AACFlow

Tailscale

Geräte und Netzwerkeinstellungen in deinem Tailscale-Tailnet verwalten

Overview

Tailscale is a zero-config mesh VPN built on WireGuard that makes it easy to connect devices, services, and users across any network. The Tailscale block lets you automate network management tasks like device provisioning, access control, route management, and DNS configuration directly from your AACFlow workflows.

Authentication

The Tailscale block uses API key authentication. To get an API key:

  1. Go to the Tailscale admin console
  2. Navigate to Settings > Keys
  3. Click Generate API key
  4. Set an expiry (1-90 days) and copy the key (starts with tskey-api-)

You must have an Owner, Admin, IT admin, or Network admin role to generate API keys.

Tailnet Identifier

Every operation requires a tailnet parameter. This is typically your organization's domain name (e.g., example.com). You can also use "-" to refer to your default tailnet.

Common Use Cases

  • Device inventory: List and monitor all devices connected to your network
  • Automated provisioning: Create and manage auth keys to pre-authorize new devices
  • Access control: Authorize or deauthorize devices, manage device tags for ACL policies
  • Route management: View and enable subnet routes for devices acting as subnet routers
  • DNS management: Configure nameservers, MagicDNS, and search paths
  • Key lifecycle: Create, list, inspect, and revoke auth keys
  • User auditing: List all users in the tailnet and their roles
  • Policy review: Retrieve the current ACL policy for inspection or backup

Nutzungsanleitung

Interact with the Tailscale API to manage devices, DNS, ACLs, auth keys, users, and routes across your tailnet.

Tools

tailscale_list_devices

List all devices in the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default

Ausgabe

ParameterTypBeschreibung
devicesarrayList of devices in the tailnet
idstringDevice ID
namestringDevice name
hostnamestringDevice hostname
userstringAssociated user
osstringOperating system
clientVersionstringTailscale client version
addressesarrayTailscale IP addresses
tagsarrayDevice tags
authorizedbooleanWhether the device is authorized
blocksIncomingConnectionsbooleanWhether the device blocks incoming connections
lastSeenstringLast seen timestamp
createdstringCreation timestamp
countnumberTotal number of devices

tailscale_get_device

Get details of a specific device by ID

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
deviceIdstringJaDevice ID

Ausgabe

ParameterTypBeschreibung
idstringDevice ID
namestringDevice name
hostnamestringDevice hostname
userstringAssociated user
osstringOperating system
clientVersionstringTailscale client version
addressesarrayTailscale IP addresses
tagsarrayDevice tags
authorizedbooleanWhether the device is authorized
blocksIncomingConnectionsbooleanWhether the device blocks incoming connections
lastSeenstringLast seen timestamp
createdstringCreation timestamp
isExternalbooleanWhether the device is external
updateAvailablebooleanWhether an update is available
machineKeystringMachine key
nodeKeystringNode key

tailscale_delete_device

Remove a device from the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
deviceIdstringJaDevice ID to delete

Ausgabe

ParameterTypBeschreibung
successbooleanWhether the device was successfully deleted
deviceIdstringID of the deleted device

tailscale_authorize_device

Authorize or deauthorize a device on the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
deviceIdstringJaDevice ID to authorize
authorizedbooleanJaWhether to authorize (true) or deauthorize (false) the device

Ausgabe

ParameterTypBeschreibung
successbooleanWhether the operation succeeded
deviceIdstringDevice ID
authorizedbooleanAuthorization status after the operation

tailscale_set_device_tags

Set tags on a device in the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
deviceIdstringJaDevice ID
tagsstringJaComma-separated list of tags (e.g., "tag:server,tag:production")

Ausgabe

ParameterTypBeschreibung
successbooleanWhether the tags were successfully set
deviceIdstringDevice ID
tagsarrayTags set on the device

tailscale_get_device_routes

Get the subnet routes for a device

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
deviceIdstringJaDevice ID

Ausgabe

ParameterTypBeschreibung
advertisedRoutesarraySubnet routes the device is advertising
enabledRoutesarraySubnet routes that are approved/enabled

tailscale_set_device_routes

Set the enabled subnet routes for a device

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
deviceIdstringJaDevice ID
routesstringJaComma-separated list of subnet routes to enable (e.g., "10.0.0.0/24,192.168.1.0/24")

Ausgabe

ParameterTypBeschreibung
advertisedRoutesarraySubnet routes the device is advertising
enabledRoutesarraySubnet routes that are now enabled

tailscale_update_device_key

Enable or disable key expiry on a device

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
deviceIdstringJaDevice ID
keyExpiryDisabledbooleanJaWhether to disable key expiry (true) or enable it (false)

Ausgabe

ParameterTypBeschreibung
successbooleanWhether the operation succeeded
deviceIdstringDevice ID
keyExpiryDisabledbooleanWhether key expiry is now disabled

tailscale_list_dns_nameservers

Get the DNS nameservers configured for the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default

Ausgabe

ParameterTypBeschreibung
dnsarrayList of DNS nameserver addresses
magicDNSbooleanWhether MagicDNS is enabled

tailscale_set_dns_nameservers

Set the DNS nameservers for the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
dnsstringJaComma-separated list of DNS nameserver IP addresses (e.g., "8.8.8.8,8.8.4.4")

Ausgabe

ParameterTypBeschreibung
dnsarrayUpdated list of DNS nameserver addresses
magicDNSbooleanWhether MagicDNS is enabled

tailscale_get_dns_preferences

Get the DNS preferences for the tailnet including MagicDNS status

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default

Ausgabe

ParameterTypBeschreibung
magicDNSbooleanWhether MagicDNS is enabled

tailscale_set_dns_preferences

Set DNS preferences for the tailnet (enable/disable MagicDNS)

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
magicDNSbooleanJaWhether to enable (true) or disable (false) MagicDNS

Ausgabe

ParameterTypBeschreibung
magicDNSbooleanUpdated MagicDNS status

tailscale_get_dns_searchpaths

Get the DNS search paths configured for the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default

Ausgabe

ParameterTypBeschreibung
searchPathsarrayList of DNS search path domains

tailscale_set_dns_searchpaths

Set the DNS search paths for the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
searchPathsstringJaComma-separated list of DNS search path domains (e.g., "corp.example.com,internal.example.com")

Ausgabe

ParameterTypBeschreibung
searchPathsarrayUpdated list of DNS search path domains

tailscale_list_users

List all users in the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default

Ausgabe

ParameterTypBeschreibung
usersarrayList of users in the tailnet
idstringUser ID
displayNamestringDisplay name
loginNamestringLogin name / email
profilePicURLstringProfile picture URL
rolestringUser role (owner, admin, member, etc.)
statusstringUser status (active, suspended, etc.)
typestringUser type (member, shared, tagged)
createdstringCreation timestamp
lastSeenstringLast seen timestamp
deviceCountnumberNumber of devices owned by user
countnumberTotal number of users

tailscale_create_auth_key

Create a new auth key for the tailnet to pre-authorize devices

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
reusablebooleanNeinWhether the key can be used more than once
ephemeralbooleanNeinWhether devices authenticated with this key are ephemeral
preauthorizedbooleanNeinWhether devices are pre-authorized (skip manual approval)
tagsstringNeinComma-separated list of tags for devices using this key (e.g., "tag:server,tag:prod")
descriptionstringNeinDescription for the auth key
expirySecondsnumberNeinKey expiry time in seconds (default: 90 days)

Ausgabe

ParameterTypBeschreibung
idstringAuth key ID
keystringThe auth key value (only shown once at creation)
descriptionstringKey description
createdstringCreation timestamp
expiresstringExpiration timestamp
revokedstringRevocation timestamp (empty if not revoked)
capabilitiesobjectKey capabilities
reusablebooleanWhether the key is reusable
ephemeralbooleanWhether devices are ephemeral
preauthorizedbooleanWhether devices are pre-authorized
tagsarrayTags applied to devices using this key

tailscale_list_auth_keys

List all auth keys in the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default

Ausgabe

ParameterTypBeschreibung
keysarrayList of auth keys
idstringAuth key ID
descriptionstringKey description
createdstringCreation timestamp
expiresstringExpiration timestamp
revokedstringRevocation timestamp
capabilitiesobjectKey capabilities
reusablebooleanWhether the key is reusable
ephemeralbooleanWhether devices are ephemeral
preauthorizedbooleanWhether devices are pre-authorized
tagsarrayTags applied to devices
countnumberTotal number of auth keys

tailscale_get_auth_key

Get details of a specific auth key

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
keyIdstringJaAuth key ID

Ausgabe

ParameterTypBeschreibung
idstringAuth key ID
descriptionstringKey description
createdstringCreation timestamp
expiresstringExpiration timestamp
revokedstringRevocation timestamp
capabilitiesobjectKey capabilities
reusablebooleanWhether the key is reusable
ephemeralbooleanWhether devices are ephemeral
preauthorizedbooleanWhether devices are pre-authorized
tagsarrayTags applied to devices using this key

tailscale_delete_auth_key

Revoke and delete an auth key

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default
keyIdstringJaAuth key ID to delete

Ausgabe

ParameterTypBeschreibung
successbooleanWhether the auth key was successfully deleted
keyIdstringID of the deleted auth key

tailscale_get_acl

Get the current ACL policy for the tailnet

Eingabe

ParameterTypErforderlichBeschreibung
apiKeystringJaTailscale API key
tailnetstringJaTailnet name (e.g., example.com) or "-" for default

Ausgabe

ParameterTypBeschreibung
aclstringACL policy as JSON string
etagstringETag for the current ACL version (use with If-Match header for updates)
TableTavily

On this page

Overview
Authentication
Tailnet Identifier
Common Use Cases
Nutzungsanleitung
Tools
tailscale_list_devices
Eingabe
Ausgabe
tailscale_get_device
Eingabe
Ausgabe
tailscale_delete_device
Eingabe
Ausgabe
tailscale_authorize_device
Eingabe
Ausgabe
tailscale_set_device_tags
Eingabe
Ausgabe
tailscale_get_device_routes
Eingabe
Ausgabe
tailscale_set_device_routes
Eingabe
Ausgabe
tailscale_update_device_key
Eingabe
Ausgabe
tailscale_list_dns_nameservers
Eingabe
Ausgabe
tailscale_set_dns_nameservers
Eingabe
Ausgabe
tailscale_get_dns_preferences
Eingabe
Ausgabe
tailscale_set_dns_preferences
Eingabe
Ausgabe
tailscale_get_dns_searchpaths
Eingabe
Ausgabe
tailscale_set_dns_searchpaths
Eingabe
Ausgabe
tailscale_list_users
Eingabe
Ausgabe
tailscale_create_auth_key
Eingabe
Ausgabe
tailscale_list_auth_keys
Eingabe
Ausgabe
tailscale_get_auth_key
Eingabe
Ausgabe
tailscale_delete_auth_key
Eingabe
Ausgabe
tailscale_get_acl
Eingabe
Ausgabe
Heute mit dem Aufbau beginnen
Über 100 000 Entwickler vertrauen uns.
Die SaaS-Plattform zum Aufbau von KI-Agenten und für Ihre agentische Belegschaft.
Loslegen