TheArchive/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-12-23 17:56:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1d26d68d6c598d15b0a402acbbda5d5ecc2a54f2
headscale/development/ref/api/index.html

17 lines
39 KiB
HTML
Raw Normal View History

Deployed 249630be to development with MkDocs 1.6.1 and mike 2.1.3
2025-11-13 14:23:39 +00:00
<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="An open source, self-hosted implementation of the Tailscale control server."><meta name=author content="Headscale authors"><link href=https://juanfont.github.io/headscale/development/ref/api/ rel=canonical><link href=../derp/ rel=prev><link href=../debug/ rel=next><link rel=icon href=../../assets/favicon.png><meta name=generator content="mkdocs-1.6.1, mkdocs-material-9.7.0"><title>API - Headscale</title><link rel=stylesheet href=../../assets/stylesheets/main.618322db.min.css><link rel=stylesheet href=../../assets/stylesheets/palette.ab4e12ef.min.css><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback"><style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style><script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script><meta property=og:type content=website><meta property=og:title content="API - Headscale"><meta property=og:description content="An open source, self-hosted implementation of the Tailscale control server."><meta property=og:image content=https://juanfont.github.io/headscale/development/assets/images/social/ref/api.png><meta property=og:image:type content=image/png><meta property=og:image:width content=1200><meta property=og:image:height content=630><meta content=https://juanfont.github.io/headscale/development/ref/api/ property=og:url><meta property=twitter:card content=summary_large_image><meta property=twitter:title content="API - Headscale"><meta property=twitter:description content="An open source, self-hosted implementation of the Tailscale control server."><meta property=twitter:image content=https://juanfont.github.io/headscale/development/assets/images/social/ref/api.png></head> <body dir=ltr data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> <a href=#api class=md-skip> Skip to content </a> </div> <div data-md-component=announce> </div> <div data-md-color-scheme=default data-md-component=outdated hidden> </div> <header class=md-header data-md-component=header> <nav class="md-header__inner md-grid" aria-label=Header> <a href=../.. title=Headscale class="md-header__button md-logo" aria-label=Headscale data-md-component=logo> <img src=../../logo/headscale3-dots.svg alt=logo> </a> <label class="md-header__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg> </label> <div class=md-header__title data-md-component=header-title> <div class=md-header__ellipsis> <div class=md-header__topic> <span class=md-ellipsis> Headscale </span> </div> <div class=md-header__topic data-md-component=header-topic> <span class=md-ellipsis> API </span> </div> </div> </div> <form class=md-header__option data-md-component=palette> <input class=md-option data-md-color-media data-md-color-scheme=default data-md-color-primary=white data-md-color-accent=indigo aria-label="Switch to dark mode" type=radio name=__palette id=__palette_0> <label class="md-header__button md-icon" title="Switch to dark mode" for=__palette_1 hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 2
</span></code></pre></div> <p>Copy the output of the command and save it for later. Please note that you can not retrieve an API key again. If the API key is lost, expire the old one, and create a new one.</p> <p>To list the API keys currently associated with the server:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-1-1><a id=__codelineno-1-1 name=__codelineno-1-1 href=#__codelineno-1-1></a>headscale<span class=w> </span>apikeys<span class=w> </span>list
</span></code></pre></div> <p>and to expire an API key:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-2-1><a id=__codelineno-2-1 name=__codelineno-2-1 href=#__codelineno-2-1></a>headscale<span class=w> </span>apikeys<span class=w> </span>expire<span class=w> </span>--prefix<span class=w> </span>&lt;PREFIX&gt;
</span></code></pre></div> <h2 id=rest-api>REST API<a class=headerlink href=#rest-api title="Permanent link">&para;</a></h2> <ul> <li>API endpoint: <code>/api/v1</code>, e.g. <code>https://headscale.example.com/api/v1</code></li> <li>Documentation: <code>/swagger</code>, e.g. <code>https://headscale.example.com/swagger</code></li> <li>Authenticate using HTTP Bearer authentication by sending the <a href=#api>API key</a> with the HTTP <code>Authorization: Bearer &lt;API_KEY&gt;</code> header.</li> </ul> <p>Start by <a href=#api>creating an API key</a> and test it with the examples below. Read the API documentation provided by your Headscale server at <code>/swagger</code> for details.</p> <div class="tabbed-set tabbed-alternate" data-tabs=1:3><input checked=checked id=__tabbed_1_1 name=__tabbed_1 type=radio><input id=__tabbed_1_2 name=__tabbed_1 type=radio><input id=__tabbed_1_3 name=__tabbed_1 type=radio><div class=tabbed-labels><label for=__tabbed_1_1>Get details for all users</label><label for=__tabbed_1_2>Get details for user 'bob'</label><label for=__tabbed_1_3>Register a node</label></div> <div class=tabbed-content> <div class=tabbed-block> <div class="language-console highlight"><pre><span></span><code><span id=__span-3-1><a id=__codelineno-3-1 name=__codelineno-3-1 href=#__codelineno-3-1></a><span class=go>curl -H &quot;Authorization: Bearer &lt;API_KEY&gt;&quot; \</span>
</span><span id=__span-3-2><a id=__codelineno-3-2 name=__codelineno-3-2 href=#__codelineno-3-2></a><span class=go> https://headscale.example.com/api/v1/user</span>
</span></code></pre></div> </div> <div class=tabbed-block> <div class="language-console highlight"><pre><span></span><code><span id=__span-4-1><a id=__codelineno-4-1 name=__codelineno-4-1 href=#__codelineno-4-1></a><span class=go>curl -H &quot;Authorization: Bearer &lt;API_KEY&gt;&quot; \</span>
</span><span id=__span-4-2><a id=__codelineno-4-2 name=__codelineno-4-2 href=#__codelineno-4-2></a><span class=go> https://headscale.example.com/api/v1/user?name=bob</span>
</span></code></pre></div> </div> <div class=tabbed-block> <div class="language-console highlight"><pre><span></span><code><span id=__span-5-1><a id=__codelineno-5-1 name=__codelineno-5-1 href=#__codelineno-5-1></a><span class=go>curl -H &quot;Authorization: Bearer &lt;API_KEY&gt;&quot; \</span>
</span><span id=__span-5-2><a id=__codelineno-5-2 name=__codelineno-5-2 href=#__codelineno-5-2></a><span class=go> -d user=&lt;USER&gt; -d key=&lt;KEY&gt; \</span>
</span><span id=__span-5-3><a id=__codelineno-5-3 name=__codelineno-5-3 href=#__codelineno-5-3></a><span class=go> https://headscale.example.com/api/v1/node/register</span>
</span></code></pre></div> </div> </div> </div> <h2 id=grpc>gRPC<a class=headerlink href=#grpc title="Permanent link">&para;</a></h2> <p>The gRPC interface can be used to control a Headscale instance from a remote machine with the <code>headscale</code> binary.</p> <h3 id=prerequisite>Prerequisite<a class=headerlink href=#prerequisite title="Permanent link">&para;</a></h3> <ul> <li>A workstation to run <code>headscale</code> (any supported platform, e.g. Linux).</li> <li>A Headscale server with gRPC enabled.</li> <li>Connections to the gRPC port (default: <code>50443</code>) are allowed.</li> <li>Remote access requires an encrypted connection via TLS.</li> <li>An <a href=#api>API key</a> to authenticate with the Headscale server.</li> </ul> <h3 id=setup-remote-control>Setup remote control<a class=headerlink href=#setup-remote-control title="Permanent link">&para;</a></h3> <ol> <li> <p>Download the <a href=https://github.com/juanfont/headscale/releases><code>headscale</code> binary from GitHub's release page</a>. Make sure to use the same version as on the server.</p> </li> <li> <p>Put the binary somewhere in your <code>PATH</code>, e.g. <code>/usr/local/bin/headscale</code></p> </li> <li> <p>Make <code>headscale</code> executable: <code>chmod +x /usr/local/bin/headscale</code></p> </li> <li> <p><a href=#api>Create an API key</a> on the Headscale server.</p> </li> <li> <p>Provide the connection parameters for the remote Headscale server either via a minimal YAML configuration file or via environment variables:</p> <div class="tabbed-set tabbed-alternate" data-tabs=2:2><input checked=checked id=__tabbed_2_1 name=__tabbed_2 type=radio><input id=__tabbed_2_2 name=__tabbed_2 type=radio><div class=tabbed-labels><label for=__tabbed_2_1>Minimal YAML configuration file</label><label for=__tabbed_2_2>Environment variables</label></div> <div class=tabbed-content> <div class=tabbed-block> <div class="language-yaml highlight"><span class=filename>config.yaml</span><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a><span class=nt>cli</span><span class=p>:</span>
</span><span id=__span-6-2><a id=__codelineno-6-2 name=__codelineno-6-2 href=#__codelineno-6-2></a><span class=w> </span><span class=nt>address</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">&lt;HEADSCALE_ADDRESS&gt;:&lt;PORT&gt;</span>
</span><span id=__span-6-3><a id=__codelineno-6-3 name=__codelineno-6-3 href=#__codelineno-6-3></a><span class=w> </span><span class=nt>api_key</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">&lt;API_KEY&gt;</span>
</span></code></pre></div> </div> <div class=tabbed-block> <div class="language-shell highlight"><pre><span></span><code><span id=__span-7-1><a id=__codelineno-7-1 name=__codelineno-7-1 href=#__codelineno-7-1></a><span class=nb>export</span><span class=w> </span><span class=nv>HEADSCALE_CLI_ADDRESS</span><span class=o>=</span><span class=s2>&quot;&lt;HEADSCALE_ADDRESS&gt;:&lt;PORT&gt;&quot;</span>
</span><span id=__span-7-2><a id=__codelineno-7-2 name=__codelineno-7-2 href=#__codelineno-7-2></a><span class=nb>export</span><span class=w> </span><span class=nv>HEADSCALE_CLI_API_KEY</span><span class=o>=</span><span class=s2>&quot;&lt;API_KEY&gt;&quot;</span>
</span></code></pre></div> </div> </div> </div> <p>This instructs the <code>headscale</code> binary to connect to a remote instance at <code>&lt;HEADSCALE_ADDRESS&gt;:&lt;PORT&gt;</code>, instead of connecting to the local instance.</p> </li> <li> <p>Test the connection by listing all nodes:</p> <div class="language-shell highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a>headscale<span class=w> </span>nodes<span class=w> </span>list
</span></code></pre></div> <p>You should now be able to see a list of your nodes from your workstation, and you can now control the Headscale server from your workstation.</p> </li> </ol> <h3 id=behind-a-proxy>Behind a proxy<a class=headerlink href=#behind-a-proxy title="Permanent link">&para;</a></h3> <p>It's possible to run the gRPC remote endpoint behind a reverse proxy, like Nginx, and have it run on the <em>same</em> port as Headscale.</p> <p>While this is <em>not a supported</em> feature, an example on how this can be set up on <a href=https://github.com/kradalby/dotfiles/blob/4489cdbb19cddfbfae82cd70448a38fde5a76711/machines/headscale.oracldn/headscale.nix#L61-L91>NixOS is shown here</a>.</p> <h3 id=troubleshooting>Troubleshooting<a class=headerlink href=#troubleshooting title="Permanent link">&para;</a></h3> <ul> <li>Make sure you have the <em>same</em> Headscale version on your server and workstation.</li> <li>Ensure that connections to the gRPC port are allowed.</li> <li>Verify that your TLS certificate is valid and trusted.</li> <li>If you don't have access to a trusted certificate (e.g. from Let's Encrypt), either:<ul> <li>Add your self-signed certificate to the trust store of your OS <em>or</em></li> <li>Disable certificate verification by either setting <code>cli.insecure: true</code> in the configuration file or by setting <code>HEADSCALE_CLI_INSECURE=1</code> via an environment variable. We do <strong>not</strong> recommend to disable certificate validation.</li> </ul> </li> </ul> </article> </div> <script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script> </div> <button type=button class="md-top md-icon" data-md-component=top hidden> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg> Back to top </button> </main> <footer class=md-footer> <nav class="md-footer__inner md-grid" aria-label=Footer> <a href=../derp/ class="md-footer__link md-footer__link--prev" aria-label="Previous: DERP"> <div class="md-footer__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg> </div> <div class=md-footer__title> <span class=md-footer__direction> Previous </span> <div class=md-ellipsis> DERP </div> </div> </a> <a href=../debug/ class="md-footer__link md-footer__link--next" aria-label="Next: Debug"> <div class=md-footer__title> <span class=md-footer__direction> Next </span> <div class=md-ellipsis> Debug </div> </div> <div class="md-footer__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg> </div> </a> </nav> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-copyright> <div class=md-copyright__highlight> Copyright &copy; 2025 Headscale authors </div> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a> </div> <div class=md-social> <a href=https://github.com/juanfont/headscale target=_blank rel=noopener title=github.com class=md-social__link> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 512 512"><!-- Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M173.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M252.8 8C114.1 8 8 113.3 8 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16
Reference in New Issue Copy Permalink