LiteVPS API

Base URL: https://api.litevps.dev/api · openapi.json

Quick Start for Agents

Four steps from zero to a running VM with remote exec access.

1. Register via the portal and obtain a JWT

Account registration requires a Cloudflare Turnstile CAPTCHA and must be completed at litevps.dev/register. Direct API registration without a valid CAPTCHA token is rejected. Once registered, log in via POST /api/auth/login to obtain a JWT for all programmatic access.

curl -s -X POST https://api.litevps.dev/api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"agent@example.com","password":"s3cr3t"}' \
  | jq -r .token

2. Create a VPS

TOKEN="eyJ..."
curl -s -X POST /api/vps \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"name":"my-vm","plan_id":"<plan-id>"}' \
  | jq '{id:.id, state:.state}'

3. Poll until state = "running"

VPS_ID="<id from step 2>"
while true; do
  STATE=$(curl -s /api/vps/$VPS_ID \
    -H "Authorization: Bearer $TOKEN" | jq -r .state)
  echo "state: $STATE"
  [ "$STATE" = "running" ] && break
  sleep 5
done

4. Execute a command

curl -s -X POST /api/vps/$VPS_ID/exec \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"command":"uname -a"}' \
  | jq '{stdout,stderr,exit_code,duration_ms}'

Authentication

All protected endpoints require one of:

JWT — Authorization: Bearer <jwt> obtained from /api/auth/login
Access token — Authorization: Bearer vtk_<token> created via POST /api/tokens

Every authenticated response includes the header X-Balance-Remaining: <float> showing the current USD account balance to 4 decimal places.

Balance errors (402)

When balance is insufficient the API returns HTTP 402:

{
  "error":    "insufficient balance",
  "balance":  0.0420,
  "required": 0.1667
}

Auth

POST/api/auth/register

Create a new account. Requires a valid Cloudflare Turnstile CAPTCHA token — use the portal at litevps.dev/register instead of calling this endpoint directly.

Public · requires cf-turnstile-response · rate-limited 10 req/min per IP

# Body fields: email, password, cf-turnstile-response (required)
# Obtain a CAPTCHA token from the portal — direct curl registration is blocked.
# → 400 "CAPTCHA verification failed" if token is missing or invalid

POST/api/auth/login

Authenticate and receive a fresh JWT (24h).

Public · rate-limited 10 req/min per IP

curl -X POST /api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"you@example.com","password":"password123"}'
# → {"token":"eyJ..."}

GET/api/me

Return the authenticated user's profile and balance.

Auth required

curl /api/me -H "Authorization: Bearer $TOKEN"
# → {"id":"...","email":"you@example.com","balance":10.5000}

Pricing

GET/api/pricing

List all active pricing plans. Use plan_id when creating a VPS.

Public

curl /api/pricing
# → [{"id":"...","name":"Nano","vcpu":1,"memory_mb":512,"disk_gb":10,"price_hourly":0.0042}]

VPS

GET/api/vps

List all VPS instances owned by the authenticated user.

Auth required

POST/api/vps

Provision a new VPS. VM creation is asynchronous — poll GET /api/vps/:id until state = "running".

Auth required · requires sufficient balance

curl -X POST /api/vps \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{
    "name":    "web-01",
    "plan_id": "plan-uuid",
    "ssh_key_ids": ["key-uuid"]
  }'

Field	Type	Notes
name	string	required hostname for the VM
plan_id	string	required UUID from `GET /api/pricing`
ssh_key_ids	[]string	optional SSH keys to inject at cloud-init

GET/api/vps/:id

Get a single VPS. state is one of: creating, running, stopped, error.

Auth required

PUT/api/vps/:id

Update VPS metadata (name only).

Auth required

DELETE/api/vps/:id

Destroy a VPS — deletes the libvirt domain, disk, IP allocation, and DNS record. Irreversible.

Auth required

POST/api/vps/:id/start

Power on a stopped VPS.

Auth required

POST/api/vps/:id/stop

Graceful shutdown (ACPI). Use /restart to reboot.

Auth required

POST/api/vps/:id/restart

Reboot the VPS.

Auth required

GET/api/vps/:id/vnc-port

Return the host VNC port for this VM. Use with a VNC client or noVNC WebSocket proxy.

Auth required

Snapshots

GET/api/vps/:id/snapshots

List all snapshots for a VPS.

Auth required

POST/api/vps/:id/snapshots

Create a snapshot. Body: {"name":"snap-name"}.

Auth required

POST/api/vps/:id/snapshots/:name/restore

Restore a snapshot. The VM must be stopped first.

Auth required

DELETE/api/vps/:id/snapshots/:name

Delete a snapshot.

Auth required

Agent-Ready Features

LiteVPS is designed for LLM agents. Discover capabilities via GET /.well-known/agent.json.

GET/.well-known/agent.json

Machine-readable capability manifest listing all agent-ready features, auth methods, and rate limits. Intended to be read by LLM agents at session start.

Public · no auth required

PUT/api/vps/:id/files

Upload a file to a path inside the VM. Body is the raw file bytes. Query param path is required (e.g. ?path=/root/script.sh).

Auth required · VM must be running

curl -X PUT "/api/vps/$VPS_ID/files?path=/root/hello.txt" \
  -H "Authorization: Bearer $TOKEN" \
  --data-binary @hello.txt

GET/api/vps/:id/files

Download a file from a path inside the VM. Query param path is required.

Auth required · VM must be running

curl "/api/vps/$VPS_ID/files?path=/etc/hostname" \
  -H "Authorization: Bearer $TOKEN"

Exec / Background Jobs

The exec endpoint SSHs into the VM using the platform key and runs the command as root. Set "background":true to get an async job ID and poll for completion. All calls are audit-logged.

POST/api/vps/:id/exec

Run a shell command inside a VPS. Sync mode (default) returns output immediately. Async mode ("background":true) returns a job ID.

Auth required · VM must be running

# Synchronous
curl -X POST /api/vps/$VPS_ID/exec \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"command":"df -h /","timeout_seconds":30}'
# → {"stdout":"Filesystem ...","stderr":"","exit_code":0,"duration_ms":142}

# Asynchronous
curl -X POST /api/vps/$VPS_ID/exec \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"command":"apt-get update -y","timeout_seconds":300,"background":true}'
# → {"job_id":"...","status":"pending","timeout_seconds":300}

Field	Type	Notes
command	string	required shell command to run
timeout_seconds	int	optional default 30, max configured via admin settings
background	bool	optional if true, run async and return job_id

GET/api/vps/:id/jobs/:job_id

Poll a background job. status is one of: pending, running, done, timeout, cancelled.

Auth required

GET/api/vps/:id/jobs

List recent background jobs for a VPS (up to 50).

Auth required

DELETE/api/vps/:id/jobs/:job_id

Cancel a pending or running background job.

Auth required

Certain destructive commands are blocked: rm -rf /, mkfs, dd if=, :(){ :|:& };, shutdown, reboot, poweroff, halt.

VM Templates

Templates are named VPS presets. Agents can list templates and reference them by slug instead of specifying individual resource fields.

GET/api/templates

List all active VM templates sorted by popularity.

Auth required

GET/api/templates/:slug

Get a single template by slug.

Auth required

# Create a VPS from a template
curl -X POST /api/vps \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"name":"agent-vm","template":"ubuntu-22-small"}'
# template fields (vcpu, memory_mb, disk_gb, user_data, ttl_minutes) are used
# as defaults; explicit request fields override them.

Batch Operations

Batch endpoints let agents create, delete, or exec across multiple VMs in a single API call. All operations run in parallel on the server side.

POST/api/vps/batch

Create up to max_batch_size VMs in parallel. Returns a per-item result array (HTTP 207).

Auth required

curl -X POST /api/vps/batch \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"vms":[{"name":"w1","template":"ubuntu-22-small"},{"name":"w2","template":"ubuntu-22-small"}]}'
# → {"results":[{"index":0,"vps":{...}},{"index":1,"vps":{...}}]}

DELETE/api/vps/batch

Destroy multiple VMs in parallel. Body: {"ids":["uuid1","uuid2"]}.

Auth required

POST/api/vps/batch/exec

Run a command across multiple VMs in parallel. Supports background:true for async jobs per VM.

Auth required

curl -X POST /api/vps/batch/exec \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"ids":["uuid1","uuid2"],"command":"uptime","timeout_seconds":10}'
# → {"results":[{"vps_id":"uuid1","stdout":"...","exit_code":0},...]}

SSH Keys

GET/api/keys

List all SSH public keys for the authenticated user.

Auth required

POST/api/keys

Upload an SSH public key. Body: {"name":"my-key","public_key":"ssh-ed25519 ..."}.

Auth required

DELETE/api/keys/:id

Delete an SSH key. Does not affect running VMs that already have it injected.

Auth required

Billing

Billing is prepaid. Running VMs are charged per-minute based on their plan's hourly rate. Minimum top-up: $5.00. Maximum top-up: $50.00.

GET/api/billing/balance

Return the current USD balance.

Auth required

POST/api/billing/add-funds

Create a Stripe Checkout session and return its URL. Redirect the user to url to complete payment.

Auth required

curl -X POST /api/billing/add-funds \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"amount":10}'
# → {"url":"https://checkout.stripe.com/..."}

GET/api/billing/history

Paginated transaction history. Query params: limit (default 20), offset (default 0).

Auth required

GET/api/billing/notify-emails

List low-balance alert email addresses.

Auth required

POST/api/billing/notify-emails

Add a notification email. Body: {"email":"ops@example.com"}.

Auth required

DELETE/api/billing/notify-emails/:id

Remove a notification email.

Auth required

Access Tokens

Access tokens (prefix vtk_) are long-lived alternatives to JWTs. Ideal for CI/CD pipelines and agents. Tokens can optionally have a spend limit.

GET/api/tokens

List access tokens (token values are never returned after creation).

Auth required

POST/api/tokens

Create a new access token. The token field is only present in the creation response.

Auth required

curl -X POST /api/tokens \
  -H "Authorization: Bearer $TOKEN" \
  -H 'Content-Type: application/json' \
  -d '{"name":"ci-deploy"}'
# → {"id":"...","name":"ci-deploy","token":"vtk_abc123..."}

DELETE/api/tokens/:id

Revoke an access token immediately.

Auth required

Health

GET/health

Liveness check. Returns {"status":"ok"} when the API is up.

Public

LiteVPS API · openapi.json