Documentation

KeyRoute Documentation

Learn how to create ephemeral WireGuard tunnels and route all your traffic through dedicated IP addresses in 4 global regions.

Overview

KeyRoute vs KeyFetch - Which Should I Use?

Use KeyFetch when:
  • - You only need HTTP/HTTPS requests
  • - Simpler setup (no WireGuard needed)
  • - Lower latency for web requests
keyfetch.world →
Use KeyRoute when:
  • - You need full network routing (all TCP/UDP)
  • - SSH, databases, or non-HTTP protocols
  • - You need a dedicated IP for your session
You're in the right place!

KeyRoute provides ephemeral WireGuard VPN tunnels for AI agents and automated systems. Unlike HTTP proxies, KeyRoute gives you a full network tunnel - all TCP and UDP traffic from your application routes through our servers.

Each tunnel gets a unique IP address on our subnet (10.100.0.0/16) and routes all traffic through the selected region's public IP. Tunnels are ephemeral - they auto-expire after your specified duration, and you only pay for the seconds used.

Key Features

  • * Full tunnel - All TCP/UDP traffic routed, not just HTTP
  • * Ephemeral - Tunnels last 30 seconds to 1 hour
  • * 4 regions - Frankfurt, Sydney, San Francisco, New York
  • * Pay-per-second - $0.001/second, only pay for usage
  • * WireGuard - Modern, fast, secure VPN protocol

KeyRoute is perfect for scenarios where you need to route all traffic from a specific geographic location - web scraping, testing geo-restricted services, or accessing region-locked APIs.

Authentication

All API requests require a Bearer token from KeyKeeper. Include your token in the Authorization header:

Authorization Header 
Authorization: Bearer YOUR_KEYKEEPER_TOKEN

Keep Your Token Secure

Never expose your API token in client-side code or public repositories. Tunnel costs are billed to your KeyKeeper account.

Creating Tunnels

Create a tunnel by POSTing to /v1/tunnel with your desired region and duration:

Create a Tunnel curl 
# Create a 5-minute tunnel from Frankfurt
curl -X POST https://keyroute.world/v1/tunnel \
  -H "Authorization: Bearer YOUR_KEYKEEPER_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "region": "eu-frankfurt",
    "duration": 300
  }'

Request Parameters

Parameter Type Required Description
region string No Region ID. Default: auto-selects nearest
duration number Yes Duration in seconds (30-3600)

Response

Success Response (200) 
{
  "tunnel_id": "tun_f4b047e273e16b48",
  "region": "eu-frankfurt",
  "wireguard_config": "[Interface]\nPrivateKey = ...",
  "endpoint": "134.122.87.87:51820",
  "client_ip": "10.100.0.2",
  "expires_at": "2024-12-01T19:05:00.000Z"
}

Response Fields

  • tunnel_id - Unique identifier for managing the tunnel
  • region - Region where tunnel was created
  • wireguard_config - Complete WireGuard config to save and use
  • endpoint - Server address and port for WireGuard
  • client_ip - Your assigned IP on the tunnel subnet
  • expires_at - When the tunnel will auto-close

WireGuard Configuration

The API returns a complete WireGuard configuration. Save it to a file and use it with the WireGuard client:

Using the Config (Linux) bash 
# Save the config from API response
echo "$WIREGUARD_CONFIG" > /etc/wireguard/keyroute.conf

# Bring up the tunnel
wg-quick up keyroute

# Verify connection
curl https://api.ipify.org  # Should show tunnel's public IP

# When done, bring down the tunnel
wg-quick down keyroute

Sample WireGuard Config

keyroute.conf 
[Interface]
PrivateKey = <your-generated-private-key>
Address = 10.100.0.2/32
DNS = 1.1.1.1

[Peer]
PublicKey = <server-public-key>
Endpoint = 134.122.87.87:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

macOS

Use the WireGuard app from the App Store or Homebrew:

brew install wireguard-tools

Windows

Download the official WireGuard client:

wireguard.com/install

Programmatic Usage

For automated systems, you can use the wireguard-tools CLI or libraries like python-wireguard to configure tunnels programmatically without manual intervention.

Managing Tunnels

Get Tunnel Status

Check the status and time remaining on a tunnel:

curl https://keyroute.world/v1/tunnel/tun_f4b047e273e16b48 \
  -H "Authorization: Bearer YOUR_TOKEN"

Close Tunnel Early

Delete a tunnel before it expires. You only pay for the time used:

curl -X DELETE https://keyroute.world/v1/tunnel/tun_f4b047e273e16b48 \
  -H "Authorization: Bearer YOUR_TOKEN"

List All Tunnels

Get all active tunnels for your account:

curl https://keyroute.world/v1/tunnels \
  -H "Authorization: Bearer YOUR_TOKEN"

Pro Tip: Always Clean Up

Delete tunnels as soon as you're done to minimize costs. If your process crashes, tunnels auto-expire - you won't be charged beyond the expiration time.

Regions

KeyRoute operates from 4 global regions. Each region has its own public IP address that your traffic will appear to come from.

Frankfurt
Germany
Region ID eu-frankfurt
Country Code DE
WireGuard Port 51820
Sydney
Australia
Region ID ap-sydney
Country Code AU
WireGuard Port 51820
San Francisco
USA
Region ID us-west
Country Code US
WireGuard Port 51820
New York
USA
Region ID us-east
Country Code US
WireGuard Port 51820

If you don't specify a region, KeyRoute will automatically select the nearest server based on your location. For consistent geo-targeting, always specify the region explicitly.

Error Handling

KeyRoute uses standard HTTP status codes. All errors return a JSON body with an error field.

Code Name Description
400 Bad Request Invalid parameters (e.g., duration out of range)
401 Unauthorized Missing or invalid Bearer token
402 Payment Required Insufficient KeyKeeper credits
404 Not Found Tunnel ID does not exist
429 Too Many Requests Rate limit exceeded (100 tunnels/minute)
500 Internal Error Server error - contact support
503 Service Unavailable Region temporarily unavailable
Example Error Response 
{
  "error": "Duration must be between 30 and 3600 seconds"
}

Best Practices

Use Short Durations

Start with the minimum duration you need. You can always create a new tunnel, but you can't extend an existing one. This keeps costs low and ensures fresh connections.

Clean Up After Use

Always DELETE your tunnel when you're done. Even though tunnels auto-expire, cleaning up immediately saves money and frees resources.

Handle Errors Gracefully

If tunnel creation fails, retry with exponential backoff. If a region is unavailable (503), try a different region. Your code should handle cases where the tunnel expires unexpectedly.

Use Specific Regions

If you need traffic from a specific country, always specify the region explicitly rather than relying on auto-selection. This ensures consistent behavior.

Consider KeyFetch for HTTP-Only

If you only need to make HTTP requests (no other TCP/UDP traffic), consider using KeyFetch instead. It's simpler and doesn't require WireGuard setup.

Ready to start tunneling?

Get your API key from KeyKeeper and create your first tunnel in seconds.

Get API Key API Reference