Networking
Manage VPC peering, AWS PrivateLink, GCP Private Service Connect, and access rules via the Supervisor API.
Set variables to auto-fill all examples and run requests in-browser.
All networking APIs use the Supervisor API ({supervisor_url}). Each supervisor is region-specific; use the supervisor_url from the deployment object.
Required permissions: deployment:network:manage (create, delete) or deployment:network:read (list, instructions). Access rules use deployment:access:manage / deployment:access:read.
Network Info
Get Network Info
GET{supervisor_url}/deployments/{deployment_id}/network/infoRetrieve the deployment's current network configuration, public/private IPs, and CIDR.
curl {supervisor_url}/deployments/{deployment_id}/network/info \
-H "ld-api-key: YOUR_API_KEY"AWS VPC Peering
Available for Managed deployments on AWS. Requires Pro or Enterprise plan.
Create VPC Peering
POST{supervisor_url}/deployments/{deployment_id}/network/aws/vpc_peeringInitiate a VPC peering connection from the deployment's VPC to your AWS VPC. Returns 204 No Content.
curl -X POST {supervisor_url}/deployments/{deployment_id}/network/aws/vpc_peering \
-H "ld-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "app-to-iggy",
"peer_vpc_id": "vpc-0abc123def456789a",
"peer_owner_id": "123456789012",
"peer_vpc_cidr": "172.16.0.0/16",
"peer_region": "us-west-2",
"remarks": "Application VPC to deployment"
}'| Field | Required | Description |
|---|---|---|
name | Yes | Name for the peering connection |
peer_vpc_id | Yes | Your VPC ID (e.g. vpc-0abc123...) |
peer_owner_id | Yes | Your 12-digit AWS Account ID |
peer_vpc_cidr | Yes | Your VPC CIDR block. Must not overlap with the deployment subnet |
peer_region | No | Your VPC region if different from the deployment region |
remarks | No | Optional description |
List VPC Peerings
GET{supervisor_url}/deployments/{deployment_id}/network/aws/vpc_peeringList all VPC peering connections for this deployment.
curl {supervisor_url}/deployments/{deployment_id}/network/aws/vpc_peering \
-H "ld-api-key: YOUR_API_KEY"[
{
"id": 1,
"name": "app-to-iggy",
"peering_connection_id": "pcx-0abc123def456789a",
"requester_vpc_id": "vpc-deployment",
"requester_cidr": "10.0.0.0/16",
"accepter_vpc_id": "vpc-0abc123def456789a",
"accepter_cidr": "172.16.0.0/16",
"requester_region": "us-west-1",
"accepter_region": "us-west-2",
"requester_owner_id": "987654321098",
"accepter_owner_id": "123456789012",
"status": "pending_acceptance",
"remarks": "Application VPC to deployment",
"created_at": "2025-01-15T10:30:00Z"
}
]initiating_requestpending_acceptanceprovisioningactiverejectedexpiredfaileddeletingdeletedGet Peering Setup Instructions
GET{supervisor_url}/deployments/{deployment_id}/network/aws/vpc_peering/{peering_id}/instructionsGet step-by-step instructions tailored to the current peering status, including the peering request ID to accept in the AWS Console.
curl {supervisor_url}/deployments/{deployment_id}/network/aws/vpc_peering/{peering_id}/instructions \
-H "ld-api-key: YOUR_API_KEY"Delete VPC Peering
DELETE{supervisor_url}/deployments/{deployment_id}/network/aws/vpc_peering/{peering_id}Remove a VPC peering connection. Also clean up routes and security groups in your own VPC.
curl -X DELETE {supervisor_url}/deployments/{deployment_id}/network/aws/vpc_peering/{peering_id} \
-H "ld-api-key: YOUR_API_KEY"Returns 204 No Content.
AWS PrivateLink
Exposes the deployment as a VPC Endpoint Service. Available for Managed deployments on AWS. Requires Pro or Enterprise plan.
Create Endpoint Service
POST{supervisor_url}/deployments/{deployment_id}/network/aws/private_linkCreate an AWS VPC Endpoint Service backed by the deployment's Network Load Balancer.
curl -X POST {supervisor_url}/deployments/{deployment_id}/network/aws/private_link \
-H "ld-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "iggy-endpoint-service",
"acceptance_required": true,
"allowed_principals": [
"arn:aws:iam::123456789012:root"
],
"remarks": "PrivateLink for production consumers"
}'| Field | Required | Description |
|---|---|---|
name | Yes | Unique name for the endpoint service |
acceptance_required | No | Require manual approval of each new endpoint connection (default true) |
allowed_principals | No | AWS IAM ARNs permitted to create endpoints. Empty = any account can request. |
remarks | No | Optional description |
List Endpoint Services
GET{supervisor_url}/deployments/{deployment_id}/network/aws/private_linkList all PrivateLink endpoint services for the deployment.
curl {supervisor_url}/deployments/{deployment_id}/network/aws/private_link \
-H "ld-api-key: YOUR_API_KEY"[
{
"id": 1,
"name": "iggy-endpoint-service",
"vpc_endpoint_service_id": "vpce-svc-0abc123def456789a",
"service_name": "com.amazonaws.vpce.us-west-1.vpce-svc-0abc123def456789a",
"acceptance_required": true,
"allowed_principals": ["arn:aws:iam::123456789012:root"],
"state": "available",
"remarks": "PrivateLink for production consumers",
"created_at": "2025-01-15T10:30:00Z"
}
]pendingavailabledeletingdeletedfailedDelete Endpoint Service
DELETE{supervisor_url}/deployments/{deployment_id}/network/aws/private_link/{service_id}Remove the PrivateLink endpoint service. Active consumer endpoints will stop working.
curl -X DELETE {supervisor_url}/deployments/{deployment_id}/network/aws/private_link/{service_id} \
-H "ld-api-key: YOUR_API_KEY"GCP VPC Peering
Available for Managed deployments on GCP. Requires Pro or Enterprise plan.
Create GCP VPC Peering
POST{supervisor_url}/deployments/{deployment_id}/network/gcp/vpc_peeringInitiate a VPC peering from the deployment's VPC to your GCP network. GCP requires both sides to establish the connection.
curl -X POST {supervisor_url}/deployments/{deployment_id}/network/gcp/vpc_peering \
-H "ld-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "app-to-iggy",
"peer_vpc_name": "my-vpc-network",
"peer_project_id": "my-gcp-project",
"peer_vpc_cidr": "172.16.0.0/16",
"remarks": "Application VPC to deployment"
}'| Field | Required | Description |
|---|---|---|
name | Yes | Name for the peering connection |
peer_vpc_name | Yes | Your GCP VPC network name (lowercase, digits, hyphens, max 63 chars) |
peer_project_id | Yes | Your GCP project ID (6-30 chars) |
peer_vpc_cidr | Yes | Your VPC CIDR block. Must not overlap with the deployment subnet |
remarks | No | Optional description |
Returns 204 No Content. The connection starts inactive until you create the reciprocal peering in your GCP Console.
List GCP VPC Peerings
GET{supervisor_url}/deployments/{deployment_id}/network/gcp/vpc_peeringList all GCP VPC peering connections.
curl {supervisor_url}/deployments/{deployment_id}/network/gcp/vpc_peering \
-H "ld-api-key: YOUR_API_KEY"Peering states: inactive, active, deleted
Get GCP Peering Instructions
GET{supervisor_url}/deployments/{deployment_id}/network/gcp/vpc_peering/{peering_id}/instructionsGet step-by-step instructions for creating the reciprocal peering in your GCP Console, tailored to the current peering state.
curl {supervisor_url}/deployments/{deployment_id}/network/gcp/vpc_peering/{peering_id}/instructions \
-H "ld-api-key: YOUR_API_KEY"Delete GCP VPC Peering
DELETE{supervisor_url}/deployments/{deployment_id}/network/gcp/vpc_peering/{peering_id}Remove a GCP VPC peering connection.
curl -X DELETE {supervisor_url}/deployments/{deployment_id}/network/gcp/vpc_peering/{peering_id} \
-H "ld-api-key: YOUR_API_KEY"Returns 204 No Content.
GCP Private Service Connect
Exposes the deployment as a PSC service attachment. Available for Managed deployments on GCP. Requires Pro or Enterprise plan.
Create Service Attachment
POST{supervisor_url}/deployments/{deployment_id}/network/gcp/pscCreate a GCP PSC Service Attachment backed by the deployment's internal load balancer.
curl -X POST {supervisor_url}/deployments/{deployment_id}/network/gcp/psc \
-H "ld-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "iggy-psc-attachment",
"connection_preference": "accept_manual",
"consumer_accept_lists": [
"my-gcp-project-123"
],
"enable_proxy_protocol": false,
"remarks": "PSC for production consumers"
}'| Field | Required | Description |
|---|---|---|
name | Yes | Unique name for the service attachment |
connection_preference | No | accept_manual (default, requires approval) or accept_automatic |
consumer_accept_lists | No | GCP project IDs allowed to connect. Empty = any project can request. |
enable_proxy_protocol | No | Include original client IP in connection header (default false) |
remarks | No | Optional description |
Returns 204 No Content.
List Service Attachments
GET{supervisor_url}/deployments/{deployment_id}/network/gcp/pscList all PSC service attachments for the deployment.
curl {supervisor_url}/deployments/{deployment_id}/network/gcp/psc \
-H "ld-api-key: YOUR_API_KEY"[
{
"id": 1,
"name": "iggy-psc-attachment",
"service_attachment_uri": "projects/ld-prod/regions/us-central1/serviceAttachments/iggy-psc-attachment",
"connection_preference": "accept_manual",
"consumer_accept_lists": ["my-gcp-project-123"],
"state": "active",
"remarks": "PSC for production consumers",
"created_at": "2026-03-20T10:30:00Z"
}
]Service attachment states: pending, active, closed
Get PSC Setup Instructions
GET{supervisor_url}/deployments/{deployment_id}/network/gcp/psc/{attachment_id}/instructionsGet step-by-step instructions for consumers to connect to this service attachment.
curl {supervisor_url}/deployments/{deployment_id}/network/gcp/psc/{attachment_id}/instructions \
-H "ld-api-key: YOUR_API_KEY"List PSC Connections
GET{supervisor_url}/deployments/{deployment_id}/network/gcp/psc/{attachment_id}/connectionsList all active PSC endpoint connections to this attachment.
curl {supervisor_url}/deployments/{deployment_id}/network/gcp/psc/{attachment_id}/connections \
-H "ld-api-key: YOUR_API_KEY"[
{
"id": 1,
"connection_id": "psc-conn-xyz789",
"consumer_project_id": "my-gcp-project-123",
"consumer_network": "projects/my-gcp-project-123/global/networks/default",
"consumer_forwarding_rule": "projects/my-gcp-project-123/regions/us-central1/forwardingRules/psc-fr-1",
"status": "accepted",
"created_at": "2026-03-21T14:00:00Z"
}
]pendingacceptedrejectedclosedneeds_attentionDelete Service Attachment
DELETE{supervisor_url}/deployments/{deployment_id}/network/gcp/psc/{attachment_id}Remove the PSC service attachment. Active consumer endpoints will stop working.
curl -X DELETE {supervisor_url}/deployments/{deployment_id}/network/gcp/psc/{attachment_id} \
-H "ld-api-key: YOUR_API_KEY"Returns 204 No Content.
Access Rules
Access rules control which IP ranges can reach the deployment. Every deployment starts fully isolated: no traffic is allowed until you explicitly add a rule.
Exception: Free tier Managed deployments are created with a default 0.0.0.0/0 rule. Delete or replace it at any time.
Create Access Rule
POST{supervisor_url}/deployments/{deployment_id}/access_rulesAdd an inbound access rule for specific CIDR blocks and protocols.
curl -X POST {supervisor_url}/deployments/{deployment_id}/access_rules \
-H "ld-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "production-api-access",
"cidr_blocks": ["10.0.0.0/16", "172.16.0.0/12"],
"rules": {
"iggy_tcp": true,
"iggy_http": true,
"iggy_websocket": false,
"iggy_udp": false
},
"valid_to": "2026-12-31T23:59:59Z",
"remarks": "Production API servers"
}'| Field | Required | Description |
|---|---|---|
name | Yes | Unique name within the deployment |
cidr_blocks | Yes | Array of IPv4 CIDR blocks (at least one required) |
rules | Yes | Object of protocol toggles: iggy_tcp, iggy_http, iggy_websocket, iggy_udp |
valid_to | No | Optional expiry timestamp. Rule is no longer enforced after this time. |
remarks | No | Optional description |
iggy_http also opens the built-in Stream UI (served on the same HTTP ports).
List Access Rules
GET{supervisor_url}/deployments/{deployment_id}/access_rulesList all access rules for the deployment.
curl {supervisor_url}/deployments/{deployment_id}/access_rules \
-H "ld-api-key: YOUR_API_KEY"[
{
"id": 1,
"name": "production-api-access",
"remarks": "Production API servers",
"rules": {
"iggy_http": true,
"iggy_tcp": true,
"iggy_websocket": false,
"iggy_udp": false
},
"cidr_blocks": ["10.0.0.0/16", "172.16.0.0/12"],
"valid_to": "2026-12-31T23:59:59Z",
"created_at": "2025-01-15T10:30:00Z"
}
]Delete Access Rule
DELETE{supervisor_url}/deployments/{deployment_id}/access_rules/{rule_id}Remove an access rule. Takes effect immediately; traffic from those CIDRs is blocked.
curl -X DELETE {supervisor_url}/deployments/{deployment_id}/access_rules/{rule_id} \
-H "ld-api-key: YOUR_API_KEY"