The FlatRun Agent exposes a comprehensive REST API for programmatic control of your deployments and infrastructure. This enables automation, integration with CI/CD pipelines, and building custom tooling.
Base URL
All API endpoints are relative to your agent's address:
http://localhost:8090/apiIn production, use HTTPS and your configured domain.
Authentication
All API endpoints (except health and auth status) require authentication. See Authentication for details.
Quick Start
# Login and get token
TOKEN=$(curl -s -X POST http://localhost:8090/api/auth/login \
-H "Content-Type: application/json" \
-d '{"api_key": "your-api-key"}' | jq -r '.token')
# Use token in requests
curl http://localhost:8090/api/deployments \
-H "Authorization: Bearer $TOKEN"Response Format
All responses are JSON. Successful responses typically include:
{
"data": { ... }, // or array for list endpoints
"message": "Success"
}Error responses include:
{
"error": "Error message",
"code": "ERROR_CODE"
}HTTP Status Codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Created (for POST requests) |
400 | Bad Request (invalid parameters) |
401 | Unauthorized (missing/invalid token) |
404 | Not Found |
500 | Internal Server Error |
API Categories
The API is organized into the following categories:
Authentication
GET /auth/status— Check if auth is enabledPOST /auth/login— Login with API keyGET /auth/validate— Validate JWT token
Deployments
GET /deployments— List all deploymentsGET /deployments/:name— Get deployment detailsPOST /deployments— Create deploymentPUT /deployments/:name— Update deploymentDELETE /deployments/:name— Delete deploymentPOST /deployments/:name/start— Start deploymentPOST /deployments/:name/stop— Stop deploymentPOST /deployments/:name/restart— Restart deploymentGET /deployments/:name/logs— Get deployment logsGET /deployments/:name/stats— Get resource stats
Containers
GET /containers— List all containersPOST /containers/:id/start— Start containerPOST /containers/:id/stop— Stop containerPOST /containers/:id/restart— Restart containerDELETE /containers/:id— Remove containerGET /containers/:id/logs— Get container logs
Docker Resources
GET /images— List imagesPOST /images/pull— Pull imageDELETE /images/:id— Delete imageGET /volumes— List volumesPOST /volumes— Create volumeDELETE /volumes/:name— Delete volumeGET /networks— List networksPOST /networks— Create networkDELETE /networks/:name— Delete network
Templates
GET /templates— List templatesGET /templates/categories— Get categoriesPOST /templates/refresh— Refresh templatesGET /templates/:id/compose— Get template compose
Certificates
GET /certificates— List certificatesPOST /certificates— Request certificatePOST /certificates/renew— Renew certificatesDELETE /certificates/:domain— Delete certificate
Proxy
GET /proxy/status/:name— Get proxy statusPOST /proxy/setup/:name— Setup proxyDELETE /proxy/:name— Remove proxyGET /proxy/vhosts— List virtual hosts
Databases
POST /databases/test— Test connectionPOST /databases/list— List databasesPOST /databases/tables— List tablesPOST /databases/query— Execute queryPOST /databases/create— Create databasePOST /databases/users/create— Create user
Infrastructure
GET /infrastructure— List infrastructurePOST /infrastructure/:name/start— Start servicePOST /infrastructure/:name/stop— Stop serviceGET /infrastructure/:name/logs— Get logs
System
GET /health— Health checkGET /stats— System statisticsGET /settings— Get settingsPUT /settings— Update settings
Rate Limiting
The API does not currently implement rate limiting. However, for production use, it's recommended to place the agent behind a reverse proxy with rate limiting configured.
CORS
CORS can be enabled in the agent configuration to allow browser-based access from allowed origins:
api:
enable_cors: true
allowed_origins:
- https://dashboard.example.com