Find your Cloud ID
Your Cloud ID is the subdomain of your CloudConnexa tenant and is required to sign in and to fill in the Cloud ID field below.
Identify your Cloud ID
Your CloudConnexa Administration Portal URL follows the pattern https://{cloud-id}.api.openvpn.com/. The Cloud ID is the subdomain before .api.openvpn.com.
- Example: if your URL is
https://acme.api.openvpn.com/, your Cloud ID isacme. - You can also find it by signing in to the OpenVPN account portal at
https://myaccount.openvpn.comand copying the Cloud ID shown on your tenant dashboard. - Do not include
.api.openvpn.comin the Cloud ID field — enter only the subdomain (e.g.,acme).
Create API Credentials
CloudConnexa uses OAuth 2.0 with the client_credentials grant. Create an API credential set in the Administration Portal to get a Client ID and Client Secret.
Open the Administration Portal
Sign in to your CloudConnexa tenant at https://{your-cloud-id}.api.openvpn.com/ (replace {your-cloud-id} with your Cloud ID from the section above).
- Sign in with your OpenVPN account credentials.
- Confirm you have Owner role — only Owners can create API credentials.
Navigate to API Credentials
Open API & Logs > API and click Create Credentials.
- In the left sidebar, click API & Logs.
- Select API from the submenu.
- Click Create Credentials to open the credential creation form.
Configure the credential set
Fill in the credential creation form with the following settings.
- Name: A descriptive label for this credential set (e.g., StackOne Integration).
- Lifetime: Choose how long the credentials remain valid — 2 weeks, 1 month, 6 months, or 1 year.
- (Optional) IP Subnet Restriction: Enter allowed source IP ranges to restrict which IPs can use these credentials.
Grant Permissions
Under the Permissions section of the form, each resource has a Read Only toggle and (where applicable) a Modify toggle. The toggle you enable determines which connector scopes are granted. Enable Read Only + Modify on the resources you need (or click All > Modify to grant everything in one step). Note: Granting Modify alone is not sufficient — Read Only must also be enabled on the same resource, otherwise GET endpoints return 403.
- Access Group — Read Only grants
read:access_group, Modify grantswrite:access_group - Device — Read Only grants
read:device, Modify grantswrite:device - DNS Record — Read Only grants
read:dns_record, Modify grantswrite:dns_record - Host — Read Only grants
read:host, Modify grantswrite:host(covers Host Connectors too) - Location Context — Read Only grants
read:location_context, Modify grantswrite:location_context - Network — Read Only grants
read:network, Modify grantswrite:network(covers Network Connectors and Routes too) - User — Read Only grants
read:user, Modify grantswrite:user - User Group — Read Only grants
read:user_group, Modify grantswrite:user_group - Region — Read Only grants
read:vpn_region(Modify toggle not available for this resource) - Sessions — Read Only grants
read:session(Modify toggle not available for this resource)
Save and copy the credentials
Click Create to generate the credential set, then immediately copy both values.
- Copy the Client ID and paste it into the Client ID field below.
- Copy the Client Secret and paste it into the Client Secret field below.
- The Client Secret is shown only once — it cannot be retrieved after you leave this page. Store it securely.
Linking the Account from the Hub
Navigate to the Hub
Fill out the fields
- Cloud ID
- Client ID
- Client Secret
If the account linking is successful, you will see the newly linked account in your Accounts page.