Skip to main content
POST
/
sites
/
{siteId}
/
transient-accesses
Create a transient access session
curl --request POST \
  --url https://api.altostrat.io/sites/{siteId}/transient-accesses \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "expire_after_minutes": 60,
  "type": "winbox",
  "full_access": true,
  "allow_rfc1918": false,
  "allow_only_cidr": "203.0.113.42/32"
}'
{
  "id": "f0e9d8c7-b6a5-4f3e-2d1c-0b9a8e7f6d5c",
  "username": "transient-user-abc123",
  "password": "P@ssw0rdABC123XYZ",
  "port": 45821,
  "type": "winbox",
  "full_access": true,
  "allow_rfc1918": false,
  "allow_only_cidr": "198.51.100.10/32",
  "revoked_early": false,
  "expires_at": "2025-10-29T12:15:49Z",
  "expired": false,
  "entry_point": "edge-us-east-1a.ostrat.io",
  "time_to_expire": "15 minutes from now",
  "onclick": "winbox://edge-us-east-1a.ostrat.io:45821?username=transient-user-abc123&password=P@ssw0rdABC123XYZ"
}

Authorizations

โ€‹
Authorization
string
header
required

Enter your JWT bearer token.

Path Parameters

โ€‹
siteId
string<uuid>
required

The unique identifier for the site.

Example:

"d290f1ee-6c54-4b01-90e6-d701748f0851"

Body

application/json
โ€‹
expire_after_minutes
integer
required

The number of minutes until the session automatically expires.

Required range: 15 <= x <= 1440
Example:

60

โ€‹
type
enum<string>
required

The type of access protocol.

Available options:
winbox,
ssh
Example:

"winbox"

โ€‹
full_access
boolean
required

Whether to grant full administrative privileges.

Example:

true

โ€‹
allow_rfc1918
boolean
required

Whether to allow connections from private (RFC1918) IP addresses. Typically should be false for security.

Example:

false

โ€‹
allow_only_cidr
string
required

Restrict access to a single source IP address or CIDR range. Use a /32 for a single IP.

Example:

"203.0.113.42/32"

Response

The newly created transient access object.

โ€‹
id
string<uuid>

The unique identifier for the transient access session.

Example:

"f0e9d8c7-b6a5-4f3e-2d1c-0b9a8e7f6d5c"

โ€‹
username
string

The temporary username for this session.

Example:

"transient-user-abc123"

โ€‹
password
string

The temporary password for this session.

Example:

"P@ssw0rdABC123XYZ"

โ€‹
port
integer

The public port on the Altostrat management server to connect to.

Example:

45821

โ€‹
type
enum<string>

The type of access protocol.

Available options:
winbox,
ssh
Example:

"winbox"

โ€‹
full_access
boolean

Whether the session has full administrative privileges.

Example:

true

โ€‹
allow_rfc1918
boolean

Whether access is allowed from private (RFC1918) IP ranges.

Example:

false

โ€‹
allow_only_cidr
string

The source CIDR that is exclusively allowed to connect.

Example:

"198.51.100.10/32"

โ€‹
revoked_early
boolean

True if the session was manually revoked before it expired.

Example:

false

โ€‹
expires_at
string<date-time>

The timestamp when this session will automatically expire.

Example:

"2025-10-29T12:15:49Z"

โ€‹
expired
boolean

True if the session has expired or been revoked.

Example:

false

โ€‹
entry_point
string

The hostname of the Altostrat management server to connect to.

Example:

"edge-us-east-1a.ostrat.io"

โ€‹
time_to_expire
string

A human-readable string indicating how long until the session expires.

Example:

"15 minutes from now"

โ€‹
onclick
string

A Winbox connection string for easy one-click access.

Example:

"winbox://edge-us-east-1a.ostrat.io:45821?username=transient-user-abc123&password=P@ssw0rdABC123XYZ"