API Reference

Exchange credentials for a JWT. The token expires after 24 hours.

Request body

{
  "email": "[email protected]",
  "password": "your-password"
}

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Returns the latest status snapshot for all registered servers.

Response

[
  {
    "server_id": "los-angeles",
    "online": true,
    "ping_ms": 12.4,
    "peers": 5,
    "transfer_rx": 1048576,
    "transfer_tx": 524288,
    "reported_at": "2026-05-06T12:00:00Z"
  }
]

Returns latency and transfer history for all servers over the last 72 hours.

Response

[
  {
    "server_id": "los-angeles",
    "ping_ms": 12.4,
    "transfer_rx": 1048576,
    "transfer_tx": 524288,
    "recorded_at": "2026-05-06T12:00:00Z"
  }
]

List all peers configured on a VPN server.

Response

[
  {
    "id": "abc123",
    "name": "alice-iphone",
    "enabled": true,
    "address": "10.8.0.2",
    "publicKey": "...",
    "latestHandshakeAt": "2026-05-06T11:55:00Z",
    "transferRx": 2097152,
    "transferTx": 1048576
  }
]

Create a new peer on a VPN server. Returns the new peer object.

Request body

{
  "name": "alice-iphone"
}

Response

{
  "id": "abc123",
  "name": "alice-iphone",
  "enabled": true,
  "address": "10.8.0.3",
  "publicKey": "..."
}

Enable or disable a peer. action must be "enable" or "disable".

Returns the peer's WireGuard config as an SVG QR code for mobile scanning.

Response

image/svg+xml

Returns the audit log. Supports ?limit= and ?offset= query parameters.

Response

[
  {
    "id": 1,
    "actor": "[email protected]",
    "action": "wg_client_created",
    "target": "los-angeles/alice-iphone",
    "ip": "1.2.3.4",
    "created_at": "2026-05-06T12:01:00Z"
  }
]

Export the full audit log as a CSV file.

Response

text/csv

Used by agent binaries to push metrics to the control plane. Requires the agent auth token.

Request body

{
  "server_id": "los-angeles",
  "ping_ms": 12.4,
  "peers": 5,
  "transfer_rx": 1048576,
  "transfer_tx": 524288
}