Client API

Integrate VPN into any application

1. Overall API flow

Generally, API calls are divided by 3 groups:

  1. Authorizing-related - provides authentication token to access further API calls.

  2. Discovery-related - provides credentials to target VPN node.

  3. Tunnel-related - manages actual wireguard tunnel

Please, take a look to next diagram to get actual requests sequence.

2. Errors

2.1. Generic description

All errors are returned with meaningful HTTP error code and JSON body with more detailed information. For example, syntax error will return HTTP 400 error with next body:

{
    result: "INVALID_ARGUMENT",
    error: "Invalid request",
    details: "invalid character '\\n' in string literal"
}

Check table below for fields description.

Field

Description

result

A predefined set of strings, identifying the type of happened error. See below all types.

error

More detailed error information.

details

Some extra information about error.

2.1. List of errors

HTTP code

Result code

Description

500

INTERNAL_ERROR

Any unexpected behavior of backend components.

400

INVALID_ARGUMENT

Invalid request data, like syntax or type errors.

404

NOT_FOUND

Managed entity is not found (for example, when ping request is done for outdated peer).

409

ENTRY_EXISTS

Can't create entry due to conflict. Can happen when wireguard key is already used.

500

STORAGE_ERROR

Internal storage failure.

500

TUNNEL_ERROR

Tunnel management failure.

401

UNAUTHORIZED

Request requires authorization.

401

AUTH_FAILED

Request can't be done with provided authorization data.

507

INSUFFICIENT_STORAGE

Out of resoures to perform request.

503

SERVICE_UNAVAILABLE

Happens with request is done while service is shutting down or restarting.

3. Authorizer API

3.1. Authorize client

URL: https://thefend.com/api/client/signin

Method: POST

Authentication: None

Query string: None

Request body: JSON

OBJECT 

{
  project*: string
  client_platform*: string
  client_version*: string
  device_id*: uuid
  auth_type*: string
  auth_info*: string
}

Response body: JSON

OBJECT

{
    access_token*: string
    refresh_token: string
    discovery_addresses: [uri]
}

4. Discovery API

4.1. List locations

URL: https://thefend.com/api/client/locations

Method: GET

Authentication: Bearer

Query string: None

Request body: None

Response body: JSON

ARRAY

[
    {
        id*: string
        name*: string
        labels: {}
    }
]

4.2. Get location nodes

URL: https://thefend.com/api/client/credentials

Method: GET

Authentication: Bearer

Query string: location=<LOCATION_ID>

Request body: None

Response body: JSON

ARRAY

[
    {
        id*: string
        connection_addresses: [string]
    }
]

5. Tunneling API

5.1. Initiate connection.

URL: https://some-server-name.thefend.com/api/client/connect

Method: POST

Authentication: Bearer

Query string: None

Request body: JSON

OBJECT 

{
    type*: enum

    info_wireguard *: {
        public_key: string
    }

    identifiers* {
        installation_id: uuid
        session_id: uuid
    }

    location: string
}

Response body: JSON

OBJECT

{
    info_wireguard: {
        server_public_key*: string
        server_ipv4*: ipv4
        server_port*: integer
        tunnel_ipv4*: ipv4
        keepalive*: integer
        allowed_ips*: [string]
        dns*: [ipv4]
        ping_interval*: integer
    }
}

5.3. Heartbeat request.

URL: https://some-server-name.thefend.com/api/client/ping

Method: POST

Authentication: Bearer

Query string: None

Request body: JSON

OBJECT 

{
    installation_id: uuid
    session_id: uuid
}

Response body: None

5.3. Drop connection.

URL: https://some-server-name.thefend.com/api/client/disconnect

Method: POST

Authentication: Bearer

Query string: None

Request body: JSON

OBJECT 

{
    installation_id: uuid
    session_id: uuid
}

Response body: None

Last updated

Was this helpful?