OpenVPN Cloud API User Guidance (beta)
The beta version of the OpenVPN Cloud API is now available. Use it to develop a portal or application for the administration of your VPN networks, hosts, users, and other core services.
Creating OAuth credentials
With the OAuth credentials that you create, you can authenticate to the API endpoint and use the OpenVPN Cloud API.
Note: You can enable Basic Auth only by request. If you want to use Basic Auth instead of OAuth, contact the OpenVPN Cloud support team at email@example.com or open a request in the portal at http://support.openvpn.net.
- From the OpenVPN administration portal, click the profile icon and then select My Account.
- Click Cloud API (Beta) and then Create Credentials.
- Specify a name for your credentials.
- Accept the default one-month lifetime value or specify a different one.
OAuth credentials have an expiration period of two weeks, one month, six months, or one year.
- Specify an optional whitelisted IP subnet range.
- Click Create.
IMPORTANT: Copy the credential key and paste it into a secure file. Also, copy the credential secret and paste it into a secure file.
- Click Back.
The Cloud API page lists the credential.
- To enable the OpenVPN Cloud API, click the toggle button.
The API endpoint address is unique to your account, as shown below.
Viewing JSON calls and responses
To access an overview of the core JSON calls and responses available in the OpenVPN Cloud beta API, sign in to your OpenVPN Cloud owner account and then navigate to the Swagger portal. Use one of the following methods:
- Use the direct link https://<yourOpenVPNID>.api.openvpn.com/docs/swagger-ui/#/
- Click the Cloud API (Beta) tab in My Account and then click the Swagger link.
Swagger opens in new tab.
A connector is an unattended device with a connector application installed, which provides connectivity between OpenVPN Cloud and your private network or private application server.
A DNS “A” record is an address record in your DNS server that resolves an IPv4 address with a hostname/domain.
A device is a computer, smartphone, or IoT-connected device with an installed OpenVPN client used to connect to your VPN. Each user can have one or more associated devices.
A host represents a server on your private network running a connector to provide connectivity to OpenVPN Cloud.
A network is an on-premises or IaaS-hosted range of private IP address subnets that provides access to business-owned resources, secure internet access, VPN egress, and more. Each network requires at least one connector for site-to-site or point-to-site VPN connectivity.
OAuth is an open-standard authorization protocol that provides secure, designated access to applications using authorization tokens, which prove your identity to authenticate with the OpenVPN Cloud API.
OpenVPN uses OAuth 2.0.
Generally, a user such as an employee, contractor, or other third-party person is authorized to access your VPN. A user can also generate connection profiles for unattended routers or IoT devices.
It is possible to create many users simultaneously.
A user group allows for the bulk administration of settings such as role- and department-based access controls, available VPN regions, internet access, types of authentication, and more.
A VPN region is a geographic point-of-presence hosted by OpenVPN Cloud, which consists of a group of high-performance multi-tenant VPN servers. All OpenVPN Cloud regions are interconnected in a full-mesh topology to form a high-bandwidth core network.