# Altostrat Documentation ## Docs - [Get Device Change Events](https://altostrat.io/docs/api-reference/arp/devices/get-device-change-events.md): Retrieves the change event history for a specific device. - [Get Device Details](https://altostrat.io/docs/api-reference/arp/devices/get-device-details.md): Retrieves details for a specific device by its MAC address. - [Get Device IP History](https://altostrat.io/docs/api-reference/arp/devices/get-device-ip-history.md): Retrieves the IP address history for a specific device. - [List Devices](https://altostrat.io/docs/api-reference/arp/devices/list-devices.md): Retrieves a list of network devices belonging to the authenticated customer, with filtering and pagination. - [Update Device Alias](https://altostrat.io/docs/api-reference/arp/devices/update-device-alias.md): Updates the alias for a specific device. - [Asynchronous job execution](https://altostrat.io/docs/api-reference/developers/asynchronous-api/asynchronous-job-execution.md): Queues a job to run scripts or config changes on the router without waiting for real-time response. - [Retrieve a list of jobs for a router](https://altostrat.io/docs/api-reference/developers/asynchronous-api/retrieve-a-list-of-jobs-for-a-router.md): Fetch asynchronous job history or status for a specified router. - [Retrieve router faults](https://altostrat.io/docs/api-reference/developers/health/retrieve-router-faults.md): Gets the last 100 faults for the specified router, newest first. - [Retrieve router metrics](https://altostrat.io/docs/api-reference/developers/health/retrieve-router-metrics.md): Provides uptime/downtime metrics for the past 24 hours based on heartbeats. - [Create a transient port forward](https://altostrat.io/docs/api-reference/developers/port-forwards/create-a-transient-port-forward.md): Establish a temporary TCP forward over the management tunnel for behind-NAT access. - [Delete a transient port forward](https://altostrat.io/docs/api-reference/developers/port-forwards/delete-a-transient-port-forward.md): Revokes a port forward before it naturally expires. - [Retrieve a specific port forward](https://altostrat.io/docs/api-reference/developers/port-forwards/retrieve-a-specific-port-forward.md): Returns the details for one transient port forward by ID. - [Retrieve active transient port forwards](https://altostrat.io/docs/api-reference/developers/port-forwards/retrieve-active-transient-port-forwards.md): List all active port forwards for a given router. - [Retrieve a list of routers](https://altostrat.io/docs/api-reference/developers/sites/retrieve-a-list-of-routers.md): Returns a list of MikroTik routers belonging to the team associated with the bearer token. - [Retrieve OEM information](https://altostrat.io/docs/api-reference/developers/sites/retrieve-oem-information.md): Provides manufacturer data (model, CPU, OS license, etc.) for a given router. - [Retrieve router metadata](https://altostrat.io/docs/api-reference/developers/sites/retrieve-router-metadata.md): Gets freeform metadata (like name, timezone, banner, etc.) for a specific router. - [Synchronous MikroTik command execution](https://altostrat.io/docs/api-reference/developers/synchronous-api/synchronous-mikrotik-command-execution.md): Real-time RouterOS commands for read or quick ops (not recommended for major config changes). - [Adopt Device](https://altostrat.io/docs/api-reference/spa/async/bootstrap-&-adoption/adopt-device.md): Endpoint called by the device during bootstrapping to finalize adoption. It receives device information (heartbeat data), creates or finds the site record, and returns the final adoption script including the scheduler setup. Requires `Heartbeat` and `RunbookToken` middleware. Accepts `x-ros-debug` header. - [Get Bootstrap Script](https://altostrat.io/docs/api-reference/spa/async/bootstrap-&-adoption/get-bootstrap-script.md): Retrieves the initial bootstrap script for a device based on a runbook token. The device fetches this script to start the adoption process. Requires a valid runbook token middleware (`RunbookToken`). Accepts `x-ros-debug` header for verbose/non-minified script. - [Notify Scheduler Deletion](https://altostrat.io/docs/api-reference/spa/async/bootstrap-&-adoption/notify-scheduler-deletion.md): Endpoint called by a device's scheduler *after* it successfully deletes the Altostrat polling scheduler (typically when the site itself is being deleted/decommissioned). Requires `SiteAuth` and validates signature. Marks the site's deletion as fully completed. - [Receive Heartbeat & Get Job](https://altostrat.io/docs/api-reference/spa/async/heartbeat/receive-heartbeat-&-get-job.md): Endpoint called periodically by the managed device (via scheduler). Sends device status (heartbeat) and receives the next pending job script, if any. Requires `SiteAuth` middleware (device-specific Bearer token). - [Get Customer Site IDs (Internal Lite)](https://altostrat.io/docs/api-reference/spa/async/internal/get-customer-site-ids-internal-lite.md): Retrieves only the UUIDs of sites for a specific customer ID. Requires internal API token authentication. - [Get Customer Sites (Internal)](https://altostrat.io/docs/api-reference/spa/async/internal/get-customer-sites-internal.md): Retrieves a list of sites for a specific customer ID. Requires internal API token authentication. - [Get Online Site IDs (Internal)](https://altostrat.io/docs/api-reference/spa/async/internal/get-online-site-ids-internal.md): Retrieves a list of UUIDs for all sites currently marked as having a pulse (online). Intended for internal use. - [Get Site Counts for Multiple Customers (Internal)](https://altostrat.io/docs/api-reference/spa/async/internal/get-site-counts-for-multiple-customers-internal.md): Retrieves the count of sites for each customer ID provided in the request body. Requires internal API token authentication. - [Create Site Job](https://altostrat.io/docs/api-reference/spa/async/jobs/create-site-job.md): Creates a new job (command/script) for a specific site. Requires `job:create` permission and user ownership of the site. Uses headers for job metadata. - [Delete Site Job](https://altostrat.io/docs/api-reference/spa/async/jobs/delete-site-job.md): Deletes a *pending* job (one that has not started execution). Requires `job:delete` permission and user ownership. - [Get Job Details](https://altostrat.io/docs/api-reference/spa/async/jobs/get-job-details.md): Retrieves details for a specific job associated with a site. Requires `job:view` permission and user ownership of the site/job. - [List Site Jobs](https://altostrat.io/docs/api-reference/spa/async/jobs/list-site-jobs.md): Retrieves a list of jobs associated with a specific site. Requires `job:view` permission and user ownership of the site. - [Update Job Status (from Device)](https://altostrat.io/docs/api-reference/spa/async/jobs/update-job-status-from-device.md): Endpoint called by the device (using a signed URL provided in the job script) to update the status of a job (busy, done, fail). Uses `ValidateSignature` and `SubstituteBindings` middleware. - [Get Runbook Details](https://altostrat.io/docs/api-reference/spa/async/runbooks/get-runbook-details.md): Retrieves details for a specific Runbook, including its bootstrap command. Requires user authentication and authorization (user must own the runbook). - [SFTP User Authentication](https://altostrat.io/docs/api-reference/spa/async/sftp-auth/sftp-user-authentication.md): Called by the AWS SFTP Gateway to authenticate a user attempting to log in. Validates the provided password (cached temporarily) against the username (site UUID) and returns an IAM role and S3 policy if valid. - [Delete Site](https://altostrat.io/docs/api-reference/spa/async/sites/delete-site.md): Marks a site for deletion. The actual deletion and resource cleanup happen asynchronously. Requires `site:delete` permission and user ownership. Accepts `X-Force-Delete: true` header for immediate forceful deletion (use with caution). - [Get Recent Sites](https://altostrat.io/docs/api-reference/spa/async/sites/get-recent-sites.md): Retrieves a list of the 5 most recently accessed sites by the authenticated user. Requires user authentication. - [Get Site Details](https://altostrat.io/docs/api-reference/spa/async/sites/get-site-details.md): Retrieves detailed information for a specific site. Records the access as a "recent site" for the user. Requires `site:view` permission and user ownership. - [Get Site Hourly Uptime Stats](https://altostrat.io/docs/api-reference/spa/async/sites/get-site-hourly-uptime-stats.md): Retrieves hourly uptime/downtime percentage statistics for the last 24 hours for a specific site. Requires user authentication and ownership. - [Get Site Version Info](https://altostrat.io/docs/api-reference/spa/async/sites/get-site-version-info.md): Retrieves basic version information for a specific site. - [List User's Sites](https://altostrat.io/docs/api-reference/spa/async/sites/list-users-sites.md): Retrieves a list of all sites associated with the authenticated user. Requires `site:view` permission. - [List User's Sites (Minimal)](https://altostrat.io/docs/api-reference/spa/async/sites/list-users-sites-minimal.md): Retrieves a minimal list of sites (ID, name, pulse status, basic info) associated with the authenticated user. Optimized for dropdowns or quick lists. Requires `site:view` permission. - [Manually Create Site (Internal/Admin)](https://altostrat.io/docs/api-reference/spa/async/sites/manually-create-site-internaladmin.md): Allows manual creation of a site record, bypassing the usual adoption flow. Intended for internal tooling or administrative purposes. Requires appropriate permissions (likely admin/internal). - [Update Site Details](https://altostrat.io/docs/api-reference/spa/async/sites/update-site-details.md): Updates mutable details of a specific site (e.g., name, address, location, timezone). Requires `site:update` permission and user ownership. - [List backups for a site](https://altostrat.io/docs/api-reference/spa/backups/site-backups/list-backups-for-a-site.md): Retrieves an array of available RouterOS backups for the specified site. Requires `backup:view` scope. - [Request a new backup for a site](https://altostrat.io/docs/api-reference/spa/backups/site-backups/request-a-new-backup-for-a-site.md): Enqueues a backup request for the specified site. Requires `backup:create` scope. - [Retrieve a specific backup file](https://altostrat.io/docs/api-reference/spa/backups/site-backups/retrieve-a-specific-backup-file.md): Shows the contents of the specified backup file. By default returns JSON with parsed metadata. If header `X-Download` is set, it downloads raw data. If `x-highlight` is set, highlights syntax. If `x-view` is set, returns raw text in `text/plain`. Requires `backup:view` scope. - [Retrieve subnets from latest backup](https://altostrat.io/docs/api-reference/spa/backups/site-backups/retrieve-subnets-from-latest-backup.md): Parses the most recent backup for the specified site, returning discovered local subnets. Requires `backup:view` scope. - [Show diff between two backup files](https://altostrat.io/docs/api-reference/spa/backups/site-backups/show-diff-between-two-backup-files.md): Returns a unified diff between two backup files. By default returns the diff as `text/plain`. If `X-Download` header is set, you can download it as a file. If `x-highlight` is set, it highlights the diff in a textual format. Requires `backup:view` scope. - [Assign BGP Policy to Site](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/bgp-policy/assign-bgp-policy-to-site.md): Assigns or updates the BGP/DNR policy for a specific site tunnel. Creates the tunnel record if it doesn't exist. - [Create BGP Policy](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/bgp-policy/create-bgp-policy.md): Creates a new BGP/DNR policy. - [Delete BGP Policy](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/bgp-policy/delete-bgp-policy.md): Deletes a BGP/DNR policy. Fails if the policy is currently attached to any sites. - [Get BGP Policy Details](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/bgp-policy/get-bgp-policy-details.md): Retrieves details of a specific BGP/DNR policy by its UUID. - [List BGP Policies](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/bgp-policy/list-bgp-policies.md): Retrieves all BGP/DNR policies for the authenticated customer. - [List BGP/DNR Lists](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/bgp-policy/list-bgpdnr-lists.md): Retrieves a list of available BGP/DNR feed lists. - [Remove BGP Policy from Site](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/bgp-policy/remove-bgp-policy-from-site.md): Removes the BGP/DNR policy assignment from a specific site tunnel. Deletes the tunnel record if no DNS policy remains. - [Update BGP Policy](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/bgp-policy/update-bgp-policy.md): Updates an existing BGP/DNR policy. - [List Categories and Top Applications](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/categories-&-applications/list-categories-and-top-applications.md): Retrieves a list of content categories, each including its top applications sorted by domain count. - [List Safe Search Options](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/categories-&-applications/list-safe-search-options.md): Retrieves a list of available safe search services and their configuration options. - [Assign DNS Policy to Site](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/dns-policy/assign-dns-policy-to-site.md): Assigns or updates the DNS policy for a specific site tunnel. Creates the tunnel record if it doesn't exist. - [Create DNS Policy](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/dns-policy/create-dns-policy.md): Creates a new DNS content filtering policy. - [Delete DNS Policy](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/dns-policy/delete-dns-policy.md): Deletes a DNS policy. Fails if the policy is currently attached to any sites. - [Get DNS Policy Details](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/dns-policy/get-dns-policy-details.md): Retrieves details of a specific DNS policy by its UUID. - [List DNS Policies](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/dns-policy/list-dns-policies.md): Retrieves all DNS content filtering policies for the authenticated customer. - [Remove DNS Policy from Site](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/dns-policy/remove-dns-policy-from-site.md): Removes the DNS policy assignment from a specific site tunnel. Deletes the tunnel record if no BGP policy remains. - [Update DNS Policy](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/dns-policy/update-dns-policy.md): Updates an existing DNS content filtering policy. - [Handle DNR Subscription Webhook](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/internal-hooks/handle-dnr-subscription-webhook.md): Endpoint to receive DNR (BGP) subscription lifecycle events (create, terminate). Requires valid signature. - [Handle DNS Subscription Webhook](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/internal-hooks/handle-dns-subscription-webhook.md): Endpoint to receive DNS subscription lifecycle events (create, terminate). Requires valid signature. - [Get Application Blackhole IPs](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/ip-lists/get-application-blackhole-ips.md): Retrieves a list of applications and their assigned blackhole IP addresses used for DNS filtering. Requires internal API token. - [Get DNR Blackhole IP Ranges](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/ip-lists/get-dnr-blackhole-ip-ranges.md): Retrieves a map of DNR list names to their active blackhole IP ranges (integer format). Requires internal API token. - [Get Service Counts for All Customers](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/tunnels-&-sites/get-service-counts-for-all-customers.md): Retrieves a summary count of DNS and DNR subscriptions per customer. Requires internal API token. - [Get Service Details for a Customer](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/tunnels-&-sites/get-service-details-for-a-customer.md): Retrieves detailed service information (DNS/DNR subscriptions) for all tunnels belonging to a specific customer. Requires internal API token. - [Get Tunnel/Site Details](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/tunnels-&-sites/get-tunnelsite-details.md): Retrieves details for a specific tunnel/site by its Site ID. - [List All Tunnels/Sites](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/tunnels-&-sites/list-all-tunnelssites.md): Retrieves a list of all tunnels/sites associated with the authenticated customer. - [List Sites with BGP/DNR Service](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/tunnels-&-sites/list-sites-with-bgpdnr-service.md): Retrieves a list of site IDs for the authenticated customer that have the BGP/DNR service enabled. - [List Sites with DNS Service](https://altostrat.io/docs/api-reference/spa/bgp-dns-filter/tunnels-&-sites/list-sites-with-dns-service.md): Retrieves a list of site IDs for the authenticated customer that have the DNS filtering service enabled. - [Create a new Auth Integration](https://altostrat.io/docs/api-reference/spa/captive-portal/idp-integrations/create-a-new-auth-integration.md) - [Delete a specific Auth Integration](https://altostrat.io/docs/api-reference/spa/captive-portal/idp-integrations/delete-a-specific-auth-integration.md) - [List all IDP Integrations](https://altostrat.io/docs/api-reference/spa/captive-portal/idp-integrations/list-all-idp-integrations.md) - [Partially update a specific Auth Integration](https://altostrat.io/docs/api-reference/spa/captive-portal/idp-integrations/partially-update-a-specific-auth-integration.md) - [Replace a specific Auth Integration](https://altostrat.io/docs/api-reference/spa/captive-portal/idp-integrations/replace-a-specific-auth-integration.md) - [Retrieve a specific Auth Integration](https://altostrat.io/docs/api-reference/spa/captive-portal/idp-integrations/retrieve-a-specific-auth-integration.md) - [Create a new captive portal Instance](https://altostrat.io/docs/api-reference/spa/captive-portal/instances/create-a-new-captive-portal-instance.md) - [Delete a specific captive portal Instance](https://altostrat.io/docs/api-reference/spa/captive-portal/instances/delete-a-specific-captive-portal-instance.md) - [List all captive portal Instances](https://altostrat.io/docs/api-reference/spa/captive-portal/instances/list-all-captive-portal-instances.md) - [Partially update a specific captive portal Instance](https://altostrat.io/docs/api-reference/spa/captive-portal/instances/partially-update-a-specific-captive-portal-instance.md) - [Replace a specific captive portal Instance](https://altostrat.io/docs/api-reference/spa/captive-portal/instances/replace-a-specific-captive-portal-instance.md) - [Retrieve a specific captive portal Instance](https://altostrat.io/docs/api-reference/spa/captive-portal/instances/retrieve-a-specific-captive-portal-instance.md) - [Upload an image (logo or icon) for a specific Instance](https://altostrat.io/docs/api-reference/spa/captive-portal/instances/upload-an-image-logo-or-icon-for-a-specific-instance.md) - [Create a new walled garden entry for a site](https://altostrat.io/docs/api-reference/spa/captive-portal/walled-garden/create-a-new-walled-garden-entry-for-a-site.md) - [Delete a specific walled garden entry under a site](https://altostrat.io/docs/api-reference/spa/captive-portal/walled-garden/delete-a-specific-walled-garden-entry-under-a-site.md) - [List all walled garden entries for a specific site](https://altostrat.io/docs/api-reference/spa/captive-portal/walled-garden/list-all-walled-garden-entries-for-a-specific-site.md) - [Partially update a specific walled garden entry under a site](https://altostrat.io/docs/api-reference/spa/captive-portal/walled-garden/partially-update-a-specific-walled-garden-entry-under-a-site.md) - [Replace a specific walled garden entry under a site](https://altostrat.io/docs/api-reference/spa/captive-portal/walled-garden/replace-a-specific-walled-garden-entry-under-a-site.md) - [Retrieve a specific walled garden entry under a site](https://altostrat.io/docs/api-reference/spa/captive-portal/walled-garden/retrieve-a-specific-walled-garden-entry-under-a-site.md) - [Server check-in for a site](https://altostrat.io/docs/api-reference/spa/cpf/checkin/server-check-in-for-a-site.md): Called by a server to claim or update itself as the active server for a particular site (via the tunnel username). - [Create (rotate) new credentials](https://altostrat.io/docs/api-reference/spa/cpf/credentials/create-rotate-new-credentials.md): Generates a new username/password pair for the site, deletes any older credentials. Requires `apicredentials:create` scope. - [List site API credentials](https://altostrat.io/docs/api-reference/spa/cpf/credentials/list-site-api-credentials.md): Returns the API credentials used to connect to a site. Requires `apicredentials:view` scope. - [(Internal) Fetch management IPs for multiple sites](https://altostrat.io/docs/api-reference/spa/cpf/internal/internal-fetch-management-ips-for-multiple-sites.md): Given an array of site IDs, returns a map of site_id => management IP (tunnel IP). - [(Internal) Get site credentials](https://altostrat.io/docs/api-reference/spa/cpf/internal/internal-get-site-credentials.md): Returns the latest credentials for the specified site, typically used by internal services. Not user-facing. - [Assign sites to a policy](https://altostrat.io/docs/api-reference/spa/cpf/policies/assign-sites-to-a-policy.md): Sets or moves multiple site IDs onto the given policy. Requires `cpf:create` or `cpf:update` scope. - [Create a policy](https://altostrat.io/docs/api-reference/spa/cpf/policies/create-a-policy.md): Creates a new policy for the authenticated user. Requires `cpf:create` scope. - [Delete a policy](https://altostrat.io/docs/api-reference/spa/cpf/policies/delete-a-policy.md): Removes a policy if it is not the default policy. Sites that used this policy get moved to the default policy. Requires `cpf:delete` scope. - [List policies](https://altostrat.io/docs/api-reference/spa/cpf/policies/list-policies.md): Retrieves all policies for the authenticated user. Requires `cpf:view` scope. - [Show a single policy](https://altostrat.io/docs/api-reference/spa/cpf/policies/show-a-single-policy.md): Retrieves details of the specified policy, including related sites. Requires `cpf:view` scope. - [Update a policy](https://altostrat.io/docs/api-reference/spa/cpf/policies/update-a-policy.md): Update the specified policy. Sites not in the request may revert to a default policy. Requires `cpf:update` scope. - [Validate a policy](https://altostrat.io/docs/api-reference/spa/cpf/policies/validate-a-policy.md): Check basic policy details to ensure it's valid. - [Execute commands on a site (internal sync)](https://altostrat.io/docs/api-reference/spa/cpf/router-commands/execute-commands-on-a-site-internal-sync.md): Sends an execution script or command to the management server for the site. Similar to /sync but specifically for custom script execution. - [Print or run commands on a site (internal sync)](https://altostrat.io/docs/api-reference/spa/cpf/router-commands/print-or-run-commands-on-a-site-internal-sync.md): Send an API command to the management server to print or list resources on the router, or run a custom command. - [Re-send bootstrap scheduler script](https://altostrat.io/docs/api-reference/spa/cpf/scheduler/re-send-bootstrap-scheduler-script.md): Forces re-sending of a scheduled script or runbook to the router. Often used if the script fails to be applied the first time. - [Check the management server assigned to a site](https://altostrat.io/docs/api-reference/spa/cpf/sites/check-the-management-server-assigned-to-a-site.md): Returns the IP/hostname of the server currently managing the site. Requires authentication. - [Create a new Site](https://altostrat.io/docs/api-reference/spa/cpf/sites/create-a-new-site.md): Creates a new site resource with the specified ID, policy, and other information. - [Create site for migration](https://altostrat.io/docs/api-reference/spa/cpf/sites/create-site-for-migration.md): Creates a Site for system migrations, then runs additional background jobs (tunnel assignment, credentials creation, policy update). - [List all site IDs](https://altostrat.io/docs/api-reference/spa/cpf/sites/list-all-site-ids.md): Returns minimal site data for every site in the system (ID and tunnel IP). - [List site IDs by Customer](https://altostrat.io/docs/api-reference/spa/cpf/sites/list-site-ids-by-customer.md): Returns a minimal array of sites for a given customer, including the assigned tunnel IP if available. - [Perform a site action](https://altostrat.io/docs/api-reference/spa/cpf/sites/perform-a-site-action.md): Sends an SNS-based request to the router for various special actions (reboot, clear firewall, etc.). - [Retrieve site note](https://altostrat.io/docs/api-reference/spa/cpf/sites/retrieve-site-note.md): Fetch current note from an external metadata microservice. Requires authentication and site ownership. - [Set site note](https://altostrat.io/docs/api-reference/spa/cpf/sites/set-site-note.md): Update or create site metadata with a 'note' field, stored in an external metadata microservice. - [Create a transient access for a site](https://altostrat.io/docs/api-reference/spa/cpf/transient-access/create-a-transient-access-for-a-site.md): Generates a temporary NAT access to Winbox/SSH. Requires `transientaccess:create` scope. - [List active transient accesses for a site](https://altostrat.io/docs/api-reference/spa/cpf/transient-access/list-active-transient-accesses-for-a-site.md): Returns all unexpired, unrevoked transient access records for the site. Requires `transientaccess:view` scope. - [Revoke a transient access](https://altostrat.io/docs/api-reference/spa/cpf/transient-access/revoke-a-transient-access.md): Marks it as expired/revoked and triggers config removal. Requires `transientaccess:delete` scope. - [Show one transient access](https://altostrat.io/docs/api-reference/spa/cpf/transient-access/show-one-transient-access.md): Returns a single transient access record. Requires `transientaccess:view` scope. - [Create a transient port-forward](https://altostrat.io/docs/api-reference/spa/cpf/transient-forward/create-a-transient-port-forward.md): Creates a short-lived NAT forwarding rule to a destination IP/port behind the router. - [List site transient port forwards](https://altostrat.io/docs/api-reference/spa/cpf/transient-forward/list-site-transient-port-forwards.md): Returns all active NAT port-forwards for a site. Not access-limited, but presumably requires a certain scope. - [Revoke a transient port-forward](https://altostrat.io/docs/api-reference/spa/cpf/transient-forward/revoke-a-transient-port-forward.md): Marks the port-forward as expired and removes the NAT rule from the management server. - [Show one transient port-forward](https://altostrat.io/docs/api-reference/spa/cpf/transient-forward/show-one-transient-port-forward.md): Returns details about a specific transient port-forward rule by ID. - [Get CVE Mitigation Steps](https://altostrat.io/docs/api-reference/spa/cve/cve-management/get-cve-mitigation-steps.md): Retrieves AI-generated, OS-agnostic manual mitigation steps for a specified CVE ID. Requires `cve:view` scope. - [Get CVEs by MAC Address](https://altostrat.io/docs/api-reference/spa/cve/cve-management/get-cves-by-mac-address.md): Retrieves all CVEs associated with a specific MAC address across all scans for the customer. Throttled (600 req/min). Requires `cve:view` scope. - [List CVE Status Overrides](https://altostrat.io/docs/api-reference/spa/cve/cve-management/list-cve-status-overrides.md): Retrieves a list of manually set CVE statuses (accepted/mitigated) for MAC addresses, optionally filtered by MAC, CVE ID, or status. Requires `cve:view` scope. - [List MAC Addresses with CVEs](https://altostrat.io/docs/api-reference/spa/cve/cve-management/list-mac-addresses-with-cves.md): Retrieves a list of unique MAC addresses that have associated CVEs for the authenticated customer, along with summary statistics. Throttled (600 req/min). Requires `cve:view` scope. - [Set CVE Status Override](https://altostrat.io/docs/api-reference/spa/cve/cve-management/set-cve-status-override.md): Creates a new status record (accepted or mitigated) for a specific CVE on a specific MAC address. Status expires automatically after 5 minutes. Requires `cve:update` scope. - [Scan Multiple IPs via Schedule Context](https://altostrat.io/docs/api-reference/spa/cve/on-demand-scans/scan-multiple-ips-via-schedule-context.md): Initiates an immediate scan for a list of specific IP addresses, using the context (credentials, settings) of an existing scan schedule and site. Requires authentication. - [Scan Single IP via Schedule Context](https://altostrat.io/docs/api-reference/spa/cve/on-demand-scans/scan-single-ip-via-schedule-context.md): Initiates an immediate scan for a single IP address, using the context (credentials, settings) of an existing scan schedule. Requires authentication. - [Get Scan Result Details](https://altostrat.io/docs/api-reference/spa/cve/scan-results/get-scan-result-details.md): Retrieves the detailed summary for a specific scan result instance by its UUID. Requires `cve:view` scope. - [List Scan Results](https://altostrat.io/docs/api-reference/spa/cve/scan-results/list-scan-results.md): Retrieves a list of completed scan results/reports for the authenticated customer, sorted by date (newest first). Requires `cve:view` scope. Reports are generated asynchronously after scans complete. - [Create Scan Schedule](https://altostrat.io/docs/api-reference/spa/cve/scan-schedules/create-scan-schedule.md): Creates a new CVE scan schedule. Requires `cve:create` scope. - [Delete Scan Schedule](https://altostrat.io/docs/api-reference/spa/cve/scan-schedules/delete-scan-schedule.md): Deletes a scan schedule. Fails if the schedule has running scans. Requires `cve:delete` scope. - [Get Latest Scan Status for Schedule](https://altostrat.io/docs/api-reference/spa/cve/scan-schedules/get-latest-scan-status-for-schedule.md): Retrieves the status (targets, scanned, failed sites) of the most recent scan run associated with a schedule. Requires authentication. - [Get Scan Schedule Details](https://altostrat.io/docs/api-reference/spa/cve/scan-schedules/get-scan-schedule-details.md): Retrieves the details of a specific scan schedule by its UUID. Requires `cve:view` scope. - [List Scan Schedules](https://altostrat.io/docs/api-reference/spa/cve/scan-schedules/list-scan-schedules.md): Retrieves all CVE scan schedules configured for the authenticated customer. Requires `cve:view` scope. - [Start Scheduled Scan Manually](https://altostrat.io/docs/api-reference/spa/cve/scan-schedules/start-scheduled-scan-manually.md): Initiates an immediate run of the specified scan schedule. Rate limited to prevent rapid restarts. Requires authorization to access the schedule. - [Stop Running Scheduled Scan](https://altostrat.io/docs/api-reference/spa/cve/scan-schedules/stop-running-scheduled-scan.md): Requests the termination of any currently running scan instances associated with the specified schedule. Requires authorization to access the schedule. - [Update Scan Schedule](https://altostrat.io/docs/api-reference/spa/cve/scan-schedules/update-scan-schedule.md): Updates an existing scan schedule. Requires `cve:update` scope. - [Assign a new IP address](https://altostrat.io/docs/api-reference/spa/elastic-ip/ip-addresses-l2tp/assign-a-new-ip-address.md): Assigns a specific, available IP address from a given subnet to the customer and sets up associated RADIUS credentials. - [Get IP address details](https://altostrat.io/docs/api-reference/spa/elastic-ip/ip-addresses-l2tp/get-ip-address-details.md): Retrieves the details of a specific assigned IP address, including RADIUS credentials and last connection info. - [List assigned IP addresses](https://altostrat.io/docs/api-reference/spa/elastic-ip/ip-addresses-l2tp/list-assigned-ip-addresses.md): Retrieves a list of all L2TP IP addresses assigned to the authenticated customer/user. - [Release an IP address](https://altostrat.io/docs/api-reference/spa/elastic-ip/ip-addresses-l2tp/release-an-ip-address.md): Releases an assigned IP address, removing it from the customer's account and deleting associated RADIUS credentials and accounting data. - [Reset RADIUS password](https://altostrat.io/docs/api-reference/spa/elastic-ip/ip-addresses-l2tp/reset-radius-password.md): Resets the RADIUS password for the username associated with the specified IP address assignment. - [Update IP address PTR record](https://altostrat.io/docs/api-reference/spa/elastic-ip/ip-addresses-l2tp/update-ip-address-ptr-record.md): Updates the Pointer (PTR) record (Reverse DNS) for the specified IP address. - [Get available IPs in a subnet](https://altostrat.io/docs/api-reference/spa/elastic-ip/subnets/get-available-ips-in-a-subnet.md): Retrieves a list of randomly selected available IP addresses within the specified subnet. Limited to a maximum of 20 IPs. - [List all managed subnets](https://altostrat.io/docs/api-reference/spa/elastic-ip/subnets/list-all-managed-subnets.md): Retrieves a list of all subnets configured for the authenticated customer/user. - [Alias for listing recent or ongoing faults](https://altostrat.io/docs/api-reference/spa/faults/faults/alias-for-listing-recent-or-ongoing-faults.md): Identical to `GET /recent`. **Requires** `fault:view` scope. - [Generate a new short-lived fault token](https://altostrat.io/docs/api-reference/spa/faults/faults/generate-a-new-short-lived-fault-token.md): Creates a token that can be used to retrieve unresolved or recently resolved faults without requiring ongoing authentication. **Requires** `fault:create` or possibly `fault:view` (depending on usage). - [List all faults for a given site ID](https://altostrat.io/docs/api-reference/spa/faults/faults/list-all-faults-for-a-given-site-id.md): Returns all faults recorded for a particular site. **Requires** `fault:view` scope. - [List recent or ongoing faults](https://altostrat.io/docs/api-reference/spa/faults/faults/list-recent-or-ongoing-faults.md): **Requires** `fault:view` scope. Returns a paginated list of faults filtered by query parameters, typically those unresolved or resolved within the last 10 minutes if `status=recent` is used. For more flexible filtering see query parameters below. - [List top 10 WAN faults in last 14 days](https://altostrat.io/docs/api-reference/spa/faults/faults/list-top-10-wan-faults-in-last-14-days.md): Retrieves the top 10 most active WAN tunnel (type=wantunnel) faults in the last 14 days. **Requires** `fault:view` scope. - [Retrieve currently active (unresolved) faults via internal token](https://altostrat.io/docs/api-reference/spa/faults/faults/retrieve-currently-active-unresolved-faults-via-internal-token.md): Available only via internal API token. Expects `type` in the request body (e.g. `site` or `wantunnel`) and returns all unresolved faults of that type. - [Retrieve faults using short-lived token](https://altostrat.io/docs/api-reference/spa/faults/faults/retrieve-faults-using-short-lived-token.md): Retrieves a set of unresolved or recently resolved faults for the customer associated with the given short-lived token. No other authentication needed. **Public** endpoint, token-based. - [Retrieve internal fault timeline for a site](https://altostrat.io/docs/api-reference/spa/faults/faults/retrieve-internal-fault-timeline-for-a-site.md): Available only via internal API token (`internal` middleware). Typically used for analyzing fault timelines. Requires fields `start`, `end`, `type`, and `site_id` in the request body. - [Filter and retrieve log events](https://altostrat.io/docs/api-reference/spa/logs/log-events/filter-and-retrieve-log-events.md): Returns filtered log events from CloudWatch for the requested log group and streams. Requires `logs:view` scope. - [Global ARP search across user’s sites](https://altostrat.io/docs/api-reference/spa/metrics/arp/global-arp-search-across-user’s-sites.md): Search ARP data across multiple sites belonging to the current user. Requires `inventory:view` scope. - [(Internal) ARP entries for a site](https://altostrat.io/docs/api-reference/spa/metrics/arp/internal-arp-entries-for-a-site.md): Returns ARP data for the site, or 204 if none exist. No Bearer token needed, presumably uses internal token. - [List ARP entries for a site](https://altostrat.io/docs/api-reference/spa/metrics/arp/list-arp-entries-for-a-site.md): Lists ARP entries for the specified site with optional pagination. Requires `inventory:view` scope. - [Update an ARP entry](https://altostrat.io/docs/api-reference/spa/metrics/arp/update-an-arp-entry.md): Allows updating group/alias for an ARP entry. Requires `inventory:update` scope. - [Get BGP usage/logs from last ~2 days](https://altostrat.io/docs/api-reference/spa/metrics/content/get-bgp-usagelogs-from-last-~2-days.md): Generates a BGP usage report for the site (TCP/UDP traffic captured). Possibly uses blackhole IP analysis. Requires `site` middleware. - [Get DNS usage/logs from last ~2 days](https://altostrat.io/docs/api-reference/spa/metrics/content/get-dns-usagelogs-from-last-~2-days.md): Returns top categories, apps, source IPs from DNS logs. Possibly uses blackhole IP analysis. Requires `site` middleware. - [Get SNMP interface metrics](https://altostrat.io/docs/api-reference/spa/metrics/interfaces/get-snmp-interface-metrics.md): Returns detailed interface metric data within a specified date range. Requires `site` and `interface` resolution plus relevant scopes. - [(Internal) List site interfaces](https://altostrat.io/docs/api-reference/spa/metrics/interfaces/internal-list-site-interfaces.md): Same as /interfaces/{site}, but for internal use. - [(Internal) Summarized interface metrics](https://altostrat.io/docs/api-reference/spa/metrics/interfaces/internal-summarized-interface-metrics.md): Calculates average and max in/out in MBps or similar for the date range. Possibly used by other microservices. - [List SNMP interfaces for a site](https://altostrat.io/docs/api-reference/spa/metrics/interfaces/list-snmp-interfaces-for-a-site.md): Returns all known SNMP interfaces on a site. Requires `site` middleware. - [Get 24h heartbeat or check-in data for a site](https://altostrat.io/docs/api-reference/spa/metrics/mikrotikstats/get-24h-heartbeat-or-check-in-data-for-a-site.md): Returns info about missed heartbeats from mikrotik checkins within the last 24 hours. Requires `site` middleware. - [Get last checkin time for a site](https://altostrat.io/docs/api-reference/spa/metrics/mikrotikstats/get-last-checkin-time-for-a-site.md): Returns how long ago the last MikrotikStats record was inserted. Requires `site` middleware. - [Get raw Mikrotik stats from the last 8 hours](https://altostrat.io/docs/api-reference/spa/metrics/mikrotikstats/get-raw-mikrotik-stats-from-the-last-8-hours.md): Returns stats such as CPU load, memory for the last 8 hours. Requires `site` middleware. - [List syslog entries for a site](https://altostrat.io/docs/api-reference/spa/metrics/syslog/list-syslog-entries-for-a-site.md): Returns syslog data for a given site. Requires 'site' middleware and typically `inventory:view` scope or similar. - [Get ping stats for a WAN tunnel](https://altostrat.io/docs/api-reference/spa/metrics/tunnels/get-ping-stats-for-a-wan-tunnel.md): Retrieves a time-series of ping metrics for the specified WAN tunnel. Requires 'tunnel' middleware, plus date range input. - [Get tunnels ordered by average jitter or packet loss](https://altostrat.io/docs/api-reference/spa/metrics/tunnels/get-tunnels-ordered-by-average-jitter-or-packet-loss.md): Aggregates last 24h data from ping_stats and returns an array sorted by either 'mdev' or 'packet_loss'. Typically used to see worst/best tunnels. Requires user’s WAN data scope. - [(Internal) List WAN Tunnels for a site](https://altostrat.io/docs/api-reference/spa/metrics/tunnels/internal-list-wan-tunnels-for-a-site.md): Similar to /wan-tunnels/{site}, but does not require Bearer. Possibly uses an internal token or no auth. Returns 200 or 204 if no tunnels found. - [(Internal) Retrieve summarized ping stats for a tunnel](https://altostrat.io/docs/api-reference/spa/metrics/tunnels/internal-retrieve-summarized-ping-stats-for-a-tunnel.md): Given a site and tunnel, returns average or max stats in the date range. Possibly used by internal microservices. - [List WAN tunnels for a site](https://altostrat.io/docs/api-reference/spa/metrics/tunnels/list-wan-tunnels-for-a-site.md): Returns all WAN Tunnels associated with that site ID. Requires `site` middleware. - [Multi-tunnel or aggregated ping stats](https://altostrat.io/docs/api-reference/spa/metrics/tunnels/multi-tunnel-or-aggregated-ping-stats.md): Retrieves a chart-friendly data series for one or multiple tunnels. Possibly used by a front-end chart. This is a single endpoint returning timestamps and data arrays. Requires date range, optional tunnel list. - [Create a new notification group](https://altostrat.io/docs/api-reference/spa/notifications/groups/create-a-new-notification-group.md): Creates a group with name, schedule, topics, recipients, and sites. Requires `notification:create` scope. - [Delete a notification group](https://altostrat.io/docs/api-reference/spa/notifications/groups/delete-a-notification-group.md): Removes the group, its recipients, site relationships, and topic references. Requires `notification:delete` scope. - [Example Ably webhook endpoint](https://altostrat.io/docs/api-reference/spa/notifications/groups/example-ably-webhook-endpoint.md): Used for testing. Returns request data. Does not require user scope. - [List all notification groups for the customer](https://altostrat.io/docs/api-reference/spa/notifications/groups/list-all-notification-groups-for-the-customer.md): Retrieves all groups belonging to the authenticated customer. Requires `notification:view` scope. - [Show a specific notification group](https://altostrat.io/docs/api-reference/spa/notifications/groups/show-a-specific-notification-group.md): Retrieve the detail of one group by ID. Requires `notification:view` scope. - [Update a notification group](https://altostrat.io/docs/api-reference/spa/notifications/groups/update-a-notification-group.md): Update name, schedule, recipients, and other properties. Requires `notification:update` scope. - [List all topics](https://altostrat.io/docs/api-reference/spa/notifications/topics/list-all-topics.md): Returns all possible topics that can be attached to a notification group. - [Delete a generated SLA report](https://altostrat.io/docs/api-reference/spa/reports/sla-reports/delete-a-generated-sla-report.md): Deletes the JSON data object from S3 (and presumably the PDF). Requires `sla:run` scope. - [List generated SLA reports](https://altostrat.io/docs/api-reference/spa/reports/sla-reports/list-generated-sla-reports.md): Lists recent SLA JSON results objects in S3 for the user. Requires `sla:run` scope to view generated reports. - [Create a new SLA schedule](https://altostrat.io/docs/api-reference/spa/reports/sla-schedules/create-a-new-sla-schedule.md): Creates a new SLA report schedule object in DynamoDB and sets up CloudWatch event rules (daily/weekly/monthly). Requires `sla:create` scope. - [Delete an SLA schedule](https://altostrat.io/docs/api-reference/spa/reports/sla-schedules/delete-an-sla-schedule.md): Deletes a single SLA schedule from DynamoDB and removes CloudWatch events. Requires `sla:delete` scope. - [Get a single SLA schedule](https://altostrat.io/docs/api-reference/spa/reports/sla-schedules/get-a-single-sla-schedule.md): Retrieves a single SLA schedule by UUID from DynamoDB. Requires `sla:view` scope. - [List all SLA schedules](https://altostrat.io/docs/api-reference/spa/reports/sla-schedules/list-all-sla-schedules.md): Fetches SLA reporting schedules from DynamoDB for the authenticated user. Requires `sla:view` scope. - [Manually run an SLA schedule](https://altostrat.io/docs/api-reference/spa/reports/sla-schedules/manually-run-an-sla-schedule.md): Triggers a single SLA schedule to run now, with specified date range. Requires `sla:run` scope. This is done by posting `from_date` and `to_date` in the body. - [Update an SLA schedule](https://altostrat.io/docs/api-reference/spa/reports/sla-schedules/update-an-sla-schedule.md): Updates a single SLA schedule and re-configures the CloudWatch event rule(s). Requires `sla:update` scope. - [Retrieve a specific schedule (internal)](https://altostrat.io/docs/api-reference/spa/schedules/internal/retrieve-a-specific-schedule-internal.md): This route is for internal usage. It requires a special token in the `X-Bearer-Token` header (or `Authorization: Bearer `), validated by the `internal` middleware. - [Create a new schedule](https://altostrat.io/docs/api-reference/spa/schedules/schedules/create-a-new-schedule.md) - [Delete an existing schedule](https://altostrat.io/docs/api-reference/spa/schedules/schedules/delete-an-existing-schedule.md) - [List all schedules](https://altostrat.io/docs/api-reference/spa/schedules/schedules/list-all-schedules.md) - [Retrieve a specific schedule](https://altostrat.io/docs/api-reference/spa/schedules/schedules/retrieve-a-specific-schedule.md) - [Update an existing schedule](https://altostrat.io/docs/api-reference/spa/schedules/schedules/update-an-existing-schedule.md) - [Generate RouterOS script via AI prompt](https://altostrat.io/docs/api-reference/spa/scripts/ai-generation/generate-routeros-script-via-ai-prompt.md): Calls an OpenAI model to produce a RouterOS script from the user’s prompt. Returns JSON with commands, error, destructive boolean, etc. Throttled to 5 requests/minute. Requires `script:create` scope. - [Create a new community script](https://altostrat.io/docs/api-reference/spa/scripts/community-scripts/create-a-new-community-script.md): Registers a new script from a GitHub raw URL (.rsc) and optional .md readme URL. Automatically triggers background jobs to fetch code, parse README, and create an AI description. - [List community scripts](https://altostrat.io/docs/api-reference/spa/scripts/community-scripts/list-community-scripts.md): Returns a paginated list of community-contributed scripts with minimal info. No authentication scope is specifically enforced in code, but presumably behind `'auth'` or `'api'` guard. - [Raw readme.md content](https://altostrat.io/docs/api-reference/spa/scripts/community-scripts/raw-readmemd-content.md): Fetches README from GitHub and returns as text/plain, if `readme_url` is set. - [Raw .rsc content of a community script](https://altostrat.io/docs/api-reference/spa/scripts/community-scripts/raw-rsc-content-of-a-community-script.md): Fetches the script content from GitHub and returns as text/plain. - [Show a single community script](https://altostrat.io/docs/api-reference/spa/scripts/community-scripts/show-a-single-community-script.md): Provides script details including name, description, user info, repo info, etc. - [Authorize a scheduled script](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/authorize-a-scheduled-script.md): Sets `authorized_at` if provided token matches `md5(id)`. Requires `script:authorize` scope. Fails if already authorized. - [Create a new scheduled script](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/create-a-new-scheduled-script.md): Requires `script:create` scope. Specifies a script body, description, launch time, plus sites and notifiable user IDs. Also sets whether backups should be made, etc. - [Delete or cancel a scheduled script](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/delete-or-cancel-a-scheduled-script.md): If script not authorized & not started, it's fully deleted. Otherwise sets `cancelled_at`. Requires `script:delete` scope. - [Immediately run the scheduled script](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/immediately-run-the-scheduled-script.md): Requires the script to be authorized. Dispatches jobs to each site. Requires `script:run` scope. - [List all scheduled scripts](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/list-all-scheduled-scripts.md): Lists scripts that are scheduled for execution. Requires `script:view` scope. Includes site relationships and outcome data. - [Request authorization (trigger notifications)](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/request-authorization-trigger-notifications.md): Sends a WhatsApp or other message to configured notifiables to authorize the script. Requires `script:update` scope. - [Run scheduled script test](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/run-scheduled-script-test.md): Sends the script to the configured `test_site_id` only. Requires `script:run` scope. - [Script execution progress](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/script-execution-progress.md): Returns which sites are pending, which have completed, which have failed, etc. Requires `script:view` scope. - [Show a single scheduled script’s details](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/show-a-single-scheduled-script’s-details.md): Returns a single scheduled script with all relationships (sites, outcomes, notifications). Requires `script:view` scope. - [Update a scheduled script](https://altostrat.io/docs/api-reference/spa/scripts/scheduled-scripts/update-a-scheduled-script.md): Edits a scheduled script’s fields, re-syncs sites and notifiables. Requires `script:update` scope. - [Create a new VPN instance](https://altostrat.io/docs/api-reference/spa/vpn/instances/create-a-new-vpn-instance.md): Provisions a new VPN instance, automatically deploying a server. Requires `vpn:create` scope. - [Delete a VPN instance](https://altostrat.io/docs/api-reference/spa/vpn/instances/delete-a-vpn-instance.md): Tears down the instance. Requires `vpn:delete` scope. - [Fetch bandwidth usage](https://altostrat.io/docs/api-reference/spa/vpn/instances/fetch-bandwidth-usage.md): Returns the bandwidth usage metrics for the instance's primary server. Requires `vpn:view` scope. - [List all VPN instances](https://altostrat.io/docs/api-reference/spa/vpn/instances/list-all-vpn-instances.md): Returns a list of instances the authenticated user has created. Requires `vpn:view` scope. - [Show details for a single VPN instance](https://altostrat.io/docs/api-reference/spa/vpn/instances/show-details-for-a-single-vpn-instance.md): Retrieves a single instance resource by its ID. Requires `vpn:view` scope. - [Update a VPN instance](https://altostrat.io/docs/api-reference/spa/vpn/instances/update-a-vpn-instance.md): Allows modifications to DNS, routes, firewall, etc. Requires `vpn:update` scope. - [Internal instance counts per customer](https://altostrat.io/docs/api-reference/spa/vpn/internal/internal-instance-counts-per-customer.md): Used internally to retrieve aggregated peer or instance usage counts. Requires an internal token (not standard Bearer). - [Create a new peer on an instance](https://altostrat.io/docs/api-reference/spa/vpn/peers/create-a-new-peer-on-an-instance.md): Adds a client peer or site peer to the instance. Requires `vpn:create` scope. - [Delete a peer](https://altostrat.io/docs/api-reference/spa/vpn/peers/delete-a-peer.md): Removes a peer from the instance. Requires `vpn:delete` scope. - [List all peers under an instance](https://altostrat.io/docs/api-reference/spa/vpn/peers/list-all-peers-under-an-instance.md): Lists all VPN peers (clients or site-peers) attached to the specified instance. Requires `vpn:view` scope. - [Show a single peer](https://altostrat.io/docs/api-reference/spa/vpn/peers/show-a-single-peer.md): Returns detail about a single peer for the given instance. Requires `vpn:view` scope. - [Update a peer](https://altostrat.io/docs/api-reference/spa/vpn/peers/update-a-peer.md): Update subnets, route-all, etc. Requires `vpn:update` scope. - [List available server regions](https://altostrat.io/docs/api-reference/spa/vpn/servers/list-available-server-regions.md): Retrieves a list of possible Vultr (or other provider) regions where a VPN instance can be deployed. - [Server build complete callback](https://altostrat.io/docs/api-reference/spa/vpn/servers/server-build-complete-callback.md): Called by the server itself upon final provisioning. Signed route with short TTL. Updates IP, sets DNS records, etc. - [Get site subnets](https://altostrat.io/docs/api-reference/spa/vpn/sites/get-site-subnets.md): Retrieves potential subnets from the specified site (used for configuring a site-to-site VPN peer). - [Download WireGuard config as a QR code](https://altostrat.io/docs/api-reference/spa/vpn/vpn-client-tokens/download-wireguard-config-as-a-qr-code.md): Returns the config in a QR code SVG. Signed route with short TTL. Requires the peer to be a client peer. - [Download WireGuard config file](https://altostrat.io/docs/api-reference/spa/vpn/vpn-client-tokens/download-wireguard-config-file.md): Returns the raw WireGuard client config for a peer (type=client). Signed route with short TTL. Requires the peer to be a client peer. - [Retrieve ephemeral client config references](https://altostrat.io/docs/api-reference/spa/vpn/vpn-client-tokens/retrieve-ephemeral-client-config-references.md): Uses a client token to retrieve a short-lived reference for WireGuard config or QR code download. The token is validated by custom client-token auth. Returns a JSON with config_file URL, QR code URL, etc. - [Create WAN failover for a site](https://altostrat.io/docs/api-reference/spa/wan-failover/failover/create-wan-failover-for-a-site.md): Sets up a new failover resource for the site if not already present, plus some default tunnels. Requires `wan:create` scope. - [Delete WAN failover](https://altostrat.io/docs/api-reference/spa/wan-failover/failover/delete-wan-failover.md): Deletes failover from DB, tears down related tunnels, and unsubscribes. Requires `wan:delete` scope. - [Get failover info for a site](https://altostrat.io/docs/api-reference/spa/wan-failover/failover/get-failover-info-for-a-site.md): Retrieves the failover record for a given site, if any. Requires `wan:view` scope. - [List failover services for current user](https://altostrat.io/docs/api-reference/spa/wan-failover/failover/list-failover-services-for-current-user.md): Returns minimal array of failover objects (id, site_id) for user. Possibly used to see how many failovers they have. - [Set tunnel priorities for a site](https://altostrat.io/docs/api-reference/spa/wan-failover/failover/set-tunnel-priorities-for-a-site.md): Updates the `priority` field on each tunnel for this failover. Requires `wan:update` scope. - [Update tunnel gateway (router callback)](https://altostrat.io/docs/api-reference/spa/wan-failover/gateway/update-tunnel-gateway-router-callback.md): Allows a router script to update the gateway IP after DHCP/PPP changes. Typically uses X-Bearer-Token or similar, not standard BearerAuth. No standard scope enforced. - [List count of failovers per customer](https://altostrat.io/docs/api-reference/spa/wan-failover/services/list-count-of-failovers-per-customer.md): Returns an object mapping customer_id => count (how many site failovers). - [List site IDs for a customer (failover services)](https://altostrat.io/docs/api-reference/spa/wan-failover/services/list-site-ids-for-a-customer-failover-services.md): Returns an array of site IDs that have failover records for the given customer. - [List tunnels for a site (unauth? or partial auth?)](https://altostrat.io/docs/api-reference/spa/wan-failover/services/list-tunnels-for-a-site-unauth?-or-partial-auth?.md): Returns array of Tunnels for the given site if any exist. Possibly used by external or different auth flow. - [Create a new tunnel](https://altostrat.io/docs/api-reference/spa/wan-failover/tunnel/create-a-new-tunnel.md): Creates a new WAN tunnel record for the site. Requires `wan:create` scope. - [Delete a tunnel](https://altostrat.io/docs/api-reference/spa/wan-failover/tunnel/delete-a-tunnel.md): Removes the tunnel from the DB and notifies system to remove config. Requires `wan:delete` scope. - [Detect eligible gateways for an interface](https://altostrat.io/docs/api-reference/spa/wan-failover/tunnel/detect-eligible-gateways-for-an-interface.md): Find potential gateway IP addresses for the given interface. Requires `wan:view` scope. - [Get router interfaces](https://altostrat.io/docs/api-reference/spa/wan-failover/tunnel/get-router-interfaces.md): Lists valid router interfaces for a site. Possibly from router print. Requires `wan:view` scope. - [List all tunnels for current user](https://altostrat.io/docs/api-reference/spa/wan-failover/tunnel/list-all-tunnels-for-current-user.md): Returns all Tunnels for the authenticated user’s customer_id. Requires `wan:view` scope. - [List tunnels for a site](https://altostrat.io/docs/api-reference/spa/wan-failover/tunnel/list-tunnels-for-a-site.md): Returns all Tunnels associated with this site’s failover. Requires `wan:view` scope. - [Show a single tunnel](https://altostrat.io/docs/api-reference/spa/wan-failover/tunnel/show-a-single-tunnel.md): Returns details of the specified tunnel. Requires `wan:view` scope. - [Update tunnel properties](https://altostrat.io/docs/api-reference/spa/wan-failover/tunnel/update-tunnel-properties.md): Modifies name, gateway, interface, or SLA references on the tunnel. Requires `wan:update` scope. - [Test a Slack or MS Teams webhook](https://altostrat.io/docs/api-reference/spa/webhooks/integrations/test-a-slack-or-ms-teams-webhook.md): Sends a test message to the specified Slack or MS Teams webhook URL. **Requires** valid JWT authentication with appropriate scope (e.g., `webhook:test` or similar). - [Create a vault secret](https://altostrat.io/docs/api-reference/spa/workflows/authorization-&-secrets/create-a-vault-secret.md): Creates a new secret in the vault. The secret is encrypted at rest. - [Delete a vault secret](https://altostrat.io/docs/api-reference/spa/workflows/authorization-&-secrets/delete-a-vault-secret.md): Permanently deletes a secret from the vault. - [Delete an authorization](https://altostrat.io/docs/api-reference/spa/workflows/authorization-&-secrets/delete-an-authorization.md): Revokes and deletes an authorization. This will cause any workflows using this authorization to fail. - [Get a vault secret's metadata](https://altostrat.io/docs/api-reference/spa/workflows/authorization-&-secrets/get-a-vault-secrets-metadata.md): Retrieves metadata for a single secret. The secret value is never returned. - [Get authorization URL](https://altostrat.io/docs/api-reference/spa/workflows/authorization-&-secrets/get-authorization-url.md): Starts the OAuth 2.0 PKCE flow by generating and returning an authorization URL. The user should be redirected to this URL to grant access. - [List authorizations](https://altostrat.io/docs/api-reference/spa/workflows/authorization-&-secrets/list-authorizations.md): Retrieves all authorizations linked to the current user and organization. - [List vault secrets](https://altostrat.io/docs/api-reference/spa/workflows/authorization-&-secrets/list-vault-secrets.md): Retrieves the names and metadata of all secrets stored in the organization's vault. The secret values are never returned. - [Update a vault secret](https://altostrat.io/docs/api-reference/spa/workflows/authorization-&-secrets/update-a-vault-secret.md): Updates the name, value, or expiration of an existing secret. - [Execute a workflow](https://altostrat.io/docs/api-reference/spa/workflows/execution-&-testing/execute-a-workflow.md): Manually triggers the execution of a workflow. This is an asynchronous operation. The API will immediately return a `202 Accepted` response with the initial `WorkflowRun` object. The client should then poll the `/runs/{runId}` endpoint to get the final result. - [Get available node types](https://altostrat.io/docs/api-reference/spa/workflows/execution-&-testing/get-available-node-types.md): Retrieves a list of all available node types that can be used to build a workflow, along with their categories and validation rules. This is used by the frontend UI builder. - [Test a single workflow node](https://altostrat.io/docs/api-reference/spa/workflows/execution-&-testing/test-a-single-workflow-node.md): Executes a single node in-memory to test its logic and output. This is a critical endpoint for building and debugging workflows. - [Get a specific workflow run](https://altostrat.io/docs/api-reference/spa/workflows/history-&-monitoring/get-a-specific-workflow-run.md): Retrieves the details of a single workflow run, including its full log of executed steps. - [Get workflow execution history](https://altostrat.io/docs/api-reference/spa/workflows/history-&-monitoring/get-workflow-execution-history.md): Retrieves a paginated list of all execution runs for a specific workflow. - [Get workflow log statistics](https://altostrat.io/docs/api-reference/spa/workflows/history-&-monitoring/get-workflow-log-statistics.md): Retrieves aggregated statistics for a workflow, including total runs, success rate, and counts of log statuses. - [Get workflow logs](https://altostrat.io/docs/api-reference/spa/workflows/history-&-monitoring/get-workflow-logs.md): Retrieves a paginated list of all log entries for a specific workflow, ordered with the most recent executions first. - [Re-run a workflow](https://altostrat.io/docs/api-reference/spa/workflows/history-&-monitoring/re-run-a-workflow.md): Triggers a new execution of a workflow using the same initial trigger payload as a previous run. Useful for retrying failed workflows. This is an asynchronous operation. - [Resume a failed workflow](https://altostrat.io/docs/api-reference/spa/workflows/history-&-monitoring/resume-a-failed-workflow.md): Resumes a failed workflow run from a specified, previously successful node. This creates a **new workflow run** that inherits the context from the original run up to the resume point. The new run will then execute from the node *after* the specified `nodeId`. This is an asynchronous operation. The API will immediately return a `202 Accepted` response. - [Handle incoming webhook trigger](https://altostrat.io/docs/api-reference/spa/workflows/webhooks/handle-incoming-webhook-trigger.md): This is a public, unauthenticated endpoint that triggers a specific workflow based on its unique webhook token. - [Create a new workflow](https://altostrat.io/docs/api-reference/spa/workflows/workflows/create-a-new-workflow.md): Creates a new workflow definition with its nodes and edges. - [Delete a workflow](https://altostrat.io/docs/api-reference/spa/workflows/workflows/delete-a-workflow.md): Permanently deletes a workflow definition. This will fail if the workflow is a target of a `trigger_workflow_action` in another workflow. - [Get a specific workflow](https://altostrat.io/docs/api-reference/spa/workflows/workflows/get-a-specific-workflow.md): Retrieves a single workflow definition by its prefixed ID, including its nodes and edges. - [Get triggerable workflows](https://altostrat.io/docs/api-reference/spa/workflows/workflows/get-triggerable-workflows.md): Retrieves a list of active workflows within the organization that have a `workflow_trigger` node, making them callable from other workflows. - [List all workflows](https://altostrat.io/docs/api-reference/spa/workflows/workflows/list-all-workflows.md): Retrieves a list of all workflows for the authenticated user's organization. - [Update a workflow](https://altostrat.io/docs/api-reference/spa/workflows/workflows/update-a-workflow.md): Updates an existing workflow definition. All fields are optional. - [Validate a workflow structure](https://altostrat.io/docs/api-reference/spa/workflows/workflows/validate-a-workflow-structure.md): Validates a complete workflow payload (nodes, edges, etc.) without creating it. Useful for a frontend builder to check for errors like disconnected nodes or invalid configurations before saving. - [Create Billing Account](https://altostrat.io/docs/api-reference/spa/workspaces/billing-accounts/create-billing-account.md): Creates a new billing account (and a corresponding Stripe Customer). - **`single` mode**: Only 1 billing account is allowed per workspace. - **`pooled` / `assigned` modes**: A maximum of 10 billing accounts are allowed. - [Delete Billing Account](https://altostrat.io/docs/api-reference/spa/workspaces/billing-accounts/delete-billing-account.md): Deletes a billing account. The operation will fail if the account has any active subscriptions. - [Get Billing Account](https://altostrat.io/docs/api-reference/spa/workspaces/billing-accounts/get-billing-account.md): Retrieves the details of a specific billing account. - [List Billing Accounts](https://altostrat.io/docs/api-reference/spa/workspaces/billing-accounts/list-billing-accounts.md): Retrieves all billing accounts associated with a workspace. - [Update Billing Account](https://altostrat.io/docs/api-reference/spa/workspaces/billing-accounts/update-billing-account.md): Updates the details of a billing account, which will also sync the changes to the corresponding Stripe Customer object. - [List Invoices](https://altostrat.io/docs/api-reference/spa/workspaces/invoices/list-invoices.md): Retrieves a paginated list of invoices for a billing account. - [Preview Invoice Changes](https://altostrat.io/docs/api-reference/spa/workspaces/invoices/preview-invoice-changes.md): Previews the next invoice to show the financial impact of proposed subscription changes before they are applied. - [Create Organization](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/create-organization.md): Creates a new organization within a workspace. The rules for `billing_account_id` depend on the workspace's billing mode: - **`single` / `assigned`**: A `billing_account_id` is required for root organizations. Child organizations inherit billing and must have a `null` value. - **`pooled`**: `billing_account_id` must always be `null` as resources are pooled at the workspace level. - [Delete Organization](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/delete-organization.md): Permanently deletes an organization. The operation will fail if the organization has any child organizations or if it (or its descendants) has any active resource usage. - [Export Usage as CSV](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/export-usage-as-csv.md): Downloads a CSV file containing a hierarchical usage report for all organizations in the workspace. - [Export Usage as PDF](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/export-usage-as-pdf.md): Downloads a formatted PDF usage report for all organizations in the workspace. - [Get Organization Details](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/get-organization-details.md): Retrieves the details of a specific organization. - [Get Parent Organization](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/get-parent-organization.md): Retrieves the parent of a specified organization. - [List All Descendants](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/list-all-descendants.md): Retrieves the entire subtree of organizations below the specified parent, including all children, grandchildren, etc. - [List Direct Children](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/list-direct-children.md): Retrieves a list of the immediate child organizations of a specified parent organization. - [List Organizations](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/list-organizations.md): Returns a list of all organizations within a specified workspace. - [Update Organization](https://altostrat.io/docs/api-reference/spa/workspaces/organizations/update-organization.md): Updates the properties of an organization. This can include its name, picture, and resource limits. - To remove a limit, set its value to `null`. - To block usage of a resource, set its limit to `0`. - [Create Setup Intent](https://altostrat.io/docs/api-reference/spa/workspaces/payment-methods/create-setup-intent.md): Creates a Stripe Setup Intent to securely collect payment method details on the client-side. A billing account can have a maximum of 5 payment methods. - [List Payment Methods](https://altostrat.io/docs/api-reference/spa/workspaces/payment-methods/list-payment-methods.md) - [Remove Payment Method](https://altostrat.io/docs/api-reference/spa/workspaces/payment-methods/remove-payment-method.md): Detaches a payment method from a billing account. You cannot remove the only payment method, or the default payment method if active subscriptions exist. - [Set Default Payment Method](https://altostrat.io/docs/api-reference/spa/workspaces/payment-methods/set-default-payment-method.md) - [Cancel Subscription](https://altostrat.io/docs/api-reference/spa/workspaces/subscriptions/cancel-subscription.md): Cancels a subscription at the end of the current billing period. The operation will fail if canceling this subscription would leave the workspace with insufficient resources for its current usage. - [Check Trial Eligibility](https://altostrat.io/docs/api-reference/spa/workspaces/subscriptions/check-trial-eligibility.md): Checks if a workspace is eligible for a 14-day free trial. Eligibility requires the workspace to have only one billing account and no existing subscriptions. - [Create Subscription](https://altostrat.io/docs/api-reference/spa/workspaces/subscriptions/create-subscription.md): Creates a new subscription for a billing account. - Automatically provides a 14-day trial if the workspace is eligible. - Supports multiple products and quantities in a single request. - A maximum of 3 active subscriptions are allowed per billing account. - [Get Subscription Details](https://altostrat.io/docs/api-reference/spa/workspaces/subscriptions/get-subscription-details.md): Retrieves the details of a specific subscription. - [List Subscriptions](https://altostrat.io/docs/api-reference/spa/workspaces/subscriptions/list-subscriptions.md): Returns all subscriptions for a billing account, including those that are trialing, active, past_due, or canceled. - [Update Subscription](https://altostrat.io/docs/api-reference/spa/workspaces/subscriptions/update-subscription.md): A smart endpoint to modify a subscription. Only one type of operation (e.g., `action`, `product_quantities`) is allowed per request. - `product_quantities`: Sets the complete list of products and their quantities, removing any not specified. - `add_products`: Adds new products to the subscription without affecting existing ones. - `remove_products`: Removes specific products from the subscription. - `action`: Perform a state change like `pause` or `resume`. - [Add Workspace Member](https://altostrat.io/docs/api-reference/spa/workspaces/workspace-members/add-workspace-member.md): Adds a new member to the workspace with a specified role. A workspace can have a maximum of 100 members. - [List Workspace Members](https://altostrat.io/docs/api-reference/spa/workspaces/workspace-members/list-workspace-members.md) - [Remove Member](https://altostrat.io/docs/api-reference/spa/workspaces/workspace-members/remove-member.md): Removes a member from the workspace. You cannot remove the last owner of a workspace. - [Update Member Role](https://altostrat.io/docs/api-reference/spa/workspaces/workspace-members/update-member-role.md): Changes a member's role within the workspace. - Only owners can assign `owner` or `admin` roles. - An owner cannot demote themselves if they are the last owner in the workspace. - [Archive Workspace](https://altostrat.io/docs/api-reference/spa/workspaces/workspaces/archive-workspace.md): Soft-deletes a workspace. The workspace can be restored later. An archive operation will fail if the workspace has active dependencies, such as organizations with usage or billing accounts with active subscriptions. - [Create Workspace](https://altostrat.io/docs/api-reference/spa/workspaces/workspaces/create-workspace.md): Creates a new workspace and assigns the authenticated user as the first Owner. The `billing_mode` is a permanent setting. - [Get Workspace Details](https://altostrat.io/docs/api-reference/spa/workspaces/workspaces/get-workspace-details.md): Retrieves the details of a specific workspace by its ID. - [List User's Workspaces](https://altostrat.io/docs/api-reference/spa/workspaces/workspaces/list-users-workspaces.md): Returns all workspaces where the authenticated user is a member. - [Update Workspace](https://altostrat.io/docs/api-reference/spa/workspaces/workspaces/update-workspace.md): Update a workspace's properties, such as its name or description. The `billing_mode` cannot be changed. - [Content Filtering](https://altostrat.io/docs/core-concepts/content-filtering.md): Manage and restrict access to undesirable or harmful web content across your network using DNS-based policies. - [Control Plane](https://altostrat.io/docs/core-concepts/control-plane.md): Configure inbound management services (WinBox, SSH, API) and firewall rules at scale in Altostrat. - [Notification Groups](https://altostrat.io/docs/core-concepts/notification-groups.md): Define groups of users, schedules, and alert types for more targeted notifications. - [Notifications](https://altostrat.io/docs/core-concepts/notifications.md): Define, manage, and route alerts for important network events in Altostrat. - [Roles & Permissions](https://altostrat.io/docs/core-concepts/roles-and-permissions.md): Control user access levels in Altostrat SDX using roles, which group granular permission scopes for accessing resources and performing actions via the UI and API. - [Threat Feeds](https://altostrat.io/docs/core-concepts/security-essentials.md): Leverage BGP-delivered threat intelligence feeds to automatically block malicious traffic at your network edge. - [Teams](https://altostrat.io/docs/core-concepts/teams.md): Organize users into teams for resource ownership, collaboration, and scoped access control in Altostrat SDX. - [User Management](https://altostrat.io/docs/core-concepts/users.md): Manage portal users and notification recipients, assign roles within teams, and understand resource access in Altostrat SDX. - [Adding a MikroTik Router to Altostrat SDX](https://altostrat.io/docs/getting-started/adding-a-router.md): Follow these steps to integrate your prepared MikroTik router with the Altostrat SDX platform. - [Captive Portal Setup](https://altostrat.io/docs/getting-started/captive-portal-setup.md): Learn how to configure a Captive Portal instance and enable network-level authentication. - [Initial Configuration](https://altostrat.io/docs/getting-started/initial-configuration.md): Prepare your MikroTik device with a clean configuration and updated firmware before integrating it with Altostrat SDX. - [Introduction](https://altostrat.io/docs/getting-started/introduction.md): Altostrat SDX is designed for both small networks and large-scale deployments, providing robust tools to simplify management, bolster security, and maximize uptime-using your existing, compatible hardware. - [Remote WinBox Login](https://altostrat.io/docs/getting-started/remote-winbox-login.md): How to securely access your MikroTik router using WinBox, even behind NAT. - [Transient Access](https://altostrat.io/docs/getting-started/transient-access.md): Secure, on-demand credentials for MikroTik devices behind NAT firewalls. - [User Registration](https://altostrat.io/docs/getting-started/user-registration.md): Learn how to create your personal Altostrat SDX user account via self-registration or by accepting a team invitation. - [Google Cloud Integration](https://altostrat.io/docs/integrations/google-cloud-integration.md): Connect Altostrat with Google Cloud for user authentication and secure OAuth 2.0 flows. - [Identity Providers](https://altostrat.io/docs/integrations/identity-providers.md): Configure external OAuth 2.0 or SSO providers like Google, Azure, or GitHub for Altostrat authentication. - [Integrations Overview](https://altostrat.io/docs/integrations/integrations-overview.md): Overview of how Altostrat connects with external platforms for notifications, authentication, and more. - [Microsoft Azure Integration](https://altostrat.io/docs/integrations/microsoft-azure-integration.md): Use Microsoft Entra (Azure AD) for secure user authentication in Altostrat. - [Microsoft Teams](https://altostrat.io/docs/integrations/microsoft-teams.md): Integrate Altostrat notifications and alerts into Microsoft Teams channels. - [Slack](https://altostrat.io/docs/integrations/slack.md): Send Altostrat alerts to Slack channels for quick incident collaboration. - [Backups](https://altostrat.io/docs/management/backups.md): Manage and schedule configuration backups for MikroTik devices through Altostrat. - [Device Tags](https://altostrat.io/docs/management/device-tags.md): Organize and categorize your MikroTik devices with custom tags in Altostrat. - [Faults](https://altostrat.io/docs/management/faults.md): Monitor and troubleshoot disruptions or issues in your network via Altostrat. - [Management VPN](https://altostrat.io/docs/management/management-vpn.md): How MikroTik devices connect securely to Altostrat for real-time monitoring and management. - [Managing WAN Failover](https://altostrat.io/docs/management/managing-wan-failover.md): Create, reorder, and troubleshoot WAN Failover configurations for reliable multi-link setups. - [Orchestration Log](https://altostrat.io/docs/management/orchestration-log.md): Track scripts, API calls, and automated tasks performed by Altostrat on your MikroTik devices. - [Regional Servers](https://altostrat.io/docs/management/regional-servers.md): Improve performance and minimize single points of failure with globally distributed clusters. - [Short Links](https://altostrat.io/docs/management/short-links.md): Simplify long, signed URLs into user-friendly short links for Altostrat notifications and emails. - [WAN Failover](https://altostrat.io/docs/management/wan-failover.md): Enhance reliability by combining multiple internet mediums for uninterrupted cloud connectivity. - [Intelligent Bot Detection](https://altostrat.io/docs/resources/account-security/bot-detection.md): Mitigate credential stuffing and other scripted attacks by detecting and challenging bots. - [Breached Password Detection](https://altostrat.io/docs/resources/account-security/breached-password-detection.md): Prevent users from using passwords that have been compromised in known third-party data breaches. - [Brute-Force Protection](https://altostrat.io/docs/resources/account-security/brute-force-protection.md): Safeguard individual user accounts from targeted, repeated login attempts. - [Account Security Overview](https://altostrat.io/docs/resources/account-security/index.md): Learn how Altostrat SDX protects your user accounts from common and advanced threats. - [Suspicious IP Throttling](https://altostrat.io/docs/resources/account-security/suspicious-ip-throttling.md): Protect against high-velocity attacks from single IP addresses targeting multiple user accounts. - [Infrastructure IPs](https://altostrat.io/docs/resources/infrastructure-ips.md): Learn about the static IP addresses used by the Altostrat SDX infrastructure. - [Installable PWA](https://altostrat.io/docs/resources/installable-pwa.md): Learn how to install Altostrat's Progressive Web App (PWA) for an app-like experience and offline support. - [Password Policy](https://altostrat.io/docs/resources/password-policy.md): Requirements for secure user passwords in Altostrat. - [Supported SMS Regions](https://altostrat.io/docs/resources/supported-sms-regions.md): List of countries where Altostrat's SMS delivery is enabled, plus any high-risk or unsupported regions. - [API Authentication](https://altostrat.io/docs/sdx-api/authentication.md): Securely authenticate requests to the Altostrat SDX API using API Keys or OAuth 2.0. - [Actions](https://altostrat.io/docs/workflows/actions.md): Explore the library of actions available to build your automations, from sending data to transforming it. - [Conditions](https://altostrat.io/docs/workflows/conditions.md): Master workflow branching and logic with a variety of condition nodes to make intelligent decisions. - [Introduction to Workflows](https://altostrat.io/docs/workflows/introduction.md): Learn the core concepts of building powerful automations with the Altostrat Workflow Engine. - [Liquid Basics: Objects, Tags, and Filters](https://altostrat.io/docs/workflows/liquid/basics.md): Understand the fundamental syntax for outputting data, creating logic, and modifying values in your workflows. - [Working with Filters](https://altostrat.io/docs/workflows/liquid/filters.md): A complete reference guide to all built-in and custom Liquid filters for transforming your data. - [Introduction to Liquid](https://altostrat.io/docs/workflows/liquid/introduction.md): Learn how to use Liquid to add dynamic data and logic to your workflows. - [Logic and Control Flow Tags](https://altostrat.io/docs/workflows/liquid/tags.md): Master workflow logic using if/else, for loops, and case statements to handle different scenarios. - [System Limitations & Edge Cases](https://altostrat.io/docs/workflows/system-limitations.md): Understand the operational limits and specific behaviors of the workflow engine to build more robust automations. - [Triggers](https://altostrat.io/docs/workflows/triggers.md): Learn about the different events that can start your workflows, from schedules to webhooks. - [Billing Modes](https://altostrat.io/docs/workspaces/billing-modes.md): Choose the right billing mode for your workspace structure. Understand Single, Assigned, and Pooled modes to determine how resources and subscriptions are allocated across organizations. - [Workspace Overview](https://altostrat.io/docs/workspaces/introduction.md): Understand workspaces as the foundation of billing and organizational management, connecting user authentication with payment processing while providing resource management and usage tracking. - [System Limitations](https://altostrat.io/docs/workspaces/limitations.md): Understand workspace limits, organization hierarchy constraints, billing account restrictions, and performance considerations to design scalable implementations. - [Modeling Your Business](https://altostrat.io/docs/workspaces/modeling-your-business.md): Learn how to model different business structures using practical examples. Explore franchise operations, multinational corporations, MSPs, channel partners, and traditional businesses. - [Organization Hierarchies](https://altostrat.io/docs/workspaces/organization-hierarchies.md): Build flexible organizational structures with up to 10 levels of nesting. Understand usage aggregation, limit enforcement, and best practices for modeling complex business relationships. - [Subscriptions and Invoicing](https://altostrat.io/docs/workspaces/subscriptions-and-invoicing.md): Manage subscriptions, understand resource pooling, and handle invoicing. Learn about trial subscriptions, payment methods, and usage tracking for your workspace.