diff --git a/README.md b/README.md
index 9087ce5..699b7b1 100644
--- a/README.md
+++ b/README.md
@@ -10,31 +10,31 @@
 opn-cli - the OPNsense CLI written in python.
 
 - [opn-cli](#opn-cli)
-  * [Install](#install)
-  * [Configure](#configure)
-  * [Usage](#usage)
-  * [docker usage](#docker-usage)
-  * [Features](#features)
-    + [Shell Completion](#shell-completion)
-    + [Output formats](#output-formats)
+  - [Install](#install)
+  - [Configure](#configure)
+  - [Usage](#usage)
+  - [docker usage](#docker-usage)
+  - [Features](#features)
+    - [Shell Completion](#shell-completion)
+    - [Output formats](#output-formats)
       - [cols](#cols)
       - [table](#table)
       - [json](#json)
-      - [json_filter](#json-filter)
+      - [json\_filter](#json_filter)
       - [plain](#plain)
       - [yaml](#yaml)
-    + [Code Generator](#code-generator)
+    - [Code Generator](#code-generator)
       - [API code core](#api-code-core)
       - [API code plugin](#api-code-plugin)
       - [Core command code](#core-command-code)
       - [Plugin command code](#plugin-command-code)
       - [Puppet custom resource type](#puppet-custom-resource-type)
-    + [Resolving of names to uuids](#resolving-of-names-to-uuids)
-  * [Commands](#commands)
-    + [Firewall](#firewall)
+    - [Resolving of names to uuids](#resolving-of-names-to-uuids)
+  - [Commands](#commands)
+    - [Firewall](#firewall)
       - [Aliases](#aliases)
       - [Rules](#rules)
-    + [Haproxy](#haproxy)
+    - [Haproxy](#haproxy)
       - [Acl](#acl)
       - [Action](#action)
       - [Backend](#backend)
@@ -48,30 +48,32 @@ opn-cli - the OPNsense CLI written in python.
       - [Resolver](#resolver)
       - [Server](#server)
       - [User](#user)
-    + [Ipsec](#ipsec)
+    - [Ipsec](#ipsec)
       - [Tunnel phase1](#tunnel-phase1)
       - [Tunnel phase2](#tunnel-phase2)
-    + [Routes](#routes)
+    - [Routes](#routes)
       - [Static routes](#static-routes)
       - [Gateway](#gateway)
-    + [Nodeexporter](#nodeexporter)
+    - [Nodeexporter](#nodeexporter)
       - [Config](#config-1)
-    + [Syslog](#syslog)
+    - [Syslog](#syslog)
       - [Syslog destination](#syslog-destination)
       - [Syslog stats](#syslog-stats)
-    + [OpenVPN](#openvpn)
-    + [Plugins](#plugins)
-    + [Unbound](#unbound)
+    - [OpenVPN](#openvpn)
+    - [Plugins](#plugins)
+    - [Unbound](#unbound)
       - [host overrides](#host-overrides)
       - [host alias overrides](#host-alias-overrides)
       - [domain overrides](#domain-overrides)
       - [Examples](#examples)
-    + [Apibackup](#apibackup)
-      - [Examples](#examples)
-  * [Development](#development)
-    + [Setup development environment](#setup-development-environment)
-    + [Testing](#testing)
-    + [Contributing](#contributing)
+    - [Apibackup](#apibackup)
+      - [Examples](#examples-1)
+    - [Configbackup](#configbackup)
+      - [Examples](#examples-2)
+  - [Development](#development)
+    - [Setup development environment](#setup-development-environment)
+    - [Testing](#testing)
+    - [Contributing](#contributing)
 
 ## Install
 ```
@@ -1038,6 +1040,8 @@ opn-cli unbound domain create --domain rockin.com --server 192.168.56.3
 
 ### Apibackup
 This feature needs the opnsense plugin os-api-backup.
+This plugin was deprecated with the OPNsense 24.1 release.
+So if you are running OPNsense 24.1 or higher use the [Configbackup](###configbackup) command.
 
 ```
 $ opn-cli plugin install os-api-backup
@@ -1059,6 +1063,28 @@ $ opn-cli apibackup backup download -p /tmp/config_backup.xml
 successfully saved to: /tmp/config_backup.xml
 ```
 
+### Configbackup
+The plugin "os-api-backup" was discontinued in OPNsense Version 24.1, because the core API provides the same functionality.
+This command provides the exact same functionality than [Apibackup](###apibackup) but uses the OPNsense Core API-Endpoint.
+So if you are running a OPNsense Instance version 24.1 or higher use this command for configuration backups instead of "apibackup".
+
+
+#### Examples
+
+Download a backup of the OPNsense system configuration to the current directory:
+
+```
+$ opn-cli configbackup backup download
+successfully saved to: ./config.xml
+```
+
+Or specify a path and filename:
+
+```
+$ opn-cli configbackup backup download -p /tmp/config_backup.xml
+successfully saved to: /tmp/config_backup.xml
+```
+
 ## Development
 
 ### Setup development environment
diff --git a/opnsense_cli/api/client.py b/opnsense_cli/api/client.py
index 173b1af..11838cd 100644
--- a/opnsense_cli/api/client.py
+++ b/opnsense_cli/api/client.py
@@ -25,8 +25,12 @@ def ssl_verify_cert(self):
         return self._ssl_verify_cert
 
     def _process_response(self, response):
+        content_type = response.headers["Content-Type"]
         if response.status_code in HTTP_SUCCESS:
-            return json.loads(response.text)
+            if "application/json" in content_type:
+                return json.loads(response.text)
+            else:
+                return response.text
         else:
             raise APIException(response=response.status_code, resp_body=response.text, url=response.url)
 
diff --git a/opnsense_cli/api/core/configbackup.py b/opnsense_cli/api/core/configbackup.py
new file mode 100644
index 0000000..aea84cf
--- /dev/null
+++ b/opnsense_cli/api/core/configbackup.py
@@ -0,0 +1,14 @@
+from opnsense_cli.api.base import ApiBase
+
+
+class Backup(ApiBase):
+    MODULE = "core"
+    CONTROLLER = "backup"
+    """
+    api-backup BackupController
+    """
+
+    @ApiBase._api_call
+    def download(self, *args):
+        self.method = "get"
+        self.command = "download"
diff --git a/opnsense_cli/commands/core/configbackup/__init__.py b/opnsense_cli/commands/core/configbackup/__init__.py
new file mode 100644
index 0000000..f235385
--- /dev/null
+++ b/opnsense_cli/commands/core/configbackup/__init__.py
@@ -0,0 +1,8 @@
+import click
+
+
+@click.group()
+def configbackup(**kwargs):
+    """
+    Manage api-backup operations (OPNsense version >= 24.1)
+    """
diff --git a/opnsense_cli/commands/core/configbackup/backup.py b/opnsense_cli/commands/core/configbackup/backup.py
new file mode 100644
index 0000000..a1720ac
--- /dev/null
+++ b/opnsense_cli/commands/core/configbackup/backup.py
@@ -0,0 +1,59 @@
+import click
+from opnsense_cli.formatters.cli_output import CliOutputFormatter
+from opnsense_cli.callbacks.click import formatter_from_formatter_name, expand_path, available_formats
+from opnsense_cli.commands.core.configbackup import configbackup
+from opnsense_cli.api.client import ApiClient
+from opnsense_cli.api.core.configbackup import Backup
+from opnsense_cli.facades.commands.core.configbackup.backup import ApibackupBackupFacade
+
+pass_api_client = click.make_pass_decorator(ApiClient)
+pass_apibackup_backup_svc = click.make_pass_decorator(ApibackupBackupFacade)
+
+
+@configbackup.group()
+@pass_api_client
+@click.pass_context
+def backup(ctx, api_client: ApiClient, **kwargs):
+    """
+    Manage api-backup
+    """
+    backup_api = Backup(api_client)
+    ctx.obj = ApibackupBackupFacade(backup_api)
+
+
+@backup.command()
+@click.option(
+    "-p",
+    "--path",
+    help="The target path.",
+    type=click.Path(dir_okay=False),
+    default="./config.xml",
+    is_eager=True,
+    show_default=True,
+    callback=expand_path,
+    show_envvar=True,
+    required=True,
+)
+@click.option(
+    "--output",
+    "-o",
+    help="Specifies the Output format.",
+    default="plain",
+    type=click.Choice(available_formats()),
+    callback=formatter_from_formatter_name,
+    show_default=True,
+)
+@click.option(
+    "--cols",
+    "-c",
+    help="Which columns should be printed? Pass empty string (-c " ") to show all columns",
+    default="status",
+    show_default=True,
+)
+@pass_apibackup_backup_svc
+def download(apibackup_backup_svc: ApibackupBackupFacade, **kwargs):
+    """
+    Download config.xml from OPNsense.
+    """
+    result = apibackup_backup_svc.download_backup(kwargs["path"])
+    CliOutputFormatter(result, kwargs["output"], kwargs["cols"].split(",")).echo()
diff --git a/opnsense_cli/commands/plugin/apibackup/__init__.py b/opnsense_cli/commands/plugin/apibackup/__init__.py
index 24df822..11d4b56 100644
--- a/opnsense_cli/commands/plugin/apibackup/__init__.py
+++ b/opnsense_cli/commands/plugin/apibackup/__init__.py
@@ -4,5 +4,5 @@
 @click.group()
 def apibackup(**kwargs):
     """
-    Manage api-backup operations
+    Manage api-backup operations (OPNsense version <= 23.7)
     """
diff --git a/opnsense_cli/facades/commands/base.py b/opnsense_cli/facades/commands/base.py
index eb21912..d9c5841 100644
--- a/opnsense_cli/facades/commands/base.py
+++ b/opnsense_cli/facades/commands/base.py
@@ -105,6 +105,10 @@ def _write_base64_string_to_zipfile(self, path, base64_data):
         with open(path, "wb") as zipFile:
             zipFile.write(content)
 
+    def _write_xml_string_to_file(self, path, xml_content):
+        with open(path, "w") as xmlFile:
+            xmlFile.write(xml_content)
+
     def resolve_linked_uuids(self, resolve_map, resolve_items):
         uuids = [item for item in resolve_items.split(",") if self.is_uuid(item)]
         names = [item for item in resolve_items.split(",") if not self.is_uuid(item)]
diff --git a/opnsense_cli/facades/commands/core/configbackup/__init__.py b/opnsense_cli/facades/commands/core/configbackup/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/opnsense_cli/facades/commands/core/configbackup/backup.py b/opnsense_cli/facades/commands/core/configbackup/backup.py
new file mode 100644
index 0000000..d611d65
--- /dev/null
+++ b/opnsense_cli/facades/commands/core/configbackup/backup.py
@@ -0,0 +1,12 @@
+from opnsense_cli.api.core.configbackup import Backup
+from opnsense_cli.facades.commands.base import CommandFacade
+
+
+class ApibackupBackupFacade(CommandFacade):
+    def __init__(self, backup_api: Backup):
+        self._backup_api = backup_api
+
+    def download_backup(self, path):
+        config = self._backup_api.download("this")
+        self._write_xml_string_to_file(path, config)
+        return {"status": f"successfully saved to: {path}"}
diff --git a/opnsense_cli/fixtures/tests/commands/core/configbackup/__init__.py b/opnsense_cli/fixtures/tests/commands/core/configbackup/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/opnsense_cli/fixtures/tests/commands/core/configbackup/config.xml.sample b/opnsense_cli/fixtures/tests/commands/core/configbackup/config.xml.sample
new file mode 100644
index 0000000..d6a0637
--- /dev/null
+++ b/opnsense_cli/fixtures/tests/commands/core/configbackup/config.xml.sample
@@ -0,0 +1,384 @@
+<?xml version="1.0"?>
+<opnsense>
+  <trigger_initial_wizard/>
+  <theme>opnsense</theme>
+  <sysctl>
+    <item>
+      <descr><![CDATA[Increase UFS read-ahead speeds to match the state of hard drives and NCQ.]]></descr>
+      <tunable>vfs.read_max</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
+      <tunable>net.inet.ip.portrange.first</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
+      <tunable>net.inet.tcp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
+      <tunable>net.inet.udp.blackhole</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Randomize the ID field in IP packets]]></descr>
+      <tunable>net.inet.ip.random_id</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      ]]></descr>
+      <tunable>net.inet.ip.sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[
+        Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
+        It can also be used to probe for information about your internal networks. These functions come enabled
+        as part of the standard FreeBSD core system.
+      ]]></descr>
+      <tunable>net.inet.ip.accept_sourceroute</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[
+        This option turns off the logging of redirect packets because there is no limit and this could fill
+        up your logs consuming your whole hard drive.
+      ]]></descr>
+      <tunable>net.inet.icmp.log_redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
+      <tunable>net.inet.tcp.drop_synfin</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Enable sending IPv6 redirects]]></descr>
+      <tunable>net.inet6.ip6.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>
+      <tunable>net.inet6.ip6.use_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr>
+      <tunable>net.inet6.ip6.prefer_tempaddr</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
+      <tunable>net.inet.tcp.syncookies</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
+      <tunable>net.inet.tcp.recvspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
+      <tunable>net.inet.tcp.sendspace</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
+      <tunable>net.inet.tcp.delayed_ack</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
+      <tunable>net.inet.udp.maxdgram</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
+      <tunable>net.link.bridge.pfil_onlyip</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Set to 1 to additionally filter on the physical interface for locally destined packets]]></descr>
+      <tunable>net.link.bridge.pfil_local_phys</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
+      <tunable>net.link.bridge.pfil_member</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
+      <tunable>net.link.bridge.pfil_bridge</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
+      <tunable>net.link.tap.user_open</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
+      <tunable>kern.randompid</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
+      <tunable>hw.syscons.kbd_reboot</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Enable TCP extended debugging]]></descr>
+      <tunable>net.inet.tcp.log_debug</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Set ICMP Limits]]></descr>
+      <tunable>net.inet.icmp.icmplim</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[TCP Offload Engine]]></descr>
+      <tunable>net.inet.tcp.tso</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[UDP Checksums]]></descr>
+      <tunable>net.inet.udp.checksum</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Maximum socket buffer size]]></descr>
+      <tunable>kern.ipc.maxsockbuf</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Page Table Isolation (Meltdown mitigation, requires reboot.)]]></descr>
+      <tunable>vm.pmap.pti</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Disable Indirect Branch Restricted Speculation (Spectre V2 mitigation)]]></descr>
+      <tunable>hw.ibrs_disable</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Hide processes running as other groups]]></descr>
+      <tunable>security.bsd.see_other_gids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Hide processes running as other users]]></descr>
+      <tunable>security.bsd.see_other_uids</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[Enable/disable sending of ICMP redirects in response to IP packets for which a better,
+        and for the sender directly reachable, route and next hop is known.]]>
+      </descr>
+      <tunable>net.inet.ip.redirect</tunable>
+      <value>default</value>
+    </item>
+    <item>
+      <descr><![CDATA[
+        Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
+        to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
+        packets without returning a response.
+      ]]></descr>
+      <tunable>net.inet.icmp.drop_redirect</tunable>
+      <value>1</value>
+    </item>
+    <item>
+      <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
+      <tunable>net.local.dgram.maxdgram</tunable>
+      <value>default</value>
+    </item>
+  </sysctl>
+  <system>
+    <optimization>normal</optimization>
+    <hostname>OPNsense</hostname>
+    <domain>localdomain</domain>
+    <dnsallowoverride>1</dnsallowoverride>
+    <group>
+      <name>admins</name>
+      <description><![CDATA[System Administrators]]></description>
+      <scope>system</scope>
+      <gid>1999</gid>
+      <member>0</member>
+      <priv>page-all</priv>
+    </group>
+    <user>
+      <name>root</name>
+      <descr><![CDATA[System Administrator]]></descr>
+      <scope>system</scope>
+      <groupname>admins</groupname>
+      <password>$2y$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
+      <uid>0</uid>
+    </user>
+    <nextuid>2000</nextuid>
+    <nextgid>2000</nextgid>
+    <timezone>Etc/UTC</timezone>
+    <timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
+    <webgui>
+      <protocol>https</protocol>
+    </webgui>
+    <disablenatreflection>yes</disablenatreflection>
+    <usevirtualterminal>1</usevirtualterminal>
+    <disableconsolemenu/>
+    <disablevlanhwfilter>1</disablevlanhwfilter>
+    <disablechecksumoffloading>1</disablechecksumoffloading>
+    <disablesegmentationoffloading>1</disablesegmentationoffloading>
+    <disablelargereceiveoffloading>1</disablelargereceiveoffloading>
+    <ipv6allow/>
+    <powerd_ac_mode>hadp</powerd_ac_mode>
+    <powerd_battery_mode>hadp</powerd_battery_mode>
+    <powerd_normal_mode>hadp</powerd_normal_mode>
+    <bogons>
+      <interval>monthly</interval>
+    </bogons>
+    <pf_share_forward>1</pf_share_forward>
+    <lb_use_sticky>1</lb_use_sticky>
+    <ssh>
+      <group>admins</group>
+    </ssh>
+    <rrdbackup>-1</rrdbackup>
+    <netflowbackup>-1</netflowbackup>
+  </system>
+  <interfaces>
+    <wan>
+      <enable>1</enable>
+      <if>mismatch1</if>
+      <mtu/>
+      <ipaddr>dhcp</ipaddr>
+      <ipaddrv6>dhcp6</ipaddrv6>
+      <subnet/>
+      <gateway/>
+      <blockpriv>1</blockpriv>
+      <blockbogons>1</blockbogons>
+      <dhcphostname/>
+      <media/>
+      <mediaopt/>
+      <dhcp6-ia-pd-len>0</dhcp6-ia-pd-len>
+    </wan>
+    <lan>
+      <enable>1</enable>
+      <if>mismatch0</if>
+      <ipaddr>192.168.1.1</ipaddr>
+      <subnet>24</subnet>
+      <ipaddrv6>track6</ipaddrv6>
+      <subnetv6>64</subnetv6>
+      <media/>
+      <mediaopt/>
+      <track6-interface>wan</track6-interface>
+      <track6-prefix-id>0</track6-prefix-id>
+    </lan>
+  </interfaces>
+  <dhcpd>
+    <lan>
+      <enable/>
+      <range>
+        <from>192.168.1.100</from>
+        <to>192.168.1.199</to>
+      </range>
+    </lan>
+  </dhcpd>
+  <unbound>
+    <enable>1</enable>
+  </unbound>
+  <snmpd>
+    <syslocation/>
+    <syscontact/>
+    <rocommunity>public</rocommunity>
+  </snmpd>
+  <nat>
+    <outbound>
+      <mode>automatic</mode>
+    </outbound>
+  </nat>
+  <filter>
+    <rule>
+      <type>pass</type>
+      <ipprotocol>inet</ipprotocol>
+      <descr><![CDATA[Default allow LAN to any rule]]></descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+    <rule>
+      <type>pass</type>
+      <ipprotocol>inet6</ipprotocol>
+      <descr><![CDATA[Default allow LAN IPv6 to any rule]]></descr>
+      <interface>lan</interface>
+      <source>
+        <network>lan</network>
+      </source>
+      <destination>
+        <any/>
+      </destination>
+    </rule>
+  </filter>
+  <rrd>
+    <enable/>
+  </rrd>
+  <load_balancer>
+    <monitor_type>
+      <name>ICMP</name>
+      <type>icmp</type>
+      <descr><![CDATA[ICMP]]></descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>TCP</name>
+      <type>tcp</type>
+      <descr><![CDATA[Generic TCP]]></descr>
+      <options/>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTP</name>
+      <type>http</type>
+      <descr><![CDATA[Generic HTTP]]></descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+    <monitor_type>
+      <name>HTTPS</name>
+      <type>https</type>
+      <descr><![CDATA[Generic HTTPS]]></descr>
+      <options>
+        <path>/</path>
+        <host/>
+        <code>200</code>
+      </options>
+    </monitor_type>
+    <monitor_type>
+      <name>SMTP</name>
+      <type>send</type>
+      <descr><![CDATA[Generic SMTP]]></descr>
+      <options>
+        <send/>
+        <expect>220 *</expect>
+      </options>
+    </monitor_type>
+  </load_balancer>
+  <ntpd>
+    <prefer>0.opnsense.pool.ntp.org</prefer>
+  </ntpd>
+  <widgets>
+    <sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
+    <column_count>2</column_count>
+  </widgets>
+</opnsense>
diff --git a/opnsense_cli/tests/commands/core/test_configbackup.py b/opnsense_cli/tests/commands/core/test_configbackup.py
new file mode 100644
index 0000000..6276abd
--- /dev/null
+++ b/opnsense_cli/tests/commands/core/test_configbackup.py
@@ -0,0 +1,24 @@
+from unittest.mock import patch
+from opnsense_cli.commands.core.configbackup.backup import backup
+from opnsense_cli.tests.commands.base import CommandTestCase
+
+
+class TestApibackupCommands(CommandTestCase):
+    def setUp(self):
+        self._setup_fakefs()
+
+        self._api_data_fixtures_download = self._read_fixture_file("core/configbackup/config.xml.sample")
+        self._api_client_args_fixtures = ["api_key", "api_secret", "https://127.0.0.1/api", True, "~/.opn-cli/ca.pem", 60]
+
+    @patch("opnsense_cli.commands.core.configbackup.backup.ApiClient.execute")
+    def test_download(self, api_response_mock):
+        result = self._opn_cli_command_result(
+            api_response_mock,
+            [
+                self._api_data_fixtures_download,
+            ],
+            backup,
+            ["download"],
+        )
+
+        self.assertIn("successfully saved to: ./config.xml\n", result.output)