### Request Example for Listing Tailnet Devices Source: https://tailscale.com/api This example demonstrates how to make a GET request to the API endpoint for listing devices in a tailnet. Ensure you replace '{tailnet}' with your tailnet identifier and 'YOUR_SECRET_TOKEN' with your actual API token. ```shell curl 'https://api.tailscale.com/api/v2/tailnet/{tailnet}/devices' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' ``` -------------------------------- ### Device Schema Example Source: https://tailscale.com/api This is an example of the JSON response structure when retrieving device details. It includes various fields such as addresses, user information, client version, and connectivity status. ```JSON { "addresses": [ "100.87.74.78", "fd7a:115c:a1e0:ac82:4843:ca90:697d:c36e" ], "id": "92960230385", "nodeId": "n292kg92CNTRL", "user": "amelie@example.com", "name": "pangolin.tailfe8c.ts.net", "hostname": "pangolin", "clientVersion": "v1.36.0", "updateAvailable": false, "os": "linux", "created": "2022-12-01T05:23:30Z", "connectedToControl": true, "lastSeen": "2022-12-01T05:23:30Z", "keyExpiryDisabled": false, "expires": "2023-05-30T04:44:05Z", "authorized": false, "isExternal": false, "multipleConnections": true, "machineKey": "", "nodeKey": "nodekey:01234567890abcdef", "blocksIncomingConnections": false, "enabledRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ], "advertisedRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ], "clientConnectivity": { "endpoints": [ "199.9.14.201:59128", "192.68.0.21:59128" ], "latency": { "Dallas": { "latencyMs": 60.463043 }, "New York City": { "preferred": true, "latencyMs": 31.323811 } }, "mappingVariesByDestIP": false, "clientSupports": { "hairPinning": null, "ipv6": false, "pcp": false, "pmp": false, "udp": false, "upnp": false } }, "tags": [ "tag:golink" ], "tailnetLockError": "", "tailnetLockKey": "", "sshEnabled": false, "postureIdentity": { "serialNumbers": [ "CP74LFQJXM" ] }, "isEphemeral": false, "distro": { "name": "ubuntu", "version": "25.04", "codeName": "Plucky Puffin" } } ``` -------------------------------- ### Device Posture Attributes Schema Source: https://tailscale.com/api Example JSON schema for device posture attributes, including custom attributes and node details. ```JSON { "attributes": { "custom:myScore": 80, "custom:diskEncryption": true, "custom:myAttribute": "my_value", "node:os": "linux", "node:osVersion": "5.19.0-42-generic", "node:tsReleaseTrack": "stable", "node:tsVersion": "1.40.0", "node:tsAutoUpdate": false, "node:tsStateEncrypted": false }, "expiries": { "custom:myScore": "2024-04-23T18:25:43.511Z" } } ``` -------------------------------- ### Batch Update Device Posture Attributes Source: https://tailscale.com/api This example demonstrates how to batch update custom posture attributes for multiple devices using a PATCH request. It includes specifying device IDs, attribute values, and an optional comment for the audit log. Note that specifying `null` for an attribute will delete it. ```shell curl 'https://api.tailscale.com/api/v2/tailnet/{tailnet}/device-attributes' \ --request PATCH \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \ --data '{ \ "nodes": { \ "nPM2KNuedB21DEVEL": { \ "custom:myattr": { \ "value": "my_value" \ } \ }, \ "nPpz3VEKzX11DEVEL": { \ "custom:flag": { \ "value": true, \ "expiry": "2025-09-19T15:00:00Z" \ } \ } \ }, \ "comment": "bulk posture attribute update" \ }' ``` -------------------------------- ### Get Device Posture Attributes Source: https://tailscale.com/api Retrieve all key-value posture attributes for a specified device. This includes custom attributes and node-level information like OS and Tailscale version. ```Shell curl 'https://api.tailscale.com/api/v2/device/{deviceId}/attributes' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' ``` -------------------------------- ### Get Device Posture Attributes Source: https://tailscale.com/api Retrieves all posture attributes for the specified device. ```APIDOC ## GET /api/v2/device/{deviceId}/attributes ### Description Retrieves all posture attributes for the specified device. ### Method GET ### Endpoint /api/v2/device/{deviceId}/attributes ### Parameters #### Path Parameters - **deviceId** (string) - Required - ID of the device. Using the device's `nodeId` is preferred, but its numeric `id` value can also be used. ### Response #### Success Response (200) - **attributes** (object) - Key-value pairs of posture attributes for the device. - **expiries** (object) - Expiry times for custom attributes. #### Response Example ```json { "attributes": { "custom:myScore": 80, "custom:diskEncryption": true, "custom:myAttribute": "my_value", "node:os": "linux", "node:osVersion": "5.19.0-42-generic", "node:tsReleaseTrack": "stable", "node:tsVersion": "1.40.0", "node:tsAutoUpdate": false, "node:tsStateEncrypted": false }, "expiries": { "custom:myScore": "2024-04-23T18:25:43.511Z" } } ``` #### Error Responses - **404** - Device not found. - **500** - Internal server error. - **504** - Gateway timeout. ``` -------------------------------- ### GET /device/{deviceId}/routes Source: https://tailscale.com/api Retrieves the configured routes for a specific device. ```APIDOC ## GET /device/{deviceId}/routes ### Description Retrieves the configured routes for a specific device. ### Method GET ### Endpoint /api/v2/device/{deviceId}/routes ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### GET /device/{deviceId} Source: https://tailscale.com/api Retrieves details for a specific device identified by its Device ID. ```APIDOC ## GET /device/{deviceId} ### Description Retrieves details for a specific device identified by its Device ID. ### Method GET ### Endpoint /api/v2/device/{deviceId} ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### Get Device Details Source: https://tailscale.com/api Retrieve the details for a specified device. You can optionally control the fields returned in the response. ```APIDOC ## GET /api/v2/device/{deviceId} ### Description Retrieve the details for the specified device. ### Method GET ### Endpoint `/api/v2/device/{deviceId}` ### Parameters #### Path Parameters - **deviceId** (string) - Required - ID of the device. Using the device's `nodeId` is preferred, but its numeric `id` value can also be used. #### Query Parameters - **fields** (stringenum) - Optional - Optionally controls whether the response returns **all** fields or only a predefined subset of fields. Supported options are `all` or `default`. ### Request Example ```shell curl 'https://api.tailscale.com/api/v2/device/{deviceId}' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' ``` ### Response #### Success Response (200) - **addresses** (array) - IP addresses assigned to the device. - **id** (string) - The numeric ID of the device. - **nodeId** (string) - The node ID of the device. - **user** (string) - The user associated with the device. - **name** (string) - The name of the device. - **hostname** (string) - The hostname of the device. - **clientVersion** (string) - The client version running on the device. - **updateAvailable** (boolean) - Indicates if an update is available for the client. - **os** (string) - The operating system of the device. - **created** (string) - The timestamp when the device was created. - **connectedToControl** (boolean) - Indicates if the device is connected to the control server. - **lastSeen** (string) - The timestamp when the device was last seen. - **keyExpiryDisabled** (boolean) - Indicates if key expiry is disabled for the device. - **expires** (string) - The timestamp when the device's key expires. - **authorized** (boolean) - Indicates if the device is authorized. - **isExternal** (boolean) - Indicates if the device is an external device. - **multipleConnections** (boolean) - Indicates if the device has multiple connections. - **machineKey** (string) - The machine key of the device. - **nodeKey** (string) - The node key of the device. - **blocksIncomingConnections** (boolean) - Indicates if the device blocks incoming connections. - **enabledRoutes** (array) - Routes enabled on the device. - **advertisedRoutes** (array) - Routes advertised by the device. - **clientConnectivity** (object) - Information about the device's client connectivity. - **tags** (array) - Tags assigned to the device. - **tailnetLockError** (string) - Error related to Tailnet Lock. - **tailnetLockKey** (string) - Tailnet Lock key. - **sshEnabled** (boolean) - Indicates if SSH is enabled on the device. - **postureIdentity** (object) - Posture identity information for the device. - **isEphemeral** (boolean) - Indicates if the device is ephemeral. - **distro** (object) - Distribution information for the device. #### Response Example ```json { "addresses": [ "100.87.74.78", "fd7a:115c:a1e0:ac82:4843:ca90:697d:c36e" ], "id": "92960230385", "nodeId": "n292kg92CNTRL", "user": "amelie@example.com", "name": "pangolin.tailfe8c.ts.net", "hostname": "pangolin", "clientVersion": "v1.36.0", "updateAvailable": false, "os": "linux", "created": "2022-12-01T05:23:30Z", "connectedToControl": true, "lastSeen": "2022-12-01T05:23:30Z", "keyExpiryDisabled": false, "expires": "2023-05-30T04:44:05Z", "authorized": false, "isExternal": false, "multipleConnections": true, "machineKey": "", "nodeKey": "nodekey:01234567890abcdef", "blocksIncomingConnections": false, "enabledRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ], "advertisedRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ], "clientConnectivity": { "endpoints": [ "199.9.14.201:59128", "192.68.0.21:59128" ], "latency": { "Dallas": { "latencyMs": 60.463043 }, "New York City": { "preferred": true, "latencyMs": 31.323811 } }, "mappingVariesByDestIP": false, "clientSupports": { "hairPinning": null, "ipv6": false, "pcp": false, "pmp": false, "udp": false, "upnp": false } }, "tags": [ "tag:golink" ], "tailnetLockError": "", "tailnetLockKey": "", "sshEnabled": false, "postureIdentity": { "serialNumbers": [ "CP74LFQJXM" ] }, "isEphemeral": false, "distro": { "name": "ubuntu", "version": "25.04", "codeName": "Plucky Puffin" } } ``` ``` -------------------------------- ### GET /tailnet/{tailnet}/devices Source: https://tailscale.com/api Retrieves a list of devices within a specified Tailnet. ```APIDOC ## GET /tailnet/{tailnet}/devices ### Description Retrieves a list of devices within a specified Tailnet. ### Method GET ### Endpoint /api/v2/tailnet/{tailnet}/devices ### Parameters #### Path Parameters - **tailnet** (string) - Required - The name of the Tailnet. ``` -------------------------------- ### Retrieve Device Details Source: https://tailscale.com/api Use this endpoint to get all information about a specific device. You can optionally filter the fields returned. The device ID can be either the numeric ID or the preferred nodeId. ```Shell curl 'https://api.tailscale.com/api/v2/device/{deviceId}' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' ``` -------------------------------- ### GET /device/{deviceId}/attributes Source: https://tailscale.com/api Retrieves the attributes for a specific device. ```APIDOC ## GET /device/{deviceId}/attributes ### Description Retrieves the attributes for a specific device. ### Method GET ### Endpoint /api/v2/device/{deviceId}/attributes ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### GET /api/v2/tailnet/{tailnet}/devices Source: https://tailscale.com/api Lists the devices in a tailnet. Supports filtering and field selection. ```APIDOC ## GET /api/v2/tailnet/{tailnet}/devices ### Description Lists the devices in a tailnet. Supports filtering and field selection. ### Method GET ### Endpoint /api/v2/tailnet/{tailnet}/devices ### Parameters #### Path Parameters - **tailnet** (string) - Required - The tailnet ID. Can be a dash (-) to reference the default tailnet of the access token, or a specific tailnet ID. #### Query Parameters - **fields** (string, enum: `all`, `default`) - Optional - Controls whether the response returns all fields or only a predefined subset of fields. Defaults to `default`. - **`=`** (string) - Optional - Server-side filtering of devices by specifying one or more filters in the form `=`. Fields must be a top-level device property. Values are matched as exact matches. Properties with simple types and lists are supported. Complex objects are not supported. Multiple parameters are combined with a logical AND. ### Request Example ```shell curl 'https://api.tailscale.com/api/v2/tailnet/{tailnet}/devices' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' ``` ### Response #### Success Response (200) - **devices** (array) - A list of device objects. - **addresses** (array[string]) - The IP addresses assigned to the device. - **id** (string) - The unique identifier for the device. - **nodeId** (string) - The node ID of the device. - **user** (string) - The user associated with the device. - **name** (string) - The name of the device. - **hostname** (string) - The hostname of the device. - **clientVersion** (string) - The version of the Tailscale client. - **updateAvailable** (boolean) - Indicates if an update is available for the client. - **os** (string) - The operating system of the device. - **created** (string) - The timestamp when the device was created. - **connectedToControl** (boolean) - Indicates if the device is connected to the control plane. - **lastSeen** (string) - The timestamp when the device was last seen. - **keyExpiryDisabled** (boolean) - Indicates if key expiry is disabled for the device. - **expires** (string) - The timestamp when the device's key expires. - **authorized** (boolean) - Indicates if the device is authorized. - **isExternal** (boolean) - Indicates if the device is an external device. - **multipleConnections** (boolean) - Indicates if multiple connections are enabled. - **machineKey** (string) - The machine key of the device. - **nodeKey** (string) - The node key of the device. - **blocksIncomingConnections** (boolean) - Indicates if the device blocks incoming connections. - **enabledRoutes** (array[string]) - The routes enabled on the device. - **advertisedRoutes** (array[string]) - The routes advertised by the device. - **clientConnectivity** (object) - Information about the device's client connectivity. - **endpoints** (array[string]) - The endpoints for client connectivity. - **latency** (object) - Latency information to different regions. - **mappingVariesByDestIP** (boolean) - Indicates if mapping varies by destination IP. - **clientSupports** (object) - Features supported by the client. - **tags** (array[string]) - Tags associated with the device. - **tailnetLockError** (string) - Any error related to Tailscale Lock. - **tailnetLockKey** (string) - The Tailscale Lock key. - **sshEnabled** (boolean) - Indicates if SSH is enabled for the device. - **postureIdentity** (object) - Posture identity information. - **isEphemeral** (boolean) - Indicates if the device is ephemeral. - **distro** (object) - Operating system distribution information. #### Error Responses - **404** - Tailnet not found. - **500** - Internal server error. - **504** - Request took too long to process, please try again later. #### Response Example (200) ```json { "devices": [ { "addresses": [ "100.87.74.78", "fd7a:115c:a1e0:ac82:4843:ca90:697d:c36e" ], "id": "92960230385", "nodeId": "n292kg92CNTRL", "user": "amelie@example.com", "name": "pangolin.tailfe8c.ts.net", "hostname": "pangolin", "clientVersion": "v1.36.0", "updateAvailable": false, "os": "linux", "created": "2022-12-01T05:23:30Z", "connectedToControl": true, "lastSeen": "2022-12-01T05:23:30Z", "keyExpiryDisabled": false, "expires": "2023-05-30T04:44:05Z", "authorized": false, "isExternal": false, "multipleConnections": true, "machineKey": "", "nodeKey": "nodekey:01234567890abcdef", "blocksIncomingConnections": false, "enabledRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ], "advertisedRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ], "clientConnectivity": { "endpoints": [ "199.9.14.201:59128", "192.68.0.21:59128" ], "latency": { "Dallas": { "latencyMs": 60.463043 }, "New York City": { "preferred": true, "latencyMs": 31.323811 } }, "mappingVariesByDestIP": false, "clientSupports": { "hairPinning": null, "ipv6": false, "pcp": false, "pmp": false, "udp": false, "upnp": false } }, "tags": [ "tag:golink" ], "tailnetLockError": "", "tailnetLockKey": "", "sshEnabled": false, "postureIdentity": { "serialNumbers": [ "CP74LFQJXM" ] }, "isEphemeral": false, "distro": { "name": "ubuntu", "version": "25.04", "codeName": "Plucky Puffin" } } ] } ``` ``` -------------------------------- ### POST /api/v2/device/{deviceId}/attributes/{attributeKey} Source: https://tailscale.com/api Create or update a custom posture attribute on the specified device. User-managed attributes must be in the custom namespace, indicated by prefixing the attribute key with `custom:`. ```APIDOC ## POST /api/v2/device/{deviceId}/attributes/{attributeKey} ### Description Create or update a custom posture attribute on the specified device. User-managed attributes must be in the custom namespace, which is indicated by prefixing the attribute key with `custom:`. ### Method POST ### Endpoint `/api/v2/device/{deviceId}/attributes/{attributeKey}` ### Parameters #### Path Parameters - **deviceId** (string) - Required - ID of the device. Using the device's `nodeId` is preferred, but its numeric `id` value can also be used. - **attributeKey** (string) - Required - The name of the posture attribute to set. This must be prefixed with `custom`: Keys have a maximum length of 128 characters including the namespace, and can only contain letters, numbers, underscores, and colon. Keys are case-sensitive. Keys must be unique, but are checked for uniqueness in a case-insensitive manner. For example, `custom:MyAttribute` and `custom:myattribute` cannot both be set within a single tailnet. All values for a given key need to be of the same type, which is determined when the first value is written for a given key. For example, `custom:myattribute` cannot have a numeric value (`87`) for one node and a string value (`"78"`) for another node within the same tailnet. #### Request Body - **value** (any of string, number, boolean) - Required - A value can be either a string, number or boolean. A string value can have a maximum length of 50 characters, and can only contain letters, numbers, underscores, and periods. A number value is an integer and must be a JSON safe number (up to 2^53 - 1). - **expiry** (string) - Optional - An optional expiry time for a given posture attribute. If set, Tailscale will automatically remove the attribute within a few minutes after the specified time. Format: date-time. - **comment** (string) - Optional - An optional comment indicating a reason why an attribute is set, which will be added to the audit log. Max length: 200. ### Request Example ```json { "value": "my_value", "expiry": "2022-12-01T05:23:30Z" } ``` ### Response #### Success Response (200) - **attributes** (object) - Description - **expiries** (object) - Description #### Response Example ```json { "attributes": { "custom:myScore": 80, "custom:diskEncryption": true, "custom:myAttribute": "my_value", "node:os": "linux", "node:osVersion": "5.19.0-42-generic", "node:tsReleaseTrack": "stable", "node:tsVersion": "1.40.0", "node:tsAutoUpdate": false, "node:tsStateEncrypted": false }, "expiries": { "custom:myScore": "2024-04-23T18:25:43.511Z" } } ``` ``` -------------------------------- ### List Tailnet Devices (Default Tailnet) Source: https://tailscale.com/api Use a dash (-) to reference the default tailnet associated with the access token. This is the recommended approach for most users. ```shell curl "https://api.tailscale.com/api/v2/tailnet/-/..." ``` -------------------------------- ### POST /device/{deviceId}/routes Source: https://tailscale.com/api Configures routes for a specific device. ```APIDOC ## POST /device/{deviceId}/routes ### Description Configures routes for a specific device. ### Method POST ### Endpoint /api/v2/device/{deviceId}/routes ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### POST /api/v2/device/{deviceId}/name Source: https://tailscale.com/api Sets the name for a device on the Tailscale network. ```APIDOC ## POST /api/v2/device/{deviceId}/name ### Description Sets the name for a device on the Tailscale network. Device name changes immediately get propagated through your tailnet, so be aware that any existing Magic DNS URLs using the old name will no longer work. ### Method POST ### Endpoint /api/v2/device/{deviceId}/name ### Parameters #### Path Parameters - **deviceId** (string) - Required - ID of the device. Using the device's `nodeId` is preferred, but its numeric `id` value can also be used. #### Request Body - **name** (string) - Required - The new name for the device. This can be provided as either the fully qualified domain name for the device (e.g. "nodename.your-domain.ts.net") or just the base name (e.g. "nodename"). If `name` is unset or provided empty, the device's name is reset to be generated from its OS hostname. ### Request Example ```json { "name": "dev-server" } ``` ### Response #### Success Response (200) Successful operation. #### Error Responses - **404** - Device not found. - **500** - Internal server error. - **504** - Gateway timeout. ``` -------------------------------- ### Set Custom Device Posture Attribute Source: https://tailscale.com/api Use this endpoint to create or update a custom posture attribute on a specific device. Ensure the attribute key is prefixed with 'custom:'. The value can be a string, number, or boolean, with specific constraints on length and format for strings. An optional expiry time and comment can also be provided. ```shell curl 'https://api.tailscale.com/api/v2/device/{deviceId}/attributes/{attributeKey}' \ --request POST \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \ --data '{ "value": "my_value", "expiry": "2022-12-01T05:23:30Z" }' ``` -------------------------------- ### Keys Operations Source: https://tailscale.com/api Manage authentication keys and API access tokens. ```APIDOC ## Keys Operations ### GET /tailnet/{tailnet}/keys **Description**: Lists all authentication keys for a tailnet. ### POST /tailnet/{tailnet}/keys **Description**: Creates a new authentication key for a tailnet. ### GET /tailnet/{tailnet}/keys/{keyId} **Description**: Retrieves details of a specific authentication key. ### DELETE /tailnet/{tailnet}/keys/{keyId} **Description**: Deletes a specific authentication key. ### PUT /tailnet/{tailnet}/keys/{keyId} **Description**: Updates an existing authentication key. ``` -------------------------------- ### POST /device/{deviceId}/attributes/{attributeKey} Source: https://tailscale.com/api Assigns an attribute to a specific device. ```APIDOC ## POST /device/{deviceId}/attributes/{attributeKey} ### Description Assigns an attribute to a specific device. ### Method POST ### Endpoint /api/v2/device/{deviceId}/attributes/{attributeKey} ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. - **attributeKey** (string) - Required - The key of the attribute to assign. ``` -------------------------------- ### Device routes schema Source: https://tailscale.com/api Schema for device routes, showing advertised and enabled routes. ```JSON { "advertisedRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ], "enabledRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ] } ``` -------------------------------- ### POST /api/v2/device/{deviceId}/tags Source: https://tailscale.com/api Assigns or updates tags for a device on the Tailscale network. ```APIDOC ## POST /api/v2/device/{deviceId}/tags ### Description Assigns or updates tags for a device on the Tailscale network. Tags let you assign an identity to a device that is separate from human users, and use that identity as part of an ACL to restrict access. ### Method POST ### Endpoint /api/v2/device/{deviceId}/tags ### Parameters #### Path Parameters - **deviceId** (string) - Required - ID of the device. Using the device's `nodeId` is preferred, but its numeric `id` value can also be used. #### Request Body - **tags** (array of strings) - Required - The new list of tags for the device. ### Request Example ```json { "tags": [ "tag:foo", "tag:bar" ] } ``` ### Response #### Success Response (200) Successful operation. #### Error Responses - **400** - Bad request. - **500** - Internal server error. - **504** - Gateway timeout. ``` -------------------------------- ### Device Posture Operations Source: https://tailscale.com/api Manage integrations with device posture data providers. ```APIDOC ## Device Posture Operations ### GET /tailnet/{tailnet}/posture/integrations **Description**: Lists all device posture integrations for a tailnet. ### POST /tailnet/{tailnet}/posture/integrations **Description**: Creates a new device posture integration. ### GET /posture/integrations/{id} **Description**: Retrieves details of a specific device posture integration. ### PATCH /posture/integrations/{id} **Description**: Partially updates a device posture integration. ### DELETE /posture/integrations/{id} **Description**: Deletes a device posture integration. ``` -------------------------------- ### POST /device/{deviceId}/authorized Source: https://tailscale.com/api Authorizes a specific device. ```APIDOC ## POST /device/{deviceId}/authorized ### Description Authorizes a specific device. ### Method POST ### Endpoint /api/v2/device/{deviceId}/authorized ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### POST /device/{deviceId}/tags Source: https://tailscale.com/api Assigns tags to a specific device. ```APIDOC ## POST /device/{deviceId}/tags ### Description Assigns tags to a specific device. ### Method POST ### Endpoint /api/v2/device/{deviceId}/tags ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### POST /device/{deviceId}/name Source: https://tailscale.com/api Renames a specific device. ```APIDOC ## POST /device/{deviceId}/name ### Description Renames a specific device. ### Method POST ### Endpoint /api/v2/device/{deviceId}/name ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### Pagination Source: https://tailscale.com/api The Tailscale API does not currently support pagination; all results are returned at once. ```APIDOC ## Pagination The Tailscale API does not currently support pagination. All results are returned at once. ``` -------------------------------- ### List device routes using cURL Source: https://tailscale.com/api Retrieve the list of subnet routes that a device is advertising and those that are enabled for it. Routes must be both advertised and enabled for a device to act as a subnet router or exit node. Requires the 'devices:routes:read' OAuth scope. ```Shell curl 'https://api.tailscale.com/api/v2/device/{deviceId}/routes' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' ``` -------------------------------- ### POST /device/{deviceId}/ip Source: https://tailscale.com/api Assigns an IP address to a specific device. ```APIDOC ## POST /device/{deviceId}/ip ### Description Assigns an IP address to a specific device. ### Method POST ### Endpoint /api/v2/device/{deviceId}/ip ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### List device routes Source: https://tailscale.com/api Retrieves the list of subnet routes that a device is advertising and those that are enabled for it. Requires OAuth Scope: `devices:routes:read`. ```APIDOC ## GET /api/v2/device/{deviceId}/routes ### Description Retrieve the list of subnet routes that a device is advertising, as well as those that are enabled for it. Routes must be both advertised and enabled for a device to act as a subnet router or exit node. ### Method GET ### Endpoint /api/v2/device/{deviceId}/routes ### Parameters #### Path Parameters - **deviceId** (string) - Required - ID of the device. Using the device's `nodeId` is preferred, but its numeric `id` value can also be used. ### Response #### Success Response (200) - **advertisedRoutes** (array string[]) - List of advertised subnet routes. - **enabledRoutes** (array string[]) - List of enabled subnet routes. #### Response Example ```json { "advertisedRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ], "enabledRoutes": [ "10.0.0.0/16", "192.168.1.0/24" ] } ``` #### Error Responses - **404** - Device not found. - **500** - Internal server error. - **504** - Gateway timeout. ``` -------------------------------- ### Device Invites Operations Source: https://tailscale.com/api Manage device invitations for sharing devices. ```APIDOC ## Device Invites Operations ### GET /device/{deviceId}/device-invites **Description**: Lists device invites associated with a specific device. ### POST /device/{deviceId}/device-invites **Description**: Creates a new device invite for a specific device. ### GET /device-invites/{deviceInviteId} **Description**: Retrieves details of a specific device invite. ### DELETE /device-invites/{deviceInviteId} **Description**: Deletes a specific device invite. ### POST /device-invites/{deviceInviteId}/resend **Description**: Resends a device invite. ### POST /device-invites/-/accept **Description**: Accepts a device invite. ``` -------------------------------- ### User Invites Operations Source: https://tailscale.com/api Manage user invitations within a tailnet. ```APIDOC ## User Invites Operations ### GET /tailnet/{tailnet}/user-invites **Description**: Lists all pending user invites for a tailnet. ### POST /tailnet/{tailnet}/user-invites **Description**: Creates a new user invite. ### GET /user-invites/{userInviteId} **Description**: Retrieves details of a specific user invite. ### DELETE /user-invites/{userInviteId} **Description**: Deletes a specific user invite. ### POST /user-invites/{userInviteId}/resend **Description**: Resends a user invite. ``` -------------------------------- ### Authenticate Tailscale API Requests Source: https://tailscale.com/api Demonstrates two methods for authenticating API requests: using an API access token with HTTP Basic authentication or as a Bearer token in the Authorization header. ```curl // passing token with basic auth curl -u "tskey-api-xxxxx:" https://api.tailscale.com/api/v2/... ``` ```curl // passing token as bearer token curl -H "Authorization: Bearer tskey-api-xxxxx" https://api.tailscale.com/api/v2/... ``` -------------------------------- ### POST /device/{deviceId}/key Source: https://tailscale.com/api Rotates the key for a specific device. ```APIDOC ## POST /device/{deviceId}/key ### Description Rotates the key for a specific device. ### Method POST ### Endpoint /api/v2/device/{deviceId}/key ### Parameters #### Path Parameters - **deviceId** (string) - Required - The unique identifier of the device. ``` -------------------------------- ### Users Operations Source: https://tailscale.com/api Manage and query users within a tailnet. ```APIDOC ## Users Operations ### GET /tailnet/{tailnet}/users **Description**: Lists all users in a tailnet. ### GET /users/{userId} **Description**: Retrieves information about a specific user. ### POST /users/{userId}/role **Description**: Assigns or updates a user's role. ### POST /users/{userId}/approve **Description**: Approves a pending user. ### POST /users/{userId}/suspend **Description**: Suspends a user. ### POST /users/{userId}/restore **Description**: Restores a suspended user. ### POST /users/{userId}/delete **Description**: Deletes a user from the tailnet. ``` -------------------------------- ### Batch Update Custom Device Posture Attributes Source: https://tailscale.com/api Batch updates posture attributes across devices in a tailnet. This endpoint uses JSON Merge Patch semantics. Specifying `null` for an attribute will delete that attribute. Attributes must be in the `custom:` namespace. OAuth Scope: `devices:posture_attributes`. ```APIDOC ## PATCH /api/v2/tailnet/{tailnet}/device-attributes ### Description Batch updates posture attributes across devices in a tailnet. This endpoint uses JSON Merge Patch semantics. Specifying `null` for an attribute will delete that attribute. Attributes must be in the `custom:` namespace. ### Method PATCH ### Endpoint `/api/v2/tailnet/{tailnet}/device-attributes` ### Parameters #### Path Parameters - **tailnet** (string) - Required - The tailnet ID. Can be a dash (`-`) to reference the default tailnet or a specific tailnet ID (e.g., `T1234CNTRL`). #### Request Body - **nodes** (object) - Required - A mapping of deviceId → posture attributes. - **comment** (string) - Optional - An optional comment indicating why attributes are being set, which will be added to the audit log. Max length: 200. ### Request Example ```json { "nodes": { "nPM2KNuedB21DEVEL": { "custom:myattr": { "value": "my_value" } }, "nPpz3VEKzX11DEVEL": { "custom:flag": { "value": true, "expiry": "2025-09-19T15:00:00Z" } } }, "comment": "bulk posture attribute update" } ``` ### Response #### Success Response (200) Successful operation. #### Error Responses - **400** - An invalid request payload was sent. - **404** - Tailnet not found. - **500** - Internal server error. ``` -------------------------------- ### Tailnet Settings Operations Source: https://tailscale.com/api Manage settings for a tailnet. ```APIDOC ## Tailnet Settings Operations ### GET /tailnet/{tailnet}/settings **Description**: Retrieves the current settings for a tailnet. ### PATCH /tailnet/{tailnet}/settings **Description**: Updates settings for a tailnet. ``` -------------------------------- ### Set Device IPv4 Address Source: https://tailscale.com/api Replace a device's current Tailscale IPv4 address with a new one. This action will disrupt existing connections, requiring reconnection with the new IP and potentially a DNS cache flush. ```Shell curl 'https://api.tailscale.com/api/v2/device/{deviceId}/ip' \ --request POST \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \ --data '{ "ipv4": "100.80.0.1" }' ``` -------------------------------- ### Logging Operations Source: https://tailscale.com/api Manage and configure network logging, configuration logging, and log streaming for a tailnet. ```APIDOC ## Logging Operations ### GET /tailnet/{tailnet}/logging/configuration **Description**: Retrieves the logging configuration for a tailnet. ### GET /tailnet/{tailnet}/logging/network **Description**: Retrieves network logging data for a tailnet. ### GET /tailnet/{tailnet}/logging/{logType}/stream/status **Description**: Gets the status of a specific log stream. ### GET /tailnet/{tailnet}/logging/{logType}/stream **Description**: Retrieves logs from a specific stream. ### PUT /tailnet/{tailnet}/logging/{logType}/stream **Description**: Updates settings for a specific log stream. ### DELETE /tailnet/{tailnet}/logging/{logType}/stream **Description**: Deletes a specific log stream. ### POST /tailnet/{tailnet}/aws-external-id **Description**: Creates or updates an AWS external ID for logging integration. ### POST /tailnet/{tailnet}/aws-external-id/{id}/validate-aws-trust-policy **Description**: Validates an AWS trust policy associated with an external ID. ``` -------------------------------- ### Set device enabled routes using cURL Source: https://tailscale.com/api Replace a device's existing enabled subnet routes with a new list. Advertised routes cannot be set via the API. Requires the 'devices:routes' OAuth scope. ```Shell curl 'https://api.tailscale.com/api/v2/device/{deviceId}/routes' \ --request POST \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer YOUR_SECRET_TOKEN' \ --data '{ \ "routes": [ \ "10.0.0.0/16", \ "192.168.1.0/24" \ ] \ }' ``` -------------------------------- ### Services Operations Source: https://tailscale.com/api Manage Tailscale Services for a tailnet. ```APIDOC ## Services Operations ### GET /tailnet/{tailnet}/services **Description**: Lists all Tailscale Services for a tailnet. ### GET /tailnet/{tailnet}/services/{serviceName} **Description**: Retrieves details of a specific Tailscale Service. ### PUT /tailnet/{tailnet}/services/{serviceName} **Description**: Updates a specific Tailscale Service. ### DELETE /tailnet/{tailnet}/services/{serviceName} **Description**: Deletes a specific Tailscale Service. ### GET /tailnet/{tailnet}/services/{serviceName}/devices **Description**: Lists devices associated with a specific Tailscale Service. ### GET /tailnet/{tailnet}/services/{serviceName}/device/{deviceId}/approved **Description**: Checks if a device is approved for a specific Tailscale Service. ### POST /tailnet/{tailnet}/services/{serviceName}/device/{deviceId}/approved **Description**: Approves a device for a specific Tailscale Service. ``` -------------------------------- ### DNS Operations Source: https://tailscale.com/api Manage a tailnet's DNS settings, including nameservers, search paths, and split DNS configurations. ```APIDOC ## DNS Operations ### GET /tailnet/{tailnet}/dns/nameservers **Description**: Retrieves the configured DNS nameservers for a tailnet. ### POST /tailnet/{tailnet}/dns/nameservers **Description**: Sets or updates the DNS nameservers for a tailnet. ### GET /tailnet/{tailnet}/dns/preferences **Description**: Retrieves DNS preferences for a tailnet. ### POST /tailnet/{tailnet}/dns/preferences **Description**: Updates DNS preferences for a tailnet. ### GET /tailnet/{tailnet}/dns/searchpaths **Description**: Retrieves the configured DNS search paths for a tailnet. ### POST /tailnet/{tailnet}/dns/searchpaths **Description**: Sets or updates the DNS search paths for a tailnet. ### GET /tailnet/{tailnet}/dns/split-dns **Description**: Retrieves the split DNS configuration for a tailnet. ### PATCH /tailnet/{tailnet}/dns/split-dns **Description**: Partially updates the split DNS configuration for a tailnet. ### PUT /tailnet/{tailnet}/dns/split-dns **Description**: Replaces the entire split DNS configuration for a tailnet. ### GET /tailnet/{tailnet}/dns/configuration **Description**: Retrieves the overall DNS configuration for a tailnet. ### POST /tailnet/{tailnet}/dns/configuration **Description**: Sets or updates the overall DNS configuration for a tailnet. ```