API Reference

Otwa Cloud API

The Otwa Cloud REST API lets you deploy servers, manage power states, retrieve SSH/RDP credentials, and automate your infrastructure programmatically. All responses are JSON.

Base URL

https://otwa.cloud/api/v1

Format

JSON

Auth

Bearer API Key

OpenAPI JSON Markdown llms.txt

WHMCS Module

Drop-in provisioning for WHMCS 8+

Auto-deploy Otwa Cloud VPS from WHMCS orders. Lifecycle hooks, SSO button, live stats. Install guide →

Reseller Program

Wholesale rates with auto-tiering

Resell Otwa Cloud under your own brand. Starts at 10% off, scales to 25%. Learn more →

Authentication

Every request must include your API key in the Authorization header. Generate and manage keys from your dashboard API page.

shell

$ curl https://otwa.cloud/api/v1/account \
  -H "Authorization: Bearer YOUR_API_KEY"

Permissions

servers:readList, view servers, credentials, stats

servers:writeDeploy, power, rename, terminate servers

billing:readView balance and invoice history

account:readView account profile and tier

Error Codes

All errors return a JSON body with a message field.

400

Bad Request

Missing or invalid request body parameters.

401

Unauthorized

Missing, invalid, or expired API key.

402

Payment Required

Insufficient wallet balance to deploy a server.

403

Forbidden

API key lacks the required permission for this action.

404

Not Found

The requested resource does not exist or belongs to another account.

429

Too Many Requests

Rate limit exceeded (100 req/min). Retry after X-RateLimit-Reset.

500

Internal Server Error

Unexpected server error. If persistent, contact support.

Account

1 endpoint

Products

1 endpoint

Servers

12 endpoints

Server Statuses

The status field on server objects transitions through these values. Poll GET /api/v1/servers/:id to track provisioning.

pending

Order placed, waiting for worker to pick up the provision job.

building

VM is being deployed, configured, and booted. Takes ~60–120s.

running

Server is online and accepting connections.

stopped

Server is powered off. Can be started via power API.

suspended

Account billing issue — server inaccessible. Add funds to reactivate.

failed

Provisioning failed. Contact support or use admin retry.

terminated

Permanently destroyed. All data and IPs released.

Typical flow: pending → building → running (~60–120s from order)

Rate Limits

The API is limited to 100 requests per minute per API key. Requests exceeding this limit return 429 Too Many Requests. The response headers include X-RateLimit-Remaining and X-RateLimit-Reset.

Machine Readable

These endpoints serve the API reference in formats designed for automated tooling — LLMs, code generators, and API clients.

OpenAPI 3.0.3

Full spec for Swagger UI, Postman, code generators

/openapi.json

Markdown Docs

Plain-text reference easy for LLMs to read and index

/docs.md

llms.txt

Standard AI-crawler index listing key resources

/llms.txt

Changelog

All notable API changes. Versioning follows semantic conventions — minor versions add features, patch versions fix bugs.

v1.6latest2026-04-18

newGET /public/affiliates/rule — unauthenticated endpoint that exposes the live affiliate program rule: enabled, trigger (verified_signup | first_deposit | every_deposit), rewardType (fixed | percent), and rewardAmount. Lets integrators surface the current offer without duplicating it in their own copy.
improvedDELETE /servers/:id — clarified that API-key callers destroy the server immediately. The web dashboard now requires a 6-digit email code or TOTP confirmation, but the API key path intentionally bypasses that step since the key itself is the proof of intent.
fixedPOST /servers — body example and description now match the real CreateServerDto. productId, os, and osTemplate are required; label and hostname are optional (auto-generated if omitted); addons take the hash-style IDs returned by GET /servers/:id/addons.

v1.52026-04-17

newGET /servers/:id/addons — see every add-on offered by your server's plan, the prorated price to attach it today, and whether the add-on type is already active.
newPOST /servers/:id/addons — attach an add-on to a running server. Prorated price is charged to your wallet immediately; the full monthly price is included in future renewals. Guest-OS network configuration for new IPs is your responsibility.
newAlmaLinux 10.1 and Windows 11 Pro templates are now available at deploy time.
improvedOnly one add-on per type (extra-ip, ip-class, backup) can be active on a server. Orders that include duplicates are rejected with 400.

v1.42026-04-14

newGET /servers/:id/stats — live VM metrics: CPU%, memory used/total, disk read/write KB/s, network RX/TX KB/s.
newWindows Server 2025 & 2022 support. GET /servers/:id/credentials now returns rdpAddress and Administrator username for Windows VMs.
newIP class block add-ons (/25). Additional IPs returned in networking.additionalIps on GET /servers/:id and GET /servers.
improvedPOST /servers — hostname and label are now required fields (previously optional).

v1.32026-04-12

improvedAll write endpoints now reject requests from keys without the required permission scope (403 instead of silent ignore).

v1.22026-04-03

newAuto-provisioning pipeline: VM deployed, network configured, disk resized, OS booted, credentials set — all in ~60–120 seconds.
newActivity logging: login, deploy, power actions, reinstall, delete, 2FA changes all recorded.
newOrder confirmation and "Server Ready" email notifications.
newBilling automation: renewal cron, suspension on payment failure, auto-termination after grace period (configurable in SuperAdmin).

v1.12026-04-02

newIP pool management: allocate, release, and track individual IPs with gateway/netmask/CIDR metadata.
newCoupon system: create and redeem promotional codes at checkout.
improvedGET /servers now includes additionalIps array from IP pool.

v1.02026-04-01

newInitial API release: account info, product listing, server CRUD, credentials, power actions, live stats.

Ready to automate?

Create a free account to generate your first API key and start deploying.

Get Started Free