OpenVPN Cloud API User Guidance (beta)


The beta version of the OpenVPN Cloud API is now available. Use it to develop a portal or application for the administration of your VPN networks, hosts, users, and other core services.

Creating OAuth credentials

With the OAuth credentials that you create, you can authenticate to the API endpoint and use the OpenVPN Cloud API.

  1. From the OpenVPN administration portal, click the profile icon and then select My Account.
  2. Click Cloud API (Beta) and then Create Credentials.
  1. Specify a name for your credentials.
  2. Accept the default one-month lifetime value or specify a different one.
    OAuth credentials have an expiration period of two weeks, one month, six months, or one year.
  3. Specify an optional whitelisted IP subnet range.
  4. Click Create.
    IMPORTANT: Copy the credential key and paste it into a secure file. Also, copy the credential secret and paste it into a secure file.
  5. Click Back.
    The Cloud API page lists the credential.
  6. To enable the OpenVPN Cloud API, click the toggle button.

API Connection

The API endpoint address is unique to your account, as shown below.


Viewing JSON calls and responses

To access an overview of the core JSON calls and responses available in the OpenVPN Cloud beta API, sign in to your OpenVPN Cloud owner account and then navigate to the Swagger portal. Use one of the following methods:

  • Use the direct link https://<yourOpenVPNID>
  • Click the Cloud API (Beta) tab in My Account and then click the Swagger link.

Swagger opens in new tab.

Access Group

An Access Group defines a specific access control configuration by specifying the access relationship between Sources (i.e. Who?) and Destinations (i.e. What?).


A connector is an unattended device with a connector application installed, which provides connectivity between OpenVPN Cloud and your private network or private application server.

DNS Record

A DNS “A” record is an address record in your DNS server that resolves an IPv4 address with a hostname/domain.


A device is a computer, smartphone, or IoT-connected device with an installed OpenVPN client used to connect to your VPN. Each user can have one or more associated devices.


A host represents a server on your private network running a connector to provide connectivity to OpenVPN Cloud.


A network is an on-premises or IaaS-hosted range of private IP address subnets that provides access to business-owned resources, secure internet access, VPN egress, and more. Each network requires at least one connector for site-to-site or point-to-site VPN connectivity.


OAuth is an open-standard authorization protocol that provides secure, designated access to applications using authorization tokens, which prove your identity to authenticate with the OpenVPN Cloud API.

OpenVPN uses OAuth 2.0.


A Region is the geographic area that serves as an OpenVPN Cloud point of presence.


Services are defined as access to specific applications, IP address ranges and protocols.


OpenVPN Cloud Sessions API.


Generally, a user such as an employee, contractor, or other third-party person is authorized to access your VPN. A user can also generate connection profiles for unattended routers or IoT devices.

It is possible to create many users simultaneously.

User Groups

A User Group allows for the bulk administration of settings such as role- and department-based access controls, available VPN regions, internet access, types of authentication, and more.