Documentation

MTBS ISP Cloud

Enterprise-grade multi-tenant SaaS platform for ISP network management

This documentation covers every feature of MTBS ISP Cloud — from first login to advanced API usage. Use the sidebar to navigate between sections.

What Is MTBS ISP Cloud?

MTBS ISP Cloud is a complete network management platform built specifically for Internet Service Providers. It runs as a web application at isp.mtbs.cloud and provides a companion Flutter mobile app for field engineers.

The platform handles everything an ISP operations team needs daily:

OLT & ONU management — provision, monitor, and control fiber equipment from ZTE, Huawei, and Fiberhome
Switch management — full port/VLAN/MAC visibility and port-level control via SNMP
WireGuard VPN — manage VPN tunnels and peers for your team and devices
Alarm monitoring — real-time alerts with NOC workflow (acknowledge → assign → resolve)
Billing & finance — customer accounts, packages, invoicing, payments
Multi-tenant RBAC — each ISP is an isolated tenant; roles control what each user can do
REST API — all features accessible via /api/v1 for integrations and automation
Flutter mobile app — iOS & Android app for on-the-go network management

Platform Architecture

Layer	Technology	Purpose
Backend	`PHP 8.3` (Custom MVC)	Web & API server, no Laravel/Symfony bloat
Database	`MySQL 8.4`	All data with per-tenant row-level isolation
Web UI	`Bootstrap 5`	Responsive dark-theme admin interface
REST API	`/api/v1` (JSON)	JWT-authenticated, versioned API
Mobile	`Flutter / Dart`	Cross-platform iOS & Android app
State Mgmt	`Riverpod`	Flutter state management
Navigation	`GoRouter`	Flutter declarative routing
Network	`Dio`	HTTP client with interceptors
Auth	JWT (access + refresh tokens)	Stateless auth for API & mobile
VPN	WireGuard	VPN server & peer management

Key Concepts

Tenant

Each ISP is a separate "tenant". Data is fully isolated — users in Tenant A never see Tenant B's data.

Role

Every user has a role (Admin, NOC, Billing, Viewer). Roles define what pages and actions they can access.

OLT

An Optical Line Terminal — the central device that connects to many customer ONUs via fiber PON ports.

ONU

An Optical Network Unit — the customer-side device that connects to the OLT. Each customer typically has one ONU.

Alarm

An alert generated when a monitored condition is met (e.g., ONU signal below threshold, port down).

Job

A background task (e.g., ONU provisioning). Long operations run as async jobs so the UI stays responsive.

Quick Start Guide

Follow these steps to get your ISP up and running on MTBS ISP Cloud from zero to fully operational.

Estimated time to first ONU provisioned: under 30 minutes if you have your OLT credentials ready.

Step 1 — Tenant Account Setup

1

Contact MTBS to create your tenant

A Platform Admin creates your ISP tenant in the system, assigns you a subdomain, and sends you your initial Admin credentials via a secure channel.

2

Log in as ISP Admin

Go to isp.mtbs.cloud/login, enter your email and password. You will land on the Dashboard.

3

Change your password

Go to Profile → Change Password immediately. Use a strong password (12+ chars, mixed case, numbers, symbols).

Step 2 — Add Your Infrastructure

4

Create Sites

Go to Sites in the sidebar and click Add Site. Create one site per physical location (e.g., "Karachi-North", "Lahore-Central").

5

Add OLTs

Go to OLTs and click Add OLT. Select your vendor (ZTE / Huawei / Fiberhome), enter the management IP, SNMP community, SSH credentials, and assign a site. Click Save & Sync to pull card/port data immediately.

6

Add Switches

Go to Switches and click Add Switch. Enter IP, SNMP credentials, and select L2 or L3 type. The system will poll port status automatically every 5 minutes.

Step 3 — Provision Your First ONU

7

Run ONU Discovery

Go to ONUs → Discover, select your OLT and PON port, click Discover Rogue ONUs. Any unprovvisioned ONUs on that port appear in the list.

8

Provision the ONU

Click Provision next to the discovered ONU. Fill in: customer name, service profile (e.g., "20Mbps-PPPoE"), VLAN ID, WAN mode (PPPoE/DHCP/Static), and any PPPoE username/password. Click Submit. A provisioning job is created and runs in the background.

9

Verify the Job

Go to Jobs to watch the provisioning job progress. When it shows COMPLETED, the ONU is live on the network.

Step 4 — Set Up Your Team

10

Invite users

Go to Users → Add User. Fill in name, email, and assign a role. NOC Engineers get OLT/ONU/switch access. Billing Managers get billing access. Viewers get read-only access.

11

Configure alarm rules

Go to Alarms → Rules and set thresholds for optical power levels, port state changes, and device uptime. The monitoring engine will generate alarms automatically.

12

Install the mobile app

Field engineers can download the MTBS ISP Cloud Flutter app for iOS or Android. They log in with their web credentials — the same account works across both platforms.

Logging In

Access MTBS ISP Cloud at isp.mtbs.cloud/login from any modern web browser.

isp.mtbs.cloud / login

MTBS

ISP Cloud Management

Sign In

Enter your credentials to access the platform

Email Address

admin@myisp.com

Password

••••••••••••

Sign In

Forgot your password? Reset it here

Login page — dark-themed, accessible from any browser. No app install required for the web interface.

Login Process

Navigate to isp.mtbs.cloud/login
Enter your Email Address and Password
Click Sign In
You will be redirected to the Dashboard

Forgot Password

Click the "Forgot your password? Reset it here" link on the login page. Enter your email address and you will receive a reset link. Follow the link to set a new password.

Sessions expire after a period of inactivity. You will be automatically redirected to the login page when your session expires. Your work is always saved before expiry.

Security Notes

All connections use HTTPS — your credentials are always encrypted in transit
Passwords are hashed with bcrypt — even database admins cannot read them
The web UI uses CSRF tokens on every form to prevent cross-site request forgery
The API uses JWT tokens — access tokens expire in 15 minutes, refresh tokens in 7 days

Dashboard

The dashboard is your main operational hub. It shows real-time KPIs, active alarms, and a summary of your network health at a glance.

isp.mtbs.cloud / dashboard

Dashboard Overview

48

OLTs Online

1,240

Active ONUs

7

Active Alarms

312

Switches

Recent Alarms

OLT-03 port down

ONU signal weak

Switch SW-11 high CPU

Job Queue

Provision ONU ZTEG4421DONE

Sync OLT-07RUNNING

Billing reportQUEUED

Main dashboard — KPI cards at top, recent alarms (left) and job queue status (right). Sidebar shows navigation with unread alarm count badge.

Dashboard Sections

Widget	What It Shows	Where It Links
OLTs Online	Count of OLTs currently reachable	OLT list page
Active ONUs	ONUs with status = active/online	ONU list page
Active Alarms	Unresolved alarms across all devices	Alarms page
Switches	Total switches in inventory	Switch list page
Recent Alarms	Last 5 unacknowledged alarms with severity colour	Each alarm's detail
Job Queue	Last 5 background jobs with status	Jobs list page

NOC Dashboard

Navigate to /dashboard/noc or click NOC View in the dashboard header. This is a full-screen, auto-refreshing alarm board designed to be displayed on a wall monitor in your NOC room. It shows all active alarms, grouped by severity, with timestamps and site information.

The NOC dashboard requires the dashboard.noc permission. Only NOC Engineers and above can access it.

OLT Management

OLTs (Optical Line Terminals) are the central devices in your fiber network. MTBS ISP Cloud supports ZTE, Huawei, and Fiberhome OLTs via SNMP and SSH.

isp.mtbs.cloud / olts

OLT Devices

Name	Vendor	IP Address	Site	PON Ports	Status
OLT-01-KHI	ZTE C300	10.10.1.1	Karachi-North	16	Online
OLT-02-KHI	ZTE C680	10.10.1.2	Karachi-South	32	Online
OLT-03-LHR	Huawei MA5800	10.20.1.1	Lahore-Central	24	Offline
OLT-04-LHR	Fiberhome AN6000	10.20.1.2	Lahore-East	16	Online

OLT list — shows all OLTs with vendor, IP, site assignment, port count, and live status. Click View for full detail.

Adding an OLT

Go to OLTs in the sidebar
Click Add OLT
Fill in the form:
- Name: A descriptive name (e.g., "OLT-01-Karachi")
- Vendor: Select ZTE, Huawei, or Fiberhome
- Model: Select the specific model (e.g., C300, MA5800)
- Management IP: The OLT's reachable IP address
- SNMP Community: Read-only SNMP community string
- SSH Username / Password: For configuration push operations
- Site: Assign to a physical site
Click Save & Sync to save and immediately pull card/port data

OLT Detail Page

Click View on any OLT to see its detail page with tabs:

Tab	Contents
Overview	Status, uptime, last sync time, card inventory
PON Ports	All PON ports with ONU count and status per port
ONUs	All ONUs on this OLT (links to ONU detail)
Alarms	Active alarms associated with this OLT

Syncing an OLT

Click Sync on the OLT list or the Sync Now button on the detail page. This creates a background job that pulls the latest card, port, and ONU data from the device via SNMP. Watch the job progress on the Jobs page.

OLTs are automatically synced on a schedule. Manual sync is available for immediate updates after network changes.

Required Permissions

olts.view to view OLTs olts.manage to add, edit, sync, and delete OLTs

ONU Provisioning

ONUs (Optical Network Units) are the customer-premises devices. This section covers discovery, provisioning, and day-to-day management.

isp.mtbs.cloud / onus

ONU Devices

Serial Number	Customer	OLT / PON	RX Power	Profile	Status
ZTEG44218812	Ali Hassan	OLT-01 / PON2	-18.5 dBm	20Mbps-PPPoE	Provisioned
HWTC9A3B21F	Sara Ahmed	OLT-01 / PON3	-20.1 dBm	50Mbps-DHCP	Provisioned
ZTEG88AABB11	— Unassigned —	OLT-02 / PON1	-27.3 dBm	—	Discovered
FHTT1234ABCD	Zara Khan	OLT-04 / PON5	-19.8 dBm	10Mbps-PPPoE	Provisioned

ONU list — shows serial numbers, customer assignments, optical power (RX), service profile, and status. Unprovisioned (Discovered) ONUs show a Provision button.

ONU Discovery

When a customer plugs in a new ONU, it appears on the PON port as a "rogue" (unprovisioned) ONU.

Click Discover on the ONU list page
Select the OLT and the PON Port to scan
Click Discover Rogue ONUs
Any unprovisioned ONUs appear in the list with status Discovered

Provisioning an ONU

isp.mtbs.cloud / onus / provision

Provision ONU — ZTEG88AABB11

Customer Name

Ahmad Raza

Service Profile

20Mbps-PPPoE ▾

VLAN ID

100

WAN Mode

PPPoE ▾

PPPoE Username

ahmad@isp

PPPoE Password

••••••••

Cancel

Submit & Provision

ONU provisioning form — fill in customer details, service profile, VLAN, and WAN mode then submit. A background job handles the rest.

Provisioning Form Fields

Field	Required	Description
Customer Name	Yes	The subscriber's name for identification
Service Profile	Yes	The pre-configured bandwidth and QoS profile (e.g., 20Mbps-PPPoE)
VLAN ID	Yes	The service VLAN for this customer (1–4094)
WAN Mode	Yes	`pppoe`, `dhcp`, or `static`
PPPoE Username	If PPPoE	The username for the PPPoE session
PPPoE Password	If PPPoE	The password for the PPPoE session
ONU Index	Auto	Auto-assigned by the system from the OLT

ONU Actions

Reboot — Sends a reboot command to the ONU via the OLT. Takes effect in ~30 seconds.
Suspend — Blocks the ONU's service without removing its configuration.
Factory Reset — Resets the ONU to factory defaults and removes it from the OLT config.
Edit — Change the customer name, profile, or VLAN assignment.

Required Permissions

onus.view to view ONUs onus.manage to provision, reboot, suspend, and delete

Switch Management

The switch management module gives you complete visibility and control over your L2 and L3 switches via SNMP.

isp.mtbs.cloud / switches / 5

SW-05 — 10.10.5.1 Online

Ports

VLANs

MAC Table

ARP Table

Port	Description	Speed	Status	VLAN
Gi0/0/1	Uplink-Core	1G	Up	Trunk
Gi0/0/2	OLT-01	1G	Up	100
Gi0/0/3	AP-Rooftop	100M	Down	200
Gi0/0/4	— unused —	—	Down	1

Switch detail — Ports tab showing port list with status, speed, VLAN, and per-port shutdown/enable action. Tabs at top switch between Ports, VLANs, MAC Table, and ARP Table.

Switch Detail Tabs

Tab	Contents	Key Actions
Ports	All physical ports with status, speed, description, VLAN	Shutdown / Enable per port
VLANs	VLAN table: ID, name, status, tagged/untagged ports	View only
MAC Table	MAC address table: MAC, VLAN, port, type	View only, searchable
ARP Table	IP-to-MAC mappings (L3 switches only)	View only, searchable
Routes	Routing table (L3 switches only)	View only

Use Shutdown carefully. Shutting down an uplink port will disconnect all downstream devices. There is no confirmation prompt — the action is immediate.

Required Permissions

switches.view to view switches.manage to add, edit, and control ports

Alarms & Monitoring

The alarm system continuously monitors your network and generates alerts when conditions breach configured thresholds.

isp.mtbs.cloud / alarms

Active Alarms

CRITICAL 2

MAJOR 3

MINOR 2

Sev	Device	Message	Site	Time
CRIT	OLT-03	PON port 4 — all ONUs down	Lahore-Central	2 min ago
CRIT	OLT-03	Management reachability lost	Lahore-Central	3 min ago
MAJ	ONU ZTEG882	RX power -30.1 dBm (threshold -28)	Karachi-North	12 min ago
MAJ	SW-11	CPU utilisation 94% for 10+ min	Karachi-South	22 min ago

Alarms list — severity badges (CRIT / MAJ / MINOR / INFO), device, message, site, and time. ACK to acknowledge, Detail for full alarm view.

Alarm Severity Levels

Severity	Colour	Meaning	Typical Cause
Critical	Red	Service-affecting, immediate action required	OLT down, all ONUs offline, core link down
Major	Amber	Degraded service, action required soon	High CPU, weak optical signal, partial port failure
Minor	Blue	Performance degradation, monitor closely	Increased error rates, borderline signal
Info	Grey	Informational, no action typically required	Device reboot, config push completed, peer reconnected

Alarm Workflow

!

Active (Unacknowledged)

The alarm is active and no one has looked at it yet. It appears at the top of the list and increments the sidebar alarm badge.

✓

Acknowledged

A NOC engineer clicked ACK, confirming they have seen the alarm and are investigating. The badge count decreases.

✓✓

Resolved

The engineer confirmed the issue is fixed. The alarm moves to the history view and is no longer counted as active.

Required Permissions

alarms.view to view alarms.manage to acknowledge, assign, and resolve

Billing & Finance

The billing module manages your customers, service packages, invoices, and payments all in one place.

isp.mtbs.cloud / billing

Billing Overview

PKR 842K

Revenue This Month

38

Unpaid Invoices

1,240

Active Customers

Recent Invoices

Invoice #	Customer	Package	Amount	Due Date	Status
INV-2410-001	Ali Hassan	20Mbps Home	PKR 2,500	Oct 31	Paid
INV-2410-002	Sara Ahmed	50Mbps Pro	PKR 4,500	Oct 31	Unpaid
INV-2410-003	Zara Khan	10Mbps Basic	PKR 1,200	Oct 31	Overdue

Billing dashboard — monthly revenue, unpaid invoice count, customer total. Invoice list with status badges (Paid / Unpaid / Overdue).

Billing Modules

Module	Description
Customers	All subscribers with contact info, active package, and billing history
Packages	Service tiers with name, speed, price, and billing cycle
Invoices	Monthly invoices auto-generated or manually created; downloadable PDF
Payments	Record payments received (cash, bank transfer, online); link to invoices
Reports	Revenue by month, overdue accounts, package distribution charts

Required Permissions

Only users with the Billing Manager role or ISP Admin role can access billing. The billing.view permission gates the entire billing module.

WireGuard VPN

The WireGuard module lets you manage VPN servers and peers directly from the web UI — useful for securing remote management access to your network devices.

isp.mtbs.cloud / wireguard

WireGuard Servers & Peers

VPN-Server-01 · 10.8.0.1/24 · Port 51820 · Running

Peer Name	Allowed IPs	Last Handshake	Endpoint	Status
field-eng-01	10.8.0.2/32	2 min ago	203.x.x.10:54312	Connected
noc-laptop	10.8.0.3/32	15 min ago	202.x.x.44:49201	Connected
remote-backup	10.8.0.4/32	Never	—	Inactive

WireGuard page — server status bar at top, peer list with last handshake time and connection status. Config button generates the WireGuard config file or QR code for that peer.

Adding a Peer

Click Add Peer
Enter a peer name (e.g., "field-eng-john") and allowed IP (e.g., 10.8.0.10/32)
The system generates a key pair and creates the peer config automatically
Click Download Config or Show QR Code to get the WireGuard config for the client device
Import the config into the WireGuard app on the client (mobile, laptop, or router)

Private keys are generated server-side and stored encrypted. The Config download gives the peer its private key — this is the only time the private key is shown. Store it securely.

Required Permissions

wireguard.view to view servers and peers wireguard.manage to add, edit, and delete peers

Sites & Devices

Sites are physical locations (data centres, exchange buildings, field cabinets). Devices are any network equipment at a site that doesn't have its own dedicated module (e.g., generic routers, servers, power equipment).

isp.mtbs.cloud / sites

Sites

Karachi-North

F.B Area Exchange

4 OLTs 8 Switches 12 Devices

Karachi-South

Korangi Industrial

2 OLTs 6 Switches 8 Devices

Lahore-Central

Gulberg Data Centre

6 OLTs 9 Switches 15 Devices

Lahore-East

DHA Hub

2 OLTs 4 Switches 6 Devices

Sites list — cards showing each site with location, OLT count, switch count, and total device inventory.

How to Use Sites

Create sites first, then assign OLTs and switches to them when adding those devices
Each site shows a summary of all equipment assigned to it
Alarms are tagged with site information for quick geographic triage

Required Permissions

sites.view to view sites devices.view to view devices sites.manage / devices.manage to add and edit

Users & Roles

User management is available to ISP Admins. Each user has one role that controls their permissions across the entire platform.

Creating a User

Go to Users → Add User
Enter Full Name, Email, and a temporary Password
Select a Role from the dropdown
Click Create User
The user receives a welcome email with login instructions

Role Reference

Role	Who Uses It	Key Access
Platform Admin	MTBS staff only	Manage all tenants, all users, system settings
Platform Support	MTBS support staff	Read-only view of all tenants, no modification
ISP Admin	Your IT admin	Full control within your tenant: users, devices, billing, VPN, settings
NOC Engineer	Network operations staff	OLTs, ONUs, switches, alarms, WireGuard; no billing
Billing Manager	Finance team	Full billing module; no network device access
Viewer	Management, read-only staff	Read-only dashboard, devices, alarms; no write operations, no billing

Permission Reference

Permission Slug	Controls Access To
`dashboard.view`	Main dashboard
`olts.view` / `olts.manage`	OLT list, detail, sync, add/edit/delete
`onus.view` / `onus.manage`	ONU list, provision, reboot, delete
`switches.view` / `switches.manage`	Switch list, ports, VLAN/MAC/ARP tables, port control
`alarms.view` / `alarms.manage`	Alarm list, acknowledge, resolve
`sites.view` / `sites.manage`	Site list, add/edit
`wireguard.view` / `wireguard.manage`	VPN servers and peers, add/edit/delete peers
`billing.view` / `billing.manage`	Customers, invoices, payments, packages, reports
`users.view` / `users.manage`	User list, add/edit/deactivate users
`tenants.view` / `tenants.manage`	Tenant list and management (Platform Admin only)

Tenant Management

Tenants are the top-level organisational unit — each ISP customer of MTBS is a separate tenant. Tenant management is only available to Platform Admins.

ISP Admins and NOC Engineers do not see the tenant management section. It is only visible to Platform Admin and Platform Support accounts.

Creating a New Tenant

Log in as a Platform Admin
Go to Tenants → Add Tenant
Enter the ISP name, contact email, and plan details
Click Create Tenant
Then go to Users → Add User, select the new tenant, set role to ISP Admin, and create the first admin account for that ISP

Tenant Isolation Guarantee

All database queries are automatically scoped to the active tenant's ID
There is no way for a user in Tenant A to access Tenant B's data through the web UI or API
WireGuard peers are isolated per tenant
Billing data is isolated per tenant

Job Queue

Long-running operations (ONU provisioning, OLT sync, bulk operations, report generation) run as background jobs so the web interface stays responsive.

isp.mtbs.cloud / jobs

Background Jobs

Type	Description	Created By	Duration	Status
ONU Provision	Provision ZTEG88AABB11	noc@isp.com	8s	Completed
OLT Sync	Sync OLT-07 Karachi-South	System	running...	Running
Billing Report	October 2024 revenue report	billing@isp.com	—	Queued
ONU Reboot	Reboot HWTC9A3B21F	noc@isp.com	3s	Completed
OLT Sync	Sync OLT-03 Lahore-Central	System	12s	Failed

Job queue — all background jobs with type, description, who triggered it, duration, and status (Completed / Running / Queued / Failed).

Job Statuses

Status	Meaning
Queued	Job is waiting to be picked up by a worker
Running	Job is currently executing
Completed	Job finished successfully
Failed	Job encountered an error. Click to view the error message and stack trace. Failed jobs can be retried.

Retrying a Failed Job

Click on a Failed job to see the error detail. If the issue is transient (e.g., device temporarily unreachable), click Retry to re-queue the job. The system automatically retries jobs up to 3 times with exponential backoff before marking them as permanently failed.

Flutter Mobile App

The MTBS ISP Cloud mobile app for iOS and Android gives your field engineers and NOC staff full network management capability from their phones.

MTBS

ISP Cloud

admin@isp.com

••••••••

Sign In

Login Screen

Sign in with your web credentials — same account across web and mobile.

MTBS ISP

48

OLTs

1.2K

ONUs

7

Alarms

312

Switches

ALARMS

OLT-03 port down

ONU signal weak

Dashboard Screen

Live KPI cards, alarm feed, and job status overview.

OLT Devices

OLT-01

ZTE C300

OLT-02

ZTE C680

OLT-03

Huawei MA5800

OLT-04

Fiberhome AN6000

OLT List Screen

Browse all OLTs, see status, tap for full detail and ONU list.

Active Alarms

OLT-03 port down

CRIT

ONU signal -30dBm

MAJ

SW-11 high CPU

MAJ

Peer reconnected

INFO

Acknowledge All

Alarm List Screen

View and acknowledge alarms from the field in seconds.

App Screens

Screen	What You Can Do
Login	Sign in with your web credentials (same email & password). Session persists with JWT refresh tokens.
Dashboard	Live KPI cards (OLTs, ONUs, Alarms, Switches), recent alarm feed, job queue summary
OLT List	Browse all OLTs, see online/offline status, tap to see ONU list and PON port breakdown
OLT Detail	Card inventory, PON port list with ONU counts, trigger a sync
ONU List	Filter by OLT, search by serial number or customer, see optical power levels
ONU Detail	Full ONU status, RX/TX power, reboot and suspend actions
Switch List	All switches with online/offline status, tap for detail
Switch Detail	4-tab view: Ports, VLANs, MAC Table, ARP Table. Port shutdown/enable from mobile.
Alarms	Full alarm list with severity filter, acknowledge from mobile
WireGuard	Peer list with last handshake time and connection status
Profile	Your user info, role, permissions list, change password, logout

Session & Security

JWT tokens are stored in Flutter Secure Storage (iOS Keychain / Android Keystore)
Access tokens refresh automatically in the background — no re-login required
If your session expires (e.g., device offline for 7+ days), you are redirected to the login screen
Logout clears all tokens from secure storage

API — Authentication

All API requests (except login) require a valid JWT access token in the Authorization header.

Base URL

https://isp.mtbs.cloud/api/v1

Login

POST /api/v1/auth/login Content-Type: application/json { "email": "admin@myisp.com", "password": "yourpassword" } → 200 OK { "data": { "user": { "id": 1, "name": "Admin", "email": "admin@myisp.com", "role": "isp_admin" }, "tokens": { "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." } } }

Using the Access Token

# Add to every API request Authorization: Bearer <access_token> Example: GET /api/v1/olts Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Refresh Token

POST /api/v1/auth/refresh Content-Type: application/json { "refresh_token": "eyJhbGci..." } → 200 OK { "data": { "access_token": "eyJhbGci...new...", "refresh_token": "eyJhbGci...new..." } }

Access tokens expire in 15 minutes. Refresh tokens expire in 7 days. Always implement token refresh in your integration — a 401 response means the access token has expired.

Get Current User

GET /api/v1/auth/me Authorization: Bearer <access_token> → Returns user profile, role, and permissions array

Change Password

POST /api/v1/auth/change-password Authorization: Bearer <access_token> { "current_password": "old", "new_password": "new", "confirm_password": "new" }

Error Responses

HTTP Status	Meaning
`401 Unauthorized`	Missing token, expired token, or invalid credentials
`403 Forbidden`	Valid token but insufficient permissions for this action
`422 Unprocessable`	Validation error — check the `errors` field in the response
`500 Server Error`	Unexpected server error — report to MTBS support

API — OLT Endpoints

GET/api/v1/oltsList all OLTs for your tenant. Returns id, name, vendor, model, ip, status, site_id, last_synced_at.

GET/api/v1/olts/{id}Full detail for one OLT including cards and PON port list.

POST/api/v1/oltsCreate a new OLT. Body: name, vendor, model, ip, snmp_community, ssh_username, ssh_password, site_id.

PUT/api/v1/olts/{id}Update OLT fields.

POST/api/v1/olts/{id}/syncTrigger a background sync job for this OLT. Returns job_id.

GET/api/v1/olts/{id}/onusList all ONUs on this OLT.

GET/api/v1/olts/{id}/cardsCard inventory for this OLT.

DELETE/api/v1/olts/{id}Delete OLT and all associated data. Requires olts.manage permission.

ONU Discovery & Provisioning

GET/api/v1/onusList all ONUs. Filter with ?olt_id=&status=&search= query params.

GET/api/v1/onus/{id}Full ONU detail: serial number, customer, profile, VLAN, RX/TX power, status.

POST/api/v1/onus/discoverDiscover rogue ONUs. Body: olt_id, pon_port. Returns list of unprovisioned serial numbers.

POST/api/v1/onus/provisionProvision an ONU. Body: olt_id, pon_port, onu_index, serial_number, service_profile, vlan_id, wan_mode, customer_name, pppoe_username, pppoe_password. Returns job_id.

POST/api/v1/onus/{id}/rebootReboot ONU via the OLT. Returns job_id.

POST/api/v1/onus/{id}/suspendSuspend ONU service.

DELETE/api/v1/onus/{id}Remove ONU from OLT and database.

API — Other Endpoints

Switches

GET/api/v1/switchesList all switches with status.

GET/api/v1/switches/{id}/portsPort list with status, speed, VLAN, description.

GET/api/v1/switches/{id}/vlansVLAN table for this switch.

GET/api/v1/switches/{id}/macsMAC address table (filterable by VLAN or port).

GET/api/v1/switches/{id}/arpsARP table for L3 switches.

POST/api/v1/switches/{id}/ports/{port}/shutdownShutdown a specific switch port. Immediate effect.

POST/api/v1/switches/{id}/ports/{port}/enableEnable a previously shutdown port.

Alarms

GET/api/v1/alarms/{id}Full alarm detail with history and assignment.

POST/api/v1/alarms/{id}/acknowledgeAcknowledge alarm. Body: note (optional string).

POST/api/v1/alarms/{id}/resolveMark alarm resolved. Body: resolution_note (optional string).

WireGuard

GET/api/v1/wireguard/serversList WireGuard servers and their status.

GET/api/v1/wireguard/peersList peers with last handshake and connection status.

POST/api/v1/wireguard/peersCreate peer. Body: name, server_id, allowed_ips. Returns config with private key.

DELETE/api/v1/wireguard/peers/{id}Delete peer and revoke its keys.

Sites & Devices

GET/api/v1/sitesList all sites with device counts.

GET/api/v1/devicesList all devices. Filter by site_id or type.

Notifications

GET/api/v1/notificationsList notifications for current user. Returns is_read boolean (from read_at timestamp), message, type, created_at.

POST/api/v1/notifications/{id}/readMark a notification as read.

POST/api/v1/notifications/read-allMark all notifications as read.

Jobs

GET/api/v1/jobsList jobs for tenant. Filter by status, type.

GET/api/v1/jobs/{id}Job detail including error message and stack trace for failed jobs.

POST/api/v1/jobs/{id}/retryRe-queue a failed job.

Manage Your Entire NetworkFrom One Platform

Built for Modern ISPs

OLT Management

ONU Provisioning

Switch Management

WireGuard VPN

Sites & Devices

Monitoring & Alarms

Billing & Finance

Background Job Queue

Multi-Tenant & RBAC

Up and Running in Minutes

Create Your Tenant Account

Add Your Sites & Connect Devices

Discover & Provision ONUs

Set Up Alarm Rules & Monitoring

Manage from Web & Mobile

API-First Architecture

Take Control of YourISP Network Today

MTBS ISP Cloud

What Is MTBS ISP Cloud?

Platform Architecture

Key Concepts

Quick Start Guide

Step 1 — Tenant Account Setup

Contact MTBS to create your tenant

Log in as ISP Admin

Change your password

Step 2 — Add Your Infrastructure

Create Sites

Add OLTs

Add Switches

Step 3 — Provision Your First ONU

Run ONU Discovery

Provision the ONU

Verify the Job

Step 4 — Set Up Your Team

Invite users

Configure alarm rules

Install the mobile app

Logging In

Login Process

Forgot Password

Security Notes

Dashboard

Dashboard Sections

NOC Dashboard

OLT Management

Adding an OLT

OLT Detail Page

Syncing an OLT

Required Permissions

ONU Provisioning

ONU Discovery

Provisioning an ONU

Provisioning Form Fields

ONU Actions

Required Permissions

Switch Management

Switch Detail Tabs

Required Permissions

Alarms & Monitoring

Alarm Severity Levels

Alarm Workflow

Active (Unacknowledged)

Acknowledged

Resolved

Required Permissions

Billing & Finance

Billing Modules

Required Permissions

WireGuard VPN

Adding a Peer

Required Permissions

Sites & Devices

How to Use Sites

Required Permissions

Users & Roles

Creating a User

Role Reference

Manage Your Entire Network
From One Platform

Take Control of Your
ISP Network Today