OpenBeken HTTP WiFi Setup: Connect to Router & Disable AP Mode via REST Commands

User question

How to use HTTP to configure OpenBK to connect to a WiFi network AND shut down AP mode

Artificial Intelligence Response

Direct answer to the question

• Send one Backlog HTTP request to the device’s configuration endpoint containing these commands, URL-encoded and separated with semicolons:
Wifi_SSID <SSID>; Wifi_Pass <PASSWORD>; Wifi_EnableSta 1; Wifi_EnableAp 0; Save; Restart
• Point your browser or automation tool (e.g. cURL) to
http://192.168.4.1/cm?cmnd=<URL-ENCODED_BACKLOG> ‑– or, for legacy builds, /cfg?cmd=.
• After the reboot the OpenBK device joins the specified Wi-Fi network (STA mode) and the built-in Access-Point is turned off.

Key points
– Use the /cm?cmnd= (Tasmota-style) endpoint on current firmware, /cfg?cmd= on size-optimised/old builds.
– URL-encode every non-alphanumeric character (space → %20, “;” → %3B, “@” → %40, etc.).
– A single Backlog line guarantees atomic execution and prevents a half-configured, unreachable device.

---

Detailed problem analysis

1. Device start-up behaviour
   • First boot / after reset: OpenBK exposes an AP (SSID like OpenBK7231T_F4C8B6) on 192.168.4.1/24.
   • Goal: Move from AP (Soft-AP) to STA (client) mode, then disable Soft-AP to avoid unneeded RF traffic and security exposure.

2. OpenBK HTTP control interface
   a) Endpoints
   – New builds (2022 – now): /cm?cmnd= (mirrors Tasmota syntax).
   – “CFG” builds (<2022 or size-optimised): /cfg?cmd=.
   b) Command grammar (subset)
   Wifi_SSID  – store SSID
   Wifi_Pass  – store PSK / password
   Wifi_EnableSta 1|0 – enable/disable station mode
   Wifi_EnableAp 1|0 – enable/disable Soft-AP
   Save       – commit to flash
   Restart     – warm-reboot MCU
   Backlog c1; c2; … – queue commands in one transaction

3. Constructing the request

   Example with SSID = My Net and Password = P@ssw0rd!
   Raw backlog:

   Backlog Wifi_SSID My Net; Wifi_Pass P@ssw0rd!; Wifi_EnableSta 1; Wifi_EnableAp 0; Save; Restart

   URL-encoded backlog (spaces → %20, “;” → %3B, “@” → %40, “!” → %21):

   Backlog%20Wifi_SSID%20My%20Net%3B%20Wifi_Pass%20P%40ssw0rd%21%3B%20Wifi_EnableSta%201%3B%20Wifi_EnableAp%200%3B%20Save%3B%20Restart

   Final URL (current firmware):

   http://192.168.4.1/cm?cmnd=Backlog%20Wifi_SSID%20My%20Net%3B%20Wifi_Pass%20P%40ssw0rd%21%3B%20Wifi_EnableSta%201%3B%20Wifi_EnableAp%200%3B%20Save%3B%20Restart

   After pressing Enter the browser shows a JSON reply, then the socket drops because the ESP/Beken reboots.

4. Timing & fallback
   • Boot-up sequence:
   – STA connects to router (typically <4 s).
   – If connection succeeds, AP stops immediately (or after WiFiAPStaTimeout seconds – default ≈ 60).
   – If connection fails, AP re-enables so you are not locked out.
   • You can shorten the fallback with WiFiAPStaTimeout 5 in the same backlog if desired.

5. Automation with cURL

   DEVICE_IP=192.168.4.1
   curl -G --data-urlencode \
   "cmnd=Backlog Wifi_SSID My_Net; Wifi_Pass P@ssw0rd!; Wifi_EnableSta 1; Wifi_EnableAp 0; Save; Restart" \
   "http://${DEVICE_IP}/cm"

   --data-urlencode handles special characters for you.

---

Current information and trends

• Since mid-2023 OpenBK adds mDNS (openbk.local) making discovery easier after STA join.
• New commits (Q2-2024) introduce Wifi_EnableAp 2 (AP only for N seconds) – may supersede manual timeout tweaks.
• OTA SSL endpoint under test; HTTPS control may soon be available (currently HTTP only).

---

Supporting explanations and details

• Why Backlog? Minimises race conditions: Wi-Fi credentials are saved before AP is disabled, then a controlled reboot starts STA quickly.
• Security: Turning off AP removes an open or weakly-secured SSID, shrinking attack surface.

---

Ethical and legal aspects

• Ensure you have permission to join the target Wi-Fi (corporate or neighbour networks may forbid unregistered IoT nodes).
• Open APs may leak personal data; disabling them is good cybersecurity hygiene.
• Comply with local RF regulations; some regions restrict channel/power – OpenBK honours country code only when compiled with such support.

---

Practical guidelines

• Always test credentials on another device first to avoid typos.
• Keep the device powered on near the router for strong RSSI during first connection.
• After reboot, look up the MAC (printed on JSON boot log or label) in your router’s DHCP list.
• For fleets, script discovery with arp-scan or use mDNS (.local) names.

Potential challenges & remedies
– Wrong country settings ⇒ set WiFi_TxPower or channel to match router.
– Hidden SSID ⇒ OpenBK 1.18+ supports them but needs Wifi_ScanHidden 1.
– WPA3-only router ⇒ force WPA2 mixed mode; Beken SoC does not speak WPA3 yet.

---

Possible disclaimers or additional notes

• A firmware crash during Save could brick the configuration (rare). Keep GPIO0 broken-out for serial recovery.
• Legacy /cfg?cmd= builds lack some commands (e.g., Wifi_EnableAp). Upgrade when possible.

---

Suggestions for further research

• Explore MQTT / HTTP REST integration after the device is on your LAN.
• Evaluate mTLS patches for encrypted command channel.
• Monitor GitHub repo openshwprojects/OpenBK7231T_App for new Wi-Fi stack (BK7236 port).

---

Brief summary

Send a single URL-encoded Backlog request – via /cm?cmnd= or /cfg?cmd= – that: sets SSID and password, enables STA, disables AP, saves, and restarts. After reboot the device associates with your router, the temporary Access-Point vanishes, and you can reach the web UI on the new DHCP address. This one-shot method is safe, script-friendly, and aligns with current OpenBK firmware capabilities.

Disclaimer: The responses provided by artificial intelligence (language model) may be inaccurate and misleading. Elektroda is not responsible for the accuracy, reliability, or completeness of the presented information. All responses should be verified by the user.