Update sandbox egress
Changes outbound network policy for a sandbox. Supported modes:
open— full outbound internet access.deny_all— all outbound connections blocked.restricted— default deny with an allowlist (allowrequired).
Switching between modes may reattach the sandbox to a different network
profile. The response includes network_updated: true when that happens.
Allow a few seconds for the new policy to take effect before probing from
inside the sandbox.
Sandbox must be in status ready.
ready sandbox.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
mode | "open" | "restricted" | "deny_all" | yes | Target egress mode. |
allow | string[] | when mode is restricted | IPv4 addresses, CIDR ranges, or hostnames. Min 1, max 50 entries. Must be omitted for open and deny_all. |
Examples
Response
Returns the updated sandbox record indata, including:
| Field | Type | Description |
|---|---|---|
egress.mode | string | Applied egress mode. |
egress.allow | string[] | Applied allowlist (restricted mode only). |
block_outbound | boolean | Legacy mirror; true when mode is deny_all. |
network_updated | boolean | true when the sandbox was switched to a different network profile. Allow a few seconds before probing connectivity from inside the sandbox. |
Authorizations
Your account-level Brimble API key. Find it in the dashboard under your profile drawer → API key (click the avatar in the sidebar). Available on paid plans only.
Path Parameters
24-char hex id of the sandbox.
^[a-f0-9]{24}$Body
Request body for PUT /sandboxes/{id}/egress.
Outbound network policy for a sandbox.
open— full outbound internet access (default).deny_all— all outbound connections blocked; inbound Brimble API calls still work.restricted— default deny with an allowlist (allowrequired on update).
open, restricted, deny_all Required when mode is restricted; must be omitted otherwise.
1 - 50 elements1 - 253