The Clash core ships a RESTful API (default 127.0.0.1:9090); the Clash for Windows GUI is itself just a client of this API. Understanding it unlocks third-party web dashboards and scripted automation.
Confirm the API works
curl http://127.0.0.1:9090/version
A response like {"premium":true,"version":"2023.08.17"} means all good.
Useful endpoints
| Endpoint | Purpose |
|---|---|
GET /proxies | List all groups and nodes with current selections. |
PUT /proxies/:name | Change the selection of a select group. |
GET /connections | Live connection list (what the Connections page shows). |
PATCH /configs | Change mode, ports etc. at runtime, e.g. {"mode":"Global"}. |
GET /traffic | Streaming up/down rates. |
Using a web dashboard
Open-source dashboards (yacd, clash-dashboard) are static pages: open one, point it at http://127.0.0.1:9090, and you get roughly the same controls as the client UI. Their real strength is managing Clash on another machine - just use that machine's LAN IP.
Adding a secret
If you expose the API to your LAN (external-controller: 0.0.0.0:9090), set a secret. Via Mixin:
mixin:
external-controller: 0.0.0.0:9090
secret: "a-long-random-string"
All requests must then carry Authorization: Bearer a-long-random-string.
Worked automation examples (scheduled node switching and more) are in API Automation in Practice.