Public API

The Public API lets you manage projects, web services, static sites, deployments, managed databases, object storage and email programmatically — using API keys or JWT tokens.

Authentication

Include your API key or JWT token in the Authorization header:

# API key
Authorization: Bearer ak_live_a1b2c3d4...

# JWT token
Authorization: Bearer <access_token>

All endpoints return 401 Unauthorized if the key is invalid, expired, or missing.

---

Projects

List projects

GET /api/projects

Returns all projects owned by the authenticated user.

Create a project

POST /api/projects
Content-Type: application/json

{
  "name": "my-app",
  "description": "My application"
}

Get project details

GET /api/projects/{project_id}

---

Web Services

List web services

GET /api/web-services

Create a web service

POST /api/web-services
Content-Type: application/json

{
  "name": "backend-api",
  "project_id": "uuid",
  "git_repository_url": "https://github.com/user/repo",
  "port": 3000,
  "build_command": "npm run build",
  "min_instances": 1,
  "max_instances": 3
}

Get a web service

GET /api/web-services/{web_service_id}

Update a web service

PATCH /api/web-services/{web_service_id}
Content-Type: application/json

{
  "name": "new-name",
  "min_instances": 2
}

Delete a web service

DELETE /api/web-services/{web_service_id}

Start / Stop / Restart

POST /api/web-services/{web_service_id}/start
POST /api/web-services/{web_service_id}/stop
POST /api/web-services/{web_service_id}/restart

Get container logs

GET /api/web-services/{web_service_id}/logs?tail=100&since=1710000000

Parameter	Type	Default	Description
tail	int	100	Number of log lines (1–10000)
since	int	—	Unix timestamp to filter logs from

---

Deployments

List deployments

GET /api/web-services/{web_service_id}/deployments?limit=10&offset=0

Parameter	Type	Default	Description
limit	int	10	Results per page (1–100)
offset	int	0	Pagination offset

Trigger a deployment

POST /api/web-services/{web_service_id}/deployments
Content-Type: application/json

{
  "branch": "main"
}

The branch field is optional — defaults to the service’s configured branch.

Get deployment details

GET /api/web-services/{web_service_id}/deployments/{deployment_id}

Cancel a deployment

POST /api/web-services/{web_service_id}/deployments/{deployment_id}/cancel

Rollback to a previous deployment

POST /api/web-services/{web_service_id}/deployments/{deployment_id}/rollback

---

Environment Variables

List env vars

GET /api/web-services/{web_service_id}/env

Values of secret variables are masked. Use the reveal endpoints to see full values.

Reveal all env vars

GET /api/web-services/{web_service_id}/env/reveal-all

Reveal a single env var

GET /api/web-services/{web_service_id}/env/{var_id}/reveal

Create an env var

POST /api/web-services/{web_service_id}/env
Content-Type: application/json

{
  "key": "DATABASE_URL",
  "value": "postgres://...",
  "is_secret": true
}

Update an env var

PATCH /api/web-services/{web_service_id}/env/{var_id}
Content-Type: application/json

{
  "value": "new-value"
}

Bulk update env vars

PUT /api/web-services/{web_service_id}/env/bulk
Content-Type: application/json

{
  "variables": [
    {"key": "NODE_ENV", "value": "production"},
    {"key": "PORT", "value": "3000", "is_secret": false}
  ]
}

Delete an env var

DELETE /api/web-services/{web_service_id}/env/{var_id}

---

Project Secrets

Secrets are scoped per environment (production, staging, development) with a fallback chain. They can be bound to web services via secret bindings.

List secrets (grouped by key)

GET /api/projects/{project_id}/secrets

Create a secret

POST /api/projects/{project_id}/secrets
Content-Type: application/json

{
  "key": "STRIPE_SECRET_KEY",
  "value": "sk_live_...",
  "scope": "production",
  "is_secret": true
}

Scope	Description
production	Used in production deployments
staging	Used in staging environments
development	Used in development environments

Reveal a secret

GET /api/projects/{project_id}/secrets/{secret_id}/reveal

Update a secret

PATCH /api/projects/{project_id}/secrets/{secret_id}
Content-Type: application/json

{
  "value": "new-value"
}

Bulk update secrets

PUT /api/projects/{project_id}/secrets/bulk
Content-Type: application/json

{
  "secrets": [
    {"key": "API_SECRET", "value": "value1", "scope": "production"},
    {"key": "API_SECRET", "value": "value2", "scope": "staging"}
  ]
}

Delete a secret

DELETE /api/projects/{project_id}/secrets/{secret_id}

---

Secret Bindings

Secret bindings map project secrets to web service environment variables.

List bindings

GET /api/web-services/{web_service_id}/secret-bindings

Create a binding

POST /api/web-services/{web_service_id}/secret-bindings
Content-Type: application/json

{
  "project_secret_id": "uuid",
  "alias_key": "DB_PASSWORD"
}

Get resolved env vars

GET /api/web-services/{web_service_id}/secret-bindings/resolved

Returns the merged view of environment variables and bound secrets, showing the final values that will be injected into the service.

Bulk update bindings

PUT /api/web-services/{web_service_id}/secret-bindings/bulk
Content-Type: application/json

{
  "bindings": [
    {"project_secret_id": "uuid", "alias_key": "DB_PASSWORD"},
    {"project_secret_id": "uuid", "alias_key": "REDIS_URL"}
  ]
}

Delete a binding

DELETE /api/web-services/{web_service_id}/secret-bindings/{binding_id}

---

Managed Databases

PostgreSQL

POST   /api/databases                          # Create
GET    /api/databases                          # List all
GET    /api/databases/{database_id}            # Get details
PATCH  /api/databases/{database_id}            # Update
DELETE /api/databases/{database_id}            # Delete
POST   /api/databases/{database_id}/start      # Start
POST   /api/databases/{database_id}/stop       # Stop
GET    /api/databases/{database_id}/status     # Status

Redis

POST   /api/redis                              # Create
GET    /api/redis                              # List all
GET    /api/redis/{redis_id}                   # Get details
PATCH  /api/redis/{redis_id}                   # Update
DELETE /api/redis/{redis_id}                   # Delete
POST   /api/redis/{redis_id}/start             # Start
POST   /api/redis/{redis_id}/stop              # Stop
GET    /api/redis/{redis_id}/status            # Status

---

Object Storage

GET    /api/storage/tenant                     # Tenant quota / limits
POST   /api/storage/buckets                    # Create bucket
GET    /api/storage/buckets                    # List buckets
PATCH  /api/storage/buckets/{bucket_id}        # Update
DELETE /api/storage/buckets/{bucket_id}        # Delete
POST   /api/storage/keys                       # Create access key
GET    /api/storage/keys                       # List keys
DELETE /api/storage/keys/{key_id}              # Revoke key
POST   /api/storage/buckets/{bucket_id}/presign # Presigned URL

See Object Storage for full details.

---

Email

GET    /api/email/tenant                                       # Tenant info
POST   /api/email/services                                     # Create service
GET    /api/email/services                                     # List services
PATCH  /api/email/services/{service_id}                        # Update
DELETE /api/email/services/{service_id}                        # Delete
POST   /api/email/services/{service_id}/api-keys               # Create API key
GET    /api/email/services/{service_id}/api-keys               # List keys
POST   /api/email/services/{service_id}/domains                # Add sending domain
GET    /api/email/services/{service_id}/domains                # List domains
POST   /api/email/services/{service_id}/sandbox-emails         # Verify recipient
POST   /api/email/services/{service_id}/send                   # Send email
GET    /api/email/services/{service_id}/stats                  # Stats
POST   /api/email/services/{service_id}/webhooks               # Create webhook

See Email for full details.

---

Error Responses

All errors follow a consistent format:

{
  "detail": "Error message describing what went wrong"
}

Status	Description
400	Bad request — invalid input
401	Unauthorized — invalid or missing credentials
403	Forbidden — insufficient scope
404	Resource not found
429	Rate limit exceeded