1. Announcements
TunnelSats Public Wireguard API
  • About our team
  • πŸ“’ Public
    • List available VPN servers
      GET
    • Create a new VPN subscription
      POST
    • Claim a WireGuard configuration after payment
      POST
    • Check subscription status via payment hash
      GET
    • Renew an existing VPN subscription
      POST
    • Get Subscription Status
      POST
  • πŸ” Authenticated
    • Sync Subscription
      POST
    • Create Referral Code
      POST
    • Referral History
      GET
    • List all active/paid subscriptions for the account
      GET
  • πŸ”§ Tools
    • Lightning Node Network Address Discovery
      POST
    • Universal Connectivity Probe
      POST
  • Announcements
    • πŸ’« What is TunnelSats?
    • πŸš€ Introducing the TunnelSats Public API v1
    • How TunnelSats Leverages Public APIs for Confined VPN Management
  • Cookbook
    • πŸ› οΈ Automation & Code Examples
    • 🐚 Bash One-Liners
    • πŸ›‘ Error Codes & Troubleshooting
    • 🎁 Referral Program: Earn Bonus Months
    • πŸš‘ Node Health & Upkeep
    • πŸ›‘οΈ Security & Authentication
  • Schemas
    • Server
    • InvoiceOrder
    • SubscriptionStatus
    • WireGuardConfig
    • ReferralCode
    • ReferralHistory
    • NodeLookup
    • ConnectivityResult
    • RenewalOrder
    • ClaimResult
    • ApiError
    • SubscriptionListItem
  1. Announcements

How TunnelSats Leverages Public APIs for Confined VPN Management

At TunnelSats, providing a "Set It & Forget It" privacy tool for node runners means navigating strict environment boundaries. With our new Umbrel App, we demonstrate how to orchestrate a Lightning-centric VPN solution using the TunnelSats Public API across a segmented architecture.
πŸ’‘
The Challenge
Umbrel environments are strictly confined. How do you allow a self-hosted node to securely fetch and configure a WireGuard VPN tunnel natively, while handling continuous subscription renewals without locking the logic inside the local machine?
The Solution:
A decoupled, API-first architecture.
1.
Local App Provisioning: The Umbrel App uses our public API List Servers to fetch all available servers, followed by subscribing Create Subscription and fetch Claim Subscription active WireGuard tunnel configurations tailored to the user's selected continent. This keeps the local app lightweight and focused entirely on the networking layer (Killswitches, LND/CLN routing).
2.
Centralized NWC Renewals: Rather than forcing the Umbrel node to negotiate auto-renewals internally, users log into the tunnelsats.com dashboard.
3.
API Orchestration: On the dashboard, users import their Umbrel config and provide a Nostr Wallet Connect (NWC) string. The backend API handles the restβ€”pinging the node via NWC and orchestrating the Lightning invoice payment to renew the subscription outside of the confined Umbrel environment.
This guarantees the local node focuses exclusively on uptime, while the API handles the financial abstraction. Check out the API documentation here and see how you can interact with TunnelSats programmatically:
πŸ‘‰ api.tunnelsats.com
Modified atΒ 2026-04-06 13:27:45
Previous
πŸš€ Introducing the TunnelSats Public API v1
Next
πŸ› οΈ Automation & Code Examples
Built with