Skip to main content
Select Actions to adjust the guide
Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.
Action
Scope(s)
Loading actions…
Dynamic Guide URL
Scopes Selected
Separator
Owner privileges are required to create API credentials in CloudConnexa. The Client Secret is shown only once at creation time and cannot be retrieved later.

Find your Cloud ID

Your Cloud ID is the subdomain of your CloudConnexa tenant and is required to sign in and to fill in the Cloud ID field below.

1

Identify your Cloud ID

Your CloudConnexa Administration Portal URL follows the pattern https://{cloud-id}.api.openvpn.com/. The Cloud ID is the subdomain before .api.openvpn.com.

  • Example: if your URL is https://acme.api.openvpn.com/, your Cloud ID is acme.
  • You can also find it by signing in to the OpenVPN account portal at https://myaccount.openvpn.com and copying the Cloud ID shown on your tenant dashboard.
  • Do not include .api.openvpn.com in the Cloud ID field — enter only the subdomain (e.g., acme).

Create API Credentials

CloudConnexa uses OAuth 2.0 with the client_credentials grant. Create an API credential set in the Administration Portal to get a Client ID and Client Secret.

1

Open the Administration Portal

Sign in to your CloudConnexa tenant at https://{your-cloud-id}.api.openvpn.com/ (replace {your-cloud-id} with your Cloud ID from the section above).

  • Sign in with your OpenVPN account credentials.
  • Confirm you have Owner role — only Owners can create API credentials.
2

Navigate to API Credentials

Open API & Logs > API and click Create Credentials.

  • In the left sidebar, click API & Logs.
  • Select API from the submenu.
  • Click Create Credentials to open the credential creation form.
3

Configure the credential set

Fill in the credential creation form with the following settings.

  • Name: A descriptive label for this credential set (e.g., StackOne Integration).
  • Lifetime: Choose how long the credentials remain valid — 2 weeks, 1 month, 6 months, or 1 year.
  • (Optional) IP Subnet Restriction: Enter allowed source IP ranges to restrict which IPs can use these credentials.
4

Grant Permissions

Enables actions: Activate Host Connector, Activate Network Connector, Activate User, Create Access Group, Create DNS Record, Create Device, Create Host, Create Host Connector, Create Location Context, Create Network, Create Network Connector, Create Route, Create User, Create User Group, Delete Access Group, Delete DNS Record, Delete Device, Delete Host, Delete Host Connector, Delete Location Context, Delete Network, Delete Network Connector, Delete Route, Delete User, Delete User Group, Get Access Group, Get DNS Record, Get Device, Get Host, Get Host Connector, Get Location Context, Get Network, Get Network Connector, Get User, Get User Group, List Access Groups, List DNS Records, List Devices, List Host Connectors, List Hosts, List Location Contexts, List Network Connectors, List Networks, List Routes, List Sessions, List User Groups, List Users, List VPN Regions, Suspend Host Connector, Suspend Network Connector, Suspend User, Update Access Group, Update DNS Record, Update Device, Update Host, Update Host Connector, Update Location Context, Update Network, Update Network Connector, Update Route, Update User, Update User Group

Under the Permissions section of the form, each resource has a Read Only toggle and (where applicable) a Modify toggle. The toggle you enable determines which connector scopes are granted. Enable Read Only + Modify on the resources you need (or click All > Modify to grant everything in one step). Note: Granting Modify alone is not sufficient — Read Only must also be enabled on the same resource, otherwise GET endpoints return 403.

  • Access Group — Read Only grants read:access_group, Modify grants write:access_group
  • Device — Read Only grants read:device, Modify grants write:device
  • DNS Record — Read Only grants read:dns_record, Modify grants write:dns_record
  • Host — Read Only grants read:host, Modify grants write:host (covers Host Connectors too)
  • Location Context — Read Only grants read:location_context, Modify grants write:location_context
  • Network — Read Only grants read:network, Modify grants write:network (covers Network Connectors and Routes too)
  • User — Read Only grants read:user, Modify grants write:user
  • User Group — Read Only grants read:user_group, Modify grants write:user_group
  • Region — Read Only grants read:vpn_region (Modify toggle not available for this resource)
  • Sessions — Read Only grants read:session (Modify toggle not available for this resource)
5

Save and copy the credentials

Click Create to generate the credential set, then immediately copy both values.

  • Copy the Client ID and paste it into the Client ID field below.
  • Copy the Client Secret and paste it into the Client Secret field below.
  • The Client Secret is shown only once — it cannot be retrieved after you leave this page. Store it securely.
6

Enable API access

Credentials do not work until API access is explicitly turned on.

  • Return to API & Logs > API.
  • Locate the credential set you just created.
  • Click the Enable API toggle to activate it — the toggle must show as enabled (green) before the OAuth token endpoint will accept requests.

Linking the Account from the Hub

1

Navigate to the Hub

Use one of the three Linking Account Methods to access the Hub.
2

Fill out the fields

Fill out the following fields using details from your provider:
  • Cloud ID
  • Client ID
  • Client Secret
3

Connect

  • Click Connect
  • If applicable, the provider will redirect you to a sign-in or authorization page. Complete the provider’s authorization flow.
  • Once authorization is successful, you will see a confirmation popup

If the account linking is successful, you will see the newly linked account in your Accounts page.