diff --git a/agent/access.go b/agent/access.go
index 45a4da66..083381dd 100644
--- a/agent/access.go
+++ b/agent/access.go
@@ -6,6 +6,16 @@ import (
 	"github.com/openziti/zrok/cmd/zrok/subordinate"
 )
 
+type AccessPrivateRequest struct {
+	Token           string
+	BindAddress     string
+	AutoMode        bool
+	AutoAddress     string
+	AutoStartPort   uint16
+	AutoEndPort     uint16
+	ResponseHeaders []string
+}
+
 type access struct {
 	frontendToken   string
 	token           string
diff --git a/agent/accessPrivate.go b/agent/accessPrivate.go
index 5cb9b9ae..75f4034b 100644
--- a/agent/accessPrivate.go
+++ b/agent/accessPrivate.go
@@ -12,14 +12,14 @@ import (
 	"os"
 )
 
-func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPrivateRequest) (*agentGrpc.AccessPrivateResponse, error) {
+func (a *Agent) AccessPrivate(req *AccessPrivateRequest) (frontendToken string, err error) {
 	root, err := environment.LoadRoot()
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 
 	if !root.IsEnabled() {
-		return nil, errors.New("unable to load environment; did you 'zrok enable'?")
+		return "", errors.New("unable to load environment; did you 'zrok enable'?")
 	}
 
 	accCmd := []string{os.Args[0], "access", "private", "--subordinate", "-b", req.BindAddress, req.Token}
@@ -38,7 +38,7 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr
 		autoEndPort:     uint16(req.AutoEndPort),
 		responseHeaders: req.ResponseHeaders,
 		sub:             subordinate.NewMessageHandler(),
-		agent:           i.agent,
+		agent:           a,
 	}
 	acc.sub.MessageHandler = func(msg subordinate.Message) {
 		logrus.Info(msg)
@@ -74,20 +74,36 @@ func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPr
 
 	acc.process, err = proctree.StartChild(acc.sub.Tail, accCmd...)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 
 	<-acc.sub.BootComplete
 
 	if bootErr == nil {
 		go acc.monitor()
-		i.agent.addAccess <- acc
-		return &agentGrpc.AccessPrivateResponse{FrontendToken: acc.frontendToken}, nil
+		a.addAccess <- acc
+		return acc.frontendToken, nil
 
 	} else {
 		if err := proctree.WaitChild(acc.process); err != nil {
 			logrus.Errorf("error joining: %v", err)
 		}
-		return nil, fmt.Errorf("unable to start access: %v", bootErr)
+		return "", fmt.Errorf("unable to start access: %v", bootErr)
+	}
+}
+
+func (i *agentGrpcImpl) AccessPrivate(_ context.Context, req *agentGrpc.AccessPrivateRequest) (*agentGrpc.AccessPrivateResponse, error) {
+	if frontendToken, err := i.agent.AccessPrivate(&AccessPrivateRequest{
+		Token:           req.Token,
+		BindAddress:     req.BindAddress,
+		AutoMode:        req.AutoMode,
+		AutoAddress:     req.AutoAddress,
+		AutoStartPort:   uint16(req.AutoStartPort),
+		AutoEndPort:     uint16(req.AutoEndPort),
+		ResponseHeaders: req.ResponseHeaders,
+	}); err == nil {
+		return &agentGrpc.AccessPrivateResponse{FrontendToken: frontendToken}, nil
+	} else {
+		return nil, err
 	}
 }
diff --git a/agent/releaseAccess.go b/agent/releaseAccess.go
index 86e2f8d2..582ab3ed 100644
--- a/agent/releaseAccess.go
+++ b/agent/releaseAccess.go
@@ -7,13 +7,16 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
-func (i *agentGrpcImpl) ReleaseAccess(_ context.Context, req *agentGrpc.ReleaseAccessRequest) (*agentGrpc.ReleaseAccessResponse, error) {
-	if acc, found := i.agent.accesses[req.FrontendToken]; found {
-		i.agent.rmAccess <- acc
+func (a *Agent) ReleaseAccess(frontendToken string) error {
+	if acc, found := a.accesses[frontendToken]; found {
+		a.rmAccess <- acc
 		logrus.Infof("released access '%v'", acc.frontendToken)
-
 	} else {
-		return nil, errors.Errorf("agent has no access with frontend token '%v'", req.FrontendToken)
+		return errors.Errorf("agent has no access with frontend token '%v'", frontendToken)
 	}
-	return nil, nil
+	return nil
+}
+
+func (i *agentGrpcImpl) ReleaseAccess(_ context.Context, req *agentGrpc.ReleaseAccessRequest) (*agentGrpc.ReleaseAccessResponse, error) {
+	return nil, i.agent.ReleaseAccess(req.FrontendToken)
 }
diff --git a/agent/share.go b/agent/share.go
index d90ad0fb..edc7f146 100644
--- a/agent/share.go
+++ b/agent/share.go
@@ -9,6 +9,32 @@ import (
 	"time"
 )
 
+type SharePrivateRequest struct {
+	Target       string
+	BackendMode  string
+	Insecure     bool
+	Closed       bool
+	AccessGrants []string
+}
+
+type SharePublicRequest struct {
+	Target             string
+	BasicAuth          []string
+	FrontendSelection  []string
+	BackendMode        string
+	Insecure           bool
+	OauthProvider      string
+	OauthCheckInterval string
+	Closed             bool
+	AccessGrants       []string
+}
+
+type ShareReservedRequest struct {
+	Token            string
+	OverrideEndpoint string
+	Insecure         bool
+}
+
 type share struct {
 	token                     string
 	frontendEndpoints         []string