Twingate provides an Admin API that is GraphQL-based and currently provides the ability to:

  • Create, read, update, and delete all Remote networks
  • Create, read, update, delete, and generate tokens for all Connectors
  • Create, read, update, and delete all Resources
  • Create, read, update, and delete all Groups
  • Create, read, update, and delete all Service Accounts and Service Keys
  • Assign Policies
  • Read, archive, unarchive, block, unblock, and update the trust status of all Devices
  • Read, and update Security Policies
  • Read all Users
  • Read, invite, update, and delete all Social Users

API schema documentation is part of the GraphQL API endpoint and is always up to date. See the next section on how to access the Admin API.

Getting started

In order to access the GraphQL endpoint for your Twingate network, you first need to generate an API token in the Admin console. To generate an API token, log into the Admin Console and navigate to Settings > API > Generate Token as seen in the screenshot below.

Once you have your API token available, our Admin API GraphQL endpoint is available at the following address (replace subdomain with your own subdomain):

  • https://subdomain.twingate.com/api/graphql/
  • You will also need to set a custom HTTP header, X-API-KEY with the value of your API key.

Example query

If you’re new to using GraphQL, this example query requests the first 10 Remote Networks in your account, returning the ID and name of each Remote Network along with pagination information if there are more results. Additional information can be returned for each RemoteNetworkEdge node; consult the GraphQL schema for more information.

remoteNetworks(after: null, first:10) {
edges {
node {
pageInfo {

GraphQL clients

If you’re looking for a query GUI, GraphiQL is very easy to use. You can get started quickly on Mac with Homebrew:

brew install --cask graphiql

Another popular open source client is Altair.

If you’re using Python, we’d recommend the gql library, which allows you to get started with just a few lines of code and a query string.

API Schema

The API schema (both the available endpoints and type definitions) can be retrieved by introspection. Some clients such as Altair have built-in tools to perform introspection queries and present formatted documentation for developers to be able to navigate the API:

Terraform Provider

Twingate’s Terraform provider uses the Twingate API to automatically provision Twingate constructs such as Connectors and Resources, and may be useful if you’d like to manage your organization’s infrastructure as code. Please see the documentation for more details as well as the Terraform - Getting Started guide.

API Throttling

Twingate limits the number of API requests based on the number of read or write requests per minute. The default limits set per account are shown below. Should these limits be reached within a 1 minute window, Twingate will return a 429 response status code to retry again the time period specified in the response.

Request typeRequest Limit (per minute)

Last updated 4 months ago