SSH and SFTP access have always been a major part of how developers connect securely to their WordPress environments at Kinsta.
Over the years, we’ve enhanced these tools with IP allowlists, multiple authentication methods, and fine-grained access controls to strengthen security while maintaining developer flexibility.
Now, we’re extending those same capabilities to the Kinsta API, expanding on our existing SFTP user management endpoints to give you complete programmatic control over SSH and SFTP access.
Let’s review the new endpoints and explore how you can use them to automate SSH and SFTP access across your environments.
Enable or disable SSH/SFTP access
The new /ssh/set-status endpoint lets you programmatically enable or disable SSH and SFTP access for any environment.
This is useful for automating security in deployment workflows. For example, temporarily enabling access while pushing updates, then disabling it once the deployment is complete.
Endpoint:
POST /sites/environments/{env_id}/ssh/set-statusExample request:
curl -i -X POST \
'https://api.kinsta.com/v2/sites/environments/{env_id}/ssh/set-status' \
-H 'Authorization: Bearer ' \
-H 'Content-Type: application/json' \
-d '{ "is_enabled": true }'See full request and response details in the API reference.
Manage authentication methods
You can now also control how users authenticate, whether via SSH keys or username and password.
This gives you more flexibility when managing different types of contributors or external tools that need to connect to your environments.
For example, while your internal team might use SSH key-based authentication exclusively, a temporary collaborator or automated service might need password access for a limited time. With this new API endpoint, you can enable or disable password authentication programmatically and remove it once it’s no longer needed.
Endpoint:
POST /sites/environments/{env_id}/ssh/set-password-statusExample request:
curl -i -X POST \ 'https://api.kinsta.com/v2/sites/environments/{env_id}/ssh/set-password-status' \
-H 'Authorization: Bearer ' \
-H 'Content-Type: application/json' \
-d '{ "is_enabled": true }'See more in the API reference.
Generate and rotate SFTP passwords
Strong password management is critical for secure workflows, especially when multiple developers or automated services access environments.
With this release, you can now generate and retrieve SFTP passwords programmatically, making it easy to automate credential rotation or issue short-term access for deployments or contractors.
Endpoints:
POST /sites/environments/{env_id}/ssh/generate-password
GET /sites/environments/{env_id}/ssh/passwordExample request (generate password):
curl -i -X POST \
'https://api.kinsta.com/v2/sites/environments/{env_id}/ssh/generate-password' \
-H 'Authorization: Bearer 'You can find full request and response examples in the API reference for generating passwords and password retrieval.
Manage IP allowlists
You can now programmatically manage IP allowlists for SSH and SFTP access. This provides a simple way to restrict environment access to only approved networks, helping teams enforce strong security policies without manual updates in MyKinsta.
For example, if your CI/CD runners or office IPs change frequently, your automation can update the allowlist dynamically, allowing only those systems to connect to your environments.
Endpoints:
POST /sites/environments/{env_id}/ssh/set-allowed-ips
GET /sites/environments/{env_id}/ssh/get-allowed-ipsExample request (retrieve allowlist):
curl -i -X GET \
'https://api.kinsta.com/v2/sites/environments/{env_id}/ssh/get-allowed-ips' \
-H 'Authorization: Bearer 'Example response:
{
"environment": {
"active_container": {
"stfp_ip_allowlist": ["127.0.0.1"]
}
}
}You can find complete examples for both retrieving and updating IP allowlists in the API reference.
Define credential expiration intervals
To help teams enforce short-lived credentials and reduce long-term exposure, you can now set SSH/SFTP credential expiration intervals directly through the API.
This allows you to automatically expire access after a defined period, depending on your team’s security policy.
Endpoint:
POST /sites/environments/{env_id}/ssh/change-expiration-intervalExample request:
curl -i -X POST \
'https://api.kinsta.com/v2/sites/environments/{env_id}/ssh/change-expiration-interval' \
-H 'Authorization: Bearer ' \
-H 'Content-Type: application/json' \
-d '{ "interval": "24h" }'You can find detailed examples and available interval options in the API reference.
Retrieve connection details
When managing multiple environments or automating deployments, it’s often useful to quickly fetch the SSH/SFTP connection details without logging in to MyKinsta.
The new /ssh/config endpoint allows you to programmatically retrieve all the necessary information to connect, including host, port, username, and even a ready-to-use SSH command.
Endpoint:
GET /sites/{site_id}/environments/{env_id}/ssh/configExample response:
{
"port": "22",
"host": "example.sftp.kinsta.cloud",
"user": "kinsta_user",
"ssh_command": "ssh [email protected] -p 22"
}You can find complete request and response examples in the Kinsta API reference.
Build secure automation workflows
With these new endpoints, you can fully automate SSH and SFTP access across your environments.
From onboarding developers to rotating credentials and enforcing network policies, the Kinsta API gives you the flexibility to integrate secure connection management into your existing DevOps workflows.
Explore all endpoint details and request examples in the Kinsta API reference.