Palomino docs
Encrypt your traffic on Palomino cloud servers and automate device lifecycle with the Sovereign API.
The Palomino stack
Palomino combines strong VPN encryption with cloud-hosted servers for privacy with receipts — not surveillance.
- Palomino VPN — Commercial Palomino VPN — device provisioning, cloud tunnel endpoints, tunnel health, and signed connection receipts.
- Cloud control plane — Palomino manages billing, device keys, and peer sync to hosted nodes. Your profile works out of the box after signup.
Palomino VPN
Provision devices from Dashboard → Devices. Import your profile into the Palomino app or scan a single-use VPN device QR. Tunnel engage/disengage events appear in Activity with signed receipts.
How cloud VPN works
Sign up, add a device, and import your Palomino profile — Palomino syncs your peer to a hosted server automatically.
- Cloud VPN — Real encryption keys generated per device — not placeholders.
- Cloud VPN — Import your profile in the Palomino app, or scan a single-use VPN QR on mobile.
- Cloud VPN — Revoke a device and the peer is removed from the cloud node within seconds.
QR code types
Palomino uses distinct QR generators for VPN device pairing.
- VPN device QR — Palomino profile for your device. Scan in the Palomino iOS/Android app.
API authentication
Send your API key in the Authorization: Bearer bhp_live_… header or as x-api-key. Create keys in Dashboard → API keys. Rotate after copying — the full secret is shown once.
/api/v1/usageCurrent-month API call quotas versus plan limits.
Plans & limits
| Plan | Devices | Bandwidth | Activity log |
|---|---|---|---|
| Basic | 1 | 10 GB/mo | 30 days |
| Core | 5 | 500 GB/mo | 90 days |
| Sovereign | Unlimited | Unlimited | 365 days |
Errors
- 401 — missing or invalid API key
- 403 — plan limit exceeded or feature not available on tier
- 402 — device limit reached
- 429 — rate limit (retry with backoff)