Warning: JavaScript is not enabled or not loaded. Please enable JavaScript for the best experience.
SkyStack API logo

SkyStack API

Cloud Platform Docs
SkyStack API logo SkyStack API

API version v1 · Production-ready docs

Scalable cloud infrastructure and compute management API.

SkyStack API provides a consistent interface for provisioning compute resources, managing infrastructure lifecycles, and automating deployment workflows across distributed environments.

Read the docs Get started

SkyStack API

Overview

SkyStack API provides a single programmable interface for managing scalable cloud infrastructure and compute workloads. It is designed for engineering teams that need predictable automation, operational visibility, and reproducible infrastructure changes across environments.

What the API does

The API exposes infrastructure objects as versioned resources so teams can create, update, and retire compute assets using standard HTTP operations.

Instead of manual console operations, integrations can control provisioning, scaling, and lifecycle behavior directly from CI/CD pipelines, platform tooling, or internal services.

Key capabilities

  • Provision compute resources

    Create instances, define sizing profiles, and attach network/storage settings from API requests.

  • Manage infrastructure programmatically

    Apply configuration changes through idempotent calls and integrate with existing deployment workflows.

  • Monitor workloads

    Retrieve status, utilization, and health signals to support alerting and runtime diagnostics.

  • Automate operations

    Trigger repeatable infrastructure actions with scripts, schedulers, and event-driven orchestration.

Typical automation workflow

  1. 1. Authenticate using an API token and set the target project/context.
  2. 2. Submit provisioning requests for compute resources with configuration payloads.
  3. 3. Poll or subscribe to workload state changes and operational metrics.
  4. 4. Apply updates or teardown actions through automated policy-driven jobs.
POST /v1/compute/instances
Authorization: Bearer <token>
Content-Type: application/json

{
  "name": "worker-eu-01",
  "profile": "c4-standard",
  "region": "eu-central",
  "autoscale": true
}

SkyStack API

Authentication

SkyStack API uses API key authentication via Bearer tokens. Every request to protected endpoints must include a valid token in the Authorization header and must be sent over HTTPS.

1. Obtain an API token

Generate tokens from the SkyStack developer console. Tokens are scoped to your workspace and should be treated as secrets. Store them in environment variables or a secure secrets manager rather than source code.

  • Create a token for each environment (development, staging, production).
  • Use least-privilege scopes when available.
  • Never expose tokens in client-side bundles or public repositories.

2. Send the Authorization header

Include your token using the Bearer scheme on every authenticated request. 

GET /v1/projects HTTP/1.1
Host: api.skystack.dev
Authorization: Bearer YOUR_API_TOKEN
Accept: application/json

If you use cURL or an SDK, ensure that the header name remains exactly Authorization and that Bearer is followed by a single space and the raw token.

3. Require HTTPS transport

Only call the API via HTTPS. Plain HTTP can expose credentials in transit and is not supported for authenticated requests.

Security note: enforce TLS validation in your HTTP client and avoid disabling certificate checks in development scripts.

4. Rotate API keys regularly

Rotate tokens on a defined schedule and immediately after any suspected exposure. During rotation, deploy the new token first, validate traffic, then revoke the old token.

  • Automate rotation through CI/CD secrets updates where possible.
  • Track token ownership and expiration metadata.
  • Audit access logs after rotation events.

5. Handle 401 Unauthorized responses

A 401 Unauthorized response indicates missing, invalid, expired, or revoked credentials. Your client should treat this as an authentication failure and recover safely.

  • Do not retry indefinitely with the same token.
  • Refresh credentials from secure storage before retrying.
  • Log request identifiers, but never log full token values.

SkyStack API

Endpoints

Core REST operations for managing compute instances. All requests use JSON and require a bearer token in the Authorization header.

GET /v1/instances

Returns a paginated list of compute instances available to the authenticated workspace.

Request pattern

GET /v1/instances?page=1&limit=20
Authorization: Bearer <token>

Response pattern

{
  "data": [{ "id": "ins_123", "name": "worker-a" }],
  "pagination": { "page": 1, "limit": 20, "total": 74 }
}
  • 200 OK
  • 400 Bad Request
  • 401 Unauthorized
POST /v1/instances

Creates a new compute instance with the selected region, machine type, and image.

Request pattern

POST /v1/instances
Authorization: Bearer <token>
Content-Type: application/json

{
  "name": "worker-b",
  "region": "us-east-1",
  "size": "standard-2"
}

Response pattern

{
  "id": "ins_987",
  "name": "worker-b",
  "status": "provisioning",
  "created_at": "2026-03-19T10:22:44Z"
}
  • 201 Created
  • 400 Bad Request
  • 401 Unauthorized
GET /v1/instances/{id}

Fetches full details for a single instance by ID, including metadata and networking state.

Request pattern

GET /v1/instances/ins_123
Authorization: Bearer <token>

Response pattern

{
  "id": "ins_123",
  "name": "worker-a",
  "status": "running",
  "ip": "10.24.8.12"
}
  • 200 OK
  • 401 Unauthorized
  • 404 Not Found
DELETE /v1/instances/{id}

Permanently removes an instance. The operation is idempotent and returns no body on success.

Request pattern

DELETE /v1/instances/ins_123
Authorization: Bearer <token>

Response pattern

HTTP/1.1 204 No Content
  • 204 No Content
  • 401 Unauthorized
  • 404 Not Found

SkyStack API

Frequently Asked Questions

Practical implementation details for production integrations. Answers are intentionally concise and optimized for quick lookup.

What are the default API rate limits?

Standard keys are limited to 120 requests/minute and 10,000 requests/day. Burst traffic above minute limits returns 429 with Retry-After. Enterprise limits are configurable per workspace.

How does pagination work?

List endpoints use cursor pagination. Send limit (max 200) and optional cursor. Response includes next_cursor; continue until it is null.

How is API versioning handled?

Versions are date-based and passed via the SkyStack-Version header (for example, 2026-01-15). Backward-incompatible changes ship in new versions only. Existing versions are supported for at least 12 months.

Is there a sandbox environment?

Yes. Use sandbox keys against https://sandbox.api.skystack.dev. Sandbox data is isolated, reset periodically, and intended for integration testing only. Production credentials are rejected in sandbox.

What is the error response format?

All non-2xx responses return a JSON envelope: error.code, error.message, error.request_id, and optional error.details[]. Always log request_id for support traceability.

Does SkyStack support webhooks?

Yes. Configure endpoint URLs per project and subscribe to event types. Webhooks are signed with X-Signature (HMAC-SHA256). Retries use exponential backoff for up to 24 hours on non-2xx responses.