Palomino docs

Encrypt your traffic on Palomino cloud servers and automate device lifecycle with the Sovereign API.

The Palomino stack

Palomino combines strong VPN encryption with cloud-hosted servers for privacy with receipts — not surveillance.

  • Palomino VPNCommercial Palomino VPN — device provisioning, cloud tunnel endpoints, tunnel health, and signed connection receipts.
  • Cloud control planePalomino manages billing, device keys, and peer sync to hosted nodes. Your profile works out of the box after signup.

Palomino VPN

Provision devices from Dashboard → Devices. Import your profile into the Palomino app or scan a single-use VPN device QR. Tunnel engage/disengage events appear in Activity with signed receipts.

How cloud VPN works

Sign up, add a device, and import your Palomino profile — Palomino syncs your peer to a hosted server automatically.

  • Cloud VPNReal encryption keys generated per device — not placeholders.
  • Cloud VPNImport your profile in the Palomino app, or scan a single-use VPN QR on mobile.
  • Cloud VPNRevoke a device and the peer is removed from the cloud node within seconds.

QR code types

Palomino uses distinct QR generators for VPN device pairing.

  • VPN device QRPalomino profile for your device. Scan in the Palomino iOS/Android app.

API authentication

Send your API key in the Authorization: Bearer bhp_live_… header or as x-api-key. Create keys in Dashboard → API keys. Rotate after copying — the full secret is shown once.

GET/api/v1/usage

Current-month API call quotas versus plan limits.

Plans & limits

PlanDevicesBandwidthActivity log
Basic110 GB/mo30 days
Core5500 GB/mo90 days
SovereignUnlimitedUnlimited365 days

Errors

  • 401 — missing or invalid API key
  • 403 — plan limit exceeded or feature not available on tier
  • 402 — device limit reached
  • 429 — rate limit (retry with backoff)