Developers · REST API v1

Build on Comphive.

A clean, predictable REST API and signed webhooks for compute across every provider we broker. Order and manage servers, then react to lifecycle events in real time — with one API key that works across the whole LayerBrick ecosystem.

Create API key Quick start API reference
$ curl https://comphive.albos.tr/core-api/v1/auth/me \
  -H "Authorization: Bearer lb_live_…"

# → 200 OK
{
  "memberships": [
    { "org_id": "16dbf62f…", "role": "developer" }
  ]
}

Authenticate

Bearer API keys (lb_live_…) scoped to one organization at a fixed role — never owner, never crossing org boundaries. One key works on every LayerBrick brand.

Resources

SKUs, servers, power actions, webhooks and the full Service Contract — resource-oriented URLs, JSON in and out, standard verbs and response codes.

Webhooks

HMAC-signed event delivery with automatic retries and a per-endpoint delivery log, so your systems stay in sync in real time.

Core resources

Everything in the panel, over HTTP.

API-parity is doctrine: anything the panel can do, the API can do, with role-appropriate scopes.

/skus
/servers
/servers/{id}/power
/servers/{id}/terminate
/webhooks
/webhooks/{id}/deliveries
/service-contract/services
/service-contract/maintenance
Webhooks

Signed events, delivered reliably.

Every server lifecycle change can be pushed to your systems.

  • Signed with an HMAC-SHA256 secret (whsec_…), shown once at creation
  • Automatic retries with backoff (3 attempts)
  • Per-endpoint delivery log with attempt count and status
3 events · HMAC-signed
server.created
server.active
server.terminated

Headers on every delivery: X-Comphive-Event, X-Comphive-Sig (hex HMAC-SHA256 of the raw body).

Quick start

Your first call in two minutes.

Create an API key in the console, then:

cURL · order a server
curl -X POST \
  https://comphive.albos.tr/v1/servers \
  -H "Authorization: Bearer lb_live_…" \
  -H "Content-Type: application/json" \
  -d '{
    "org_id": "your-org-id",
    "sku_id": "hetzner-cx22",
    "hostname": "web-1"
  }'

# manager-role key required — ordering costs money
Node · verify a webhook
import { createHmac } from "crypto";

function verify(req, secret) {
  const sig = req.headers["x-comphive-sig"];
  const digest = createHmac("sha256", secret)
    .update(req.rawBody)
    .digest("hex");
  return sig === digest;
}
API reference

Endpoints.

Role column = minimum org role of the session or API key. Staff surfaces are omitted here.

EndpointRoleDescription
GET/v1/skuspublicCatalog with capability badges and manual-SKU SLA hours
POST/v1/serversmanagerOrder a server. Hetzner SKUs provision instantly (real API); manual SKUs enter the fulfilment queue with an SLA
GET/v1/servers?org_id=any memberList your organization's servers
GET/v1/servers/{id}any memberServer detail incl. access credentials once active
POST/v1/servers/{id}/powermanager{"action":"reboot|stop|start"} — synchronous on API-backed servers
POST/v1/servers/{id}/terminatemanagerPermanent. Stops billing immediately on API-backed servers
POST/v1/webhooksdeveloper{org_id, url} → endpoint + one-time whsec_ secret
GET/v1/webhooks?org_id=any memberList endpoints
DEL/v1/webhooks/{id}developerRemove endpoint
GET/v1/webhooks/{id}/deliveriesany memberDelivery log (last 50)
GET/v1/service-contract/services?org_id=any memberUniform LayerBrick Service Contract surface
GET/v1/service-contract/maintenancepublicUpcoming maintenance windows
POST/core-api/v1/organizations/{id}/api-keysmanagerCreate an API key (name, role ≤ manager). Token shown once
GET/core-api/v1/organizations/{id}/api-keysmanagerList keys
DEL/core-api/v1/organizations/{id}/api-keys/{key_id}managerRevoke a key

Errors are JSON: {"error": "message"} with conventional status codes — 401 unauthenticated, 403 insufficient role, 404 not found or not yours, 409 invalid state transition, 429 rate-limited.