REST API
Firezone provides a REST API for programmatic access to your account. The API features endpoints for managing your entire Firezone account end-to-end, so you can achieve virtually any workflow you can perform in the admin portal.
The API is currently in beta. This means the Firezone team may introduce breaking changes as we work to improve it. The beta label will be lifted when the API stabilizes towards 1.0.
OpenAPI spec
We publish an OpenAPI spec for the API that you can use to generate client libraries or explore the API interactively.
- Download the spec at https://api.firezone.dev/openapi.
- View the spec with a Swagger UI web interface at https://api.firezone.dev/swaggerui.
To enable the API and generate a token, see Get started with the REST API.
Rate limits
The API allows short bursts of requests, then enforces a sustained average rate. Each group of endpoints has a burst allowance — the most requests you can make back-to-back — and a sustained rate at which that allowance replenishes.
| Endpoints | Scope | Sustained rate | Burst |
|---|---|---|---|
| All resource endpoints (actors, clients, policies, etc.) | Per account | 1 req/sec | 20 requests |
When a request is rate limited, the API responds with HTTP
429 Too Many Requests and a Retry-After header telling you how many seconds
to wait before retrying. Code that calls the API should read this header and
wait at least that long before issuing the next request.
Need help? See all support options.