Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This endpoint enables retrieving all WireGuard Gateways using pagination and optional filters.
To retrieve all the WireGuard Gateways, perform a GET request.
Use a region-specific endpoint to retrieve all WireGuard Gateways: https://vpn.{region}.ionos.com/wireguardgateways.
Below is the list of optional Path Parameters:
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
200 Successful operation
Result: All existing WireGuard Gateways and their details are successfully obtained.
Prerequisite: You need administrative privileges to create and assign user privileges using the Cloud API.
To set user privileges via the Cloud API for creating and managing VPN Gateways, follow these steps:
Authenticate to the Cloud API using your API credentials. For more information, see Get Started with IONOS API.
Create a user using the POST /cloudapi/v6/um/users endpoint.
Set the following required parameters for the user: user's name, email address, and password.
Create a group using the POST /cloudapi/v6/um/groups endpoint.
Set accessAndManageVpn privilege to true.
Assign the user to the created group using POST /cloudapi/v6/um/groups/{groupId}/users endpoint.
Note: Remember to provide the user ID in the request body as shown in the example: id: <userID>
Result: The privilege to create and manage VPN Gateway is granted to the user.
Deletes the specified WireGuard Gateway.
To delete a WireGuard Gateway, perform a DELETE request with the gatewayId of the WireGuard Gateway.
Use a endpoint to delete the WireGuard Gateway: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}.
Note: The following request contains a sample gatewayId. Replace them with the gatewayId value, whose information you want to delete.
You can update the gatewayId value to delete a specific WireGuard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
202 Successful operation
Result: The WireGuard Gateway with the specified gatewayId is successfully deleted.
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
Authorization
yes
string
The Bearer token enable requests to authenticate using an JSON Web Token (JWT).
Creates a new WireGuard Gateway.
The full WireGuard Gateway needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a WireGuard Gateway, perform a POST request.
Use a region-specific endpoint to create a WireGuard Gateway: https://vpn.{region}.ionos.com/wireguardgateways.
Below is the list of mandatory body parameters for creating a WireGuard Gateway:
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to create a new WireGuard Gateway.
properties.name
yes
string
The human readable name of your WireGuard Gateway.
My Company Gateway
properties.description
no
string
Human readable description of the WireGuard Gateway.
This gateway allows connections to Datacenter LAN X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
192.0.2.0
properties.interfaceIPv4CIDR
no
string
The IPV4 address (with CIDR mask) to be assigned to the WireGuard interface.
172.16.0.1/32
properties.interfaceIPv6CIDR
no
string
The IPV6 address (with CIDR mask) to be assigned to the WireGuard interface.
2001:0db8:85a3::/128
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.privateKey
yes
string
PrivateKey used for WireGuard Server.
0HpE4BNwGHabeaC4aY/GFxB6fBSc0d49Db0qAzRVSVc=
properties.listenPort
no
integer
Port that WireGuard Server will listen on.
51820
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
201 Successful operation
Result: The WireGuard Gateway is successfully created. the id and other details of the created WireGuard Gateway are provided in the response.
This endpoint enables retrieving all WireGuard Peers using pagination and optional filters.
To retrieve all the WireGuard Peers, perform a GET request.
Use a region-specific endpoint to retrieve all WireGuard peers: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}/peers.
Below is the list of optional Path Parameters:
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
200 Successful operation
Result: All existing WireGuard Peers and their details are successfully obtained.
Creates a new WireGuard Peer.
The full WireGuard Peer needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a WireGuard Peer, perform a POST request.
Use a region-specific endpoint to create a WireGuard Peer: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}/peers.
Below is the list of mandatory body parameters for creating a WireGuard Peer:
metadata
no
object
Metadata related to the WireGuard peer.
{}
properties
yes
object
Properties with all data needed to create a new WireGuard peer. Note: There is a limit of 20 peers per gateway.
properties.name
yes
string
The human-readable name of the WireGuard peer.
My Company Gateway Peer
properties.description
no
string
Human-readable description of the WireGuard peer.
Allows local machine A to connect to Datacenter LAN Y.
properties.endpoint
yes
object
Properties needed to define the WireGuard endpoint.
properties.endpoint.host
yes
string
Hostname or IPV4 address that the WireGuard Server will connect to.
198.51.100.0/24
properties.endpoint.port
yes
integer
Port that the WireGuard Server will connect to.
51820
properties.allowedIPs
yes
array
The subnet CIDRs that are allowed to connect to the WireGuard Gateway. Specify "a.b.c.d/xy" for an individual IP address. Specify "0.0.0.0/0" or "::/0" for all IP addresses.
["198.51.100.0/24"]
properties.publicKey
yes
string
The public key for the WireGuard peer.
no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI=
You can update the gatewayId value to get a specific WireGuard Gateway:
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
201 Successful operation
Result: The WireGuard Peer is successfully created. the id and other details of the created WireGuard Peer are provided in the response.
Returns the WireGuard Peer by ID.
To retrieve the WireGuard Peer, perform a GET request.
Use a region-specific endpoint to retrieve a WireGuard Peer: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}/peers/{peerId}.
You can update the gatewayId and peerId values to get a specific WireGuard Peer for a given gateway:
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
peerId
string
The ID (UUID) of the WireGuard Peer.
b62b3a40-adee-5b6c-b98d-be20bfcbdd91
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
200 Successful operation
Result: The WireGuard Peer and its details for the specified gatewayId and peerId are successfully obtained.
-Operations to create and manage IPSec VPN Gateways. -This tag groups all operations for ipsecgateways.
To retrieve all the IPSec Gateways, perform a GET request.
Use a region-specific endpoint to retrieve all IPSec Gateways: https://vpn.{region}.ionos.com/ipsecgateways.
Below is the list of optional Path Parameters:
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
200 Successful operation
Result: All existing IPSec Gateways and their details are successfully obtained.
Ensures that the WireGuard Peer with the provided ID is created or modified. Remember to provide the full WireGuard Peer specification to ensure the WireGuard Peer with the respective ID is created or updated. When left empty, they are filled with default values or remain empty; previously provided values are not used for these empty fields.
To ensure that the WireGuard Peer with the provided ID is created or modified, perform PUT request.
Note: If WireGuard Peer for a given peerId does not exist, a new one is created instead.
Use a region-specific endpoint to ensure that the WireGuard Peer is created or modified: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}/peers/{peerId}.
Note: The following request contains a sample gatewayId and peerId. Replace them with the gatewayId and peerId values whose information you want to update.
Below is the list of mandatory path parameters:
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
peerId
string
The ID (UUID) of the WireGuard Peer.
b62b3a40-adee-5b6c-b98d-be20bfcbdd91
Below is the list of fields returned in the response for a WireGuard Peer:
id
string
The unique identifier (UUID) for the WireGuard Peer.
b62b3a40-adee-5b6c-b98d-be20bfcbdd91
metadata
object
Metadata related to the WireGuard Peer.
{}
properties
object
Properties of the WireGuard Peer.
properties.name
string
The human-readable name of the WireGuard Peer.
My Company Gateway Peer
properties.description
string
Human-readable description of the WireGuard Peer.
Allows local machine A to connect to Datacenter LAN Y.
properties.endpoint
object
Endpoint details for the WireGuard Peer.
properties.endpoint.host
string
The host IP address or domain for the WireGuard Peer.
198.51.100.0/24
properties.endpoint.port
integer
The port number for the WireGuard Peer.
51820
properties.allowedIPs
array
The subnet CIDRs that are allowed to connect to the WireGuard Gateway.
["198.51.100.0/24"]
properties.publicKey
string
The public key for the WireGuard Peer.
no8iaSEoqfbI6PVYsdEiUU5efYdtKX8VAhKity19MWI=
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
200 Successful operation
Following is an example of when a WireGuard Peer is successfully created.
Result: The WireGuard Peer is successfully updated or created.
Returns the IPSec Gateway by ID.
To retrieve the IPSec Gateway, perform a GET request.
Use a region-specific endpoint to retrieve IPSec Gateway: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}.
Note: The following request contains a sample gatewayId. Replace them with the gatewayId value, whose information you want to retrieve.
You can update the gatewayId value to get a specific IPSec Gateway:
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
200 Successful operation
Result: The IPSec Gateway and its details for the specified gatewayId are successfully obtained.
Deletes the specified WireGuard Peer.
To delete a WireGuard Peer, perform a DELETE request with the gatewayId of the WireGuard Gateway and peerId of the WireGuard Peer.
Use a region-specific endpoint to delete the WireGuard Peer: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayid}/peers/{peerId}.
Note: The following request contains a sample gatewayId and peerId. Replace them with the gatewayId and peerId value, whose information you want to delete.
You can update the gatewayId and peerId values to delete a specific WireGuard Peer for a given gateway:
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
peerId
string
The ID (UUID) of the WireGuard Peer.
b62b3a40-adee-5b6c-b98d-be20bfcbdd91
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
202 Successful operation
Result: The WireGuard Peer with the specified gatewayId and peerId is successfully deleted.
Ensures that the IPSecGateway with the provided ID is created or modified. The full IPSecGateway needs to be provided to ensure (either update or create) the IPSecGateway. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.
To ensure that the IPSecGateway with the provided ID is created or modified, perform PUT request.
Note: If IPSecGateway for a given gatewayId does not exist, a new one is created instead.
Use a region-specific endpoint to ensure IPSecGateway is created or modified: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}.
Note: The following request contains a sample gatewayId. Replace them with the gatewayId value whose information you want to update.
Below is the list of mandatory path parameters for updating an IPSecGateway:
gatewayId
string
The ID (UUID) of the IPSecGateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
Below is the list of mandatory body parameters for updating an IPSecGateway:
id
yes
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update the IPSec Gateway.
properties.name
yes
string
The human readable name of your IPSec Gateway.
My Company IPSec Gateway
properties.description
no
string
Human readable description of the IPSec Gateway.
This gateway connects site A to VDC X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
192.0.2.0
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.version
no
string
The IKE version that is permitted for the VPN tunnels. Default: "IKEv2".
IKEv2
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
200 Successful operation
Result: The IPSec Gateway is successfully updated or created.
Enables retrieving all IPSec Tunnels using pagination and optional filters.
To retrieve all the IPSec Tunnels, perform a GET request.
Use a region-specific endpoint to retrieve all IPSec Tunnels: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels.
Below is the list of optional Path Parameters:
offset
integer
The first element (of the total list of elements) to include in the response. Use together with limit for pagination. Default: 0
0
limit
integer
The maximum number of elements to return. Use together with offset for pagination. Default: 100
100
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
200 Successful operation
Result: All existing IPSec Tunnels and their details are successfully obtained.
Ensures that the IPSec Tunnel with the provided ID is created or modified. The full IPSec Tunnel needs to be provided to ensure (either update or create) the IPSec Tunnel. Non present data will only be filled with defaults or left empty, but not take previous values into consideration.s
To ensure that the IPSec Tunnel with the provided ID is created or modified, perform PUT request.
Note: If IPSec Tunnel for a given tunnelId does not exist, a new one is created instead.
Use a region-specific endpoint to ensure that IPSec Tunnel is created or modified: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}.
Note: The following request contains a sample gatewayId and tunnelId. Replace them with the gatewayId and tunnelId values whose information you want to update.
You can update the gatewayId and tunnelId values to specify the IPSec Gateway and Tunnel:
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
id
yes
string
The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
properties.name
yes
string
The human-readable name of your IPSec Gateway Tunnel.
My Updated Tunnel
properties.description
no
string
Human-readable description of the IPSec Gateway Tunnel.
Updated tunnel connecting site A to site B.
properties.remoteHost
yes
string
The remote peer host fully qualified domain name or IPV4 IP to connect to.
203.0.113.1
properties.auth
yes
object
Properties with all data needed to define IPSec Authentication.
properties.auth.method
yes
string
The Authentication Method to use for IPSec Authentication. Default: "PSK". Options: PSK
PSK
properties.auth.psk
yes
object
Properties needed to define IPSec Authentication PSK. This is required if the method is PSK.
{ "secret": "your-psk-value" }
properties.ike
no
object
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
properties.esp
no
object
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
yes
array
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, that is, the CIDRs within your IONOS Cloud LAN.
["10.0.0.0/24", "203.0.113.0/24"]
properties.peerNetworkCIDRs
yes
array
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "198.51.100.0/24"]
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
200 Successful operation
Following is an example of when a IPSec Tunnel is successfully created.
Result: The IPSec Tunnel is successfully updated or created.
Deletes the specified IPSecTunnel.
To delete a IPSec Tunnel, perform a DELETE request with the gatewayId of the IPSecGateway and tunnelId of the IPSec Tunnel.
Use a endpoint to delete IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayid}/tunnels/{tunnelId}.
Note: The following request contains a sample gatewayId and tunnelId. Replace them with the gatewayId and tunnelId value, whose information you want to delete.
You can update the gatewayId and tunnelId values to delete a specific IPSec Tunnel for a given gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
202 Successful operation
Result: The IPSec Tunnel with the specified gatewayId and tunnelId is successfully deleted.
Returns the WireGuard Gateway by ID.
To retrieve the WireGuard Gateway, perform a GET request.
Use a endpoint to retrieve a WireGuard Gateway: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}.
Note: The following request contains a sample gatewayId. Replace them with the gatewayId value, whose information you want to retrieve.
You can update the gatewayId value to get a specific WireGuard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Result: The WireGuard Gateway and its details for the specified gatewayId are successfully obtained.
Ensures that the WireGuard Gateway with the provided ID is created or modified. Remember to provide the full WireGuard Gateway specification to ensure the WireGuard Gateway with the respective ID is created or updated. When left empty, they are filled with default values or remain empty; previously provided values are not used for these empty fields.
To ensure that the WireGuard Gateway with the provided ID is created or modified, perform PUT request.
Note: If WireGuard Gateway for a given gatewayId does not exist, a new one is created instead.
Use a endpoint to ensure that the WireGuard Gateway is created or modified: https://vpn.{region}.ionos.com/wireguardgateways/{gatewayId}.
Note: The following request contains a sample gatewayId. Replace them with the gatewayId value whose information you want to update.
Below is the list of mandatory path parameters:
Below is the list of mandatory body parameters for updating a WireGuard Gateway:
To make authenticated requests to the API, the following fields are mandatory in the request header:
200 Successful operation
Following is an example of when a WireGuard Gateway is successfully created.
Result: The WireGuard Gateway is successfully updated or created.
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
id
yes
string
The ID (UUID) of the WireGuard Gateway to update.
85c79b4b-5b40-570a-b788-58dd46ea71e2
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update the WireGuard Gateway.
properties.name
yes
string
The human readable name of your WireGuard Gateway.
My Company Gateway
properties.description
no
string
Human readable description of the WireGuard Gateway.
This gateway allows connections to Datacenter LAN X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
192.0.2.0
properties.interfaceIPv4CIDR
no
string
The IPV4 address (with CIDR mask) to be assigned to the WireGuard interface.
172.16.0.1/32
properties.interfaceIPv6CIDR
no
string
The IPV6 address (with CIDR mask) to be assigned to the WireGuard interface.
2001:0db8:85a3::/128
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.privateKey
yes
string
PrivateKey used for WireGuard Server.
0HpE4BNwGHabeaC4aY/GFxB6fBSc0d49Db0qAzRVSVc=
properties.listenPort
no
integer
Port that WireGuard Server will listen on.
51820
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
gatewayId
string
The ID (UUID) of the IPSecGateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSecTunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
gatewayId
string
The ID (UUID) of the WireGuard Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
This endpoint Deletes the specified IPSec Gateway.
To delete a IPSec Gateway, perform a DELETE request with the gatewayId of the IPSec Gateway.
Use a region-specific endpoint to delete IPSec Gateway: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}.
Note: The following request contains a sample gatewayId. Replace them with the gatewayId value, whose information you want to delete.
You can update the gatewayId value to delete a specific IPSec Gateway:
gatewayId
string
The ID (UUID) of the IPSec Gateway.
85c79b4b-5b40-570a-b788-58dd46ea71e2
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enable requests to authenticate using an JSON Web Token (JWT).
202 Successful operation
Result: The IPSec Gateway with the specified gatewayId is successfully deleted.
Returns the IPSec Tunnel by ID.
To retrieve the IPSec Tunnel, perform a GET request.
Use a region-specific endpoint to retrieve IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels/{tunnelId}.
You can update the gatewayId and tunnelId values to get a specific IPSec Tunnel for a given gateway:
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
tunnelId
string
The ID (UUID) of the IPSec Tunnel.
c28b2d3e-7b15-53ca-ae88-6ae9378d6efe
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
no
string
Set this to application/json.
200 Successful operation
Result: The IPSec Tunnel and its details for the specified gatewayId and tunnelId are successfully obtained.
Creates a new IPSec Tunnel.
The full IPSec Tunnel needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a IPSec Tunnel, perform a POST request.
Use a region-specific endpoint to create IPSec Tunnel: https://vpn.{region}.ionos.com/ipsecgateways/{gatewayId}/tunnels.
You can update the gatewayId value to get a specific IPSecGateway:
gatewayId
string
The ID (UUID) of the IPSec Gateway.
66a114c7-2ddd-5119-9ddf-5a789f5a5a44
Below is the list of mandatory body parameters for updating an IPSec Tunnel:
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to update an IPSec Tunnel. Note: There is a limit of 20 tunnels per IPSec Gateway.
properties.name
yes
string
The human-readable name of your IPSec Gateway Tunnel.
My Tunnel
properties.description
no
string
Human-readable description of the IPSec Gateway Tunnel.
Tunnel connecting site A to site B.
properties.remoteHost
yes
string
The remote peer host fully qualified domain name or IPV4 IP to connect to.
203.0.113.1
properties.auth
yes
object
Properties needed to define IPSec Authentication.
properties.auth.ike
yes
object
Settings for the initial security exchange phase.
{ "encryption": "AES-256", "hash": "SHA256" }
properties.auth.esp
yes
object
Settings for the IPSec SA (ESP) phase.
{ "encryption": "AES-256", "auth": "SHA256" }
properties.cloudNetworkCIDRs
yes
array
The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel.
["10.0.0.0/24", "203.0.113.0/24"]
properties.peerNetworkCIDRs
yes
array
The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel.
["10.0.1.0/24", "198.51.100.0/24"]
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token to enable requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
201 Successful operation
Result: The IPSec Tunnel is successfully created. the id and other details of the created IPSec Tunnel are provided in the response.
The full IPSec Gateway needs to be provided to create the object. Optional data will be filled with defaults or left empty.
To create a IPSec Gateway, perform a POST request.
Use a region-specific endpoint to create IPSec Gateway: https://vpn.{region}.ionos.com/ipsecgateways.
Below is the list of mandatory body parameters for creating an IPSec Gateway:
metadata
no
object
Metadata
{}
properties
yes
object
Properties with all data needed to create a new IPSec Gateway.
properties.name
yes
string
The human readable name of your IPSec Gateway.
My Company IPSec Gateway
properties.description
no
string
Human readable description of the IPSec Gateway.
This gateway connects site A to VDC X.
properties.gatewayIP
yes
string
Public IP address to be assigned to the gateway.
192.0.2.0
properties.connections
yes
array
The network connection for your gateway.
[ { "datacenterId": "5a029f4a-72e5-11ec-90d6-0242ac120003", "lanId": "2", "ipv4CIDR": "192.168.1.100/24", "ipv6CIDR": "2001:0db8:85a3::/24" } ]
properties.version
no
string
The IKE version that is permitted for the VPN tunnels. Default: "IKEv2".
IKEv2
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
The Bearer token enables requests to authenticate using a JSON Web Token (JWT).
Content-Type
yes
string
Set this to application/json.
201 Successful operation
Result: The IPSec Gateway is successfully created. the id and other details of the created IPSec Gateway are provided in the response.
Action
Description
Learn how to set User privileges for VPN Gateway via the API.
Action
Description
Endpoint to retrieve all WireGuard VPN Gateways using pagination and optional filters.
Creates a new WireGuard VPN Gateway. The full configuration needs to be provided.
Retrieves details of a specific WireGuard VPN Gateway.
Ensures that a WireGuard VPN Gateway with the provided ID is created or modified.
Deletes the specified WireGuard Gateway.
Action
Description
Endpoint to retrieve all WireGuard Peers associated with a VPN Gateway using pagination and optional filters.
Creates a new WireGuard Peer. The full configuration needs to be provided.
Retrieves details of a specific WireGuard Peer.
Ensures that a WireGuard Peer with the provided ID is created or modified.
Deletes the specified WireGuard Peer.
Action
Description
Endpoint to retrieve all IPSec VPN Gateways using pagination and optional filters.
Creates a new IPSec VPN Gateway. The full configuration needs to be provided.
Retrieves details of a specific IPSec VPN Gateway.
Ensures that an IPSec VPN Gateway with the provided ID is created or modified.
Deletes the specified IPSec Gateway.
Action
Description
Endpoint to retrieve all IPSec VPN Tunnels associated with an IPSec VPN Gateway using pagination and optional filters.
Creates a new IPSec VPN Tunnel associated with an IPSec VPN Gateway. The full configuration needs to be provided.
Retrieves details of a specific IPSec VPN Tunnel.
Ensures that an IPSec VPN Tunnel with the provided ID is created or modified.
Deletes the specified IPSec Tunnel.
A regional endpoint is necessary to interact with the VPN Gateway REST API endpoints. For more information, see the API specification file.
Note: To prevent any failed requests, make sure to use the regional endpoint that corresponds to the location of the VDC where your VPN Gateway has been established.
IONOS supports the following endpoints for various locations:
Berlin, Germany: https://vpn.de-txl.ionos.com/clusters
Frankfurt, Germany: https://vpn.de-fra.ionos.com/clusters
Logroño, Spain: https://vpn.es-vit.ionos.com/clusters
London, Great Britain: https://vpn.gb-lhr.ionos.com/clusters
Newark, United States: https://vpn.us-ewr.ionos.com/clusters
Las Vegas, United States: https://vpn.us-las.ionos.com/clusters
Lenexa, United States: https://vpn.us-mci.ionos.com/clusters
Paris, France: https://vpn.fr-par.ionos.com/clusters