API
Overview
Twingate provides an Admin API that is GraphQL-based and currently provides the ability to:
- Create, read, update, and delete all Remote networks
- Create, read, update, delete, and generate tokens for all Connectors
- Create, read, update, and delete all Resources
- Create, read, update, and delete all Groups
- Create, read, update, and delete all Service Accounts and Service Keys
- Assign Policies
- Read, archive, unarchive, block, unblock, and update the trust status of all Devices
- Read, and update Security Policies
- Read all Users
- Read, invite, update, and delete all Social Users
API schema documentation is part of the GraphQL API endpoint and is always up to date. See the next section on how to access the Admin API.
Getting started
In order to access the GraphQL endpoint for your Twingate network, you first need to generate an API token in the Admin console. To generate an API token, log into the Admin Console and navigate to Settings > API > Generate Token as seen in the screenshot below.
Once you have your API token available, our Admin API GraphQL endpoint is available at the following address (replace subdomain
with your own subdomain):
https://subdomain.twingate.com/api/graphql/
- You will also need to set a custom HTTP header,
X-API-KEY
with the value of your API key.
Example query
If you’re new to using GraphQL, this example query requests the first 10 Remote Networks in your account, returning the ID and name of each Remote Network along with pagination information if there are more results. Additional information can be returned for each RemoteNetworkEdge
node; consult the GraphQL schema for more information.
{ remoteNetworks(after: null, first:10) { edges { node { id name } } pageInfo { startCursor hasNextPage } }}
GraphQL clients
If you’re looking for a query GUI, GraphiQL is very easy to use. You can get started quickly on Mac with Homebrew:
brew install --cask graphiql
Another popular open source client is Altair.
If you’re using Python, we’d recommend the gql library, which allows you to get started with just a few lines of code and a query string.
API Schema
The API schema (both the available endpoints and type definitions) can be retrieved by introspection. Some clients such as Altair have built-in tools to perform introspection queries and present formatted documentation for developers to be able to navigate the API:
Terraform Provider
Twingate’s Terraform provider uses the Twingate API to automatically provision Twingate constructs such as Connectors and Resources, and may be useful if you’d like to manage your organization’s infrastructure as code. Please see the documentation for more details as well as the Terraform - Getting Started guide.
Should your Terraform run fail to complete due to a 429
response status code, check the version of your Twingate provider. Retries for 429
response status codes was introduced in v0.1.6 and improved again in v0.2.0. Upgrade to v0.2.0 or the latest version to ensure the Twingate provider appropriately handles retries when reaching the API throttling limits.
API Throttling
Twingate limits the number of API requests based on the number of read or write requests per minute. The default limits set per account are shown below. Should these limits be reached within a 1 minute window, Twingate will return a 429
response status code to retry again the time period specified in the response.
Request type | Request Limit (per minute) |
---|---|
Reads | 60 |
Writes | 20 |
Last updated 10 months ago