Sign in Get API keys
Documentation

QuickZTNA Documentation

QuickZTNA is a post-quantum-encrypted Zero Trust mesh VPN. One agent per device, one install command per fleet, identity-based ACLs, and ML-KEM-768 on every tunnel. Start anywhere in the docs — quickstart for speed, API for depth.

Ship 100 devices in 2 minutes Issue one auth key → pipe the installer via MDM / Ansible / cloud-init → your entire workforce joins the tailnet with hybrid X25519 + ML-KEM-768 tunnels. See the quickstart.

Explore

Quickstart

100 devices on an encrypted mesh in 2 minutes. Auth key → install command → done.

API Reference

57 REST endpoints. Action-based dispatch, JWT + API key auth, examples in 6 languages.

CLI Reference

The ztna command: login, up, down, status, peers, ping, netcheck, diag.

Core concepts

ZTNA, ABAC, PQC, DERP, WireGuard, MagicDNS, tailnet, tags — defined.

Architecture

Control plane + data plane, PQC hybrid key exchange, DERP relays, multi-tenant model.

Security

Cryptographic commitments, threat model, auth model, audit trail, compliance.

Features by plan

Full feature matrix — what's on Free, Business, Workforce. Handler + feature key for each.

Pricing

Free forever for 100 devices. Business $10/mo · 60-day trial. Workforce on request.

What QuickZTNA is

QuickZTNA consolidates your VPN, SSO gateway, and secrets manager into a single agent. Every peer-to-peer tunnel is wrapped in hybrid X25519 + ML-KEM-768 key exchange (FIPS 203) — so stored traffic stays safe even if classical elliptic curves fall to a quantum computer tomorrow. The same agent delivers identity-based ACLs, device posture checks, JIT access, session recording, and workforce analytics on paid plans.

The control plane speaks REST + WebSocket. The data plane is WireGuard peer-to-peer with four global DERP relays (BLR, NYC, LON, SFO) when NAT traversal fails. No hardware appliances. No public IPs. No firewall-change tickets.

Where to start

  • Building something? Go to Quickstart — you'll have 100 devices connected before the kettle boils.
  • Writing automation? Head to API Reference — 57 endpoints, action-based dispatch, full curl/Node/Python/Go/CLI/Terraform examples.
  • Running it daily? The CLI reference covers ztna login, up, down, status, peers, ping, netcheck, diag.
  • Doing a security review? Start with Security — threat model, crypto commitments, audit trail, compliance policies.
  • Evaluating plans? See Features and Pricing — honest feature matrix, real limits, no coming-soon shelf.