Infrastructure API
How the ForestVPN platform is shaped — projects, planes, authentication, and the guides that take you from zero to production.
The ForestVPN Infrastructure API is one HTTPS API at https://api.fvpn.net,
split into role-scoped planes — the URL prefix tells you who a call acts
as:
/platform/v1/*— the project surface: everything you do as a project (manage the project, mint API keys, read billing, inspect webhooks). Authenticated with a console session or a project API key./consumer/v1/*— the end-user surface: everything a project's end user (a consumer account and its devices) does. Authenticated with consumer/device credentials, never with staff keys.
Every operation on both planes is documented in the API reference, generated from the same committed OpenAPI documents the SDK clients are built from — the reference and the clients cannot disagree.
The mental model
- A project is your isolated tenant —
members, keys, consumers, devices, and billing all hang off it. Requests
carry the project UUID in the
X-Project-Idheader. - Consumers are your end users — a separate
identity system (
/consumer/v1) fully scoped inside your project. - Devices belong to consumers and are the unit the VPN actually connects.
- Billing webhooks give you an auditable record of every vendor billing event the platform processed for your project.
API keys
Mint a project-bound fvpn_v1_ key in the console and make your first authenticated call.
Projects
The tenant boundary — membership, roles, invites, transfer, and the audit log.
Consumers
Your end users — accounts, device auth, sessions, and data isolation.
Devices
Registration, authorization, heartbeats, key rotation, and exit-node roles.
Billing webhooks
Observe, search, and replay the vendor billing events recorded for your project.