> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hologram.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Create a tunnel key

> Creates a new tunnel key. If `public_key` is omitted, the server generates a 2048-bit RSA keypair and returns the private key in the response — save it immediately, it is not stored. The key type must be `ssh-rsa`. At most 5 enabled keys are allowed per user. If the org does not have a plan that supports device tunneling, this endpoint returns 403.



## OpenAPI

````yaml /api/1/openapi.yaml post /tunnelkeys/
openapi: 3.0.0
info:
  title: Hologram REST API v1
  description: >-
    The Hologram HTTP API is a REST-style interface for managing Hologram
    devices, accounts, and cloud data.


    Using the Hologram REST API, you can activate SIMs, get your devices
    approximate location, send SMS to your devices, update a device's usage
    limit, and much more.


    ## Authentication


    Hologram supports **HTTP Basic authentication** using API keys. Simply set
    the username of the request to `apikey`. The password field is the API key
    itself.


    You can find your API key on the Hologram Dashboard under [Account
    Settings](https://dashboard.hologram.io/settings/api).


    Your API key gives you access to your personal account, as well as any
    organizations you are a member of. Make sure you don't store your API key in
    a publicly accessible place like GitHub. If you are a member of multiple
    organizations, many endpoints accept an `orgid` argument to filter for
    devices or other objects within a specific organization.


    You can find your `orgid` by following [this guide from our Help
    Center](https://support.hologram.io/hc/en-us/articles/360035421234-What-is-my-organization-ID-orgid).


    ### Header Example


    ```

    curl --verbose GET \

    'https://dashboard.hologram.io/api/1/users/me' \

    -u apikey:YOUR_API_KEY

    ```


    You can also base64 encode "apikey:YOUR_API_KEY" and include it directly in
    the header.


    ```

    curl --verbose GET \

    'https://dashboard.hologram.io/api/1/users/me' \

    --header "Authorization: Basic BASE64(apikey:YOUR_API_KEY)"

    ```


    ## Requests


    Request bodies can be provided in either JSON or form-urlencoded formats.
    Please note that the examples in this documentation will only display JSON
    bodies.


    ### **JSON body**


    ```

    curl --verbose --request POST \

    --header "Content-Type: application/json" \

    --header "Authorization: Basic BASE64(apikey:YOUR_API_KEY)" \

    --data '{"deviceid": 56668, "body": "Hello device!"}' \

    'https://dashboard.hologram.io/api/1/sms/incoming'

    ```


    ### **form-urlencoded body**


    ```

    curl --verbose --request POST \

    --header "Content-Type: application/x-form-urlencoded" \

    --header "Authorization: Basic BASE64(apikey:YOUR_API_KEY)" \

    --data 'deviceid=56668&body=Hello%20device!' \

    'https://dashboard.hologram.io/api/1/sms/incoming'

    ```


    ## Responses


    All API responses are returned as JSON objects with the following fields:


    * `success` (boolean) - Indicates whether the request was successful.

    * `data` (object or array) - Contains the requested data or information
    about the operation that was performed. Only present when `success` is true.

    * `error` (string) - Information about why the request failed. Only present
    when `success` is false.


    Most GET responses will also include the following fields if a limit is
    included as part of the query string:


    * `limit` (number) - The query limit, some have this value built in and
    others often have a maximum value that the limit can be

    * `size` (number) - The number of values returned by the query

    * `continues` (boolean, optional) - This is only returned if there are more
    values than were returned

    * `links` (array) - Contains information related to the query performed
      * `path` (string) - The API endpoint path
      * `base` (string) - API base URL
      * `next` (string) - URL with query string to get the next results

    Note that all dates and times are returned in UTC.


    ## Rate Limiting


    In order to provide a good quality of service to all of our customers, we
    enforce a rate limit on all API requests.


    If you exceed the rate limit you will receive a HTTP 429 response with a
    JSON response body like this:


    ```

    {
      "success":false,
      "error":"API rate limit exceeded"
    }

    ```


    If you receive this response, you should refrain from making requests for
    5-10 seconds and then retry the request.


    Hologram's REST API provides methods to perform many requests in bulk. For
    example, you can change the data plans of multiple SIMs at once using
    https://dashboard.hologram.io/api/1/links/cellular/changeplan.


    If there is request you would like to make in bulk but cannot, please reach
    out to [support@hologram.io](mailto:support@hologram.io) for assistance.
  version: '1'
servers:
  - url: https://dashboard.hologram.io/api/1
    description: Hologram REST API v1
security: []
tags:
  - name: Devices
    description: Devices
  - name: SIM Configuration
    description: SIM Configuration
    x-group: SIM Configuration - Conductor
  - name: Organizations
    description: Organizations
  - name: Personal account
    description: Personal account
  - name: Async Change Requests
    description: Async Change Requests
paths:
  /tunnelkeys/:
    post:
      tags:
        - Devices
      summary: Create a tunnel key
      description: >-
        Creates a new tunnel key. If `public_key` is omitted, the server
        generates a 2048-bit RSA keypair and returns the private key in the
        response — save it immediately, it is not stored. The key type must be
        `ssh-rsa`. At most 5 enabled keys are allowed per user. If the org does
        not have a plan that supports device tunneling, this endpoint returns
        403.
      operationId: createTunnelKey
      requestBody:
        required: false
        content:
          application/json:
            schema:
              properties:
                public_key:
                  description: >-
                    OpenSSH-format RSA public key; if omitted the server
                    generates a keypair
                  type: string
              type: object
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TunnelKeyResponse'
        '400':
          description: Invalid public key format or tunnel key limit reached
        '401':
          description: Unauthorized
        '403':
          description: Organization does not have tunnel access
      security:
        - apiKeyAuth: []
components:
  schemas:
    TunnelKeyResponse:
      properties:
        success:
          $ref: '#/components/schemas/SuccessProperty'
        data:
          $ref: '#/components/schemas/TunnelKeyObject'
      type: object
    SuccessProperty:
      description: Indicates whether the request was successful.
      type: boolean
      example: true
    TunnelKeyObject:
      properties:
        id:
          type: integer
        userid:
          type: integer
        public_key:
          description: OpenSSH-format RSA public key
          type: string
        disabled:
          description: 1 if the key is disabled
          type: integer
          enum:
            - 0
            - 1
        created_at:
          type: string
          format: date-time
        private_key:
          description: >-
            RSA private key; only present when the server generates the keypair
            (no public_key supplied on create)
          type: string
          nullable: true
      type: object
  securitySchemes:
    apiKeyAuth:
      type: http
      description: >-
        HTTP Basic authentication using API keys. Set the username to `apikey`
        and the password to your API key. You can find your API key on the
        Hologram Dashboard under Account Settings.
      scheme: basic

````