openapi: 3.1.0 info: version: 1.0.0 description: |

This API enables automated administration of Defined Networking hosts, roles, logs, and more. To authenticate, obtain an api key to use as a bearer token from your Defined Networking admin panel [API Keys page](https://admin.defined.net/settings/api-keys). API keys must be given the appropriate permission scopes for every method and endpoint, as specified throughout this documentation. Please [contact us](https://www.defined.net/contact?reason=support) for any questions or issues. In the event of a token leak, please take care to [rotate the key](/guides/rotating-api-keys).
title: Defined Networking API termsOfService: http://defined.net/terms/ contact: url: https://www.defined.net/contact?reason=support x-logo: url: https://docs.defined.net/img/logo.svg altText: Defined Networking logo x-dark-logo: url: https://docs.defined.net/img/logo-dark.svg altText: Defined Networking logo servers: - url: https://api.defined.net description: Default server security: - ApiToken: [] tags: - name: hosts x-displayName: Hosts description: Operations requiring `hosts:` permission scopes - name: roles x-displayName: Roles description: Operations requiring `roles:` permission scopes - name: routes x-displayName: Routes description: Operations requiring `routes:` permission scopes - name: tags x-displayName: Tags description: Operations requiring `tags:` permission scopes - name: auditLogs x-displayName: Audit Logs description: Operations requiring `audit-logs:` permission scopes - name: networks x-displayName: Networks description: Operations requiring `networks:` permission scopes - name: downloads x-displayName: Downloads description: Information about software downloads externalDocs: description: Find more about the API here url: https://docs.defined.net/guides/automating-host-creation/ paths: /v1/hosts: post: summary: Create host description: | Create a new host, lighthouse, or relay. Token scope required: `hosts:create` operationId: hostCreate tags: - hosts requestBody: required: true content: application/json: schema: type: object required: - name - networkID properties: name: description: Name of the new host type: string minLength: 1 maxLength: 255 example: My new host networkID: description: ID of your network type: string example: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: description: ID of the role you want to assign type: - string - 'null' example: role-PZEDBXHQEXKACJPZ6XOQTIAJA4 ipAddress: description: Assign an IP address to be used within the Managed Nebula network. Must be within the network's CIDR range. Will be chosen automatically if not provided. type: string format: ipv4 example: 100.100.0.29 staticAddresses: description: List of static IPv4:port/hostname:port addresses. At least one is required if `isLighthouse` is `true`. type: array items: type: string format: address:port example: - 84.123.10.1:4242 listenPort: description: The UDP port nebula should use on the host. An available port will be automatically selected if `0` is specified. A non-zero port number is required for lighthouses and relays. format: integer minimum: 0 maximum: 65535 default: 0 isLighthouse: description: Set to true to create a new lighthouse. A Lighthouse cannot also be relay. format: boolean isRelay: description: Set to true to create a new relay. A relay cannot also be a lighthouse. format: boolean tags: type: array items: type: string format: key:value description: key is max 20 characters, value is max 50 characters, no whitespace around either allowed configOverrides: $ref: '#/components/schemas/ConfigOverrides' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Host' metadata: type: object example: data: id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: My new host ipAddress: 100.100.0.29 staticAddresses: - 84.123.10.1:4242 listenPort: 0 isLighthouse: true isRelay: false isBlocked: false createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: '2025-01-25T18:15:27Z' platform: dnclient updateAvailable: false version: 0.8.4 metadata: {} '400': description: Validation error content: application/json: schema: type: object properties: errors: $ref: '#/components/schemas/Errors' examples: existingHostName: summary: A host already exists with the name. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: name cannotFindNetwork: summary: Cannot find the supplied networkID. value: errors: - code: ERR_INVALID_REFERENCE message: referenced value is invalid (perhaps it does not exist?) path: networkID duplicateIpAddress: summary: A host with the ipAddress supplied already exists. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: ipAddress cannotFindRole: summary: Cannot find the supplied roleID. value: errors: - code: ERR_INVALID_REFERENCE message: referenced value is invalid (perhaps it does not exist?) path: roleID lighthouseXorRelay: summary: A host may be a lighthouse OR a relay, but not both. value: errors: - code: ERR_INVALID_VALUE message: lighthouse hosts must not also be relay hosts lighthouseNeedsStaticIP: summary: A lighthouse requires at least one static IP address. value: errors: - code: ERR_INVALID_VALUE message: lighthouse hosts must have at least one static ip address path: staticAddresses lighthouseNeedsStaticPort: summary: A lighthouse requires a static listen port, like `4242`. value: errors: - code: ERR_INVALID_VALUE message: lighthouse hosts must specify a static listen port path: listenPort relayNeedsStaticPort: summary: A relay requires a static listen port, like `4242`. value: errors: - code: ERR_INVALID_VALUE message: relay hosts must specify a static listen port path: listenPort NetworkFullyAllocated: summary: A host cannot be created because the network has no addresses left to assign. value: errors: - code: ERR_NETWORK_FULLY_ALLOCATED message: there are no IP addresses available for assignment in the network get: summary: List hosts description: | Get a paginated list of hosts, lighthouses, and relays. Token scope required: `hosts:list` operationId: hostsList tags: - hosts parameters: - $ref: '#/components/parameters/includeCounts' - $ref: '#/components/parameters/cursor' - $ref: '#/components/parameters/pageSize' - $ref: '#/components/parameters/filter-endpointOIDCUserID' - $ref: '#/components/parameters/filter-isBlocked' - $ref: '#/components/parameters/filter-isLighthouse' - $ref: '#/components/parameters/filter-isRelay' - $ref: '#/components/parameters/filter-metadata-lastSeenAt' - $ref: '#/components/parameters/filter-metadata-platform' - $ref: '#/components/parameters/filter-metadata-updateAvailable' - $ref: '#/components/parameters/filter-roleID' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: array items: $ref: '#/components/schemas/Host' metadata: $ref: '#/components/schemas/PaginationMetadata' examples: noParams: summary: When includeCounts parameter is not set to true value: data: - id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: My new host ipAddress: 100.100.0.29 staticAddresses: [] listenPort: 0 isLighthouse: false isRelay: false isBlocked: false createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: '2025-01-25T18:15:27Z' platform: dnclient updateAvailable: false version: 0.8.4 metadata: hasNextPage: true hasPrevPage: true nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU includeCounts: summary: Metadata returned when including request params for includeCounts=true, pageSize=1, and cursor="somevalue". value: data: - id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: Host 1 ipAddress: 100.100.0.29 staticAddresses: [] listenPort: 0 isLighthouse: false isRelay: false isBlocked: false createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: '2025-01-25T18:15:27Z' platform: dnclient updateAvailable: false version: 0.8.4 metadata: totalCount: 500 hasNextPage: true hasPrevPage: true prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc page: count: 1 start: 5 /v1/hosts/{hostID}: get: summary: Get host description: | Fetch information about a particular host, lighthouse, or relay. Token scope required: `hosts:read` operationId: hostGet tags: - hosts parameters: - name: hostID in: path required: true schema: type: string example: host-24NVITKMNU3CYCEDNFWKAOBX7I responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Host' metadata: type: object examples: Example: value: data: id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: Host 1 ipAddress: 100.100.0.29 staticAddresses: [] listenPort: 0 isLighthouse: false isRelay: false isBlocked: false createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: '2025-01-25T18:15:27Z' platform: dnclient updateAvailable: false version: 0.8.4 metadata: {} noMetadata: summary: If the host has not been enrolled, its metadata will be unknown (null values). value: data: id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: Host 1 ipAddress: 100.100.0.29 staticAddresses: [] listenPort: 0 isLighthouse: false isRelay: false isBlocked: false createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: null platform: null updateAvailable: null version: null metadata: {} delete: summary: Delete host description: | Token scope required: `hosts:delete` operationId: hostDelete tags: - hosts parameters: - name: hostID in: path required: true schema: type: string example: host-24NVITKMNU3CYCEDNFWKAOBX7I responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: object metadata: type: object /v2/hosts/{hostID}: put: summary: Edit host description: | Token scope required: `hosts:update` :::caution Any properties not provided in the request will be reset to their default values. Be sure to include all current values you don't want to change, including `tags` and `configOverrides`. ::: operationId: hostEdit tags: - hosts parameters: - name: hostID in: path required: true schema: type: string example: host-24NVITKMNU3CYCEDNFWKAOBX7I requestBody: required: true content: application/json: schema: type: object properties: name: description: Name of the host type: string minLength: 1 maxLength: 255 example: My updated host roleID: description: ID of the role you want to assign type: - string - 'null' example: role-PZEDBXHQEXKACJPZ6XOQTIAJA4 staticAddresses: description: List of static IPv4:port/hostname:port addresses. At least one is required if `isLighthouse` is `true`. type: array items: type: string format: address:port example: - 84.123.10.1:4242 listenPort: description: The UDP port nebula should use on the host. An available port will be automatically selected if `0` is specified. A non-zero port number is required for lighthouses and relays. format: integer minimum: 0 maximum: 65535 default: 0 tags: type: array items: type: string format: key:value description: Pass `[]` to clear this value, omitting it from the request will not clear it. key is max 20 characters, value is max 50 characters, no whitespace around either allowed configOverrides: $ref: '#/components/schemas/ConfigOverrides' description: Pass `[]` to clear this value, omitting it from the request will not clear it. list of config overrides for the nebula config responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Host' metadata: type: object example: data: id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: Host 1 ipAddress: 100.100.0.29 staticAddresses: [] listenPort: 0 isLighthouse: false isRelay: false isBlocked: false createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: '2025-01-25T18:15:27Z' platform: dnclient updateAvailable: false version: 0.8.4 metadata: {} /v1/hosts/{hostID}/block: post: summary: Block host description: | Prevent a host from being able to interact with other nodes on your network, while still being able to unblock it in the future without recreating the host. Token scope required: `hosts:block` operationId: hostBlock tags: - hosts parameters: - name: hostID in: path required: true schema: type: string example: host-24NVITKMNU3CYCEDNFWKAOBX7I responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: object properties: host: $ref: '#/components/schemas/Host' metadata: type: object example: data: host: id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: Host 1 ipAddress: 100.100.0.29 staticAddresses: [] listenPort: 0 isLighthouse: false isRelay: false isBlocked: true createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: '2025-01-25T18:15:27Z' platform: dnclient updateAvailable: false version: 0.8.4 metadata: {} /v1/hosts/{hostID}/unblock: post: summary: Unblock host description: | Unblocks a host, allowing it to reestablish communication to other nodes on the network. Token scope required: `hosts:unblock` operationId: hostUnblock tags: - hosts parameters: - name: hostID in: path required: true schema: type: string example: host-24NVITKMNU3CYCEDNFWKAOBX7I responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: object properties: host: $ref: '#/components/schemas/Host' metadata: type: object example: data: host: id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: Host 1 ipAddress: 100.100.0.29 staticAddresses: [] listenPort: 0 isLighthouse: false isRelay: false isBlocked: false createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: '2025-01-25T18:15:27Z' platform: dnclient updateAvailable: false version: 0.8.4 metadata: {} /v1/hosts/{hostID}/command: post: summary: Debug host description: | Send debug commands to the dnclient running on a host. Token scope required: `hosts:debug` operationId: hostCommand tags: - hosts parameters: - name: hostID in: path required: true schema: type: string example: host-24NVITKMNU3CYCEDNFWKAOBX7I requestBody: required: true content: application/json: schema: oneOf: - $ref: '#/components/schemas/StreamLogs' - $ref: '#/components/schemas/CreateTunnel' - $ref: '#/components/schemas/PrintTunnel' - $ref: '#/components/schemas/PrintCert' - $ref: '#/components/schemas/QueryLighthouse' - $ref: '#/components/schemas/DebugStack' responses: '200': description: Successful operation. 'StreamLogs' will return a newline-delimited JSON stream, the rest return standard JSON. content: application/json: schema: type: object properties: data: oneOf: - type: string - type: object metadata: type: object examples: StreamLogs: value: data: '{"durationSeconds":300,"level":"info","msg":"Log streaming session started","time":"2024-07-15T14:45:38-04:00"}\n{"handshake":{"stage":1,"style":"ix_psk0"},"level":"info","localIndex":1038004327,"msg":"Handshake message sent","remoteIndex":0,"time":"2024-07-15T14:45:43-04:00","udpAddrs":[{"ip":"1.2.3.4","port":65535}],"vpnIp":"100.100.0.2"}' PrintCert: value: data: details: curve: CURVE25519 groups: - role:ops ips: - 10.255.0.5/9 isCa: false issuer: c652a897fee60414423b3e5e16951151099558799fc562c37f6ec73c376ecc15 name: mikeg notAfter: '2025-04-22T11:22:52-04:00' notBefore: '2024-04-22T11:21:52-04:00' publicKey: 2f97c72ca059c1d148aaada0593379be5b21dc034d57121c95d4a96282555f65 subnets: [] fingerprint: 7a8d0a73c93aaddae1589e53cf6d5bd160a9d8cb79a0c0c6d6d33ff7de24acb1 signature: 679b2el234lkjkjdsaf234lkjsdao5k324444d4b3d2a87f6d32035b8bdd0325dsfszd5c2fc6955fa9d82a643a607e097cd72f3d191ca7ff55bd6babdd374e6ccc903 metadata: {} PrintTunnel: value: data: vpnIp: 10.255.0.11 localIndex: 3758197150 remoteIndex: 65044350 remoteAddrs: - ip: 100.64.1.2 port: 57304 - ip: 162.194.213.135 port: 57304 - ip: 192.168.68.34 port: 57304 - ip: 192.168.123.7 port: 57304 cachedPackets: 0 cert: details: curve: CURVE25519 groups: - role:ops ips: - 10.255.0.11/9 isCa: false issuer: 2f97c72ca059c1d148aaada0593379be5b21dc034d57121c95d4a96282555f65 name: jmaguire notAfter: '2025-04-24T10:53:51-04:00' notBefore: '2024-04-24T10:52:51-04:00' publicKey: 4f46c2b14aa7ef8345d8bebeb2fad757d8cdfa5734bfc321da4f149d34c44555 subnets: [] fingerprint: 213fd79d91f892a48f47858227430adc1447e38a3960e66d63b562500faa02d1 signature: 6856aa7b941330a75c98edcb12ed6fdfe4f49da94098a4394ca1a13600c942fae1a8bea83aa1e635f266311ba60c794036b7e367467526f9115488e3b904140b messageCounter: 4 currentRemote: ip: 162.194.213.135 port: 57304 currentRelaysToMe: [] currentRelaysThroughMe: [] CreateTunnel: value: data: Created QueryLighthouse: value: data: 10.128.42.11: reported: - ip: 162.194.213.135 port: 52148 - ip: 192.168.68.34 port: 52148 - ip: 192.168.123.7 port: 52148 - ip: 100.64.1.2 port: 52148 relay: [] 10.128.30.182: reported: - ip: 162.194.213.135 port: 52148 - ip: 192.168.68.34 port: 52148 - ip: 192.168.123.7 port: 52148 - ip: 100.64.1.2 port: 52148 relay: [] 10.255.89.11: learned: - ip: 162.194.213.8 port: 52148 relay: [] /v1/hosts/{hostID}/enrollment-code: post: summary: Create enrollment code description: | Obtain a code that can be used with the `dnclient enroll` command on a host, lighthouse, or relay to enroll it into your Managed Nebula network. It is not possible to enroll a host that is blocked, it must first be unblocked using the [unblock endpoint](../host-unblock). Token scope required: `hosts:enroll` operationId: hostEnrollCodeCreate tags: - hosts parameters: - name: hostID in: path required: true schema: type: string example: host-24NVITKMNU3CYCEDNFWKAOBX7I responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: object properties: code: type: string description: Secret code to be used in `dnclient enroll` to allow the host/lighthouse/relay to join your Managed Nebula network. lifetimeSeconds: type: integer format: int64 description: The number of seconds the code is valid after being issued. metadata: type: object example: data: code: H8NEbm99QvupjqW1PsdVR9DNSiFmoQtJXyGTQxerlSU lifetimeSeconds: 86400 metadata: {} /v1/host-and-enrollment-code: post: summary: Create host & enrollment code description: | Token scopes required: `hosts:create`, `hosts:enroll` operationId: hostAndEnrollCodeCreate tags: - hosts requestBody: required: true content: application/json: schema: type: object required: - name - networkID properties: name: description: Name of the new host type: string minLength: 1 maxLength: 255 example: My new host networkID: description: ID of your network type: string example: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: description: ID of the role you want to assign type: - string - 'null' example: role-PZEDBXHQEXKACJPZ6XOQTIAJA4 ipAddress: description: Assign an IP address to be used within the Managed Nebula network. Must be within the network's CIDR range. Will be chosen automatically if not provided. type: string format: ipv4 example: 100.100.0.29 staticAddresses: description: List of static IPv4:port addresses. At least one is required if `isLighthouse` is `true`. type: array items: type: string format: ipv4:port example: - 84.123.10.1:4242 listenPort: description: The UDP port nebula should use on the host. An available port will be automatically selected if `0` is specified. A non-zero port number is required for lighthouses and relays. format: integer minimum: 0 maximum: 65535 default: 0 isLighthouse: description: Set to true to create a new lighthouse. A Lighthouse cannot also be relay. format: boolean isRelay: description: Set to true to create a new relay. A relay cannot also be a lighthouse. format: boolean tags: type: array items: type: string format: key:value description: key is max 20 characters, value is max 50 characters, no whitespace around either allowed configOverrides: $ref: '#/components/schemas/ConfigOverrides' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: object required: - host properties: host: $ref: '#/components/schemas/Host' enrollmentCode: type: object properties: code: type: string lifetimeSeconds: type: integer format: int64 metadata: type: object example: data: host: id: host-24NVITKMNU3CYCEDNFWKAOBX7I organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA networkID: network-KAOWMXZHZWCVMGGFKM22XEGYLE roleID: role-PZEDBXHCEXKAKJPZ6XOQTIAJA4 name: Host 1 ipAddress: 100.100.0.29 staticAddresses: [] listenPort: 0 isLighthouse: false isRelay: false isBlocked: false createdAt: '2025-01-25T18:15:27Z' modifiedAt: '2025-01-25T18:15:27Z' tags: - env:prod configOverrides: [] metadata: lastSeenAt: '2025-01-25T18:15:27Z' platform: dnclient updateAvailable: false version: 0.8.4 enrollmentCode: code: H8NEbm99QvupjqW1PsdVR9DNSiFmoQtJXyGTQxerlSU lifetimeSeconds: 86400 metadata: {} '400': description: Validation error content: application/json: schema: type: object required: - errors properties: errors: $ref: '#/components/schemas/Errors' examples: existingHostName: summary: A host already exists with the name. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: name cannotFindNetwork: summary: Cannot find the supplied networkID. value: errors: - code: ERR_INVALID_REFERENCE message: referenced value is invalid (perhaps it does not exist?) path: networkID duplicateIpAddress: summary: A host with the ipAddress supplied already exists. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: ipAddress cannotFindRole: summary: Cannot find the supplied roleID. value: errors: - code: ERR_INVALID_REFERENCE message: referenced value is invalid (perhaps it does not exist?) path: roleID lighthouseXorRelay: summary: A host may be a lighthouse OR a relay, but not both. value: errors: - code: ERR_INVALID_VALUE message: lighthouse hosts must not also be relay hosts lighthouseNeedsStaticIP: summary: A lighthouse requires at least one static IP address. value: errors: - code: ERR_INVALID_VALUE message: lighthouse hosts must have at least one static ip address path: staticAddresses lighthouseNeedsStaticPort: summary: A lighthouse requires a static listen port, like `4242`. value: errors: - code: ERR_INVALID_VALUE message: lighthouse hosts must specify a static listen port path: listenPort relayNeedsStaticPort: summary: A relay requires a static listen port, like `4242`. value: errors: - code: ERR_INVALID_VALUE message: relay hosts must specify a static listen port path: listenPort /v1/roles: post: summary: Create role description: | Create a new role. Token scope required: `roles:create` operationId: roleCreate tags: - roles requestBody: required: true content: application/json: schema: type: object required: - name properties: name: description: Name of the new role type: string minLength: 1 maxLength: 50 example: My new role description: description: Optional description type: string maxLength: 255 firewallRules: description: Incoming firewall rules type: array items: $ref: '#/components/schemas/FirewallRule' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Role' metadata: type: object example: data: id: role-LO4SPDSWTZNJC676WFCZKUB3ZQ name: My new role description: '' createdAt: '2023-02-15T13:59:09Z' modifiedAt: '2023-02-15T13:59:09Z' firewallRules: - protocol: TCP description: allow SSH access allowedRoleID: role-G3TWUQ4FASQEF44MGMTSRBTYKM portRange: from: 22 to: 22 metadata: {} '400': description: Validation error content: application/json: schema: type: object required: - errors properties: errors: $ref: '#/components/schemas/Errors' examples: missingName: summary: name not specified. value: errors: - code: ERR_INVALID_VALUE_LENGTH message: must have a length between 1 and 50 path: name duplicateName: summary: A role with the name already exists. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: name protocol: summary: Invalid protocol value. value: errors: - code: ERR_INVALID_VALUE message: 'must be a valid protocol: ANY, TCP, UDP, ICMP' path: firewallRules[0].protocol portRangeMissing: summary: Invalid/missing from and to values. value: errors: - code: ERR_INVALID_VALUE message: must be between 1 and 65535 path: firewallRules[0].portRange.from - code: ERR_INVALID_VALUE message: must be between 1 and 65535 path: firewallRules[0].portRange.to portRangeOrder: summary: From cannot be greater than to value: errors: - code: ERR_INVALID_VALUE message: from must be less than or equal to to path: firewallRules[0].portRange get: summary: List roles description: | Get a paginated list of roles. Token scope required: `roles:list` operationId: rolesList tags: - roles parameters: - $ref: '#/components/parameters/includeCounts' - $ref: '#/components/parameters/cursor' - $ref: '#/components/parameters/pageSize' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: array items: $ref: '#/components/schemas/Role' metadata: $ref: '#/components/schemas/PaginationMetadata' examples: noParams: summary: When includeCounts parameter is not set to true value: data: - id: role-LO4SPDSWTZNJC676WFCZKUB3ZQ name: My new role description: '' createdAt: '2023-02-15T13:59:09Z' modifiedAt: '2023-02-15T13:59:09Z' firewallRules: - protocol: TCP description: allow SSH access allowedRoleID: role-G3TWUQ4FASQEF44MGMTSRBTYKM portRange: from: 22 to: 22 metadata: hasNextPage: true hasPrevPage: true nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU includeCounts: summary: Metadata returned when including request params for includeCounts=true, pageSize=1, and cursor="somevalue". value: data: - id: role-LO4SPDSWTZNJC676WFCZKUB3ZQ name: My new role description: '' createdAt: '2023-02-15T13:59:09Z' modifiedAt: '2023-02-15T13:59:09Z' firewallRules: - protocol: TCP description: allow SSH access allowedRoleID: role-G3TWUQ4FASQEF44MGMTSRBTYKM portRange: from: 22 to: 22 metadata: totalCount: 500 hasNextPage: true hasPrevPage: true prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc page: count: 1 start: 5 /v1/roles/{roleID}: get: summary: Get role description: | Fetch information about a particular role. Token scope required: `roles:read` operationId: roleGet tags: - roles parameters: - name: roleID in: path required: true schema: type: string example: role-LO4SPDSWTZNJC676WFCZKUB3ZQ responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Role' metadata: type: object example: data: id: role-LO4SPDSWTZNJC676WFCZKUB3ZQ name: My new role description: '' createdAt: '2023-02-15T13:59:09Z' modifiedAt: '2023-02-15T13:59:09Z' firewallRules: - protocol: TCP description: allow SSH access allowedRoleID: role-G3TWUQ4FASQEF44MGMTSRBTYKM portRange: from: 22 to: 22 metadata: {} put: summary: Edit role description: | Token scope required: `roles:update` :::caution Any properties not provided in the request will be reset to their default values. If only changing one firewall rule, be sure to include the others as well, otherwise they will be removed. ::: operationId: roleEdit tags: - roles parameters: - name: roleID in: path required: true schema: type: string example: role-LO4SPDSWTZNJC676WFCZKUB3ZQ requestBody: required: true content: application/json: schema: type: object properties: description: type: string maxLength: 255 firewallRules: description: Incoming firewall rules. Will replace existing list of rules. type: array items: $ref: '#/components/schemas/FirewallRule' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Role' metadata: type: object example: data: id: role-LO4SPDSWTZNJC676WFCZKUB3ZQ name: My new role description: '' createdAt: '2023-02-15T13:59:09Z' modifiedAt: '2023-02-15T13:59:09Z' firewallRules: - protocol: TCP description: allow SSH access allowedRoleID: role-G3TWUQ4FASQEF44MGMTSRBTYKM portRange: from: 22 to: 22 metadata: {} delete: summary: Delete role description: | Token scope required: `roles:delete` operationId: roleDelete tags: - roles parameters: - name: roleID in: path required: true schema: type: string example: role-LO4SPDSWTZNJC676WFCZKUB3ZQ responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: object metadata: type: object /v1/tags: post: summary: Create tag description: | Create a new tag, optionally with config overrides. Token scope required: `tags:create` operationId: tagCreate tags: - tags requestBody: required: true content: application/json: schema: type: object required: - name properties: name: description: Name of the new tag. Key must not be longer than 20 characters. Value must not be longer than 50 characters. No whitespace around either allowed. type: string format: key:value description: description: Optional description type: string maxLength: 255 configOverrides: $ref: '#/components/schemas/ConfigOverrides' before: description: If specified, the new tag will be inserted before this tag (i.e. will have a lower priority / precedence than the "before" tag.) Cannot specify this in combination with "after." type: string format: key:value after: description: If specified, the new tag will be inserted after this tag (i.e. will have a higher priority / precedence than the "after" tag.) Cannot specify this in combination with "before." type: string format: key:value routeSubscriptions: description: A list of route IDs to which any hosts with this tag will be subscribed. type: array items: type: string format: route-id responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Tag' metadata: type: object examples: Example: value: data: name: env:prod description: Hosts which have live in or have access to production resources configOverrides: - key: logging.level value: info priority: 3 hostCount: 10 metadata: {} '400': description: Validation error content: application/json: schema: type: object properties: errors: $ref: '#/components/schemas/Errors' examples: existingTagName: summary: A tag already exists with the name. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: name invalidBeforeOrAfter: summary: Cannot find the supplied "before" or "after" tag. value: errors: - code: ERR_INVALID_REFERENCE message: referenced value is invalid (perhaps it does not exist?) path: before beforeAndAfter: summary: Only one of "before" or "after" may be specified. value: errors: - code: ERR_INVALID_VALUE message: may only set before or after, not both path: before - code: ERR_INVALID_VALUE message: may only set before or after, not both path: after /v2/tags: get: summary: List tags description: | Get a paginated list of tags. Token scope required: `tags:list` operationId: tagsList tags: - tags parameters: - $ref: '#/components/parameters/includeCounts' - $ref: '#/components/parameters/cursor' - $ref: '#/components/parameters/pageSize' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: array items: $ref: '#/components/schemas/Tag' metadata: $ref: '#/components/schemas/PaginationMetadata' examples: noParams: summary: When includeCounts parameter is not set to true value: data: - name: env:prod description: Production hosts configOverrides: - key: logging.level value: info priority: 6 hostCount: 10 routeSubscriptions: - route-X47KHSCOSQJP5IOKNNKRRGHVAI - name: env:dev description: Development hosts configOverrides: - key: logging.level value: debug priority: 7 hostCount: 2 routeSubscriptions: [] - name: region:us-east-1 description: '' configOverrides: [] priority: 8 hostCount: 7 routeSubscriptions: [] - name: region:us-west-2 description: '' configOverrides: [] priority: 9 hostCount: 3 routeSubscriptions: [] - name: region:eu-central-1 description: '' configOverrides: [] priority: 10 hostCount: 2 routeSubscriptions: [] metadata: hasNextPage: true hasPrevPage: true nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU includeCounts: summary: Metadata returned when including request params for includeCounts=true, pageSize=5, and cursor="somevalue". value: data: - name: env:prod description: Production hosts configOverrides: - key: logging.level value: info priority: 6 hostCount: 10 routeSubscriptions: - route-X47KHSCOSQJP5IOKNNKRRGHVAI - name: env:dev description: Development hosts configOverrides: - key: logging.level value: debug priority: 7 hostCount: 2 routeSubscriptions: [] - name: region:us-east-1 description: '' configOverrides: [] priority: 8 hostCount: 7 routeSubscriptions: [] - name: region:us-west-2 description: '' configOverrides: [] priority: 9 hostCount: 3 routeSubscriptions: [] - name: region:eu-central-1 description: '' configOverrides: [] priority: 10 hostCount: 2 routeSubscriptions: [] metadata: totalCount: 150 hasNextPage: true hasPrevPage: true prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc page: count: 5 start: 5 /v1/tags/{tag}: get: summary: Get tag description: | Fetch information about a particular tag. Token scope required: `tags:read` operationId: tagGet tags: - tags parameters: - name: tag in: path required: true schema: type: string example: env:prod responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Tag' metadata: type: object examples: Example: value: data: name: env:dev description: Hosts which have live in or have access to development resources configOverrides: - key: logging.level value: debug priority: 3 hostCount: 10 routeSubscriptions: - route-X47KHSCOSQJP5IOKNNKRRGHVAI metadata: {} put: summary: Edit tag description: | Token scope required: `tags:update` :::caution Any properties not provided in the request will be reset to their default values. Be sure to include all current values you don't want to change, including `configOverrides`. Unless "before" or "after" are specified, the priority will not change. ::: operationId: tagEdit tags: - tags parameters: - name: tag in: path required: true schema: type: string example: env:prod requestBody: required: true content: application/json: schema: type: object properties: description: description: Optional description type: string maxLength: 255 configOverrides: $ref: '#/components/schemas/ConfigOverrides' before: description: If specified, the new tag will be moved before this tag (i.e. will have a lower priority / precedence than the "before" tag.) Cannot be specified in combination with "after." type: string format: key:value after: description: If specified, the new tag will be moved after this tag (i.e. will have a higher priority / precedence than the "after" tag.) Cannot be specified in combination with "before." type: string format: key:value routeSubscriptions: description: A list of route IDs to which any hosts with this tag will be subscribed. type: array items: type: string format: route-id responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Tag' metadata: type: object example: data: name: env:prod description: Hosts which have live in or have access to production resources configOverrides: - key: logging.level value: info priority: 3 hostCount: 10 routeSubscriptions: - route-X47KHSCOSQJP5IOKNNKRRGHVAI metadata: {} '400': description: Validation error content: application/json: schema: type: object properties: errors: $ref: '#/components/schemas/Errors' examples: invalidBeforeOrAfter: summary: Cannot find the supplied "before" or "after" tag. value: errors: - code: ERR_INVALID_REFERENCE message: referenced value is invalid (perhaps it does not exist?) path: before beforeAndAfter: summary: Only one of "before" or "after" may be specified. value: errors: - code: ERR_INVALID_VALUE message: may only set before or after, not both path: before - code: ERR_INVALID_VALUE message: may only set before or after, not both path: after delete: summary: Delete tag description: | Token scope required: `tags:delete` operationId: tagDelete tags: - tags parameters: - name: tag in: path required: true schema: type: string example: region:us-west-1 responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: object metadata: type: object /v1/networks: post: summary: Create Network description: | Create a new network. Token scope required: `networks:create` operationId: networkCreate tags: - networks requestBody: required: true content: application/json: schema: type: object required: - name - cidr properties: name: description: Name of the new network type: string minLength: 1 maxLength: 50 example: Management description: description: Optional description of the network type: string example: This network allows the ops team to manage infrastructure cidr: description: The private IP address range of the network, in CIDR notation type: string format: ipv4/cidr example: 192.168.4.0/22 lighthousesAsRelays: description: Should the lighthouses in this network be configured as relays? type: boolean example: true responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Network' metadata: type: object example: data: id: network-KAOWMXZHZWCVMGGFKM22XEGYLE createdAt: '2023-02-14T20:34:59Z' organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA signingCAID: ca-TRJSVAAAPJXTOICJMG2KZBKQEE name: Management description: This network allows the ops team to manage infrastructure cidr: 192.168.4.0/22 hostCount: 0 lighthousesAsRelays: true curve: '25519' '400': description: Validation error content: application/json: schema: type: object properties: errors: $ref: '#/components/schemas/Errors' examples: existingNetworkName: summary: A network already exists with the name. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: name invalidV4CIDR: summary: The `cidr` supplied is not a valid IPv4 network CIDR. value: errors: - code: ERR_INVALID_IPV4_CIDR message: must describe an IPv4 network in CIDR format (e.g. 192.168.10.0/24) path: cidr InvalidCIDRMaskSize: summary: The mask of the supplied `cidr` is not valid. value: errors: - code: ERR_INVALID_CIDR_MASK_SIZE message: invalid CIDR mask path: cidr InvalidNetworkCIDRAddress: summary: The `cidr` is invalid because it should use a network address before the prefix, but it instead uses a host address, or an address out-of-bounds of the network. value: errors: - code: ERR_INVALID_NETWORK_CIDR message: must be a network address CIDR (e.g. 192.168.10.0/24, not 192.168.10.21/24) path: cidr InvalidPrivateNetworkCIDR: summary: The `cidr` is invalid because it should use a private network or carrier-grade NAT space, but instead uses public address space. value: errors: - code: ERR_INVALID_PRIVATE_NETWORK_CIDR message: must describe a private or carrier-grade NAT range path: cidr get: summary: List networks description: | Get a paginated list of networks. :::note Currently, there is a limit of one network per Defined Networking account. ::: Token scope required: `networks:list` operationId: networksList tags: - networks parameters: - $ref: '#/components/parameters/includeCounts' - $ref: '#/components/parameters/cursor' - $ref: '#/components/parameters/pageSize' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: array items: $ref: '#/components/schemas/Network' metadata: $ref: '#/components/schemas/PaginationMetadata' examples: noParams: summary: When includeCounts parameter is not set to true value: data: - cidr: 100.100.0.0/22 id: network-ZJOW3QUQUX5ZAVPVYRHDQUAEIY organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA signingCAID: ca-TRJSVAAAPJXTOICJMG2KZBKQEE name: Network1 lighthousesAsRelays: false curve: '25519' createdAt: '2023-02-14T20:34:59Z' metadata: hasNextPage: true hasPrevPage: true nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU includeCounts: summary: Metadata returned when including request params for includeCounts=true, pageSize=1, and cursor="somevalue". value: data: - cidr: 100.100.0.0/22 id: network-ZJOW3QUQUX5ZAVPVYRHDQUAEIY organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA signingCAID: ca-TRJSVAAAPJXTOICJMG2KZBKQEE name: Network1 lighthousesAsRelays: false createdAt: '2023-02-14T20:34:59Z' metadata: totalCount: 500 hasNextPage: true hasPrevPage: true nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU page: count: 1 start: 5 /v1/networks/{networkID}: get: summary: Get network description: | Fetch information about a particular network. Token scope required: `networks:read` operationId: networkGet tags: - networks parameters: - name: networkID in: path required: true schema: type: string example: network-ZJOW3QUQUX5ZAVPVYRHDQUAEIY responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Network' metadata: type: object example: data: cidr: 100.100.0.0/22 id: network-ZJOW3QUQUX5ZAVPVYRHDQUAEIY organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA signingCAID: ca-TRJSVAAAPJXTOICJMG2KZBKQEE name: Network1 lighthousesAsRelays: false curve: '25519' createdAt: '2023-02-14T20:34:59Z' metadata: {} put: summary: Edit Network description: | Edit an existing network. Token scope required: `networks:update` :::caution Any properties not provided in the request will be reset to their default values. ::: operationId: networkEdit tags: - networks parameters: - name: networkID in: path required: true schema: type: string example: network-ZJOW3QUQUX5ZAVPVYRHDQUAEIY requestBody: required: true content: application/json: schema: type: object required: - name - cidr properties: name: description: Name of the network type: string minLength: 1 maxLength: 50 example: Management description: description: Optional description of the network type: string example: This network allows the ops team to manage infrastructure lighthousesAsRelays: description: Should the lighthouses in this network be configured as relays? type: boolean example: false responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Network' metadata: type: object example: data: id: network-KAOWMXZHZWCVMGGFKM22XEGYLE createdAt: '2023-02-14T20:34:59Z' organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA signingCAID: ca-TRJSVAAAPJXTOICJMG2KZBKQEE name: Management description: This network allows the ops team to manage infrastructure cidr: 192.168.4.0/22 hostCount: 27 lighthousesAsRelays: false curve: '25519' '400': description: Validation error content: application/json: schema: type: object properties: errors: $ref: '#/components/schemas/Errors' examples: existingNetworkName: summary: A network already exists with the name. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: name /v1/audit-logs: get: summary: List audit logs description: | Get a paginated list of audit logs. Token scope required: `audit-logs:list` operationId: auditLogsList tags: - auditLogs parameters: - $ref: '#/components/parameters/includeCounts' - $ref: '#/components/parameters/cursor' - $ref: '#/components/parameters/pageSize' - $ref: '#/components/parameters/filter-targetID' - $ref: '#/components/parameters/filter-targetType' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: array items: $ref: '#/components/schemas/AuditLog' metadata: $ref: '#/components/schemas/PaginationMetadata' examples: noParams: summary: When includeCounts parameter is not set to true value: data: - id: log-F3TTIDMKZH5XFH37RTRLIP3TOA organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA timestamp: '2023-02-15T13:59:09.828868Z' actor: id: dnkey-DXALSPQONG7H45QZAVTPRDMAPU name: example api key type: apiKey target: id: role-LO4SPDSWTZNJC676WFCZKUB3ZQ type: role event: type: CREATED before: null after: name: My New Role description: '' firewallRules: null metadata: hasNextPage: true hasPrevPage: true nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU includeCounts: summary: Metadata returned when including request params for includeCounts=true, pageSize=1, and cursor="somevalue". value: data: - id: log-F3TTIDMKZH5XFH37RTRLIP3TOA organizationID: org-F63A24JGCLJV3ZEUTLCBISGETA timestamp: '2023-02-15T13:59:09.828868Z' actor: id: dnkey-DXALSPQONG7H45QZAVTPRDMAPU name: example api key type: apiKey target: id: role-LO4SPDSWTZNJC676WFCZKUB3ZQ type: role event: type: CREATED before: null after: name: My New Role description: '' firewallRules: null metadata: totalCount: 500 hasNextPage: true hasPrevPage: true prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc page: count: 1 start: 5 /v1/downloads: get: summary: List software downloads description: | Get a list of recently released software download links and basic info. This endpoint is unauthenticated. operationId: downloadsList tags: - downloads responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Downloads' examples: Listing: summary: An example downloads listing value: data: dnclient: 0.8.4: freebsd-amd64: https://dl.defined.net/290ff4b6/v0.8.4/freebsd/amd64/dnclient freebsd-arm64: https://dl.defined.net/290ff4b6/v0.8.4/freebsd/arm64/dnclient linux-386: https://dl.defined.net/290ff4b6/v0.8.4/linux/386/dnclient linux-amd64: https://dl.defined.net/290ff4b6/v0.8.4/linux/amd64/dnclient linux-arm64: https://dl.defined.net/290ff4b6/v0.8.4/linux/arm64/dnclient linux-armv5: https://dl.defined.net/290ff4b6/v0.8.4/linux/arm-5/dnclient linux-armv6: https://dl.defined.net/290ff4b6/v0.8.4/linux/arm-6/dnclient linux-armv7: https://dl.defined.net/290ff4b6/v0.8.4/linux/arm-7/dnclient linux-mips: https://dl.defined.net/290ff4b6/v0.8.4/linux/mips/dnclient linux-mips-softfloat: https://dl.defined.net/290ff4b6/v0.8.4/linux/mips-softfloat/dnclient linux-mips64: https://dl.defined.net/290ff4b6/v0.8.4/linux/mips64/dnclient linux-mips64le: https://dl.defined.net/290ff4b6/v0.8.4/linux/mips64le/dnclient linux-mipsle: https://dl.defined.net/290ff4b6/v0.8.4/linux/mipsle/dnclient linux-ppc64le: https://dl.defined.net/290ff4b6/v0.8.4/linux/ppc64le/dnclient linux-riscv64: https://dl.defined.net/290ff4b6/v0.8.4/linux/riscv64/dnclient macos-universal-desktop: https://dl.defined.net/290ff4b6/v0.8.4/macos/DNClient-Desktop.dmg macos-universal-server: https://dl.defined.net/290ff4b6/v0.8.4/macos/dnclient macos-universal-server-dmg: https://dl.defined.net/290ff4b6/v0.8.4/macos/DNClient-Server.dmg windows-amd64-desktop: https://dl.defined.net/290ff4b6/v0.8.4/windows/amd64/DNClient-Desktop.msi windows-amd64-server: https://dl.defined.net/290ff4b6/v0.8.4/windows/amd64/DNClient-Server.msi windows-arm64-desktop: https://dl.defined.net/290ff4b6/v0.8.4/windows/arm64/DNClient-Desktop.msi windows-arm64-server: https://dl.defined.net/290ff4b6/v0.8.4/windows/arm64/DNClient-Server.msi latest: freebsd-amd64: https://dl.defined.net/290ff4b6/v0.8.4/freebsd/amd64/dnclient freebsd-arm64: https://dl.defined.net/290ff4b6/v0.8.4/freebsd/arm64/dnclient linux-386: https://dl.defined.net/290ff4b6/v0.8.4/linux/386/dnclient linux-amd64: https://dl.defined.net/290ff4b6/v0.8.4/linux/amd64/dnclient linux-arm64: https://dl.defined.net/290ff4b6/v0.8.4/linux/arm64/dnclient linux-armv5: https://dl.defined.net/290ff4b6/v0.8.4/linux/arm-5/dnclient linux-armv6: https://dl.defined.net/290ff4b6/v0.8.4/linux/arm-6/dnclient linux-armv7: https://dl.defined.net/290ff4b6/v0.8.4/linux/arm-7/dnclient linux-mips: https://dl.defined.net/290ff4b6/v0.8.4/linux/mips/dnclient linux-mips-softfloat: https://dl.defined.net/290ff4b6/v0.8.4/linux/mips-softfloat/dnclient linux-mips64: https://dl.defined.net/290ff4b6/v0.8.4/linux/mips64/dnclient linux-mips64le: https://dl.defined.net/290ff4b6/v0.8.4/linux/mips64le/dnclient linux-mipsle: https://dl.defined.net/290ff4b6/v0.8.4/linux/mipsle/dnclient linux-ppc64le: https://dl.defined.net/290ff4b6/v0.8.4/linux/ppc64le/dnclient linux-riscv64: https://dl.defined.net/290ff4b6/v0.8.4/linux/riscv64/dnclient macos-universal-desktop: https://dl.defined.net/290ff4b6/v0.8.4/macos/DNClient-Desktop.dmg macos-universal-server: https://dl.defined.net/290ff4b6/v0.8.4/macos/dnclient macos-universal-server-dmg: https://dl.defined.net/290ff4b6/v0.8.4/macos/DNClient-Server.dmg windows-amd64-desktop: https://dl.defined.net/290ff4b6/v0.8.4/windows/amd64/DNClient-Desktop.msi windows-amd64-server: https://dl.defined.net/290ff4b6/v0.8.4/windows/amd64/DNClient-Server.msi windows-arm64-desktop: https://dl.defined.net/290ff4b6/v0.8.4/windows/arm64/DNClient-Desktop.msi windows-arm64-server: https://dl.defined.net/290ff4b6/v0.8.4/windows/arm64/DNClient-Server.msi mobile: android: https://play.google.com/store/apps/details?id=net.defined.mobile_nebula ios: https://apps.apple.com/us/app/mobile-nebula/id1509587936 container: docker: https://hub.docker.com/r/definednet/dnclient/ versionInfo: dnclient: 0.8.4: latest: true releaseDate: '2025-10-10' latest: dnclient: 0.8.4 mobile: 0.5.1 /v1/routes: post: summary: Create route description: | Create a new route. Token scope required: `routes:create` operationId: routeCreate tags: - routes requestBody: required: true content: application/json: schema: type: object required: - name properties: name: description: Name of the new route type: string minLength: 1 maxLength: 50 example: My new route description: description: Optional description type: string maxLength: 255 routerHostID: type: string routableCIDRs: type: object description: Keys of object should be IPv4 CIDR ranges, values are an object with an 'install' boolean. additionalProperties: type: object properties: install: type: boolean firewallRules: description: Route firewall rules type: array items: $ref: '#/components/schemas/FirewallRuleWithCIDR' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Route' metadata: type: object example: data: id: route-X47KHSCOSQJP5IOKNNKRRGHVAI name: My new route description: '' routerHostID: host-24NVITKMNU3CYCEDNFWKAOBX7I routableCIDRs: 192.168.14.0/26: install: true createdAt: '2024-03-15T13:59:09Z' modifiedAt: '2024-03-15T13:59:09Z' firewallRules: - protocol: TCP localCIDR: 192.168.14.56/32 description: allow SSH access allowedRoleID: role-G3TWUQ4FASQEF44MGMTSRBTYKM portRange: from: 22 to: 22 metadata: {} '400': description: Validation error content: application/json: schema: type: object required: - errors properties: errors: $ref: '#/components/schemas/Errors' examples: missingName: summary: name not specified. value: errors: - code: ERR_INVALID_VALUE_LENGTH message: must have a length between 1 and 50 path: name duplicateName: summary: A route with the name already exists. value: errors: - code: ERR_DUPLICATE_VALUE message: value already exists path: name protocol: summary: Invalid protocol value. value: errors: - code: ERR_INVALID_VALUE message: 'must be a valid protocol: ANY, TCP, UDP, ICMP' path: firewallRules[0].protocol portRangeMissing: summary: Invalid/missing from and to values. value: errors: - code: ERR_INVALID_VALUE message: must be between 1 and 65535 path: firewallRules[0].portRange.from - code: ERR_INVALID_VALUE message: must be between 1 and 65535 path: firewallRules[0].portRange.to portRangeOrder: summary: From cannot be greater than to value: errors: - code: ERR_INVALID_VALUE message: from must be less than or equal to to path: firewallRules[0].portRange get: summary: List routes description: | Get a paginated list of routes. Token scope required: `routes:list` operationId: routesList tags: - routes parameters: - $ref: '#/components/parameters/includeCounts' - $ref: '#/components/parameters/cursor' - $ref: '#/components/parameters/pageSize' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: array items: $ref: '#/components/schemas/RouteListItem' metadata: $ref: '#/components/schemas/PaginationMetadata' examples: includeCounts: summary: Metadata returned when including request params for includeCounts=true, pageSize=1, and cursor="somevalue". value: data: - id: route-X47KHSCOSQJP5IOKNNKRRGHVAI name: My first route description: '' routerHostID: host-24NVITKMNU3CYCEDNFWKAOBX7I routableCIDRs: 192.168.14.0/26: install: true createdAt: '2024-03-10T13:59:09Z' modifiedAt: '2024-03-15T13:59:09Z' firewallRulesCount: 1 metadata: totalCount: 500 hasNextPage: true hasPrevPage: true prevCursor: cHJldg.SI6ImIiLCJfdmFsdWUiOiI0dDVuREQreU nextCursor: bmV4dA.bHVlIjoieGJVS0UvYkRjQmZsY1pUbGJCc page: count: 1 start: 5 /v1/routes/{routeID}: get: summary: Get route description: | Fetch information about a particular route. Token scope required: `routes:read` operationId: routeGet tags: - routes parameters: - name: routeID in: path required: true schema: type: string example: route-X47KHSCOSQJP5IOKNNKRRGHVAI responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Route' metadata: type: object example: data: id: route-X47KHSCOSQJP5IOKNNKRRGHVAI name: My new route description: '' routerHostID: host-24NVITKMNU3CYCEDNFWKAOBX7I routableCIDRs: 192.168.14.0/26: install: true createdAt: '2024-03-15T13:59:09Z' modifiedAt: '2024-03-15T13:59:09Z' firewallRules: - protocol: TCP localCIDR: 192.168.14.56/32 description: allow SSH access allowedRoleID: role-G3TWUQ4FASQEF44MGMTSRBTYKM portRange: from: 22 to: 22 metadata: {} put: summary: Edit route description: | Token scope required: `routes:update` :::caution Any properties not provided in the request will be reset to their default values. If only changing one firewall rule, be sure to include the others as well, otherwise they will be removed. ::: operationId: routeEdit tags: - routes parameters: - name: routeID in: path required: true schema: type: string example: route-X47KHSCOSQJP5IOKNNKRRGHVAI requestBody: required: true content: application/json: schema: type: object required: - name properties: name: type: string maxLength: 50 description: type: string maxLength: 255 routerHostID: type: string routableCIDRs: type: object description: Keys of object should be IPv4 CIDR ranges, values are an object with an 'install' boolean. additionalProperties: type: object properties: install: type: boolean firewallRules: description: Incoming firewall rules. Will replace existing list of rules. type: array items: $ref: '#/components/schemas/FirewallRuleWithCIDR' responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: $ref: '#/components/schemas/Route' metadata: type: object example: data: id: route-X47KHSCOSQJP5IOKNNKRRGHVAI name: My edited route description: '' routerHostID: host-24NVITKMNU3CYCEDNFWKAOBX7I routableCIDRs: 192.168.14.0/26: install: true createdAt: '2024-03-10T13:59:09Z' modifiedAt: '2024-03-15T13:59:09Z' firewallRules: - protocol: TCP localCIDR: 192.168.14.56/32 description: allow SSH access allowedRoleID: role-G3TWUQ4FASQEF44MGMTSRBTYKM portRange: from: 22 to: 22 metadata: {} delete: summary: Delete route description: | Token scope required: `routes:delete` operationId: routeDelete tags: - routes parameters: - name: routeID in: path required: true schema: type: string example: route-X47KHSCOSQJP5IOKNNKRRGHVAI responses: '200': description: Successful operation content: application/json: schema: type: object properties: data: type: object metadata: type: object components: securitySchemes: ApiToken: description: | Get an api key from https://admin.defined.net/settings/api-keys with the permission scopes required. type: http scheme: bearer bearerFormat: dnkey parameters: includeCounts: name: includeCounts in: query description: If true, return count of total records and current page start and count in metadata required: false schema: type: boolean default: false cursor: name: cursor in: query description: Cursor value at which to start the results, provided in `nextCursor` or `prevCursor` of a prior request example: bmV4dA.eyJsb2dzLmNyZQ5iIiwiX3ZhbHVlIjo9In19 schema: type: string pageSize: name: pageSize in: query description: Number of records to return in each page required: false schema: type: integer default: 25 maximum: 500 filter-endpointOIDCUserID: name: filter.endpointOIDCUserID in: query description: Return only hosts with a specific endpoint OIDC user ID. Use `null` to return only hosts without a user ID set. Use `any` to return all hosts with a user ID set.. required: false schema: type: string pattern: ^(eoidcuser-[A-Z0-9]{26}|any|null)$ filter-isBlocked: name: filter.isBlocked in: query description: Return only hosts that are blocked if true, unblocked if false required: false schema: type: boolean filter-isLighthouse: name: filter.isLighthouse in: query description: Return only lighthouses if true, non-lighthouses if false required: false schema: type: boolean filter-isRelay: name: filter.isRelay in: query description: Return only relays if true, non-relays if false required: false schema: type: boolean filter-metadata-lastSeenAt: name: filter.metadata.lastSeenAt in: query description: When "null", returns hosts that have never communicated with the Defined Networking service. required: false schema: type: string enum: - 'null' filter-metadata-platform: name: filter.metadata.platform in: query description: Return only hosts matching the specified client platform required: false schema: type: string enum: - mobile - dnclient - 'null' filter-metadata-updateAvailable: name: filter.metadata.updateAvailable in: query description: Return only hosts that have updates available when true, or up-to-date hosts when false required: false schema: type: boolean filter-roleID: name: filter.roleID in: query description: Return only hosts with a specific role ID. Use `null` to return only hosts without a role set. Use `any` to return all hosts with a role set. required: false schema: type: string pattern: ^(role-[A-Z0-9]{26}|any|null)$ filter-targetID: name: filter.targetID in: query description: Return only audit logs for the specified target required: false schema: type: string filter-targetType: name: filter.targetType in: query description: Return only audit logs matching the specified target type required: false schema: type: string enum: - apiKey - host - network - role - user - ca - oidcProvider schemas: host: title: lighthouse.dns.host type: object properties: key: type: string enum: - lighthouse.dns.host value: type: string required: - key - value additionalProperties: false port: title: lighthouse.dns.port type: object properties: key: type: string enum: - lighthouse.dns.port value: type: number required: - key - value additionalProperties: false LocalAllow: type: object properties: interfaces: type: object additionalProperties: type: boolean required: - interfaces additionalProperties: anyOf: - type: boolean - type: object additionalProperties: type: boolean local_allow_list: title: lighthouse.local_allow_list type: object properties: key: type: string enum: - lighthouse.local_allow_list value: $ref: '#/components/schemas/LocalAllow' required: - key - value additionalProperties: false remote_allow_list: title: lighthouse.remote_allow_list type: object properties: key: type: string enum: - lighthouse.remote_allow_list value: type: object additionalProperties: type: boolean required: - key - value additionalProperties: false serve_dns: title: lighthouse.serve_dns type: object properties: key: type: string enum: - lighthouse.serve_dns value: type: boolean required: - key - value additionalProperties: false batch: title: listen.batch type: object properties: key: type: string enum: - listen.batch value: type: number required: - key - value additionalProperties: false read_buffer: title: listen.read_buffer type: object properties: key: type: string enum: - listen.read_buffer value: type: number required: - key - value additionalProperties: false write_buffer: title: listen.write_buffer type: object properties: key: type: string enum: - listen.write_buffer value: type: number required: - key - value additionalProperties: false format: title: logging.format type: object properties: key: type: string enum: - logging.format value: type: string enum: - text - json required: - key - value additionalProperties: false level: title: logging.level type: object properties: key: type: string enum: - logging.level value: type: string enum: - panic - fatal - error - warning - info - debug required: - key - value additionalProperties: false timestamp_format: title: logging.timestamp_format type: object properties: key: type: string enum: - logging.timestamp_format value: type: string required: - key - value additionalProperties: false preferred_ranges: title: preferred_ranges type: object properties: key: type: string enum: - preferred_ranges value: type: array items: type: string required: - key - value additionalProperties: false routines: title: routines type: object properties: key: type: string enum: - routines value: type: number required: - key - value additionalProperties: false host-2: title: stats.host type: object properties: key: type: string enum: - stats.host value: type: string required: - key - value additionalProperties: false interval: title: stats.interval type: object properties: key: type: string enum: - stats.interval value: type: string required: - key - value additionalProperties: false lighthouse_metrics: title: stats.lighthouse_metrics type: object properties: key: type: string enum: - stats.lighthouse_metrics value: type: boolean required: - key - value listen: title: stats.listen type: object properties: key: type: string enum: - stats.listen value: type: string required: - key - value additionalProperties: false message_metrics: title: stats.message_metrics type: object properties: key: type: string enum: - stats.message_metrics value: type: boolean required: - key - value additionalProperties: false namespace: title: stats.namespace type: object properties: key: type: string enum: - stats.namespace value: type: string required: - key - value additionalProperties: false path: title: stats.path type: object properties: key: type: string enum: - stats.path value: type: string required: - key - value additionalProperties: false prefix: title: stats.prefix type: object properties: key: type: string enum: - stats.prefix value: type: string required: - key - value additionalProperties: false subsystem: title: stats.subsystem type: object properties: key: type: string enum: - stats.subsystem value: type: string required: - key - value additionalProperties: false type: title: stats.type type: object properties: key: type: string enum: - stats.type value: type: string enum: - graphite - prometheus required: - key - value additionalProperties: false dev: title: tun.dev type: object properties: key: type: string enum: - tun.dev value: type: string required: - key - value additionalProperties: false mtu: title: tun.mtu type: object properties: key: type: string enum: - tun.mtu value: type: number required: - key - value additionalProperties: false tx_queue: title: tun.tx_queue type: object properties: key: type: string enum: - tun.tx_queue value: type: number required: - key - value additionalProperties: false ConfigOverrides: type: array description: List of config overrides for the nebula config items: anyOf: - $ref: '#/components/schemas/host' - $ref: '#/components/schemas/port' - $ref: '#/components/schemas/local_allow_list' - $ref: '#/components/schemas/remote_allow_list' - $ref: '#/components/schemas/serve_dns' - $ref: '#/components/schemas/batch' - $ref: '#/components/schemas/read_buffer' - $ref: '#/components/schemas/write_buffer' - $ref: '#/components/schemas/format' - $ref: '#/components/schemas/level' - $ref: '#/components/schemas/timestamp_format' - $ref: '#/components/schemas/preferred_ranges' - $ref: '#/components/schemas/routines' - $ref: '#/components/schemas/host-2' - $ref: '#/components/schemas/interval' - $ref: '#/components/schemas/lighthouse_metrics' - $ref: '#/components/schemas/listen' - $ref: '#/components/schemas/message_metrics' - $ref: '#/components/schemas/namespace' - $ref: '#/components/schemas/path' - $ref: '#/components/schemas/prefix' - $ref: '#/components/schemas/subsystem' - $ref: '#/components/schemas/type' - $ref: '#/components/schemas/dev' - $ref: '#/components/schemas/mtu' - $ref: '#/components/schemas/tx_queue' Host: type: object properties: id: type: string organizationID: type: string networkID: type: string roleID: type: - string - 'null' name: type: string ipAddress: type: string format: ipv4 staticAddresses: type: array items: type: string format: address:port listenPort: type: integer format: int64 description: Will be zero if a regular host isLighthouse: type: boolean default: false isRelay: type: boolean default: false isBlocked: type: boolean default: false createdAt: type: string format: date-time modifiedAt: type: string format: date-time tags: type: array items: type: string format: key:value description: key is max 20 characters, value is max 50 characters, no whitespace around either allowed configOverrides: $ref: '#/components/schemas/ConfigOverrides' metadata: type: object properties: lastSeenAt: type: - string - 'null' version: type: - string - 'null' platform: type: - string - 'null' enum: - dnclient - mobile - null updateAvailable: type: - boolean - 'null' PaginationMetadata: type: object properties: totalCount: type: integer description: The total number of resources existing in the account hasNextPage: type: boolean description: Is there a page of data that can be fetched using the `nextCursor`? hasPrevPage: type: boolean description: Is there a page of data that can be fetched using the `prevCursor`? nextCursor: type: string description: An opaque string that can be used to fetch the next page of results. Not provided if result set is empty. prevCursor: type: string description: An opaque string that can be used to fetch the next page of results. Not provided if result set is empty. page: type: object required: - count - start properties: count: type: integer description: The number of results returned in the response. start: type: integer description: The zero-based index of the first result within the overall list. For example, the first page will have a `start` of `0`. If 25 results are fetched, and the `nextCursor` used to fetch a new page of results, the second request's `start` will be `25`. Error: type: object required: - code - message properties: code: type: string description: A static name for the error type message: type: string description: A short human readable description of the error path: type: - string - 'null' description: Describes the variable missing or malformed Errors: type: array items: $ref: '#/components/schemas/Error' StreamLogs: type: object required: - command - args properties: command: description: Begin a streaming logs session for a specified number of seconds, up to 10 minutes type: string enum: - StreamLogs args: type: object required: - durationSeconds - level properties: durationSeconds: type: number minimum: 0 maximum: 600 level: type: string enum: - panic - fatal - error - warning - info - debug CreateTunnel: type: object required: - command - args properties: command: description: Trigger the creation of a tunnel to a specified host IP address type: string enum: - CreateTunnel args: type: object required: - target properties: target: type: string description: IP address of target host PrintTunnel: type: object required: - command - args properties: command: description: Print the current host's tunnel information for a given target host type: string enum: - PrintTunnel args: type: object required: - target properties: target: type: string description: IP address of target host PrintCert: type: object required: - command - args properties: command: description: Print the certificate of a target host, from the current host's hostmap type: string enum: - PrintCert args: type: object required: - target properties: target: type: string description: IP address of target host QueryLighthouse: type: object required: - command - args properties: command: description: Show target lighthouse's host map. Also triggers an update, run twice for most up-to-date information. type: string enum: - QueryLighthouse args: type: object required: - target properties: target: type: string description: IP address of target lighthouse DebugStack: type: object required: - command - args properties: command: description: Print a stack trace of the dnclient process type: string enum: - DebugStack FirewallRule: type: object required: - protocol properties: protocol: type: string enum: - ANY - TCP - UDP - ICMP description: type: string maxLength: 255 allowedRoleID: type: - string - 'null' description: Role ID to allow with this firewall rule. If not specified, all roles are included. allowedTags: type: array items: type: string format: key:value description: Tags to allow with this firewall rule. An empty list allows all tags. key is max 20 characters, value is max 50 characters, no whitespace around either allowed portRange: type: - object - 'null' required: - from - to description: Range of ports for this firewall rule. If not provided or set to null, all ports are allowed. properties: from: type: integer description: First port number included in range. minimum: 1 maximum: 65535 to: type: integer description: Last port number included in range. Must be greater than `from` port. minimum: 1 maximum: 65535 Role: type: object properties: id: type: string name: type: string description: type: string firewallRules: type: array items: $ref: '#/components/schemas/FirewallRule' createdAt: type: string format: date-time modifiedAt: type: string format: date-time Tag: type: object properties: name: type: string format: key:value example: key:value description: key is max 20 characters, value is max 50 characters, no whitespace around either allowed description: type: string configOverrides: $ref: '#/components/schemas/ConfigOverrides' priority: type: integer description: Priority is managed by the API. Use "before" and "after" inputs to order tags. Config overrides associated with tags of a higher (greater) priority take precedence over lower priorities. hostCount: type: integer format: int64 description: Count of hosts which have the tag assigned. routeSubscriptions: description: Route IDs to which any hosts with this tag will be subscribed. example: - route-X47KHSCOSQJP5IOKNNKRRGHVAI type: array items: type: string format: route-id Network: type: object properties: id: type: string cidr: type: string format: ipv4/cidr organizationID: type: string signingCAID: description: The ID of the Certificate Authority being used. type: string createdAt: type: string format: date-time name: type: string default: Network1 lighthousesAsRelays: type: boolean curve: type: string enum: - '25519' - P256 Actor-APIKey: title: apiKey type: object properties: type: type: string description: An API key which used to perform the action. enum: - apiKey id: type: string name: type: - string - 'null' Actor-Host: title: host type: object properties: type: type: string description: A host. Used for example when hosts are enrolled. enum: - host id: type: string name: type: - string - 'null' Actor-OIDCUser: title: oidcUser type: object properties: type: type: string description: A user who logged in using SSO. enum: - oidcUser email: type: string format: email issuer: type: string subject: type: string Actor-Support: title: support type: object properties: type: type: string description: A member of Defined Networking support staff. enum: - support Actor-System: title: system type: object properties: type: type: string description: System actor, used for events such as creation or rotation of Certificate Authorities. enum: - system Actor-User: title: user type: object properties: type: type: string description: A logged-in user. enum: - user id: type: string email: type: string format: email Actor: description: The entity performing the action which caused a change. oneOf: - $ref: '#/components/schemas/Actor-APIKey' - $ref: '#/components/schemas/Actor-Host' - $ref: '#/components/schemas/Actor-OIDCUser' - $ref: '#/components/schemas/Actor-Support' - $ref: '#/components/schemas/Actor-System' - $ref: '#/components/schemas/Actor-User' Target: type: object description: The entity being acted upon. properties: id: type: string type: type: string enum: - apiKey - ca - host - network - oidcProvider - role - user Event: type: object description: Information about what happened, including relevant values before & after the change. properties: type: type: string description: The type of event that occurred. enum: - CREATED - UPDATED - DELETED - DELETED_TOTP - CREATED_TOTP - SUCCEEDED_AUTH - FAILED_AUTH - ENROLLED - RENEWED - CREATED_ENROLL_CODE - SET_NETWORK_CA - BLOCKED_HOST - UNBLOCKED_HOST - SET_OVERRIDES before: description: The state of the target before the change was made. The shape depends on the target and event type. Can also be a string or null (e.g. target was created). type: - object - 'null' additionalProperties: {} after: description: The state of the target before the change was made. The shape depends on the target and event type. Can also be a string or null (e.g. target was deleted). type: - object - 'null' additionalProperties: {} AuditLog: type: object properties: id: type: string organizationID: type: string timestamp: type: string format: date-time actor: $ref: '#/components/schemas/Actor' target: $ref: '#/components/schemas/Target' event: $ref: '#/components/schemas/Event' DownloadsDNClientLinks: type: object description: Download links for a given DNClient version properties: freebsd-amd64: type: string freebsd-arm64: type: string linux-386: type: string linux-amd64: type: string linux-arm64: type: string linux-armv5: type: string linux-armv6: type: string linux-armv7: type: string linux-mips: type: string linux-mips64: type: string linux-mips64le: type: string linux-mipsle: type: string linux-ppc64le: type: string linux-riscv64: type: string macos-universal-desktop: type: string macos-universal-server: type: string macos-universal-server-dmg: type: string windows-amd64-desktop: type: string windows-amd64-server: type: string windows-arm64-desktop: type: string windows-arm64-server: type: string additionalProperties: x-additionalPropertiesName: os-platform(-variant) type: string Downloads: type: object properties: dnclient: type: object properties: latest: description: Download links for the latest DNClient version $ref: '#/components/schemas/DownloadsDNClientLinks' additionalProperties: $ref: '#/components/schemas/DownloadsDNClientLinks' mobile: type: object properties: android: description: Mobile Nebula download URL for Android devices. type: string ios: description: Mobile Nebula download URL for iOS devices. type: string container: type: object properties: docker: description: Docker hub URL type: string versionInfo: type: object properties: dnclient: description: Information about available DNClient releases type: object additionalProperties: description: Information about a given DNClient release type: object properties: releaseDate: type: string latest: type: boolean latest: description: The latest version for each software download. type: object properties: dnclient: description: The latest version of DNClient. type: string mobile: description: The latest version of Mobile Nebula. type: string RouteListItem: type: object properties: id: type: string name: type: string description: type: string createdAt: type: string format: date-time modifiedAt: type: string format: date-time routerHostID: type: string routableCIDRs: type: object description: Keys of object should be IPv4 CIDR ranges, values are an object with an 'install' boolean. additionalProperties: type: object properties: install: type: boolean firewallRulesCount: type: number FirewallRuleWithCIDR: type: object required: - protocol properties: localCIDR: type: string format: ipv4/cidr description: CIDR range within the routableCIDRs this rule will apply to. Use "0.0.0.0/0" for all IP addresses. protocol: type: string enum: - ANY - TCP - UDP - ICMP description: type: string maxLength: 255 allowedRoleID: type: - string - 'null' description: Role ID to allow with this firewall rule. If not specified, all roles are included. allowedTags: type: array items: type: string format: key:value description: Tags to allow with this firewall rule. An empty list allows all tags. key is max 20 characters, value is max 50 characters, no whitespace around either allowed portRange: type: - object - 'null' required: - from - to description: Range of ports for this firewall rule. If not provided or set to null, all ports are allowed. properties: from: type: integer description: First port number included in range. minimum: 1 maximum: 65535 to: type: integer description: Last port number included in range. Must be greater than `from` port. minimum: 1 maximum: 65535 Route: type: object properties: id: type: string name: type: string description: type: string createdAt: type: string format: date-time modifiedAt: type: string format: date-time routerHostID: type: string routableCIDRs: type: object description: Keys of object should be IPv4 CIDR ranges, values are an object with an 'install' boolean. additionalProperties: type: object properties: install: type: boolean firewallRules: type: array items: $ref: '#/components/schemas/FirewallRuleWithCIDR'