Public Gateways API

v1 (current)

Introduction

Scaleway Public Gateways are building blocks for your infrastructure on Scaleway's public cloud. They sit at the border of Private Networks and provide access to/from other networks or the Internet. As well as this, Public Gateways offer a host of managed features and services to facilitate the management of resources in your Private Network, including DHCP to dynamically assign IP addresses, and NAT to map private IP addresses in the Private Network to the public IP address of the Public Gateway.

Tip

To create and manage your Private Networks, check out our .

Concepts

Refer to our to find definitions of all terminology related to Public Gateways, including DHCP, NAT, SSH bastion and more.

Quickstart

Configure your environment variables.

Note

This is an optional step that seeks to simplify your usage of the Public Gateways API.

export SCW_SECRET_KEY="<API secret key>"
export SCW_DEFAULT_ZONE="<Scaleway default Availability Zone>"
export SCW_PROJECT_ID="<Scaleway Project ID>"

Choose a Public Gateway type: Public Gateways come in different shapes and sizes, with different network capabilities and pricing. When you create your Public Gateway, you need to include the required Public Gateway type in the request. Use the following call to get a list of available Public Gateway offer types and their details:

curl -X GET \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateway-types"

Create a Public Gateway: run the following command to create a Public Gateway. You can customize the details in the payload (name, description, tags, etc) to your needs: use the information below to adjust the payload as necessary.

curl -X POST \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateways" \
    -d '{
        "type": "VPC-GW-S", 
        "name": "my-new-gateway",
        "tags": ["my-first-tag", "my-second-tag"], 
        "project_id": "'"$SCW_PROJECT_ID"'"
        }'

Parameter	Description	Valid values
type	The type of Public Gateway (commercial offer type) to create. Use the Gateway Types endpoint to get a list of offer types.	Any valid offer type string, e.g. `VPC-GW-S`
name	A name of your choice for the Public Gateway	Any string containing only alphanumeric characters and dashes, e.g. `my-new-gateway`.
tags	A list of tags to describe your Public Gateway. These can help you manage and filter your gateways.	A list of alphanumeric strings, e.g. `["my-first-tag`, `my-second-tag`
project_id	The Scaleway Project ID to create the Public Gateway in.	A valid Scaleway Project ID, e.g. `f5fe13a0-b9c7-11ed-afa1-0242ac120002`

Note: Further parameters are available, but for the purposes of this quickstart we have included only the essentials. See the Create a Public Gateway endpoint documentation below for full details of all possible parameters.

Get a list of your Public Gateways: run the following command to get a list of all your Public Gateways.

curl -X GET \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateways"

Attach a Private Network to a Public Gateway: run the following command to attach a Private Network to your Public Gateway, and make all the Gateway's services such as DHCP and NAT available to the Private Network. You can customize the details in the payload to your needs: use the information below to adjust the payload as necessary.

Tip

If you haven't created a Private Network yet, see the documentation to learn how to do so. Ensure you retain the ID of the Private Network.

curl -X POST \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateway-networks" \
    -d '{
        "gateway_id": "b1b2edda-9364-422d-93f2-ad04e6a054dc", 
        "private_network_id": "548dbcc3-8b78-486f-a79a-c3f5a17642f9",
        "enable_masquerade": true,
        "dhcp": {
        "project_id": "'"$SCW_PROJECT_ID"'",
        "subnet": "192.168.1.0/24"
        }
    }'

This configuration will set up the Public Gateway as a NAT gateway, masquerading traffic sent to it to the outer internet to provide internet access to resources in the Private Network, and serving IP addresses through DHCP to said instances, in the subnet 192.168.1.0/24.

Parameter	Description	Valid values
gateway_id	The Public Gateway ID of an existing Public Gateway	Any valid Public Gateway ID, e.g. `b1b2edda-9364-422d-93f2-ad04e6a054dc`
private_network_id	The Private Network ID of an existing Private Network	Any valid Private Network ID in the same Availability Zone as the Public Gateway, e.g. `548dbcc3-8b78-486f-a79a-c3f5a17642f9`
enable_masquerade	Defines whether the gateway should masquerade traffic for the attached Private Network (i.e. whether to enable dynamic NAT)	A boolean value, e.g. `true`
dhcp	An DHCP object (see object definition in the `DHCP` endpoint documentation below), which defines DHCP configuration.	An object which includes the Scaleway Project ID of the Public Gateway/Private Network, and the subnet to use for the Private Network e.g. `{"project_id": "'$SCW_PROJECT_ID'", "subnet": "192.168.1.0/24"}`

Note

Further parameters are available, but for the purposes of this quickstart we have included only the essentials. See the documentation below for full details of all possible parameters.

Delete a Public Gateway: run the following call to delete your Public Gateway. Ensure that you replace <PUBLIC-GATEWAY-ID> in the URL with the ID of the Public Gateway you want to delete.

curl -X DELETE \
    -H "X-Auth-Token: $SCW_SECRET_KEY" \
    -H "Content-Type: application/json" \
    "https://api.scaleway.com/vpc-gw/v1/zones/$SCW_DEFAULT_ZONE/gateways/<PUBLIC-GATEWAY-ID>"

The expected successful response is empty.

Requirements

You have a
You have and that the API key has sufficient to perform the actions described on this page
You have

Technical limitations

The following limitations apply to Public Gateways:

A maximum of eight (8) Private Networks can be plugged into a single Public Gateway
Note that the Public Gateway takes some time to start up, and actions on it are impossible unless it is in the running state. To check the current state of a Public Gateway, use the endpoint to get information for your gateway: the status field of the response will tell you if it is running or in another state.
For further information about Public Gateway limitations see our .

Technical information

Availability Zones

Public Gateways can be deployed in the following Availability Zones:

Name	API ID
Paris	`fr-par-1` `fr-par-2`
Amsterdam	`nl-ams-1` `nl-ams-2`
Warsaw	`pl-waw-1` `pl-waw-2`

The Scaleway Public Gateways API is a zoned API, meaning that each call must specify in its path parameters the Availability Zone for the resources concerned by the call.

Going further

For more help using Scaleway Public Gateways, check out the following resources:

Our
The #vpc-public-gateway channel on our
Our .

Gateways

Public Gateways are building blocks for your infrastructure on Scaleway's shared public cloud. They provide a set of managed network services and features for Scaleway's Private Networks such as DHCP, NAT and routing.

GET/vpc-gw/v1/zones/{zone}/gateways

POST/vpc-gw/v1/zones/{zone}/gateways

GET/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}

PATCH/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}

DELETE/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}

POST/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}/enable-ip-mobility

POST/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}/refresh-ssh-keys

POST/vpc-gw/v1/zones/{zone}/gateways/{gateway_id}/upgrade

Gateway Networks

A Gateway Network represents the connection of a Private Network to a Public Gateway. It holds configuration options relative to this specific connection, such as the DHCP configuration.

GET/vpc-gw/v1/zones/{zone}/gateway-networks

POST/vpc-gw/v1/zones/{zone}/gateway-networks

GET/vpc-gw/v1/zones/{zone}/gateway-networks/{gateway_network_id}

PATCH/vpc-gw/v1/zones/{zone}/gateway-networks/{gateway_network_id}

DELETE/vpc-gw/v1/zones/{zone}/gateway-networks/{gateway_network_id}

DHCP

These objects define a DHCP configuration, i.e. how IP addresses should be assigned to devices on a Private Network attached to a Public Gateway. Definable parameters include the subnet for the DHCP server, the validity period for DHCP entries, whether to use dynamic pooling, and more. A DHCP configuration object has a DHCP ID, which can then be used as part of a call to create or update a Gateway Network. This lets you attach an existing DHCP configuration to a Public Gateway attached to a Private Network. Similarly, you can use a DHCP ID as a query parameter to list Gateway Networks which use this DHCP configuration object.

GET/vpc-gw/v1/zones/{zone}/dhcps

POST/vpc-gw/v1/zones/{zone}/dhcps

GET/vpc-gw/v1/zones/{zone}/dhcps/{dhcp_id}

PATCH/vpc-gw/v1/zones/{zone}/dhcps/{dhcp_id}

DELETE/vpc-gw/v1/zones/{zone}/dhcps/{dhcp_id}

DHCP Entries

DHCP entries belong to a specified Gateway Network (Public Gateway / Private Network connection). A DHCP entry can hold either a dynamic DHCP lease (an IP address dynamically assigned by the Public Gateway to a device) or a static, user-created DHCP reservation.

GET/vpc-gw/v1/zones/{zone}/dhcp-entries

POST/vpc-gw/v1/zones/{zone}/dhcp-entries

PUT/vpc-gw/v1/zones/{zone}/dhcp-entries

GET/vpc-gw/v1/zones/{zone}/dhcp-entries/{dhcp_entry_id}

PATCH/vpc-gw/v1/zones/{zone}/dhcp-entries/{dhcp_entry_id}

DELETE/vpc-gw/v1/zones/{zone}/dhcp-entries/{dhcp_entry_id}

PAT Rules

PAT (Port Address Translation) rules, aka static NAT rules, belong to a specified Public Gateway. They define the forwarding of a public port to a specific device on a Private Network, enabling enables ingress traffic from the public Internet to reach the correct device in the Private Network.

GET/vpc-gw/v1/zones/{zone}/pat-rules

POST/vpc-gw/v1/zones/{zone}/pat-rules

PUT/vpc-gw/v1/zones/{zone}/pat-rules

GET/vpc-gw/v1/zones/{zone}/pat-rules/{pat_rule_id}

PATCH/vpc-gw/v1/zones/{zone}/pat-rules/{pat_rule_id}

DELETE/vpc-gw/v1/zones/{zone}/pat-rules/{pat_rule_id}

IPs

Public, flexible IP addresses for Public Gateways, allowing the gateway to reach the public internet, as well as forward (masquerade) traffic from member devices of attached Private Networks.

GET/vpc-gw/v1/zones/{zone}/ips

POST/vpc-gw/v1/zones/{zone}/ips

GET/vpc-gw/v1/zones/{zone}/ips/{ip_id}

PATCH/vpc-gw/v1/zones/{zone}/ips/{ip_id}

DELETE/vpc-gw/v1/zones/{zone}/ips/{ip_id}

Gateway Types

Public Gateways come in various shapes, sizes and prices, which are described by gateway types. They represent the different commercial offer types for Public Gateways available at Scaleway.

GET/vpc-gw/v1/zones/{zone}/gateway-types