API reference

This reference is generated at build time from https://api.vibehost.com/api/v1/openapi.json — the same spec that backs the dashboard, CLI, and MCP server.

Authentication

All endpoints require a Bearer token:

Authorization: Bearer vh_pat_...

Get a token from vibehost.com/account/tokens. PAT scopes + binding model are documented under Personal access tokens.

Browsers can also call the API with the session cookie set by the dashboard — but PAT routes only. Sensitive endpoints (PAT management itself, billing) are denyPAT: true and require a real browser session.

Response shape

Every response, success or error, follows the same envelope:

{
  "ok": true,
  "data": { ... }
}

{
  "ok": false,
  "error": {
    "code": "SCREAMING_SNAKE_CASE_CODE",
    "message": "human-readable explanation",
    "details": { /* optional */ }
  }
}

Agents should branch on error.code — it's stable. message follows Hard Rule #8 (unified per failure class) so messages can be deliberately vague to avoid information leaks.

Rate limits

Free tier: ~30 deploys / hour, 100 reads / minute. Pro / Business: higher; configured per workspace.

Exceeded limits return 429 RATE_LIMITED with retryAfterSeconds and policy in error.details.

Browse the surface

Pick a resource from the sidebar — each endpoint has its own page with request schema, response schema, and a try-it playground that takes your bearer token.