Skip to main content

Workflow

Configure Access and Networking

This workflow covers the control points you use around or after provisioning: project SSH keys, private network membership, internal addressing, public IP resources, and port exposure through forwarding rules.

Create a reusable project SSH key

If your client manages SSH access centrally, create project-level keys once and reuse the resulting identifiers across VM creation flows.

curl --request POST \
  --url 'https://api.zennohosting.com/projects/{projectId}/ssh-keys' \
  --header 'Authorization: Bearer <token>' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
"name": "workstation-key",
"publicKey": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA..."
}'

Create a private network and attach a VM

Start with the project network resource, then attach the VM to that network. On create, the network subnet is assigned by the platform rather than supplied manually.

curl --request POST \
  --url 'https://api.zennohosting.com/projects/{projectId}/networks' \
  --header 'Authorization: Bearer <token>' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
"name": "backend-private"
}'
  1. 1

    Create or select the project SSH key

    Project-level SSH keys help standardize access inputs across multiple VM creation requests.

  2. 2

    Create the network resource

    Use a stable name for the private network, then read the resulting subnet from the network resource instead of trying to author it up front.

  3. 3

    Attach the VM to the network

    Use the attach call to place the VM into that network. Use the update call later only when attachment settings need to change after the network exists.

  4. 4

    Create or inspect project public IP resources

    Public exposure flows operate from a publicIpId. Either create a public IP first or query the project public IP list to locate the correct target resource.

  5. 5

    Create forwarding rules for external access

    Each forwarding rule maps a public port and protocol to the VM inside the project network.

Create a public IP resource

If the project does not already have a reusable public IP, create one first. This is a separate project resource, not a side effect of private network creation.

curl --request POST \
  --url 'https://api.zennohosting.com/projects/{projectId}/public-ips' \
  --header 'Authorization: Bearer <token>' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
"tariffId": "00000000-0000-0000-0000-000000000000"
}'

Create a port forwarding rule

This rule binds a public port on an existing project public IP to the selected VM and internal service port.

curl --request POST \
  --url 'https://api.zennohosting.com/projects/{projectId}/public-ips/{publicIpId}/port-forwards' \
  --header 'Authorization: Bearer <token>' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{
"vmId": "00000000-0000-0000-0000-000000000000",
"mode": "SpecificPorts",
"protocol": "Tcp",
"externalPort": 8080,
"internalPort": 80
}'

Modeling note

Product screens may group public exposure with network management, but the canonical API model stays split: reusable SSH keys, private network attachment, and public IP exposure are three separate concerns that only meet at workflow level.

POST/projects/{projectId}/ssh-keys

Create a project SSH key.

POST/projects/{projectId}/networks

Create a private network resource.

POST/projects/{projectId}/networks/{networkId}/vms

Attach the VM to that network.

PUT/projects/{projectId}/networks/{networkId}/vms/{vmId}

Update internal IP or attachment settings.

POST/projects/{projectId}/public-ips

Create a reusable project public IP resource.

GET/projects/{projectId}/public-ips

Inspect project public IP resources.

POST/projects/{projectId}/public-ips/{publicIpId}/port-forwards

Create an external forwarding rule.