NebulaVPN API
Reference material for NebulaVPN.
VPN
Manage VPN deployments. Each VPN defines a shared network that can contain one or more VPN instances of different types. All peers across instances within the same VPN share the same address space and can communicate with each other.
GET
/v1/nebulavpn/vpns(orchestrator)
List VPNs.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| id | query | string | Filter by id. (can suffix with wildcard *) | |
| l | query | integer | Paginate Limit / Entities per Page. (1-50, 0 for infinite, -1 for streaming) | |
| name | query | string | Filter by name. (can suffix with wildcard *) | |
| p | query | integer | Paginate Current Page. (default 1) | |
| sc | query | string | Sort by Property/Column. (id, name, status) | |
| sd | query | string | Sort direction. asc for Ascending or desc for Descending | |
| status | query | string | Filter by status. (can suffix with wildcard *) |
Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | Unique VPN identifier. |
| metadata.page | body | integer | Current Page. (always 1 for infinite) |
| metadata.pages | body | integer | Total Pages. (always 1 for infinite) |
| metadata.per_page | body | integer | Equeal to the entities per page limit or always equal to total records for infinite queries. |
| metadata.records | body | integer | Total entities found. (always max 250 unless infinite is accepted query parameter) |
| name | body | string | Name of the VPN. |
| status | body | string | Current status (active, provisioning, failed, deleting). |
Response Example
{
"payload": [
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"name": "my-vpn",
"status": "active"
}
],
"metadata": {
"records": 1,
"page": 1,
"pages": 1,
"per_page": 10
}
}GET
/v1/nebulavpn/vpn/{vpn_id}(orchestrator)
Get VPN.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| vpn_id | url | string | Unique VPN identifier. | X |
Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | Unique VPN identifier. |
| name | body | string | Name of the VPN. |
| status | body | string | Current status. |
Response Example
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"name": "my-vpn",
"status": "active"
}POST
/v1/nebulavpn/vpn(orchestrator)
Create VPN.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| name | body | string | Unique name for the VPN. Alphanumeric characters, underscores, and hyphens only. | X |
Request Example
{
"name": "my-vpn"
}Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | Unique VPN identifier. |
| name | body | string | Name of Entity. |
| status | body | string | Status. |
Response Example
{
"id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"name": "my-vpn",
"status": "active"
}PATCH
/v1/nebulavpn/vpn/{vpn_id}(orchestrator)
Update VPN.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| vpn_id | url | string | Unique VPN identifier. | X |
| name | body | string | New name for the VPN. |
Request Example
{
"name": "renamed-vpn"
}Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
DELETE
/v1/nebulavpn/vpn/{vpn_id}(orchestrator)
Delete VPN.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| vpn_id | url | string | Unique VPN identifier. | X |
Response Status Codes
| Code | Meaning |
|---|---|
| 204 | OK - No Content |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
WireGuard Instance
Manage the WireGuard instance under a VPN. Each VPN supports at most one WireGuard instance. Creating an instance generates a keypair and allocates a server listen port automatically.
Deleting the WireGuard instance removes all peers and routes but keeps the parent VPN grouping.
GET
/v1/nebulavpn/vpn/{vpn_id}/wg(orchestrator)
Get WireGuard Instance.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| vpn_id | url | string | Unique VPN identifier. | X |
Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | Unique WireGuard instance identifier. |
| ip_address | body | string | Server IP address on the WireGuard interface. |
| vpn_id | body | string | Parent VPN identifier. |
| wg_port | body | integer | Server-side WireGuard listen port (auto-assigned). |
| wg_public_key | body | string | Server WireGuard public key. |
Response Example
{
"id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"vpn_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"wg_port": 12345,
"wg_public_key": "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=",
"ip_address": "10.0.0.1"
}POST
/v1/nebulavpn/vpn/{vpn_id}/wg(orchestrator)
Create WireGuard Instance.
Service
orchestrator
orchestrator
Create a WireGuard instance under a VPN. A keypair and server listen
port are generated automatically. Each VPN supports at most one
WireGuard instance.
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| vpn_id | url | string | Unique VPN identifier. | X |
| ip_address | body | string | Server IP address for the WireGuard interface. | X |
Request Example
{
"ip_address": "10.0.0.1"
}Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | Unique WireGuard instance identifier. |
| ip_address | body | string | Ip Address. |
| vpn_id | body | string | Vpn Id. |
| wg_port | body | integer | Auto-assigned server listen port. |
| wg_public_key | body | string | Generated server public key. |
Response Example
{
"id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"vpn_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"wg_port": 12345,
"wg_public_key": "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=",
"ip_address": "10.0.0.1"
}DELETE
/v1/nebulavpn/vpn/{vpn_id}/wg(orchestrator)
Delete WireGuard Instance.
Service
orchestrator
orchestrator
Delete the WireGuard instance and all its peers and routes.
The parent VPN grouping is preserved.
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| vpn_id | url | string | Unique VPN identifier. | X |
Response Status Codes
| Code | Meaning |
|---|---|
| 204 | OK - No Content |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
WireGuard Peers
Manage WireGuard peers (clients) on a VPN. Each peer has a name, IP address, public key, and optional hub designation. Fetching an individual peer includes status from the active router such as the current endpoint, last handshake time, and traffic counters.
GET
/v1/nebulavpn/vpn/{vpn_id}/wg/peers(orchestrator)
List Peers.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| vpn_id | url | string | Unique VPN identifier. | X |
| hub | query | boolean | Filter by hub. | |
| id | query | string | Filter by id. (can suffix with wildcard *) | |
| ip_address | query | string | Filter by ip_address. (can suffix with wildcard *) | |
| l | query | integer | Paginate Limit / Entities per Page. (1-50, 0 for infinite, -1 for streaming) | |
| name | query | string | Filter by name. (can suffix with wildcard *) | |
| p | query | integer | Paginate Current Page. (default 1) | |
| sc | query | string | Sort by Property/Column. (id, name, ip_address, hub, status) | |
| sd | query | string | Sort direction. asc for Ascending or desc for Descending | |
| status | query | string | Filter by status. (can suffix with wildcard *) |
Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| hub | body | boolean | Whether the peer is a hub node. |
| id | body | string | Unique peer identifier. |
| ip_address | body | string | Peer IP address. |
| metadata.page | body | integer | Current Page. (always 1 for infinite) |
| metadata.pages | body | integer | Total Pages. (always 1 for infinite) |
| metadata.per_page | body | integer | Equeal to the entities per page limit or always equal to total records for infinite queries. |
| metadata.records | body | integer | Total entities found. (always max 250 unless infinite is accepted query parameter) |
| name | body | string | Peer name. |
| public_key | body | string | Client WireGuard public key. |
| status | body | string | Current status. |
Response Example
{
"payload": [
{
"id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"name": "branch-office-1",
"ip_address": "10.0.0.2",
"public_key": "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=",
"hub": false,
"status": "active"
}
],
"metadata": {
"records": 1,
"page": 1,
"pages": 1,
"per_page": 10
}
}GET
/v1/nebulavpn/vpn/{vpn_id}/wg/peer/{peer_id}(orchestrator)
Get Peer.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| peer_id | url | string | Unique peer identifier. | X |
| vpn_id | url | string | Unique VPN identifier. | X |
Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| connected | body | boolean | Whether the peer is currently connected. True when the last WireGuard handshake was within the last 3 minutes. |
| disabled | body | boolean | Whether the peer is disabled on the router. |
| endpoint | body | string | Remote endpoint IP address. Null if peer has never connected. |
| endpoint_port | body | string | Remote endpoint port. Null if peer has never connected. |
| hub | body | boolean | Whether the peer is a hub node. |
| id | body | string | Unique peer identifier. |
| ip_address | body | string | Peer IP address. |
| last_handshake | body | string | Time since the last successful WireGuard handshake as a RouterOS duration (e.g. ``1m32s``). Null if the peer has never connected. |
| name | body | string | Peer name. |
| public_key | body | string | Client WireGuard public key. |
| rx | body | string | Total bytes received from the peer. |
| status | body | string | Current status. |
| tx | body | string | Total bytes transmitted to the peer. |
| wg_vpn_id | body | string | Parent WireGuard instance identifier. |
Response Example
{
"id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"wg_vpn_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"name": "branch-office-1",
"ip_address": "10.0.0.2",
"public_key": "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=",
"hub": false,
"status": "active",
"endpoint": "41.76.108.46",
"endpoint_port": "51820",
"last_handshake": "1m32s",
"rx": "1234567",
"tx": "7654321",
"disabled": false,
"connected": true
}POST
/v1/nebulavpn/vpn/{vpn_id}/wg/peer(orchestrator)
Add Peer.
Service
orchestrator
orchestrator
Add a WireGuard peer to the VPN. If a public key is not provided,
a keypair will be generated and the private key returned in the
response (one-time only).
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| vpn_id | url | string | Unique VPN identifier. | X |
| hub | body | boolean | Designate the peer as a hub node. Defaults to false. | |
| ip_address | body | string | IP address for the peer within the VPN address range. | X |
| name | body | string | Peer name. Alphanumeric characters, underscores, and hyphens only. | X |
| public_key | body | string | Client WireGuard public key. If omitted, a keypair is generated. |
Request Example
{
"name": "branch-office-1",
"ip_address": "10.0.0.2",
"public_key": "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=",
"hub": false
}Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| hub | body | boolean | Hub. |
| id | body | string | Unique peer identifier. |
| ip_address | body | string | Ip Address. |
| name | body | string | Name of Entity. |
| private_key | body | string | Only returned when a keypair was generated (public_key was not provided). Store this securely — it cannot be retrieved again. |
| public_key | body | string | Public Key. |
| status | body | string | Status. |
Response Example
{
"id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"name": "branch-office-1",
"ip_address": "10.0.0.2",
"public_key": "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=",
"hub": false,
"status": "active"
}PATCH
/v1/nebulavpn/vpn/{vpn_id}/wg/peer/{peer_id}(orchestrator)
Update Peer.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| peer_id | url | string | Unique peer identifier. | X |
| vpn_id | url | string | Unique VPN identifier. | X |
| name | body | string | New peer name. | |
| public_key | body | string | New WireGuard public key. |
Request Example
{
"name": "branch-office-renamed",
"public_key": "newKeyBase64String="
}Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
DELETE
/v1/nebulavpn/vpn/{vpn_id}/wg/peer/{peer_id}(orchestrator)
Delete Peer.
Service
orchestrator
orchestrator
Delete a peer and all its associated routes.
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| peer_id | url | string | Unique peer identifier. | X |
| vpn_id | url | string | Unique VPN identifier. | X |
Response Status Codes
| Code | Meaning |
|---|---|
| 204 | OK - No Content |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
WireGuard Routes
Manage routed network prefixes for a specific peer. Each route directs traffic for a given prefix through the peer's VPN tunnel.
GET
/v1/nebulavpn/vpn/{vpn_id}/wg/peer/{peer_id}/routes(orchestrator)
List Routes.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| peer_id | url | string | Unique peer identifier. | X |
| vpn_id | url | string | Unique VPN identifier. | X |
| id | query | string | Filter by id. (can suffix with wildcard *) | |
| l | query | integer | Paginate Limit / Entities per Page. (1-50, 0 for infinite, -1 for streaming) | |
| name | query | string | Filter by name. (can suffix with wildcard *) | |
| p | query | integer | Paginate Current Page. (default 1) | |
| prefix | query | string | Filter by prefix. (can suffix with wildcard *) | |
| sc | query | string | Sort by Property/Column. (id, name, prefix, status) | |
| sd | query | string | Sort direction. asc for Ascending or desc for Descending | |
| status | query | string | Filter by status. (can suffix with wildcard *) |
Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | Unique route identifier. |
| metadata.page | body | integer | Current Page. (always 1 for infinite) |
| metadata.pages | body | integer | Total Pages. (always 1 for infinite) |
| metadata.per_page | body | integer | Equeal to the entities per page limit or always equal to total records for infinite queries. |
| metadata.records | body | integer | Total entities found. (always max 250 unless infinite is accepted query parameter) |
| name | body | string | Route description. |
| prefix | body | string | CIDR network prefix. |
| status | body | string | Current status. |
| vpn_type | body | string | VPN type (wireguard). |
Response Example
{
"payload": [
{
"id": "d4e5f6a7-b8c9-0123-defa-234567890123",
"name": "Branch LAN",
"prefix": "192.168.1.0/24",
"vpn_type": "wireguard",
"status": "active"
}
],
"metadata": {
"records": 1,
"page": 1,
"pages": 1,
"per_page": 10
}
}GET
/v1/nebulavpn/vpn/{vpn_id}/wg/peer/{peer_id}/route/{route_id}(orchestrator)
Get Route.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| peer_id | url | string | Unique peer identifier. | X |
| route_id | url | string | Unique route identifier. | X |
| vpn_id | url | string | Unique VPN identifier. | X |
Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| client_id | body | string | Parent peer identifier. |
| id | body | string | Unique route identifier. |
| name | body | string | Route description. |
| prefix | body | string | CIDR network prefix. |
| status | body | string | Current status. |
| vpn_id | body | string | Parent VPN identifier. |
| vpn_type | body | string | VPN type (wireguard). |
Response Example
{
"id": "d4e5f6a7-b8c9-0123-defa-234567890123",
"vpn_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"vpn_type": "wireguard",
"client_id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
"name": "Branch LAN",
"prefix": "192.168.1.0/24",
"status": "active"
}POST
/v1/nebulavpn/vpn/{vpn_id}/wg/peer/{peer_id}/route(orchestrator)
Add Route.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| X-Timezone | header | string | Timezone for response datetime property values. (default UTC) | |
| peer_id | url | string | Unique peer identifier. | X |
| vpn_id | url | string | Unique VPN identifier. | X |
| description | body | string | Description for the route. | X |
| prefix | body | string | CIDR network prefix to route through this peer (e.g. 192.168.1.0/24). | X |
Request Example
{
"description": "Branch LAN",
"prefix": "192.168.1.0/24"
}Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
Response Properties
| Name | In | Type | Description |
|---|---|---|---|
| id | body | string | Unique route identifier. |
| name | body | string | Name of Entity. |
| prefix | body | string | Prefix. |
| status | body | string | Status. |
Response Example
{
"id": "d4e5f6a7-b8c9-0123-defa-234567890123",
"name": "Branch LAN",
"prefix": "192.168.1.0/24",
"status": "active"
}PATCH
/v1/nebulavpn/vpn/{vpn_id}/wg/peer/{peer_id}/route/{route_id}(orchestrator)
Update Route.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| peer_id | url | string | Unique peer identifier. | X |
| route_id | url | string | Unique route identifier. | X |
| vpn_id | url | string | Unique VPN identifier. | X |
| description | body | string | Updated description for the route. |
Request Example
{
"description": "Branch LAN Updated"
}Response Status Codes
| Code | Meaning |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |
DELETE
/v1/nebulavpn/vpn/{vpn_id}/wg/peer/{peer_id}/route/{route_id}(orchestrator)
Delete Route.
Service
orchestrator
orchestrator
Accepted Roles (RBAC)
AdministratorNetwork OperationsRequest Parameters
| Name | In | Type | Description | MUST include |
|---|---|---|---|---|
| X-Auth-Token | header | string | Valid Authentication Token. Please see developers documentation/identity. | X |
| X-Tenant-ID | header | string | Request Tenant Context. | |
| peer_id | url | string | Unique peer identifier. | X |
| route_id | url | string | Unique route identifier. | X |
| vpn_id | url | string | Unique VPN identifier. | X |
Response Status Codes
| Code | Meaning |
|---|---|
| 204 | OK - No Content |
| 400 | Bad Request |
| 401 | Unauthorized / Require Authentication |
| 403 | Forbidden / Access Denied |
| 404 | Not Found |
| 409 | Conflict |
| 429 | Too Many Requests / Your Rate Limited |
| 500, 501, 502, 503, 504 | Service Unavailable |