wg genkey | tee privatekey | wg pubkey > publickey
curl https://api.mullvad.net/wg/ -d account=YOUR_ACCOUNT_NUMBER --data-urlencode pubkey="$(cat publickey)"
- Step 1: "Login" to Mullvad and get an autherization token
$ curl -fsSL https://api.mullvad.net/www/accounts/YOUR_ACCOUNT_NUMBER
{
"auth_token": "xxyyzz",
"account": {
"token": "ACCOUNT_NUMBER",
"pretty_token": "1234 4567 7890 0123",
"active": true,
"expires": "2100-01-01T12:00:00Z",
"expiry_unix": 1234567890,
"ports": [],
"max_ports": 5,
"can_add_ports": true,
"wg_peers": [
{
"key": {
"public": "PUBLIC_KEY_HERE",
"private": ""
},
"ipv4_address": "10.0.19.123/32",
"ipv6_address": "dead:beef:1337:1::5:2/128",
"ports": [],
"can_add_ports": true,
"created": "2020-01-01"
}
],
"max_wg_peers": 5,
"can_add_wg_peers": true,
"subscription": {
"method": "XX",
"status": "ACTIVE",
"unpaid": false
}
}
}
The token at the line "auth_token": "xxyyzz"
is the one you should be using in the next step.
Or if you have jq
installed, you can just do
$ curl -fsSL https://api.mullvad.net/www/accounts/YOUR_ACCOUNT_NUMBER | jq -r '.auth_token'
- Step 2: Revoke the previously uploaded key
$ curl -X POST \
-H 'Content-Type: application/json' \
-H 'Authorization: Token THE_TOKEN_YOU_GOT_FROM_THE_STEP_ABOVE' \
-d '{"pubkey": "CONTENT_OF_THE_PREVIOUSLY_UPLOADED_PUBLIC_KEY"}' \
https://api.mullvad.net/www/wg-pubkeys/revoke/