API: Complete Endpoint Reference
Last updated 08 Jun 2026
111 views
🔒 Dedicated WireGuard VPN
All Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/wg/servers | List your assigned servers |
| GET | /api/wg/servers/{id}/users | List users with live status & bandwidth |
| POST | /api/wg/servers/{id}/users | Create user — returns config & all keys |
| GET | /api/wg/servers/{id}/status | Live device status for all users |
| GET | /api/wg/users/{id} | Get user details, config, keys, status |
| DELETE | /api/wg/users/{id} | Remove user |
| GET | /api/wg/users/{id}/port-forwards | List port forwards for a user |
| POST | /api/wg/users/{id}/port-forwards | Create port forward |
| DELETE | /api/wg/port-forwards/{id} | Remove port forward |
| Bandwidth Control | ||
| GET | /api/wg/users/{id}/bandwidth | Get current bandwidth limit |
| PUT | /api/wg/users/{id}/bandwidth | Set bandwidth limit (up/down) |
| DELETE | /api/wg/users/{id}/bandwidth | Remove limit (unlimited) |
| DNS-over-TLS (DoT) | ||
| GET | /api/wg/servers/{id}/dns | Get current DNS resolver config |
| PUT | /api/wg/servers/{id}/dns | Set DoT resolvers |
| DELETE | /api/wg/servers/{id}/dns | Remove DoT, revert to plain DNS |
Authentication
Every request requires a Bearer token:
Authorization: Bearer wg_your_api_key_hereGenerate keys at: WireGuard Server → API Keys & Documentation
Rate Limits
60 requests per minute per API key. HTTP 429 returned if exceeded.
HTTP Status Codes
| Code | Meaning |
|---|---|
| 200 | Success |
| 201 | Created (user or port forward) |
| 401 | Invalid or missing API key |
| 403 | Forbidden — resource belongs to another account |
| 409 | Conflict — duplicate name or port already in use |
| 422 | Validation error — invalid input |
| 429 | Rate limit exceeded |
| 500 | Server error — check the error message |
Multi-Server Usage
One API key gives you access to all your assigned servers. You specify which server by its assignment_id (returned by GET /servers). You don't need separate keys per server.
If you need different keys for different applications or environments (e.g. production vs staging), you can create up to 5 active keys.
Bandwidth Control
Set per-user upload and download bandwidth limits. Uses Linux traffic control on the server. Limits persist across reboots.
Set a bandwidth limit
# Limit user to 10 Mbps down / 5 Mbps up
curl -s -X PUT -H "Authorization: Bearer wg_KEY" \
-H "Content-Type: application/json" \
-d '{"down_mbps": 10, "up_mbps": 5}' \
https://portal.premiervpn.net/api/wg/users/42/bandwidthResponse:
{
"success": true,
"client_name": "phone-user",
"bandwidth_down_kbps": 10000,
"bandwidth_up_kbps": 5000,
"bandwidth_down_mbps": 10.0,
"bandwidth_up_mbps": 5.0
}Check current limit
curl -s -H "Authorization: Bearer wg_KEY" \
https://portal.premiervpn.net/api/wg/users/42/bandwidthRemove limit
curl -s -X DELETE -H "Authorization: Bearer wg_KEY" \
https://portal.premiervpn.net/api/wg/users/42/bandwidthLimits: Minimum 100 Kbps. Maximum 1,000,000 Kbps (1 Gbps). Applied immediately. Persist across reboots.
DNS-over-TLS (DoT)
Configure encrypted DNS resolvers on your server. Encrypts all DNS queries, enabling ad/malware blocking via DNS.
Set DoT resolvers
# Cloudflare + Quad9
curl -s -X PUT -H "Authorization: Bearer wg_KEY" \
-H "Content-Type: application/json" \
-d '{"resolvers": [
{"address": "1.1.1.1", "name": "cloudflare-dns.com"},
{"address": "9.9.9.9", "name": "dns.quad9.net"}
]}' \
https://portal.premiervpn.net/api/wg/servers/5/dnsCheck DNS config
curl -s -H "Authorization: Bearer wg_KEY" \
https://portal.premiervpn.net/api/wg/servers/5/dnsRevert to plain DNS
curl -s -X DELETE -H "Authorization: Bearer wg_KEY" \
https://portal.premiervpn.net/api/wg/servers/5/dnsPopular DoT resolvers:
| Provider | Address | TLS Name | Features |
|---|---|---|---|
| Cloudflare | 1.1.1.1 | cloudflare-dns.com | Fast, privacy-focused |
| Cloudflare (malware) | 1.1.1.2 | security.cloudflare-dns.com | Blocks malware |
| Quad9 | 9.9.9.9 | dns.quad9.net | Malware blocking |
| AdGuard | 94.140.14.14 | dns.adguard.com | Ad + tracker blocking |
| 8.8.8.8 | dns.google | General purpose |
Notes: Max 4 resolvers. Changes apply to all users on the server. Stubby is installed automatically on first use.
Example: Full Workflow
# 1. List servers to get assignment IDs
curl -s -H "Authorization: Bearer wg_KEY" \
https://portal.premiervpn.net/api/wg/servers
# 2. Create a user on server 5
curl -s -X POST -H "Authorization: Bearer wg_KEY" \
-H "Content-Type: application/json" \
-d '{"client_name": "web-server"}' \
https://portal.premiervpn.net/api/wg/servers/5/users
# Save the returned config to a .conf file
# 3. Add port forwarding for a web server
curl -s -X POST -H "Authorization: Bearer wg_KEY" \
-H "Content-Type: application/json" \
-d '{"external_port": 443, "internal_port": 443, "protocol": "tcp", "comment": "HTTPS"}' \
https://portal.premiervpn.net/api/wg/users/NEW_USER_ID/port-forwards
# 4. Check if the user is online
curl -s -H "Authorization: Bearer wg_KEY" \
https://portal.premiervpn.net/api/wg/servers/5/status
# 5. When done, clean up
curl -s -X DELETE -H "Authorization: Bearer wg_KEY" \
https://portal.premiervpn.net/api/wg/port-forwards/PF_ID
curl -s -X DELETE -H "Authorization: Bearer wg_KEY" \
https://portal.premiervpn.net/api/wg/users/USER_ID