Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/thenoname-gurl/EcliPanel/llms.txt

Use this file to discover all available pages before exploring further.

EcliTunnel lets game servers running behind NAT expose ports to players without requiring a public IP. A tunnel device registers with the panel via a device code flow—similar to OAuth device authorization—and once approved, the tunnel agent opens a persistent WebSocket control channel and relays traffic to allocated ports.
Tunnel endpoints require the tunnels feature flag to be enabled in panel settings. Enterprise node operators typically manage tunnels for their users.

Allocations

List tunnel allocations

GET /api/tunnel/allocations Returns all port allocations assigned to tunnel devices the authenticated user can manage. 
curl https://your-panel.example.com/api/tunnel/allocations \
  -H "Cookie: session=<token>"
id
number
Allocation ID.
port
number
Allocated port number on the tunnel server.
deviceId
string
UUID of the tunnel device this port is assigned to.
protocol
string
Transport protocol: tcp or udp.
createdAt
string
ISO 8601 creation timestamp.

Devices

List tunnel devices

GET /api/tunnel/devices Returns all tunnel devices owned by the authenticated user or by organisations they manage. 
curl https://your-panel.example.com/api/tunnel/devices \
  -H "Cookie: session=<token>"
id
string
Device UUID.
name
string
Device display name.
kind
string
Device role: client or server.
approved
boolean
Whether the device has been approved by an admin.
userCode
string
Human-readable activation code shown during the enrollment flow.
expiresAt
string
ISO 8601 expiry time for pending (unapproved) devices.

Start device enrollment

POST /api/tunnel/device/start Initiates the device code enrollment flow. The returned deviceCode and userCode are used to complete pairing. Unapproved devices expire after 10 minutes.
name
string
required
Human-readable name for the device (e.g. home-server).
kind
string
Device role: client (default) or server. Creating a server-kind device requires admin access.
organisationId
number
Associate the device with a specific organisation. The caller must be an admin or owner of that organisation.
curl -X POST https://your-panel.example.com/api/tunnel/device/start \
  -H "Cookie: session=<token>" \
  -H "Content-Type: application/json" \
  -d '{"name":"gaming-rig","kind":"client"}'
deviceCode
string
Unique code used by the tunnel client to authenticate.
userCode
string
Short human-readable code displayed to the user during approval.
expiresAt
string
ISO 8601 expiry time. Enrollment must be approved before this time.

Poll device status

GET /api/tunnel/device/poll Used by the tunnel client to check whether its enrollment has been approved. Poll this endpoint until approved is true or the device expires.
deviceCode
string
required
Device code returned by /api/tunnel/device/start.
curl "https://your-panel.example.com/api/tunnel/device/poll?deviceCode=<code>" \
  -H "Cookie: session=<token>"
approved
boolean
Whether the device has been approved.
token
string
JWT token issued to the device once approved. The tunnel agent uses this to authenticate its WebSocket connection.

Approve a device

POST /api/tunnel/device/approve Approves a pending tunnel device. Requires admin access.
userCode
string
required
The human-readable user code shown during enrollment.
curl -X POST https://your-panel.example.com/api/tunnel/device/approve \
  -H "Cookie: session=<token>" \
  -H "Content-Type: application/json" \
  -d '{"userCode":"ABCD-1234"}'
success
boolean
Whether the device was approved.
device
object
The approved device record.

Delete a device

DELETE /api/tunnel/devices/:id/delete Removes a tunnel device and all its port allocations. The device’s WebSocket connection is closed immediately.
Deleting a device disconnects it immediately. Any active game server connections routed through this tunnel will be interrupted.
id
string
required
Device UUID.
curl -X DELETE https://your-panel.example.com/api/tunnel/devices/abc-uuid/delete \
  -H "Cookie: session=<token>"
success
boolean
Whether the device was deleted.

Regenerate device token

POST /api/tunnel/devices/:id/regenerate-token Issues a new authentication token for a device. The existing token is immediately invalidated, forcing the tunnel agent to reconnect.
id
string
required
Device UUID.
curl -X POST https://your-panel.example.com/api/tunnel/devices/abc-uuid/regenerate-token \
  -H "Cookie: session=<token>"
success
boolean
Whether the token was regenerated.
token
string
The new device JWT token.

Build docs developers (and LLMs) love

Get started for freeTalk to us