Platform Documentation
From MikroTik setup to tenant configuration & payments — start to finish.
1) Quick Overview
This platform manages tenants, routers, plans, vouchers, and payments. It provisions Hotspot/PPPoE users on MikroTik via API and confirms payments via webhooks or polling.
2) Prerequisites
- Tenant created in the portal.
- Router record added with IP/host and credentials.
- At least one Hotspot plan (or PPPoE plan if using PPPoE).
- Public URL for your tenant domain (recommended TLS).
3) MikroTik Setup (Recommended: Auto Bootstrap)
Use the built-in script generator to fully configure a fresh MikroTik for Hotspot and secure API access.
- Open Admin > Network > Router.
- Select your Router, review Script Options (Cloud DDNS, API-SSL, lockdown, extra hosts, PPPoE optional).
- Click Generate Secure .rsc (or Generate .rsc Script).
- Paste the script in the MikroTik terminal.
- Wait for completion message: "Hotspot, DHCP, NAT and template configured."
Direct URL (replace {ID}): https://tiwi.co.ke/mikrotik/hotspot/script.rsc?router={ID}
Secure preset (add your server IP): ?router={ID}&api_allow=YOUR_SERVER_IP&api_lockdown=1
4) MikroTik Setup (Manual - minimal)
If you cannot run the full script, run these core commands:
# Enable MikroTik Cloud DDNS and set secure API /ip cloud set ddns-enabled=yes update-time=yes /ip service set api-ssl disabled=no port=8729 /ip service set api disabled=yes # optional: disable plain API # Allow your platform server to connect, drop others (replace X.X.X.X) /ip firewall filter add chain=input src-address=X.X.X.X protocol=tcp dst-port=8729 action=accept comment="Allow Platform API" /ip firewall filter add chain=input protocol=tcp dst-port=8729 action=drop comment="Drop other API-SSL" # Fetch dynamic hotspot template /tool fetch url=https://tiwi.co.ke/mikrotik/hotspot/login.html dst-path=hotspot/login.html check-certificate=yes # Set Hotspot profile to use the template (adjust profile name) /ip hotspot profile set [find name=hsprof1] html-directory=hotspot login-by=http-chap,http-pap
Preview template: https://tiwi.co.ke/mikrotik/hotspot/login.html
5) Plans, Vouchers, and Payments
- Create plans: price, validity, bandwidth. Assign to a router.
- Vouchers (optional): generate codes and distribute to customers.
- Payments: M-Pesa webhooks for instant confirmation; public status page handles polling on Hotspot flow.
Hotspot pay entrypoint is embedded in the login template; after success, the user returns to the router login and signs in with their credentials.
6) PPPoE (Optional)
Enable PPPoE server via the generator by ticking "Enable PPPoE Server", or add it later. Customers are still provisioned from the platform.
7) Security Best Practices
- Prefer API-SSL (8729) and disable plain API (8728).
- Lock API-SSL to your server IP and drop others on WAN.
- Keep the template auto-sync scheduler enabled for updates.
8) Troubleshooting
- Template not downloading: set
check_tls=0in the generator if using self-signed certificates. - Captive portal not appearing: verify Hotspot server on
bridge-local, DHCP enabled, and DNS set to allow remote requests. - API connection refused: confirm API-SSL is enabled and firewall allow rule matches your server IP.
9) Useful Links
- Generate full script:
https://tiwi.co.ke/mikrotik/hotspot/script.rsc?router={ID} - Template preview: https://tiwi.co.ke/mikrotik/hotspot/login.html
- Template download: https://tiwi.co.ke/mikrotik/hotspot/login.download