - The request was malformed or invalid. This can happen if a required parameter is missing or a value is of the wrong type. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Unauthorized: description: >- Unauthorized - The request requires authentication, but no valid credentials were provided. Ensure your API key is correct and included in the 'Authorization' header. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Forbidden: description: >- Forbidden - You do not have permission to perform this action on the requested resource. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: >- Not Found - The requested resource could not be found. Check that the provided ID is correct. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' ServerError: description: >- Internal Server Error - Something went wrong on our end. We've been notified and are looking into it. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: >- API Key authentication. Provide your token in the 'Authorization' header. Example: `Authorization: Bearer ` ````