Endpoint

api.atlasvpn.live:7777
Plain TCP. HTTP/1.1. No TLS in front — the CONNECT itself is plaintext (the TUNNELLED content is already TLS, since you’re CONNECTing to target:443). This matches how every HTTP proxy in the industry operates; it’s not a security compromise.

Request format

CONNECT target.example.com:443 HTTP/1.1
Host: target.example.com:443
Proxy-Authorization: Basic <base64(keyId:secret)>
Proxy-Connection: Keep-Alive

Response format

HTTP/1.1 200 Connection Established

<raw TCP tunnel begins here — your HTTP client sends its own request through it>

Allowed target ports

The gateway enforces a narrow port allowlist to prevent the network from being abused as a generic TCP proxy. If you need a port outside this list, email support@atlasvpn.live with the use case.
PortProtocolStatus
443HTTPS
80HTTP
8080HTTP alt
8443HTTPS alt
All others403 blocked

Sticky-session username suffix

Extends the keyId portion of the username with optional qualifiers. Order matters: country before session. 
avp_live_<hex>[-country-<iso2>][-session-<tag>]
Examples: 
# Pin country = US
curl -x http://avp_live_abc-country-us:secret@api.atlasvpn.live:7777

# Pin session for 10 min (any tag, ≤64 chars, [a-z0-9_-])
curl -x http://avp_live_abc-session-scraper-run-42:secret@api.atlasvpn.live:7777

# Both
curl -x http://avp_live_abc-country-fr-session-scraper-42:secret@api.atlasvpn.live:7777
Session lifetime: 10 minutes from last use. Any request with the same (keyId, session-tag) pair within that window routes through the same exit node. The gateway refreshes the TTL on every use; a session that’s continuously used never expires. Country-only (no session): every request picks a fresh node in that country. Use this when rotating IPs per-request is desired (e.g. scraping a site that rate-limits per-IP).

Response codes

CodeMeaningRetry?
200Tunnel established — begin your request
400Malformed CONNECT lineNo — fix the request
402Bandwidth quota exhausted for current periodNo — upgrade or wait for period reset
403Port not in allowlist, or admin-suspended keyNo — review target port + key status
407Proxy authentication required / invalid authNo — fix credentials
429Rate limit — too many CONNECTs per second for your tierYes, with backoff
502No VPN nodes currently available in requested countryYes, within a few seconds
504Gateway forwarded to a node but node didn’t ACK within 15sYes — usually a slow / blocking target
See Errors for error-body formats and recovery strategies.