@lap v0.3
# Machine-readable API spec. Each @endpoint block is one API call.
@api AWS IoT Secure Tunneling
@version 2018-10-05
@auth AWS SigV4
@endpoints 8
@toc root(8)

@endpoint POST /
@desc Closes a tunnel identified by the unique tunnel id. When a CloseTunnel request is received, we close the WebSocket connections between the client and proxy server so no data can be transmitted. Requires permission to access the CloseTunnel action.
@required {tunnelId: str}
@optional {delete: bool}

@endpoint POST /
@desc Gets information about a tunnel identified by the unique tunnel id. Requires permission to access the DescribeTunnel action.
@required {tunnelId: str}
@returns(200) {tunnel: Tunnel?{tunnelId: str?, tunnelArn: str?, status: str?, sourceConnectionState: ConnectionState?{status: str?, lastUpdatedAt: str(timestamp)?}, destinationConnectionState: ConnectionState?{status: str?, lastUpdatedAt: str(timestamp)?}, description: str?, destinationConfig: DestinationConfig?{thingName: str?, services: [str]}, timeoutConfig: TimeoutConfig?{maxLifetimeTimeoutMinutes: int?}, tags: [Tag]?, createdAt: str(timestamp)?, lastUpdatedAt: str(timestamp)?}}

@endpoint POST /
@desc Lists the tags for the specified resource.
@required {resourceArn: str}
@returns(200) {tags: [Tag]?}

@endpoint POST /
@desc List all tunnels for an Amazon Web Services account. Tunnels are listed by creation time in descending order, newer tunnels will be listed before older tunnels. Requires permission to access the ListTunnels action.
@optional {thingName: str, maxResults: int, nextToken: str}
@returns(200) {tunnelSummaries: [TunnelSummary]?, nextToken: str?}

@endpoint POST /
@desc Creates a new tunnel, and returns two client access tokens for clients to use to connect to the IoT Secure Tunneling proxy server. Requires permission to access the OpenTunnel action.
@optional {description: str, tags: [Tag], destinationConfig: DestinationConfig, timeoutConfig: TimeoutConfig}
@returns(200) {tunnelId: str?, tunnelArn: str?, sourceAccessToken: str?, destinationAccessToken: str?}

@endpoint POST /
@desc Revokes the current client access token (CAT) and returns new CAT for clients to use when reconnecting to secure tunneling to access the same tunnel. Requires permission to access the RotateTunnelAccessToken action.  Rotating the CAT doesn't extend the tunnel duration. For example, say the tunnel duration is 12 hours and the tunnel has already been open for 4 hours. When you rotate the access tokens, the new tokens that are generated can only be used for the remaining 8 hours.
@required {tunnelId: str, clientMode: str}
@optional {destinationConfig: DestinationConfig}
@returns(200) {tunnelArn: str?, sourceAccessToken: str?, destinationAccessToken: str?}

@endpoint POST /
@desc A resource tag.
@required {resourceArn: str, tags: [Tag]}

@endpoint POST /
@desc Removes a tag from a resource.
@required {resourceArn: str, tagKeys: [str]}

@end