Skip to main content

ZeroTier Central API (v1)

Download OpenAPI specification:Download

ZeroTier Central Network Management Portal API.

All API requests must have an API token header specified in the Authorization: token xxxxx format. You can generate your API key by logging into ZeroTier Central and creating a token on the Account page.

eg. curl -X GET -H "Authorization: token xxxxx" https://api.zerotier.com/api/v1/network

Rate Limiting

The ZeroTier Central API implements rate limiting. Paid users are limited to 100 requests per second. Free users are limited to 20 requests per second.

You can get the OpenAPI spec here as well: https://docs.zerotier.com/api/central/ref-v1.json

network

Network operations

Returns a list of Networks you have access to.

Authorizations:
tokenAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new network.

Authorizations:
tokenAuth
Request Body schema: application/json
required

empty JSON object

object

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "id": "8056c2e21c000001",
  • "clock": 12345,
  • "config": {
    },
  • "description": "Some descriptive text about my network.",
  • "rulesSource": "accept;",
  • "permissions": {
    },
  • "ownerId": "00000000-0000-0000-0000-000000000000",
  • "onlineMemberCount": 123,
  • "authorizedMemberCount": 200,
  • "totalMemberCount": 250,
  • "capabilitiesByName": { },
  • "tagsByName": { }
}

Get network by ID

Returns a single network

Authorizations:
tokenAuth
path Parameters
networkID
required
string

ID of the network to return

Responses

Response samples

Content type
application/json
{
  • "id": "8056c2e21c000001",
  • "clock": 12345,
  • "config": {
    },
  • "description": "Some descriptive text about my network.",
  • "rulesSource": "accept;",
  • "permissions": {
    },
  • "ownerId": "00000000-0000-0000-0000-000000000000",
  • "onlineMemberCount": 123,
  • "authorizedMemberCount": 200,
  • "totalMemberCount": 250,
  • "capabilitiesByName": { },
  • "tagsByName": { }
}

update network configuration

Authorizations:
tokenAuth
path Parameters
networkID
required
string

ID of the network to change

Request Body schema: application/json
required

Network object JSON

object (NetworkConfig)
description
string or null
rulesSource
string or null
object (PermissionsMap)
ownerId
string or null
capabilitiesByName
object or null
tagsByName
object or null

Responses

Request samples

Content type
application/json
{
  • "config": {
    },
  • "description": "Some descriptive text about my network.",
  • "rulesSource": "accept;",
  • "permissions": {
    },
  • "ownerId": "00000000-0000-0000-0000-000000000000",
  • "capabilitiesByName": { },
  • "tagsByName": { }
}

Response samples

Content type
application/json
{
  • "id": "8056c2e21c000001",
  • "clock": 12345,
  • "config": {
    },
  • "description": "Some descriptive text about my network.",
  • "rulesSource": "accept;",
  • "permissions": {
    },
  • "ownerId": "00000000-0000-0000-0000-000000000000",
  • "onlineMemberCount": 123,
  • "authorizedMemberCount": 200,
  • "totalMemberCount": 250,
  • "capabilitiesByName": { },
  • "tagsByName": { }
}

delete network

Authorizations:
tokenAuth
path Parameters
networkID
required
string

ID of the network

Responses

network-member

Network member operations

Returns a list of Members on the network.

Authorizations:
tokenAuth
path Parameters
networkID
required
string

ID of the network to return

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Return an individual member on a network

Authorizations:
tokenAuth
path Parameters
networkID
required
string

ID of the network

memberID
required
string

ID of the member

Responses

Response samples

Content type
application/json
{
  • "id": "8056c2e21c000001-abcdef0123",
  • "clock": 1612993759070,
  • "networkId": "8056c2e21c000001",
  • "nodeId": "abcdef01234",
  • "controllerId": "8056c2e21c",
  • "hidden": false,
  • "name": "my-cray-supercomputer",
  • "description": "My super awesome cray that I got ZeroTier to run on",
  • "config": {
    },
  • "lastOnline": 1612993673254,
  • "lastSeen": 1612993673254,
  • "physicalAddress": "8.8.8.8",
  • "clientVersion": "1.6.3",
  • "protocolVersion": 12,
  • "supportsRulesEngine": true
}

Modify a network member

Authorizations:
tokenAuth
path Parameters
networkID
required
string

ID of the network

memberID
required
string

ID of the member

Request Body schema: application/json
required

Member object JSON

hidden
boolean or null

Whether or not the member is hidden in the UI

name
string or null

User defined name of the member

description
string or null

User defined description of the member

object (MemberConfig)

Responses

Request samples

Content type
application/json
{
  • "hidden": false,
  • "name": "my-cray-supercomputer",
  • "description": "My super awesome cray that I got ZeroTier to run on",
  • "config": {
    }
}

Response samples

Content type
application/json
{
  • "id": "8056c2e21c000001-abcdef0123",
  • "clock": 1612993759070,
  • "networkId": "8056c2e21c000001",
  • "nodeId": "abcdef01234",
  • "controllerId": "8056c2e21c",
  • "hidden": false,
  • "name": "my-cray-supercomputer",
  • "description": "My super awesome cray that I got ZeroTier to run on",
  • "config": {
    },
  • "lastOnline": 1612993673254,
  • "lastSeen": 1612993673254,
  • "physicalAddress": "8.8.8.8",
  • "clientVersion": "1.6.3",
  • "protocolVersion": 12,
  • "supportsRulesEngine": true
}

Delete a network member

Authorizations:
tokenAuth
path Parameters
networkID
required
string

ID of the network

memberID
required
string

ID of the member

Responses

user

User management operations

Get user record

Authorizations:
tokenAuth
path Parameters
userID
required
string

User ID

Responses

Response samples

Content type
application/json
{
  • "id": "00000000-0000-0000-0000-000000000000",
  • "orgId": "00000000-0000-0000-0000-000000000000",
  • "globalPermissions": {
    },
  • "displayName": "Joe User",
  • "email": "[email protected]",
  • "auth": {
    },
  • "smsNumber": "+1-800-555-1212",
  • "tokens": [
    ]
}

Update user record (SMS number or Display Name only)

Authorizations:
tokenAuth
path Parameters
userID
required
string

User ID

Request Body schema: application/json
required

User object JSON

displayName
string

Display Name

smsNumber
string
Deprecated

SMS number

Responses

Request samples

Content type
application/json
{
  • "displayName": "Joe User",
  • "smsNumber": "+1-800-555-1212"
}

Response samples

Content type
application/json
{
  • "id": "00000000-0000-0000-0000-000000000000",
  • "orgId": "00000000-0000-0000-0000-000000000000",
  • "globalPermissions": {
    },
  • "displayName": "Joe User",
  • "email": "[email protected]",
  • "auth": {
    },
  • "smsNumber": "+1-800-555-1212",
  • "tokens": [
    ]
}

Delete user

Deletes the user and all associated networks. This is not reversible. Delete at your own risk.

Authorizations:
tokenAuth
path Parameters
userID
required
string

User ID

Responses

Add an API token

Authorizations:
tokenAuth
path Parameters
userID
required
string

User ID

Request Body schema: application/json
required

APIToken JSON object

tokenName
string

user specified token name

token
string

API Token. Minimum 32 characters. This token is encrypted in the database and can not be retrieved once set

Responses

Request samples

Content type
application/json
{
  • "tokenName": "my-super-secret-token",
  • "token": "adsf98ashdkjh3689adsfnj3$ADn"
}

Response samples

Content type
application/json
{
  • "tokenName": "my-super-secret-token"
}

Delete API Token

Authorizations:
tokenAuth
path Parameters
userID
required
string

User ID

tokenName
required
string

Token Name

Responses

organizations

Organization management. Note: Organizations require a paid account and cannot be created via the API

Get the current user's organization

Authorizations:
tokenAuth

Responses

Response samples

Content type
application/json
{
  • "id": "00000000-0000-0000-0000-000000000000",
  • "ownerId": "00000000-0000-0000-0000-000000000000",
  • "ownerEmail": "[email protected]",
  • "members": [
    ],
  • "ssoConfig": {}
}

Get organization by ID

Authorizations:
tokenAuth
path Parameters
orgID
required
string

Organization ID

Responses

Response samples

Content type
application/json
{
  • "id": "00000000-0000-0000-0000-000000000000",
  • "ownerId": "00000000-0000-0000-0000-000000000000",
  • "ownerEmail": "[email protected]",
  • "members": [
    ],
  • "ssoConfig": {}
}

Get list of organization members

Authorizations:
tokenAuth
path Parameters
orgID
required
string

Organization ID

Responses

Response samples

Content type
application/json
{
  • "orgId": "00000000-0000-0000-0000-000000000000",
  • "userId": "00000000-0000-0000-0000-000000000000",
  • "name": "Joe User",
  • "email": "string"
}

Get list of organization invitations

Authorizations:
tokenAuth

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Invite a user to your organization by email

Authorizations:
tokenAuth
Request Body schema: application/json
required

Organization Invitation JSON object

email
string

Email address of invitee

Responses

Request samples

Content type
application/json
{}

Response samples

Content type
application/json
{
  • "orgId": "00000000-0000-0000-0000-000000000000",
  • "email": "[email protected]",
  • "id": "00000000-0000-0000-0000-000000000000",
  • "creation_time": 1613067920454,
  • "status": "pending",
  • "update_time": 1613067920454,
  • "ownerEmail": "[email protected]"
}

Get organization invitation

Authorizations:
tokenAuth
path Parameters
inviteID
required
string

Invitation ID

Responses

Response samples

Content type
application/json
{
  • "orgId": "00000000-0000-0000-0000-000000000000",
  • "email": "[email protected]",
  • "id": "00000000-0000-0000-0000-000000000000",
  • "creation_time": 1613067920454,
  • "status": "pending",
  • "update_time": 1613067920454,
  • "ownerEmail": "[email protected]"
}

Accept organization invitation

Authorizations:
tokenAuth
path Parameters
inviteID
required
string

Invitation ID

Responses

Response samples

Content type
application/json
{
  • "orgId": "00000000-0000-0000-0000-000000000000",
  • "email": "[email protected]",
  • "id": "00000000-0000-0000-0000-000000000000",
  • "creation_time": 1613067920454,
  • "status": "pending",
  • "update_time": 1613067920454,
  • "ownerEmail": "[email protected]"
}

Decline organization invitation

Authorizations:
tokenAuth
path Parameters
inviteID
required
string

Invitation ID

Responses

util

Utility endpoints

Obtain the overall status of the account tied to the API token in use.

Authorizations:
tokenAuth

Responses

Response samples

Content type
application/json
{
  • "id": "central_status",
  • "type": "CentralStatus",
  • "clock": 1613067920454,
  • "version": "1.6.5",
  • "apiVersion": "4",
  • "uptime": 1613067920454,
  • "user": {
    },
  • "readOnlyMode": true,
  • "loginMethods": {
    }
}

Get a random 32 character token

Get a random 32 character. Used by the web UI to generate API keys

Authorizations:
tokenAuth

Responses

Response samples

Content type
application/json
{
  • "clock": 1613067920454,
  • "hex": "16924f3ff478526cffb1b89b1040b33c8dbd3c09e07f39691f615769121c0d76",
  • "token": "wwrb66uUh18Fqc38rd8jMd5RFJzRsCn4"
}