Skip to main content
POST
/
agents
/
{agentId}
/
tunnel
Open tunnel
curl --request POST \
  --url https://core.cyberun.cloud/api/v1/agents/{agentId}/tunnel \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "target_port": 8188,
  "tunnel_protocol": "http"
}
'
{
  "session_id": "a1b2c3d4e5f6...",
  "tunnel_url": "https://gateway.example.com/tunnel/a1b2c3d4e5f6.../",
  "admin_token": "f7e8d9c0b1a2...",
  "tunnel_protocol": "http"
}

Documentation Index

Fetch the complete documentation index at: https://docs.cyberun.cloud/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

User session JWT (Bearer ). Must be paired with the X-Team-ID request header on team-scoped endpoints so the server knows which team's resources to operate on.

Headers

X-Team-ID
string<uuid>

UUID of the team to scope the request to. Used by dual-auth endpoints (runtime + scoped management):

  • JWT callers MUST send it — a user may belong to multiple teams and the runtime cannot otherwise know which one to operate on. Missing header → 400.
  • Credential callers (sk-, dk-) can omit it because the team is derived from the credential row itself. Any value sent is ignored.
Example:

"019abc12-4567-7890-abcd-ef1234567891"

Path Parameters

agentId
string
required

Unique identifier of the agent.

Body

application/json
target_port
integer

Port of the service to tunnel on the agent machine. Defaults to ComfyUI port (8188) when omitted.

Required range: 1 <= x <= 65535
Example:

8188

tunnel_protocol
enum<string>
default:http

Protocol of the tunneled service. "http" — HTTP/WebSocket reverse proxy (default, supports ComfyUI, Jupyter, etc.) "tcp" — Raw TCP tunnel (supports SSH, PostgreSQL, MySQL, etc.)

Available options:
http,
tcp
Example:

"http"

Response

Tunnel opened

session_id
string
required

Unique tunnel session identifier.

Example:

"a1b2c3d4e5f6..."

tunnel_url
string
required

For HTTP tunnels: URL to access the tunneled service's web interface. Contains the access token and can be safely shared. For TCP tunnels: WebSocket URL for TCP-over-WS relay. Connect with a TCP client tool.

Example:

"https://gateway.example.com/tunnel/a1b2c3d4e5f6.../"

admin_token
string
required

Admin token for privileged operations (e.g. WebTerminal). Must be kept secret — do not share.

Example:

"f7e8d9c0b1a2..."

tunnel_protocol
enum<string>

Protocol of the tunneled service.

Available options:
http,
tcp
Example:

"http"