A clean, predictable REST API and signed webhooks for compute across every provider we broker. Order and manage servers, then react to lifecycle events in real time — with one API key that works across the whole LayerBrick ecosystem.
$ curl https://comphive.albos.tr/core-api/v1/auth/me \ -H "Authorization: Bearer lb_live_…" # → 200 OK { "memberships": [ { "org_id": "16dbf62f…", "role": "developer" } ] }
Bearer API keys (lb_live_…) scoped to one organization at a fixed role — never owner, never crossing org boundaries. One key works on every LayerBrick brand.
SKUs, servers, power actions, webhooks and the full Service Contract — resource-oriented URLs, JSON in and out, standard verbs and response codes.
HMAC-signed event delivery with automatic retries and a per-endpoint delivery log, so your systems stay in sync in real time.
API-parity is doctrine: anything the panel can do, the API can do, with role-appropriate scopes.
Every server lifecycle change can be pushed to your systems.
Headers on every delivery: X-Comphive-Event, X-Comphive-Sig (hex HMAC-SHA256 of the raw body).
Create an API key in the console, then:
curl -X POST \ https://comphive.albos.tr/v1/servers \ -H "Authorization: Bearer lb_live_…" \ -H "Content-Type: application/json" \ -d '{ "org_id": "your-org-id", "sku_id": "hetzner-cx22", "hostname": "web-1" }' # manager-role key required — ordering costs money
import { createHmac } from "crypto"; function verify(req, secret) { const sig = req.headers["x-comphive-sig"]; const digest = createHmac("sha256", secret) .update(req.rawBody) .digest("hex"); return sig === digest; }
Role column = minimum org role of the session or API key. Staff surfaces are omitted here.
| Endpoint | Role | Description |
|---|---|---|
| GET/v1/skus | public | Catalog with capability badges and manual-SKU SLA hours |
| POST/v1/servers | manager | Order a server. Hetzner SKUs provision instantly (real API); manual SKUs enter the fulfilment queue with an SLA |
| GET/v1/servers?org_id= | any member | List your organization's servers |
| GET/v1/servers/{id} | any member | Server detail incl. access credentials once active |
| POST/v1/servers/{id}/power | manager | {"action":"reboot|stop|start"} — synchronous on API-backed servers |
| POST/v1/servers/{id}/terminate | manager | Permanent. Stops billing immediately on API-backed servers |
| POST/v1/webhooks | developer | {org_id, url} → endpoint + one-time whsec_ secret |
| GET/v1/webhooks?org_id= | any member | List endpoints |
| DEL/v1/webhooks/{id} | developer | Remove endpoint |
| GET/v1/webhooks/{id}/deliveries | any member | Delivery log (last 50) |
| GET/v1/service-contract/services?org_id= | any member | Uniform LayerBrick Service Contract surface |
| GET/v1/service-contract/maintenance | public | Upcoming maintenance windows |
| POST/core-api/v1/organizations/{id}/api-keys | manager | Create an API key (name, role ≤ manager). Token shown once |
| GET/core-api/v1/organizations/{id}/api-keys | manager | List keys |
| DEL/core-api/v1/organizations/{id}/api-keys/{key_id} | manager | Revoke a key |
Errors are JSON: {"error": "message"} with conventional status codes — 401 unauthenticated, 403 insufficient role, 404 not found or not yours, 409 invalid state transition, 429 rate-limited.