Skip to main content
Welcome to the Altostrat SDX Developer API! Our API is your gateway to programmatically managing your entire network fleet, building powerful integrations, and leveraging our advanced automation and agentic AI capabilities. The API is built on standard REST principles, using predictable resource-oriented URLs and standard HTTP response codes. All requests and responses are encoded in JSON. The base URL for all API endpoints is https://api.altostrat.io.

Authentication

The Altostrat API uses two types of Bearer Tokens for authentication. All authenticated requests must include the token in the Authorization header. Authorization: Bearer YOUR_TOKEN

API Keys (Server-to-Server)

Use for: Backend services, scripts, and CI/CD automation.API Keys are long-lived, secure tokens that are not tied to a specific user session. They are the recommended method for any programmatic, non-interactive integration. You can generate and manage your API keys from the Automation → Vault section of the SDX dashboard.

OAuth 2.0 JWTs (User Delegation)

Use for: Frontend applications or third-party integrations where actions need to be performed on behalf of a logged-in user.These are standard, short-lived JSON Web Tokens obtained through our OIDC-compliant authentication flow. They carry the permissions and context of the authenticated user.

Your First API Call

This quickstart will guide you through making your first API call using a long-lived API Key.
1

1. Generate an API Key

Navigate to Automation → Vault in your SDX dashboard.
  1. Click + Add Item.
  2. For the Name, use the prefix api-key: followed by a description (e.g., api-key:my-first-integration).
  3. Leave the Secret Value field blank.
  4. Click Save. The system will generate a secure API key and display it to you once. Copy this key and store it securely.
2

2. Make the Request

Use the curl command below in your terminal, replacing YOUR_API_KEY with the key you just copied. This will make an authenticated request to list all the sites in your workspace.
curl -X GET "https://api.altostrat.io/sites" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Core Architectural Concepts

Synchronous vs. Asynchronous Operations

Our API provides two distinct modes of execution for different types of tasks.

Synchronous Endpoints

For immediate, real-time data. Synchronous endpoints (e.g., /sites/{id}/commands/synchronous) execute a read-only command directly on a device and return the result in the same API call.Use for: Running a live ping, getting the current status of an interface, or any task where you need an immediate response.

Asynchronous Jobs

For tasks that take time or make changes. Asynchronous endpoints (e.g., /sites/{id}/commands/asynchronous) accept a task, queue it for reliable background execution, and immediately return a 202 Accepted response.Use for: Executing a script across multiple sites or applying a new policy. You can provide an optional notify_url (webhook) to be notified when the job is complete.

Common API Patterns

All API errors return a consistent JSON object with a type, code, message, and a doc_url linking to the relevant documentation.
{
  "type": "invalid_request_error",
  "code": "resource_missing",
  "message": "No site found with the ID 'site-xyz789'.",
  "doc_url": "https://docs.altostrat.io/errors/resource_missing"
}

API At a Glance

Our API is organized into logical groups of resources. Explore the sections below to find the endpoints you need.

Account & Billing

Manage workspaces, organizations, users, billing, and subscriptions.

Fleet & Device Management

Interact with sites, run jobs, manage backups, and access device-level data.

Connectivity

Configure WAN Failover, Managed VPNs, and Captive Portals.

Security

Manage Security Groups, Prefix Lists, DNS Filtering, and BGP Threat Mitigation.

Automation & AI

Build workflows, manage scripts, use the Vault, and interact with our AI Co-pilot.

Monitoring

Retrieve faults, generate SLA reports, and access real-time metrics.