Tailscale offers an application programming interface (API) to let you automate various aspects of your network.

You can find documentation for the API on GitHub →

Authentication

You need to be an Owner, Admin, IT admin, or Network admin of a tailnet in order to generate an access token.

Requests to the API are authenticated via an access token (sometimes called an API key), which can be generated from the Keys page of the admin console. You can choose the number of days, between 1 and 90 inclusive, for the key expiry. Also note that Tailscale-generated API access tokens are case-sensitive.

This access token will automatically expire after the chosen number of days. If you want to continue using an access token after this access token expires, you need to generate a new access tokens. Access tokens can also be revoked before their expiration. Recently expired and revoked access token are shown on the Keys page.

As an alternative to an access token that has full permission to the Tailscale API, use OAuth clients to provide delegated fine-grained control to the Tailscale API.

More details about authenticating with the API can be found on GitHub.