API Reference
The Tunnely backend exposes a strictly authenticated RESTful API for fetching routing configurations, parsing telemetry, and spinning up new decentralized relay instances.
Authentication
All API endpoints require a Bearer token issued by our centralized auth cluster. You can generate a persistent access token via the desktop client dashboard.
Header:
Authorization: Bearer <tunnely_pk_...>Endpoints
POST
/functions/v1/generate-client-configCalculates the optimal multi-hop path and returns the WireGuard configuration required for the client to connect to the entry node. Enforces active subscription plans.
Payload
{
"client_public_key": "aZx3...9kL",
"preferred_region": "us-east",
"bonding_mode": "Speed"
}Response (200 OK)
{
"session_id": "...",
"assigned_ip": "10.0.0.5",
"relay_path": ["entry-uuid", "exit-uuid"],
"wg_quick_config": "[Interface]\nAddress = 10.0.0.5/32..."
}POST
/functions/v1/register-serverRegisters a new community-operated relay node into the global topology. Requires a valid service role API key to authenticate.
Payload
{
"hostname": "relay-fra-01",
"region": "eu-central-1",
"public_ip": "203.0.113.50",
"wireguard_port": 51820,
"mesh_port": 51821,
"public_key": "aZx3...9kL"
}