API Reference

Overview

The Shardlyn API is a RESTful HTTP API with WebSocket support for real-time features.


Base URL	`https://api.shardlyn.com`
Content-Type	`application/json`
Protocol	HTTPS (TLS 1.2+)

Authentication

JWT Authentication

Most endpoints require JWT authentication. Include the token in the Authorization header:

Authorization: Bearer <access_token>

Access tokens expire after 15 minutes. Use the refresh endpoint to get a new one.

API Token Authentication

For programmatic access, use an API token (created in Settings > API Tokens):

Authorization: Bearer shardlyn_api_...

Agent Authentication

Agents use a separate token via the X-Agent-Token header. This is internal and not intended for user use.

Auth Badges

Throughout this reference, endpoints are marked with:

Badge	Meaning
🔒 JWT	Requires JWT access token
🔑 API Token	Accepts API token authentication
🌐 Public	No authentication required
👑 Admin	Requires admin role

Auth Endpoints

Authentication, registration, OAuth, and password reset.

Method	Path	Description	Auth
POST	`/v1/auth/login`	Authenticate user	🌐 Public
POST	`/v1/auth/register`	Register new user	🌐 Public
POST	`/v1/auth/refresh`	Refresh access token	🌐 Public
POST	`/v1/auth/forgot-password`	Request password reset	🌐 Public
POST	`/v1/auth/reset-password`	Reset password with token	🌐 Public
GET	`/v1/auth/github`	Redirect to GitHub OAuth	🌐 Public
GET	`/v1/auth/github/callback`	GitHub OAuth callback	🌐 Public
GET	`/v1/auth/bootstrap/status`	Check if bootstrap needed	🌐 Public
POST	`/v1/auth/bootstrap`	Create initial admin user	🌐 Public

POST /v1/auth/login — Authenticate and receive tokens 🌐

Request / Response

Request:

json

{
  "email": "[email protected]",
  "password": "your-password"
}

Response: 200 OK

json

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIs...",
  "expires_in": 900,
  "token_type": "Bearer"
}

If MFA is enabled, returns mfa_required: true with a challenge token. Submit the TOTP code via /v1/auth/mfa/challenge.

Register

POST /v1/auth/register — Create a new account 🌐

Request / Response

Request:

json

{
  "email": "[email protected]",
  "password": "secure-password"
}

Response: 201 Created

Refresh Token

POST /v1/auth/refresh — Get a new access token 🌐

Request / Response

Request:

json

{
  "refresh_token": "eyJhbGciOiJIUzI1NiIs..."
}

Response: 200 OK — Same format as login response.

Forgot / Reset Password

POST /v1/auth/forgot-password — Request a password reset email 🌐

json

{ "email": "[email protected]" }

POST /v1/auth/reset-password — Reset password using token 🌐

json

{ "token": "reset-token", "new_password": "new-password" }

GitHub OAuth

GET /v1/auth/github — Redirects to GitHub for OAuth authorization 🌐

GET /v1/auth/github/callback — Handles the OAuth callback from GitHub 🌐

Bootstrap (First Setup)

GET /v1/auth/bootstrap/status — Check if the platform needs initial setup 🌐

POST /v1/auth/bootstrap — Create the initial admin user 🌐

MFA Endpoints

Multi-factor authentication enrollment, verification, and challenge.

Method	Path	Description	Auth
GET	`/v1/auth/mfa/status`	Check MFA status	🔒 JWT
POST	`/v1/auth/mfa/enroll`	Start MFA enrollment	🔒 JWT
POST	`/v1/auth/mfa/verify`	Verify TOTP enrollment	🔒 JWT
POST	`/v1/auth/mfa/disable`	Disable MFA	🔒 JWT
POST	`/v1/auth/mfa/challenge`	Submit TOTP during login	🌐 Public

MFA Status

GET /v1/auth/mfa/status — Check if MFA is enabled 🔒

Response:

json

{ "enabled": false }

Enroll

POST /v1/auth/mfa/enroll — Begin MFA enrollment 🔒

Response

json

{
  "secret": "JBSWY3DPEHPK3PXP",
  "otpauth_uri": "otpauth://totp/Shardlyn:[email protected]?..."
}

Use the otpauth_uri to generate a QR code for authenticator apps.

Verify / Disable / Challenge

POST /v1/auth/mfa/verify — Confirm enrollment with a TOTP code 🔒

POST /v1/auth/mfa/disable — Disable MFA (requires TOTP code) 🔒

POST /v1/auth/mfa/challenge — Submit TOTP code during login 🌐

Rate Limit

MFA endpoints are rate limited to 5 attempts per minute.

User Endpoints

User profile and management.

Method	Path	Description	Auth
GET	`/v1/users/me`	Get current user	🔒 JWT
POST	`/v1/users/me/password`	Update password	🔒 JWT
GET	`/v1/users`	List users	👑 Admin
POST	`/v1/users`	Create user	👑 Admin
GET	`/v1/users/{id}`	Get user	👑 Admin
DELETE	`/v1/users/{id}`	Delete user	👑 Admin

API Token Endpoints

Programmatic access tokens for CI/CD and automation.

Method	Path	Description	Auth
GET	`/v1/api-tokens`	List tokens	🔒 JWT
POST	`/v1/api-tokens`	Create token	🔒 JWT
DELETE	`/v1/api-tokens/{id}`	Delete token	🔒 JWT

Create Token

POST /v1/api-tokens — Create a new API token 🔒

Request / Response

Request:

json

{
  "name": "github-actions",
  "expires_in": 2592000
}

Response: 201 Created

json

{
  "id": "uuid",
  "name": "github-actions",
  "token": "shardlyn_api_abc123...",
  "expires_at": "2026-03-01T00:00:00Z",
  "created_at": "2026-01-31T00:00:00Z"
}

WARNING

The token value is only returned once at creation. Store it securely.

Node Endpoints

Node registration, lifecycle management, power control, firewall, inventory, and monitoring.

CRUD

Method	Path	Description	Auth
GET	`/v1/nodes`	List nodes	🔒 JWT
GET	`/v1/nodes/{id}`	Get node details	🔒 JWT
PUT	`/v1/nodes/{id}`	Update node	🔒 JWT
DELETE	`/v1/nodes/{id}`	Delete node	🔒 JWT
POST	`/v1/nodes/register-token`	Create registration token	🔒 JWT

Lifecycle

Method	Path	Description	Auth
POST	`/v1/nodes/{id}/cordon`	Disable scheduling	🔒 JWT
POST	`/v1/nodes/{id}/uncordon`	Re-enable scheduling	🔒 JWT
POST	`/v1/nodes/{id}/drain`	Evict all instances	🔒 JWT
POST	`/v1/nodes/{id}/migrate`	Migrate instances to another node	🔒 JWT

Power Management (Provisioned Nodes)

Method	Path	Description	Auth
POST	`/v1/nodes/{id}/power/start`	Start server	🔒 JWT
POST	`/v1/nodes/{id}/power/stop`	Stop server	🔒 JWT
POST	`/v1/nodes/{id}/power/reboot`	Reboot server	🔒 JWT
GET	`/v1/nodes/{id}/power/status`	Get power status	🔒 JWT
POST	`/v1/nodes/{id}/resize`	Resize server	🔒 JWT

Firewall (Provisioned Nodes)

Method	Path	Description	Auth
GET	`/v1/nodes/{id}/firewall/rules`	List rules	🔒 JWT
POST	`/v1/nodes/{id}/firewall/rules`	Add rule	🔒 JWT
DELETE	`/v1/nodes/{id}/firewall/rules`	Remove rule	🔒 JWT

Inventory

Method	Path	Description	Auth
GET	`/v1/nodes/{id}/inventory`	Full inventory	🔒 JWT
GET	`/v1/nodes/{id}/inventory/system`	System info	🔒 JWT
GET	`/v1/nodes/{id}/inventory/network`	Network interfaces	🔒 JWT
GET	`/v1/nodes/{id}/inventory/disks`	Disk info	🔒 JWT
GET	`/v1/nodes/{id}/inventory/users`	System users	🔒 JWT
GET	`/v1/nodes/{id}/inventory/processes`	Running processes	🔒 JWT
GET	`/v1/nodes/{id}/inventory/containers`	Docker containers	🔒 JWT

Monitoring

Method	Path	Description	Auth
GET	`/v1/nodes/{id}/metrics/history`	Metrics history	🔒 JWT
GET	`/v1/nodes/{id}/terminal`	WebSocket terminal	🔒 JWT
GET	`/v1/nodes/{id}/ssh`	WebSocket SSH (uses CA)	🔒 JWT

Container Management (on Node)

Method	Path	Description	Auth
GET	`/v1/nodes/{id}/containers/{containerId}/logs`	Stream logs	🔒 JWT
POST	`/v1/nodes/{id}/containers/{containerId}/start`	Start container	🔒 JWT
POST	`/v1/nodes/{id}/containers/{containerId}/stop`	Stop container	🔒 JWT
POST	`/v1/nodes/{id}/containers/{containerId}/restart`	Restart container	🔒 JWT
POST	`/v1/nodes/{id}/containers/{containerId}/kill`	Kill container	🔒 JWT
POST	`/v1/nodes/{id}/processes/{pid}/kill`	Kill process	🔒 JWT

Workload Endpoints

Workload definitions, templates, and import/export.

Method	Path	Description	Auth
GET	`/v1/workloads`	List workloads	🔒 JWT
POST	`/v1/workloads`	Create workload	🔒 JWT
GET	`/v1/workloads/{id}`	Get workload	🔒 JWT
PUT	`/v1/workloads/{id}`	Update workload	🔒 JWT
DELETE	`/v1/workloads/{id}`	Delete workload	🔒 JWT
GET	`/v1/workloads/{id}/export`	Export workload	🔒 JWT
POST	`/v1/workloads/from-template`	Create from workload template	🔒 JWT
POST	`/v1/workloads/import-egg`	Import Pterodactyl egg	🔒 JWT

Instance Endpoints

Instance lifecycle, files, console, backups, and git deploy.

CRUD & Lifecycle

Method	Path	Description	Auth
GET	`/v1/instances`	List instances	🔒 JWT
POST	`/v1/instances`	Create instance	🔒 JWT
GET	`/v1/instances/{id}`	Get instance	🔒 JWT
PUT	`/v1/instances/{id}`	Update instance	🔒 JWT
DELETE	`/v1/instances/{id}`	Delete instance	🔒 JWT
POST	`/v1/instances/{id}/start`	Start	🔒 JWT
POST	`/v1/instances/{id}/stop`	Stop	🔒 JWT
POST	`/v1/instances/{id}/restart`	Restart	🔒 JWT
POST	`/v1/instances/{id}/kill`	Kill (SIGKILL)	🔒 JWT

Stats & Monitoring

Method	Path	Description	Auth
GET	`/v1/instances/{id}/stats`	Real-time stats	🔒 JWT
GET	`/v1/instances/{id}/metrics/history`	Metrics history	🔒 JWT

File Management

Method	Path	Description	Auth
GET	`/v1/instances/{id}/files`	List files	🔒 JWT
GET	`/v1/instances/{id}/files/content`	Read file	🔒 JWT
PUT	`/v1/instances/{id}/files/content`	Write file	🔒 JWT
DELETE	`/v1/instances/{id}/files`	Delete file	🔒 JWT
GET	`/v1/instances/{id}/files/download`	Download file	🔒 JWT
POST	`/v1/instances/{id}/files/upload`	Upload (multipart)	🔒 JWT
POST	`/v1/instances/{id}/files/tus`	Upload (TUS resumable)	🔒 JWT
POST	`/v1/instances/{id}/files/mkdir`	Create directory	🔒 JWT
POST	`/v1/instances/{id}/files/move`	Move/rename	🔒 JWT
GET	`/v1/instances/{id}/files/download-zip`	Download directory as zip	🔒 JWT

Console & Logs

Method	Path	Description	Auth
GET	`/v1/instances/{id}/logs`	WebSocket: live logs	🔒 JWT
GET	`/v1/instances/{id}/console`	WebSocket: interactive console	🔒 JWT
GET	`/v1/instances/{id}/install-logs`	Install/startup logs	🔒 JWT
GET	`/v1/instances/{id}/logs/history`	Log history	🔒 JWT
GET	`/v1/instances/{id}/logs/download`	Download logs	🔒 JWT
DELETE	`/v1/instances/{id}/logs/clear`	Clear logs	👑 Admin

Backups

Method	Path	Description	Auth
GET	`/v1/instances/{id}/backups`	List backups	🔒 JWT
POST	`/v1/instances/{id}/backups`	Create backup	🔒 JWT
GET	`/v1/instances/{id}/backups/{bid}/download`	Download backup	🔒 JWT
POST	`/v1/instances/{id}/backups/{bid}/restore`	Restore backup	🔒 JWT
DELETE	`/v1/instances/{id}/backups/{bid}`	Delete backup	🔒 JWT

Git Deploy

Method	Path	Description	Auth
GET	`/v1/instances/{id}/git`	Get git config	🔒 JWT
PUT	`/v1/instances/{id}/git`	Create/update config	🔒 JWT
DELETE	`/v1/instances/{id}/git`	Delete config	🔒 JWT
POST	`/v1/instances/{id}/git/sync`	Trigger sync	🔒 JWT
GET	`/v1/instances/{id}/git/status`	Sync status	🔒 JWT
GET	`/v1/instances/{id}/git/history`	Sync history	🔒 JWT

Provisioning Endpoints

Cloud server provisioning with Terraform.

Method	Path	Description	Auth
GET	`/v1/provision`	List provision requests	🔒 JWT
POST	`/v1/provision`	Create request	🔒 JWT
GET	`/v1/provision/{id}`	Get request	🔒 JWT
POST	`/v1/provision/{id}/plan`	Generate Terraform plan	🔒 JWT
POST	`/v1/provision/{id}/apply`	Apply plan	🔒 JWT
DELETE	`/v1/provision/{id}`	Delete/destroy	🔒 JWT
GET	`/v1/provision/providers`	List available providers	🔒 JWT

Create Provision Request

POST /v1/provision — Provision a new cloud server 🔒

Request / Response

Request:

json

{
  "provider": "hetzner",
  "region": "fsn1",
  "instance_type": "cx31",
  "name": "game-node-1"
}

Response: 201 Created — Returns the provision request with status pending.

Planner Endpoints

Capacity planning and workload template recommendations.

Method	Path	Description	Auth
POST	`/v1/planner/recommend`	General recommendations	🔒 JWT
POST	`/v1/planner/suggest-fit`	Find best node for workload	🔒 JWT
GET	`/v1/planner/pricing`	Provider pricing data	🔒 JWT
GET	`/v1/planner/templates`	Supported workload templates	🔒 JWT
POST	`/v1/planner/recommend-for-template`	Recommendation for specific template	🔒 JWT

Credentials Endpoints

Cloud provider credential management.

Method	Path	Description	Auth
GET	`/v1/credentials`	List credentials	🔒 JWT
POST	`/v1/credentials`	Create credential	🔒 JWT
GET	`/v1/credentials/{id}`	Get credential	🔒 JWT
PUT	`/v1/credentials/{id}`	Update credential	🔒 JWT
DELETE	`/v1/credentials/{id}`	Delete credential	🔒 JWT
POST	`/v1/credentials/{id}/default`	Set as default	🔒 JWT
POST	`/v1/credentials/{id}/verify`	Verify connectivity	🔒 JWT

Supported providers: aws, gcp, hetzner, oci, cloudflare, steam

DNS Endpoints

DNS zone and record management via cloud provider APIs.

Method	Path	Description	Auth
GET	`/v1/dns/zones`	List zones	🔒 JWT
GET	`/v1/dns/zones/{zoneId}/records`	List zone records	🔒 JWT
GET	`/v1/dns/records`	List all records	🔒 JWT
POST	`/v1/dns/records`	Create record	🔒 JWT
PUT	`/v1/dns/records/{id}`	Update record	🔒 JWT
DELETE	`/v1/dns/records/{id}`	Delete record	🔒 JWT
GET	`/v1/dns/auto-config`	Get auto-DNS config	🔒 JWT
PUT	`/v1/dns/auto-config`	Update auto-DNS config	🔒 JWT

Create DNS Record

POST /v1/dns/records — Create a DNS record 🔒

Request / Response

Request:

json

{
  "credential_id": "uuid",
  "zone_id": "zone-id",
  "type": "A",
  "name": "mc",
  "content": "203.0.113.10",
  "ttl": 300,
  "node_id": "optional-uuid"
}

Response: 201 Created

SSH Certificate Authority Endpoints

SSH CA key management and certificate signing.

Method	Path	Description	Auth
GET	`/v1/ssh/ca-public-key`	Get CA public key	🌐 Public
POST	`/v1/ssh/certificate`	Generate signed certificate	🔒 JWT
GET	`/v1/ssh/certificates`	List certificates	🔒 JWT
GET	`/v1/ssh/certificates/{id}`	Get certificate	🔒 JWT
POST	`/v1/ssh/certificates/{id}/revoke`	Revoke certificate	🔒 JWT
GET	`/v1/ssh/ca/keys`	List CA keys	👑 Admin
POST	`/v1/ssh/ca/keys`	Generate CA key	👑 Admin
POST	`/v1/ssh/ca/keys/rotate`	Rotate CA key	👑 Admin

Generate Certificate

POST /v1/ssh/certificate — Generate a signed SSH certificate 🔒

Request / Response

Request:

json

{
  "public_key": "ssh-ed25519 AAAA...",
  "principals": ["root", "shardlyn"],
  "validity_hours": 8,
  "node_id": "optional-uuid"
}

Response: 200 OK

json

{
  "certificate": "[email protected] ...",
  "serial_number": "123456",
  "valid_after": "2026-01-31T12:00:00Z",
  "valid_before": "2026-01-31T20:00:00Z",
  "principals": ["root", "shardlyn"]
}

Alert Endpoints

Alert management and alert rule configuration.

Alerts

Method	Path	Description	Auth
GET	`/v1/alerts`	List alerts	🔒 JWT
GET	`/v1/alerts/unread-count`	Unread count	🔒 JWT
GET	`/v1/alerts/{id}`	Get alert	🔒 JWT
POST	`/v1/alerts/{id}/ack`	Acknowledge alert	🔒 JWT

Alert Rules

Method	Path	Description	Auth
GET	`/v1/alerts/rules`	List rules	🔒 JWT
POST	`/v1/alerts/rules`	Create rule	🔒 JWT
GET	`/v1/alerts/rules/{id}`	Get rule	🔒 JWT
PUT	`/v1/alerts/rules/{id}`	Update rule	🔒 JWT
DELETE	`/v1/alerts/rules/{id}`	Delete rule	🔒 JWT

Create Alert Rule

POST /v1/alerts/rules — Create an alert rule 🔒

Request / Response

Request:

json

{
  "name": "High CPU",
  "target_type": "node",
  "target_id": "uuid",
  "metric": "cpu_usage",
  "operator": "gt",
  "threshold": 90,
  "duration_seconds": 300,
  "severity": "warn",
  "notify_in_app": true,
  "notify_email": true,
  "cooldown_seconds": 600
}

Response: 201 Created

Integration Endpoints

Third-party integrations (Discord, Slack, etc.).

Method	Path	Description	Auth
GET	`/v1/integrations`	List integrations	🔒 JWT
GET	`/v1/integrations/types`	Available types	🔒 JWT
POST	`/v1/integrations`	Create integration	🔒 JWT
GET	`/v1/integrations/{id}`	Get integration	🔒 JWT
PUT	`/v1/integrations/{id}`	Update integration	🔒 JWT
DELETE	`/v1/integrations/{id}`	Delete integration	🔒 JWT
POST	`/v1/integrations/{id}/test`	Test integration	🔒 JWT

Organization Endpoints

Organization management, member roles, and invitations.

Organizations

Method	Path	Description	Auth
GET	`/v1/organizations`	List organizations	🔒 JWT
POST	`/v1/organizations`	Create organization	🔒 JWT
GET	`/v1/organizations/{orgId}`	Get organization	🔒 JWT
PUT	`/v1/organizations/{orgId}`	Update organization	🔒 JWT
DELETE	`/v1/organizations/{orgId}`	Delete organization	🔒 JWT

Members

Method	Path	Description	Auth
GET	`/v1/organizations/{orgId}/members`	List members	🔒 JWT
POST	`/v1/organizations/{orgId}/members/invite`	Invite member	🔒 JWT
DELETE	`/v1/organizations/{orgId}/members/{userId}`	Remove member	🔒 JWT
PUT	`/v1/organizations/{orgId}/members/{userId}/role`	Update role	🔒 JWT
GET	`/v1/organizations/{orgId}/members/{userId}/permissions`	Get permissions	🔒 JWT
POST	`/v1/organizations/{orgId}/members/{userId}/permissions`	Set permission	🔒 JWT
DELETE	`/v1/organizations/{orgId}/members/{userId}/permissions/{key}`	Remove permission	🔒 JWT

Invites

Method	Path	Description	Auth
GET	`/v1/organizations/{orgId}/invites`	List invites	🔒 JWT
DELETE	`/v1/organizations/{orgId}/invites/{inviteId}`	Delete invite	🔒 JWT
POST	`/v1/invites/{token}/accept`	Accept invite	🔒 JWT

Billing Endpoints

Plans, subscriptions, usage tracking, and cloud cost management.

Method	Path	Description	Auth
GET	`/v1/billing/plans`	List plans	🔒 JWT
GET	`/v1/billing/org/subscription`	Current subscription	🔒 JWT
GET	`/v1/billing/org/usage`	Resource usage	🔒 JWT
GET	`/v1/billing/org/limits`	Plan limits	🔒 JWT
POST	`/v1/billing/org/subscribe`	Subscribe to plan	🔒 JWT
POST	`/v1/billing/org/cancel`	Cancel subscription	🔒 JWT
POST	`/v1/billing/org/portal`	Stripe billing portal	🔒 JWT
GET	`/v1/billing/org/cloud-costs`	Cloud cost tracking	🔒 JWT
GET	`/v1/billing/org/cloud-costs/forecast`	Cost forecast	🔒 JWT
POST	`/v1/billing/org/cloud-costs/refresh`	Refresh costs	🔒 JWT

Backup Configuration Endpoints

S3-compatible backup storage configuration.

Method	Path	Description	Auth
GET	`/v1/backup-config`	Active config	🔒 JWT
POST	`/v1/backup-config`	Create config	🔒 JWT
GET	`/v1/backup-config/list`	List all configs	🔒 JWT
GET	`/v1/backup-config/{id}`	Get config	🔒 JWT
PUT	`/v1/backup-config/{id}`	Update config	🔒 JWT
DELETE	`/v1/backup-config/{id}`	Delete config	🔒 JWT
POST	`/v1/backup-config/{id}/activate`	Set active	🔒 JWT
GET	`/v1/backup-config/s3-buckets`	List S3 buckets	🔒 JWT
POST	`/v1/backup-config/s3-buckets`	Create S3 bucket	🔒 JWT

Deploy (One-Click) Endpoints

One-click deployments and workload templates (including game server templates).

Method	Path	Description	Auth
GET	`/v1/deploy`	List deployments	🔒 JWT
GET	`/v1/deploy/{id}`	Get deployment	🔒 JWT
POST	`/v1/deploy`	Create deployment	🔒 JWT
GET	`/v1/templates`	List deployment templates	🔒 JWT
GET	`/v1/templates/{category}`	List templates by category	🔒 JWT

Migration Endpoints

Instance migration between nodes.

Method	Path	Description	Auth
GET	`/v1/migrations`	List migrations	🔒 JWT
GET	`/v1/migrations/{id}`	Get migration	🔒 JWT
POST	`/v1/migrations/{id}/cancel`	Cancel migration	🔒 JWT

Webhook Endpoints (No Auth)

External webhook receivers using signature verification.

Method	Path	Description	Auth
POST	`/v1/webhooks/github`	GitHub push events	🌐 `X-Hub-Signature-256`
POST	`/v1/webhooks/gitlab`	GitLab push events	🌐 `X-Gitlab-Token`
POST	`/v1/webhooks/stripe`	Stripe events	🌐 `Stripe-Signature`

Webhook Token Endpoints

Manage webhook authentication tokens.

Method	Path	Description	Auth
GET	`/v1/webhook-tokens`	List tokens	🔒 JWT
POST	`/v1/webhook-tokens`	Create token	🔒 JWT
DELETE	`/v1/webhook-tokens/{id}`	Delete token	🔒 JWT

Settings Endpoints

Platform settings and SSH key management.

Method	Path	Description	Auth
GET	`/v1/settings`	Get settings	🔒 JWT
PUT	`/v1/settings`	Update settings	🔒 JWT
POST	`/v1/settings/ssh-keys`	Add SSH key	🔒 JWT
DELETE	`/v1/settings/ssh-keys/{name}`	Remove SSH key	🔒 JWT
POST	`/v1/settings/ssh-keys/{name}/default`	Set default key	🔒 JWT

Tunnel Endpoints (Admin)

Tunnel statistics and agent connections.

Method	Path	Description	Auth
GET	`/v1/tunnel/stats`	Tunnel statistics	👑 Admin
GET	`/v1/tunnel/agents`	Connected agents	👑 Admin

Permissions Endpoint

Method	Path	Description	Auth
GET	`/v1/permissions`	List all available permissions	🔒 JWT

Admin Endpoints

Platform administration and audit logging.

Platform Administration

Method	Path	Description	Auth
GET	`/v1/admin/metrics`	Metrics dashboard	👑 Admin
GET	`/v1/admin/organizations`	List all organizations	👑 Admin
GET	`/v1/admin/organizations/{id}`	Get organization	👑 Admin
GET	`/v1/admin/plans`	List plans	👑 Admin
POST	`/v1/admin/plans`	Create plan	👑 Admin
PUT	`/v1/admin/plans/{id}`	Update plan	👑 Admin
DELETE	`/v1/admin/plans/{id}`	Delete plan	👑 Admin
GET	`/v1/admin/subscriptions`	List subscriptions	👑 Admin
PUT	`/v1/admin/subscriptions/{id}`	Update subscription	👑 Admin
GET	`/v1/admin/audit-logs`	List audit logs	👑 Admin
GET	`/v1/admin/audit-logs/export`	Export audit logs	👑 Admin
GET	`/v1/admin/users`	List users	👑 Admin
POST	`/v1/admin/users/{id}/suspend`	Suspend user	👑 Admin
POST	`/v1/admin/users/{id}/unsuspend`	Unsuspend user	👑 Admin

Admin Settings

Method	Path	Description	Auth
GET	`/v1/admin/settings/logs`	Get log settings	👑 Admin
PUT	`/v1/admin/settings/logs`	Update log settings	👑 Admin

Support Endpoints

Method	Path	Description	Auth
POST	`/v1/support/messages`	Send support message	🔒 JWT
GET	`/v1/support/helpscout/signature`	HelpScout widget signature	🔒 JWT

System Endpoints

Method	Path	Description	Auth
GET	`/v1/system/backup-config`	System backup configuration	👑 Admin

Health Endpoints

Method	Path	Description	Auth
GET	`/health`	Basic health check (liveness)	🌐 Public
GET	`/health/live`	Liveness probe	🌐 Public
GET	`/health/ready`	Readiness probe	🌐 Public
GET	`/health/detailed`	Detailed health report	🌐 Public
GET	`/ready`	Readiness probe (alias)	🌐 Public

Readiness checks database connectivity and, when enabled, cache connectivity.

Pterodactyl Import Endpoints

Import servers from an existing Pterodactyl panel.

Method	Path	Description	Auth
POST	`/v1/pterodactyl/validate`	Validate Pterodactyl connection	🔒 JWT
POST	`/v1/pterodactyl/servers`	List Pterodactyl servers	🔒 JWT
POST	`/v1/pterodactyl/import`	Import server	🔒 JWT

Error Responses

All errors follow this format:

json

{
  "error": "descriptive error message"
}

Code	Meaning
`400`	Bad Request — invalid input
`401`	Unauthorized — missing or invalid token
`403`	Forbidden — insufficient permissions
`404`	Not Found
`409`	Conflict — resource already exists
`429`	Too Many Requests — rate limit exceeded
`500`	Internal Server Error

Rate Limiting

Rate limiting protects the API from abuse:

Scope	Limit
General API	Configurable requests per second with burst allowance
Login	Stricter limits with account lockout after repeated failures
MFA	5 attempts per minute
WebSocket	Connection limits for logs and console streams

Rate limit headers are included in responses:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1706745600

API Reference ​

Overview ​

Authentication ​

JWT Authentication ​

API Token Authentication ​

Agent Authentication ​

Auth Badges ​

Auth Endpoints ​

Login ​

Register ​

Refresh Token ​

Forgot / Reset Password ​

GitHub OAuth ​

Bootstrap (First Setup) ​

MFA Endpoints ​

MFA Status ​

Enroll ​

Verify / Disable / Challenge ​

User Endpoints ​

API Token Endpoints ​

Create Token ​

Node Endpoints ​

CRUD ​

Lifecycle ​

Power Management (Provisioned Nodes) ​

Firewall (Provisioned Nodes) ​

Inventory ​

Monitoring ​

Container Management (on Node) ​

Workload Endpoints ​

Instance Endpoints ​

CRUD & Lifecycle ​

Stats & Monitoring ​

File Management ​

Console & Logs ​

Backups ​

Git Deploy ​

Provisioning Endpoints ​

Create Provision Request ​

Planner Endpoints ​

Credentials Endpoints ​

DNS Endpoints ​

Create DNS Record ​

SSH Certificate Authority Endpoints ​

Generate Certificate ​

Alert Endpoints ​

Alerts ​

Alert Rules ​

Create Alert Rule ​

Integration Endpoints ​

Organization Endpoints ​

Organizations ​

Members ​

Invites ​

Billing Endpoints ​

Backup Configuration Endpoints ​

Deploy (One-Click) Endpoints ​

Migration Endpoints ​

Webhook Endpoints (No Auth) ​

Webhook Token Endpoints ​

Settings Endpoints ​

Tunnel Endpoints (Admin) ​

Permissions Endpoint ​

Admin Endpoints ​

Platform Administration ​

Admin Settings ​

Support Endpoints ​

System Endpoints ​

Health Endpoints ​

Pterodactyl Import Endpoints ​

Error Responses ​

Rate Limiting ​

API Reference

Overview

Authentication

JWT Authentication

API Token Authentication

Agent Authentication

Auth Badges

Auth Endpoints

Login

Register

Refresh Token

Forgot / Reset Password

GitHub OAuth

Bootstrap (First Setup)

MFA Endpoints

MFA Status

Enroll

Verify / Disable / Challenge

User Endpoints

API Token Endpoints

Create Token

Node Endpoints

CRUD

Lifecycle

Power Management (Provisioned Nodes)

Firewall (Provisioned Nodes)

Inventory

Monitoring

Container Management (on Node)

Workload Endpoints

Instance Endpoints

CRUD & Lifecycle

Stats & Monitoring

File Management

Console & Logs

Backups

Git Deploy

Provisioning Endpoints

Create Provision Request

Planner Endpoints

Credentials Endpoints

DNS Endpoints

Create DNS Record

SSH Certificate Authority Endpoints

Generate Certificate

Alert Endpoints

Alerts

Alert Rules

Create Alert Rule

Integration Endpoints

Organization Endpoints

Organizations

Members

Invites

Billing Endpoints

Backup Configuration Endpoints

Deploy (One-Click) Endpoints

Migration Endpoints

Webhook Endpoints (No Auth)

Webhook Token Endpoints

Settings Endpoints

Tunnel Endpoints (Admin)

Permissions Endpoint

Admin Endpoints

Platform Administration

Admin Settings

Support Endpoints

System Endpoints

Health Endpoints

Pterodactyl Import Endpoints

Error Responses

Rate Limiting