Atmos Cloud API: Tunnels
The Atmos Cloud API allows administrators to have programmatic control over tunnels. Click here to learn more about generating an API token.
NOTEThis is a limited release feature. For more information contact Axis Security Support: [email protected].
Create a Tunnel
The management API allows administrators to create a tunnel.
Request Details
- Request URL: “admin-api.axissecurity.com/api/v1/tunnels”
- Request Method: POST
- Request Headers: Authorization: “Bearer {API Token}”
- Request Body (JSON):
| Field | Type | Description |
|---|---|---|
| Name | Mandatory | The tunnel name |
| AuthenticationID | Mandatory | Authentication ID. Value must be a valid email or IP address. |
| AuthenticationPSK | Mandatory | Authentication PSK. Value must be at least 8 characters. |
| LocationID | Mandatory | The ID of the associated location |
NOTEThe ID parameter is NOT required when adding a new tunnel via the API
Request Format:
{
"name":"Chicago IPSec1",
"authenticationID":"<email>",
"authenticationPSK":"<secret>",
"locationID":"d88fc23a-59a1-476a-a62e-a51ff3543fe7"
}Successful Response Format:
{
"id":"6ee0bd21-4f50-454a-9f75-82f6933d54b0",
"name":"Chicago IPSec1",
"authenticationID":"<email>",
"locationID":"d88fc23a-59a1-476a-a62e-a51ff3543fe7"
}Response Codes:
| Code | Description |
|---|---|
| 201 | Tunnel created successfully |
| 400 | Bad request |
| 401 | Unauthorized access. Make sure the API token includes writing permissions. Click here for more information. |
| 409 | Conflict - Tunnel already exists with the same name or AuthenticatedID is already in use |
| 500 | Internal server error |
Get the Details of an Existing Tunnel
To get the details of an existing tunnel, the tunnel ID should be added to the request URL.
Request Details
- Request URL: “admin-api.axissecurity.com/api/v1/tunnels/<tunnel ID>”
- Request Method: GET
- Request Headers: Authorization: “Bearer {API Token}”
- Request Body: empty
Successful Response Format:
{
"id":"6ee0bd21-4f50-454a-9f75-82f6933d54b0",
"name":"Chicago IPSec1",
"authenticationID":"<email>",
"locationID":"d88fc23a-59a1-476a-a62e-a51ff3543fe7"
}Response Codes:
| Code | Description |
|---|---|
| 200 | Tunnel information retrieved successfully |
| 400 | Bad request |
| 401 | Unauthorized access. Make sure the API token includes writing permissions. Click here for more information. |
| 404 | Tunnel not found |
| 500 | Internal server error |
Get a List of Existing Tunnels
Request Details
- Request URL: “admin-api.axissecurity.com/api/v1/tunnels?pageSize=100&pageNumber=1”
- Request Method: GET
- Request Headers: Authorization: “Bearer {API Token}”
- Query params:
| Query Param | Description |
|---|---|
| PageSize | Specify the maximum number of tunnels to retrieve. |
| PageNumber | Page number 1 will retrieve the first |
Successful Response Format:
{
"pageNumber":1,
"pageSize":100,
"firstPage":"<URL to retrieve first page>",
"lastPage":"<URL to retrieve last page>",
"totalPages":1,
"totalRecords":50,
"nextPage":"<URL to retrieve next page>",
"previousPage":"<URL to retrieve previous page>",
"data":[
{
"id":"6ee0bd21-4f50-454a-9f75-82f6933d54b0",
"name":"Chicago IPSec1",
"authenticationID":"<email>",
"locationID":"d88fc23a-59a1-476a-a62e-a51ff3543fe7"
}
]
}Response Codes:
| Code | Description |
|---|---|
| 200 | Tunnel retrieved successfully |
| 400 | Bad request |
| 401 | Unauthorized access. Make sure the API token includes writing permissions. Click here for more information. |
| 500 | Internal server error |
Update an Existing Tunnel
To update an existing tunnel, the tunnel's ID should be added to the request URL.
A successful response will return a 204 response with the tunnel details.
Request Details:
Request URL: “admin-api.axissecurity.com/api/v1/tunnels/<tunnel ID>”
Request Method: PUT
Request Headers: Authorization: “Bearer {API Token}”
Request Format:
{
"name":"<new name>",
"authenticationID":"<new email>",
"AuthenticationPSK":"<new secret>",
"locationID":"<new location id>"
}Successful Response Format:
{
"id":"6ee0bd21-4f50-454a-9f75-82f6933d54b0",
"name":"<new tunnel name>",
"authenticationID":"<new email>",
"AuthenticationPSK":"<new secret>",
"locationID":"<new location id>"
}Response Codes:
| Code | Description |
|---|---|
| 204 | Tunnel updated successfully |
| 400 | Bad request |
| 401 | Unauthorized access. Make sure the API token includes writing permissions. Click here for more information. |
| 404 | Tunnel not found |
| 500 | Internal server error |
Delete a Tunnel
To delete an existing tunnel, the tunnel's ID should be added to the request URL.
A successful response will return a 204 response with an empty body.
Request Details
- Request URL: “admin-api.axissecurity.com/api/v1/tunnels/<tunnel ID>”
- Request Method: Delete
- Request Headers: Authorization: “Bearer {API Token}”
- Request Body: empty
Response Codes:
| Code | Description |
|---|---|
| 204 | Tunnel deleted successfully |
| 400 | Bad request |
| 401 | Unauthorized access. Make sure the API token includes writing permissions. Click here for more information. |
| 404 | Tunnel not found |
| 500 | Internal server error |
Get the Status of an Existing Tunnel
To get a tunnel's status, the tunnel's ID should be added to the request URL.
Request Details
- Request URL: “admin-api.axissecurity.com/api/v1/tunnels/<tunnel ID>/status”
- Request Method: GET
- Request Headers: Authorization: “Bearer {API Token}”
- Request Body: empty
Tunnel Statuses
| Connected | Tunnel is forwarding traffic |
| Disconnected | Tunnel isn't forwarding traffic |
Get a List of IPsec PoP Locations
The management API allows administrators and SD-WAN orchestrators to retrieve the full list of IPsec termination Points of Presence (PoPs), including per-PoP FQDNs, geographic coordinates, and cloud provider metadata.
This endpoint enables SD-WAN solutions to make informed decisions about PoP selection for tunnel termination, instead of relying only on the global geo-DNS records (ipsec-proxy-geo.axisapps.io and ipsec-proxy-secondary-geo.axisapps.io).
Note:The list of PoP locations is dynamic and reflects the current set of available PoPs. The response will change as new PoPs are added to the infrastructure.
Request Details:
- Request URL – “admin-api.axissecurity.com/api/v1/tunnels/<tunnel ID>/status”
- Request Method – GET
- Request Headers – Authorization: “Bearer {API Token}”
- Required Token Scope – tunnels
- Request Body – empty
cURL example:
curl -X GET https://admin-api.axissecurity.com/api/v1/pops/ipsec \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <your api token>"Response fields:
| Field | Type | Description |
|---|---|---|
ipSecLocations | Array | Top-level array of country objects |
country | String | Country code (for example, US, DE, IL, and so on) |
locations | Array | List of PoP locations within the country |
locations.city | String | City name and region (for example, San Francisco, California, Frankfurt, and so on) |
locations.latitude | String | Latitude coordinate of the PoP location |
locations.longitude | String | Longitude coordinate of the PoP location |
locations.provider | String | The cloud provider hosting this PoP (for example, AWS, Azure, or GCP) |
locations.fqdn | Array | List of IPsec termination FQDNs available at this PoP |
locations.fqdn.name | String | The fully qualified domain name of the IPsec termination point |
locations.fqdn.ip | Array | The IP address(es) associated with this FQDN |
Successful response format:
NoteThe following response is a truncated sample. The full response includes all available PoP locations across all regions.
"ipSecLocations": [
{
"country": "UAE",
"locations": [
{
"city": "Dubai",
"latitude": "25.26",
"longitude": "55.31",
"provider": "Azure",
"fqdn": [
{
"name": "<tunnel-name>.axisapps.io",
"ip": [
"20.233.16.163"
]
},
{
"name": "<tunnel-name>.axisapps.io",
"ip": [
"20.216.62.25"
]
}
]
}
]
},
{
"country": "CL",
"locations": [
{
"city": "Santiago",
"latitude": "-33.45",
"longitude": "-70.64",
"provider": "GCP",
"fqdn": [
{
"name": "<tunnel-name>.axisapps.io",
"ip": [
"34.176.69.23"
]
},
{
"name": "<tunnel-name>.axisapps.io",
"ip": [
"34.176.247.253"
]
}
]
}
]
}
}
}Response Codes:
| Code | Description |
|---|---|
| 200 | PoP location list retrieved successfully |
| 400 | Bad request |
| 401 | Unauthorized access. Make sure the API token includes writing permissions. For more information, see Atmos Cloud API: Generate Token. |
| 500 | Internal server error |