Set up a VPN Connection

The main function of the VPN Client API is to set up a VPN Connection. This article will explain how to use the API to directly connect and disconnect a VPN Connection. To set up a connection, you will also need to make several calls to the APIv2 to get some required ID's. If you haven't already, please read the articles How to use the APIv2? and How to use the VPN Client API?.


To set up a VPN Connection, you first need to obtain the ID of the Agent you would like to connect to and the IXON Company this agent is situated in. You can obtain this information using the CompanyList and AgentList endpoints of the APIv2.

Next step is to obtain the required authorization tokens. You will need a bearer token, which can be obtained using the AccessTokenList endpoint. You have to insert this in the connection request using the Api-Access-Token header. Next, you need to get a sector ID to determine in what sector your agent is located. You can find this using the SectorList endpoint. Lastly, you will need to include a 128-bit universally unique identifier (UUID) that the VPN Client uses to distinguish between different controllers communicating with the VPN Client. Each controller is responsible for sending its own UUID.

For example, the IXON Cloud will include a UUID that is unique to the login session of the active user in its connect request to the VPN Client. A valid UUID can be generated in many different ways.

When you have obtained all this information, you are ready to send a POST request to the VPN client to connect to the agent. The example below will show what that request should look like.

curl --request POST \
     --url 'https://localhost:9250/connect' \
     --header 'Api-Version: 2' \
     --header "VPN-Client-Controller-Identifier: $UUID" \
     --header "Api-Access-Token: $bearer_token" \
     --header "Api-Sector: $sector_id" \
     --header 'Content-Type: application/json' \
     --data '{"agentId":"$agent_id","companyId":"$company_id"}'


The VPN Client can be instructed to disconnect from the currently connected Agent by sending a POST request to the disconnect endpoint. Anyone can issue a disconnect regardless of which controller initiated the current connection.

curl --request POST \
     --url 'https://localhost:9250/disconnect'