ZeroTier Central API (v1)
Download OpenAPI specification:Download
ZeroTier Central Network Management Portal API.
All API requests must have an API token header specified in the Authorization: token xxxxx
format. You can generate your API key by logging into ZeroTier Central and creating a token on the Account page.
eg. curl -X GET -H "Authorization: token xxxxx" https://api.zerotier.com/api/v1/network
Rate Limiting
The ZeroTier Central API implements rate limiting. Paid users are limited to 100 requests per second. Free users are limited to 20 requests per second.
You can get the OpenAPI spec here as well: https://docs.zerotier.com/api/central/ref-v1.json
Response samples
- 200
[- {
- "id": "8056c2e21c000001",
- "clock": 12345,
- "config": {
- "id": "8056c2e21c000001",
- "creationTime": 1442292672978,
- "capabilities": [
- { }
], - "dns": {
- "domain": "some.domain",
- "servers": [
- "10.0.0.3"
]
}, - "enableBroadcast": true,
- "ipAssignmentPools": [
- {
- "ipRangeStart": "10.0.0.1",
- "ipRangeEnd": "10.0.0.255"
}
], - "lastModified": 1588184318235,
- "mtu": 2800,
- "multicastLimit": 32,
- "name": "My ZeroTier Network",
- "private": true,
- "routes": [
- {
- "target": "10.0.0.0/24",
- "via": null
}
], - "rules": [
- { }
], - "ssoConfig": {
- "enabled": true,
- "mode": "default",
- "clientId": "some-client-id",
- "provider": "keycloak",
- "authorizationEndpoint": "string",
- "allowList": [
- "string"
]
}, - "tags": [
- { }
], - "v4AssignMode": {
- "zt": true
}, - "v6AssignMode": {
- "6plane": true,
- "rfc4193": false,
- "zt": false
}
}, - "description": "Some descriptive text about my network.",
- "rulesSource": "accept;",
- "permissions": {
- "00000000-0000-0000-0000-000000000000": {
- "a": true,
- "d": true,
- "m": true,
- "r": true
}
}, - "ownerId": "00000000-0000-0000-0000-000000000000",
- "onlineMemberCount": 123,
- "authorizedMemberCount": 200,
- "totalMemberCount": 250,
- "capabilitiesByName": { },
- "tagsByName": { }
}
]
Create a new network.
Authorizations:
Request Body schema: application/jsonrequired
empty JSON object
Responses
Request samples
- Payload
{ }
Response samples
- 200
{- "id": "8056c2e21c000001",
- "clock": 12345,
- "config": {
- "id": "8056c2e21c000001",
- "creationTime": 1442292672978,
- "capabilities": [
- { }
], - "dns": {
- "domain": "some.domain",
- "servers": [
- "10.0.0.3"
]
}, - "enableBroadcast": true,
- "ipAssignmentPools": [
- {
- "ipRangeStart": "10.0.0.1",
- "ipRangeEnd": "10.0.0.255"
}
], - "lastModified": 1588184318235,
- "mtu": 2800,
- "multicastLimit": 32,
- "name": "My ZeroTier Network",
- "private": true,
- "routes": [
- {
- "target": "10.0.0.0/24",
- "via": null
}
], - "rules": [
- { }
], - "ssoConfig": {
- "enabled": true,
- "mode": "default",
- "clientId": "some-client-id",
- "provider": "keycloak",
- "authorizationEndpoint": "string",
- "allowList": [
- "string"
]
}, - "tags": [
- { }
], - "v4AssignMode": {
- "zt": true
}, - "v6AssignMode": {
- "6plane": true,
- "rfc4193": false,
- "zt": false
}
}, - "description": "Some descriptive text about my network.",
- "rulesSource": "accept;",
- "permissions": {
- "00000000-0000-0000-0000-000000000000": {
- "a": true,
- "d": true,
- "m": true,
- "r": true
}
}, - "ownerId": "00000000-0000-0000-0000-000000000000",
- "onlineMemberCount": 123,
- "authorizedMemberCount": 200,
- "totalMemberCount": 250,
- "capabilitiesByName": { },
- "tagsByName": { }
}
Get network by ID
Returns a single network
Authorizations:
path Parameters
networkID required | string ID of the network to return |
Responses
Response samples
- 200
{- "id": "8056c2e21c000001",
- "clock": 12345,
- "config": {
- "id": "8056c2e21c000001",
- "creationTime": 1442292672978,
- "capabilities": [
- { }
], - "dns": {
- "domain": "some.domain",
- "servers": [
- "10.0.0.3"
]
}, - "enableBroadcast": true,
- "ipAssignmentPools": [
- {
- "ipRangeStart": "10.0.0.1",
- "ipRangeEnd": "10.0.0.255"
}
], - "lastModified": 1588184318235,
- "mtu": 2800,
- "multicastLimit": 32,
- "name": "My ZeroTier Network",
- "private": true,
- "routes": [
- {
- "target": "10.0.0.0/24",
- "via": null
}
], - "rules": [
- { }
], - "ssoConfig": {
- "enabled": true,
- "mode": "default",
- "clientId": "some-client-id",
- "provider": "keycloak",
- "authorizationEndpoint": "string",
- "allowList": [
- "string"
]
}, - "tags": [
- { }
], - "v4AssignMode": {
- "zt": true
}, - "v6AssignMode": {
- "6plane": true,
- "rfc4193": false,
- "zt": false
}
}, - "description": "Some descriptive text about my network.",
- "rulesSource": "accept;",
- "permissions": {
- "00000000-0000-0000-0000-000000000000": {
- "a": true,
- "d": true,
- "m": true,
- "r": true
}
}, - "ownerId": "00000000-0000-0000-0000-000000000000",
- "onlineMemberCount": 123,
- "authorizedMemberCount": 200,
- "totalMemberCount": 250,
- "capabilitiesByName": { },
- "tagsByName": { }
}
update network configuration
Authorizations:
path Parameters
networkID required | string ID of the network to change |
Request Body schema: application/jsonrequired
Network object JSON
object (NetworkConfig) | |
description | string or null |
rulesSource | string or null |
object (PermissionsMap) | |
ownerId | string or null |
capabilitiesByName | object or null |
tagsByName | object or null |
Responses
Request samples
- Payload
{- "config": {
- "capabilities": [
- { }
], - "dns": {
- "domain": "some.domain",
- "servers": [
- "10.0.0.3"
]
}, - "enableBroadcast": true,
- "ipAssignmentPools": [
- {
- "ipRangeStart": "10.0.0.1",
- "ipRangeEnd": "10.0.0.255"
}
], - "mtu": 2800,
- "multicastLimit": 32,
- "name": "My ZeroTier Network",
- "private": true,
- "routes": [
- {
- "target": "10.0.0.0/24",
- "via": null
}
], - "rules": [
- { }
], - "ssoConfig": {
- "enabled": true,
- "mode": "default",
- "clientId": "some-client-id",
- "allowList": [
- "string"
]
}, - "tags": [
- { }
], - "v4AssignMode": {
- "zt": true
}, - "v6AssignMode": {
- "6plane": true,
- "rfc4193": false,
- "zt": false
}
}, - "description": "Some descriptive text about my network.",
- "rulesSource": "accept;",
- "permissions": {
- "00000000-0000-0000-0000-000000000000": {
- "a": true,
- "d": true,
- "m": true,
- "r": true
}
}, - "ownerId": "00000000-0000-0000-0000-000000000000",
- "capabilitiesByName": { },
- "tagsByName": { }
}
Response samples
- 200
{- "id": "8056c2e21c000001",
- "clock": 12345,
- "config": {
- "id": "8056c2e21c000001",
- "creationTime": 1442292672978,
- "capabilities": [
- { }
], - "dns": {
- "domain": "some.domain",
- "servers": [
- "10.0.0.3"
]
}, - "enableBroadcast": true,
- "ipAssignmentPools": [
- {
- "ipRangeStart": "10.0.0.1",
- "ipRangeEnd": "10.0.0.255"
}
], - "lastModified": 1588184318235,
- "mtu": 2800,
- "multicastLimit": 32,
- "name": "My ZeroTier Network",
- "private": true,
- "routes": [
- {
- "target": "10.0.0.0/24",
- "via": null
}
], - "rules": [
- { }
], - "ssoConfig": {
- "enabled": true,
- "mode": "default",
- "clientId": "some-client-id",
- "provider": "keycloak",
- "authorizationEndpoint": "string",
- "allowList": [
- "string"
]
}, - "tags": [
- { }
], - "v4AssignMode": {
- "zt": true
}, - "v6AssignMode": {
- "6plane": true,
- "rfc4193": false,
- "zt": false
}
}, - "description": "Some descriptive text about my network.",
- "rulesSource": "accept;",
- "permissions": {
- "00000000-0000-0000-0000-000000000000": {
- "a": true,
- "d": true,
- "m": true,
- "r": true
}
}, - "ownerId": "00000000-0000-0000-0000-000000000000",
- "onlineMemberCount": 123,
- "authorizedMemberCount": 200,
- "totalMemberCount": 250,
- "capabilitiesByName": { },
- "tagsByName": { }
}
Returns a list of Members on the network.
Authorizations:
path Parameters
networkID required | string ID of the network to return |
Responses
Response samples
- 200
[- {
- "id": "8056c2e21c000001-abcdef0123",
- "clock": 1612993759070,
- "networkId": "8056c2e21c000001",
- "nodeId": "abcdef01234",
- "controllerId": "8056c2e21c",
- "hidden": false,
- "name": "my-cray-supercomputer",
- "description": "My super awesome cray that I got ZeroTier to run on",
- "config": {
- "activeBridge": false,
- "authorized": true,
- "capabilities": [
- 0
], - "creationTime": 1599853509872,
- "id": "abcdef01234",
- "identity": "abcdef0123:0:abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123",
- "ipAssignments": [
- "10.0.0.3"
], - "lastAuthorizedTime": 1599853637989,
- "lastDeauthorizedTime": 0,
- "noAutoAssignIps": false,
- "revision": 123,
- "ssoExempt": false,
- "tags": [
- [
- 123,
- 456
]
], - "vMajor": 1,
- "vMinor": 6,
- "vRev": 3,
- "vProto": 12
}, - "lastOnline": 1612993673254,
- "lastSeen": 1612993673254,
- "physicalAddress": "8.8.8.8",
- "clientVersion": "1.6.3",
- "protocolVersion": 12,
- "supportsRulesEngine": true
}
]
Return an individual member on a network
Authorizations:
path Parameters
networkID required | string ID of the network |
memberID required | string ID of the member |
Responses
Response samples
- 200
{- "id": "8056c2e21c000001-abcdef0123",
- "clock": 1612993759070,
- "networkId": "8056c2e21c000001",
- "nodeId": "abcdef01234",
- "controllerId": "8056c2e21c",
- "hidden": false,
- "name": "my-cray-supercomputer",
- "description": "My super awesome cray that I got ZeroTier to run on",
- "config": {
- "activeBridge": false,
- "authorized": true,
- "capabilities": [
- 0
], - "creationTime": 1599853509872,
- "id": "abcdef01234",
- "identity": "abcdef0123:0:abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123",
- "ipAssignments": [
- "10.0.0.3"
], - "lastAuthorizedTime": 1599853637989,
- "lastDeauthorizedTime": 0,
- "noAutoAssignIps": false,
- "revision": 123,
- "ssoExempt": false,
- "tags": [
- [
- 123,
- 456
]
], - "vMajor": 1,
- "vMinor": 6,
- "vRev": 3,
- "vProto": 12
}, - "lastOnline": 1612993673254,
- "lastSeen": 1612993673254,
- "physicalAddress": "8.8.8.8",
- "clientVersion": "1.6.3",
- "protocolVersion": 12,
- "supportsRulesEngine": true
}
Modify a network member
Authorizations:
path Parameters
networkID required | string ID of the network |
memberID required | string ID of the member |
Request Body schema: application/jsonrequired
Member object JSON
hidden | boolean or null Whether or not the member is hidden in the UI |
name | string or null User defined name of the member |
description | string or null User defined description of the member |
object (MemberConfig) |
Responses
Request samples
- Payload
{- "hidden": false,
- "name": "my-cray-supercomputer",
- "description": "My super awesome cray that I got ZeroTier to run on",
- "config": {
- "activeBridge": false,
- "authorized": true,
- "capabilities": [
- 0
], - "ipAssignments": [
- "10.0.0.3"
], - "noAutoAssignIps": false,
- "ssoExempt": false,
- "tags": [
- [
- 123,
- 456
]
]
}
}
Response samples
- 200
{- "id": "8056c2e21c000001-abcdef0123",
- "clock": 1612993759070,
- "networkId": "8056c2e21c000001",
- "nodeId": "abcdef01234",
- "controllerId": "8056c2e21c",
- "hidden": false,
- "name": "my-cray-supercomputer",
- "description": "My super awesome cray that I got ZeroTier to run on",
- "config": {
- "activeBridge": false,
- "authorized": true,
- "capabilities": [
- 0
], - "creationTime": 1599853509872,
- "id": "abcdef01234",
- "identity": "abcdef0123:0:abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123abcdef0123",
- "ipAssignments": [
- "10.0.0.3"
], - "lastAuthorizedTime": 1599853637989,
- "lastDeauthorizedTime": 0,
- "noAutoAssignIps": false,
- "revision": 123,
- "ssoExempt": false,
- "tags": [
- [
- 123,
- 456
]
], - "vMajor": 1,
- "vMinor": 6,
- "vRev": 3,
- "vProto": 12
}, - "lastOnline": 1612993673254,
- "lastSeen": 1612993673254,
- "physicalAddress": "8.8.8.8",
- "clientVersion": "1.6.3",
- "protocolVersion": 12,
- "supportsRulesEngine": true
}
Response samples
- 200
{- "id": "00000000-0000-0000-0000-000000000000",
- "orgId": "00000000-0000-0000-0000-000000000000",
- "globalPermissions": {
- "a": true,
- "d": true,
- "m": true,
- "r": true
}, - "displayName": "Joe User",
- "auth": {
- "google": "156162346876134683",
- "oidc": "00000000-0000-0000-0000-000000000000"
}, - "smsNumber": "+1-800-555-1212",
- "tokens": [
- "my-token-id"
]
}
Update user record (SMS number or Display Name only)
Authorizations:
path Parameters
userID required | string User ID |
Request Body schema: application/jsonrequired
User object JSON
displayName | string Display Name |
smsNumber | string Deprecated SMS number |
Responses
Request samples
- Payload
{- "displayName": "Joe User",
- "smsNumber": "+1-800-555-1212"
}
Response samples
- 200
{- "id": "00000000-0000-0000-0000-000000000000",
- "orgId": "00000000-0000-0000-0000-000000000000",
- "globalPermissions": {
- "a": true,
- "d": true,
- "m": true,
- "r": true
}, - "displayName": "Joe User",
- "auth": {
- "google": "156162346876134683",
- "oidc": "00000000-0000-0000-0000-000000000000"
}, - "smsNumber": "+1-800-555-1212",
- "tokens": [
- "my-token-id"
]
}
Add an API token
Authorizations:
path Parameters
userID required | string User ID |
Request Body schema: application/jsonrequired
APIToken JSON object
tokenName | string user specified token name |
token | string API Token. Minimum 32 characters. This token is encrypted in the database and can not be retrieved once set |
Responses
Request samples
- Payload
{- "tokenName": "my-super-secret-token",
- "token": "adsf98ashdkjh3689adsfnj3$ADn"
}
Response samples
- 200
{- "tokenName": "my-super-secret-token"
}
Organization management. Note: Organizations require a paid account and cannot be created via the API
Response samples
- 200
{- "id": "00000000-0000-0000-0000-000000000000",
- "ownerId": "00000000-0000-0000-0000-000000000000",
- "members": [
- {
- "orgId": "00000000-0000-0000-0000-000000000000",
- "userId": "00000000-0000-0000-0000-000000000000",
- "name": "Joe User",
- "email": "string"
}
], - "ssoConfig": {
- "enabled": true,
- "issuers": [
- {
- "provider": "keycloak",
- "clientId": "oidc-client-id",
}
]
}
}
Get organization by ID
Authorizations:
path Parameters
orgID required | string Organization ID |
Responses
Response samples
- 200
{- "id": "00000000-0000-0000-0000-000000000000",
- "ownerId": "00000000-0000-0000-0000-000000000000",
- "members": [
- {
- "orgId": "00000000-0000-0000-0000-000000000000",
- "userId": "00000000-0000-0000-0000-000000000000",
- "name": "Joe User",
- "email": "string"
}
], - "ssoConfig": {
- "enabled": true,
- "issuers": [
- {
- "provider": "keycloak",
- "clientId": "oidc-client-id",
}
]
}
}
Get list of organization members
Authorizations:
path Parameters
orgID required | string Organization ID |
Responses
Response samples
- 200
{- "orgId": "00000000-0000-0000-0000-000000000000",
- "userId": "00000000-0000-0000-0000-000000000000",
- "name": "Joe User",
- "email": "string"
}
Response samples
- 200
[- {
- "orgId": "00000000-0000-0000-0000-000000000000",
- "id": "00000000-0000-0000-0000-000000000000",
- "creation_time": 1613067920454,
- "status": "pending",
- "update_time": 1613067920454,
- "ownerEmail": "[email protected]"
}
]
Invite a user to your organization by email
Authorizations:
Request Body schema: application/jsonrequired
Organization Invitation JSON object
string Email address of invitee |
Responses
Request samples
- Payload
{- "email": "[email protected]"
}
Response samples
- 200
{- "orgId": "00000000-0000-0000-0000-000000000000",
- "id": "00000000-0000-0000-0000-000000000000",
- "creation_time": 1613067920454,
- "status": "pending",
- "update_time": 1613067920454,
- "ownerEmail": "[email protected]"
}
Get organization invitation
Authorizations:
path Parameters
inviteID required | string Invitation ID |
Responses
Response samples
- 200
{- "orgId": "00000000-0000-0000-0000-000000000000",
- "id": "00000000-0000-0000-0000-000000000000",
- "creation_time": 1613067920454,
- "status": "pending",
- "update_time": 1613067920454,
- "ownerEmail": "[email protected]"
}
Accept organization invitation
Authorizations:
path Parameters
inviteID required | string Invitation ID |
Responses
Response samples
- 200
{- "orgId": "00000000-0000-0000-0000-000000000000",
- "id": "00000000-0000-0000-0000-000000000000",
- "creation_time": 1613067920454,
- "status": "pending",
- "update_time": 1613067920454,
- "ownerEmail": "[email protected]"
}
Obtain the overall status of the account tied to the API token in use.
Authorizations:
Responses
Response samples
- 200
{- "id": "central_status",
- "type": "CentralStatus",
- "clock": 1613067920454,
- "version": "1.6.5",
- "apiVersion": "4",
- "uptime": 1613067920454,
- "user": {
- "id": "00000000-0000-0000-0000-000000000000",
- "orgId": "00000000-0000-0000-0000-000000000000",
- "globalPermissions": {
- "a": true,
- "d": true,
- "m": true,
- "r": true
}, - "displayName": "Joe User",
- "auth": {
- "google": "156162346876134683",
- "oidc": "00000000-0000-0000-0000-000000000000"
}, - "smsNumber": "+1-800-555-1212",
- "tokens": [
- "my-token-id"
]
}, - "readOnlyMode": true,
- "loginMethods": {
- "local": true,
- "google": true,
- "twitter": true,
- "facebook": true,
- "github": true,
- "saml": true,
- "oidc": true
}
}
Get a random 32 character token
Get a random 32 character. Used by the web UI to generate API keys
Authorizations:
Responses
Response samples
- 200
{- "clock": 1613067920454,
- "hex": "16924f3ff478526cffb1b89b1040b33c8dbd3c09e07f39691f615769121c0d76",
- "token": "wwrb66uUh18Fqc38rd8jMd5RFJzRsCn4"
}