The external controller: driving Clash over a RESTful API
external-controller: 127.0.0.1:9090 in the config makes the core expose an HTTP API — the Clash for Windows UI itself talks to it. Your scripts can too:
Endpoint quick reference
# list all groups and nodes
curl http://127.0.0.1:9090/proxies
# switch group "Proxy Select" to node "HK-01"
curl -X PUT http://127.0.0.1:9090/proxies/Proxy%20Select ^
-d "{\"name\": \"HK-01\"}"
# live traffic (long-lived stream)
curl http://127.0.0.1:9090/traffic
# drop all connections
curl -X DELETE http://127.0.0.1:9090/connections
# latency-test one node
curl "http://127.0.0.1:9090/proxies/HK-01/delay?timeout=3000&url=http://www.gstatic.com/generate_204"
Security note
If you rebind the listener to 0.0.0.0:9090 (say, to control it from your phone), always set the secret field and send Authorization: Bearer <secret> — otherwise anyone on the LAN can reconfigure your proxy. For a friendlier front end to the same API, see "Third-party dashboards".