Authentication
Secure your API requests with authentication tokens
API Key Authentication
All API requests must include your API key in the Authorization header. You can generate API keys from your dashboard.
Security Best Practices
- Never expose your API key in client-side code or public repositories
- Rotate your API keys regularly and immediately if compromised
- Use environment variables to store API keys in your applications
- Implement proper error handling to avoid leaking sensitive information
Users
Manage user accounts and profiles
/users/me Get the authenticated user's profile information
{ "id": "usr_1234567890", "email": "user@example.com", "name": "John Doe", "created_at": "2024-01-15T10:30:00Z", "plan": "professional" }
/users/me Update the authenticated user's profile
{ "name": "Jane Doe", "company": "Acme Inc" }
{ "id": "usr_1234567890", "email": "user@example.com", "name": "Jane Doe", "company": "Acme Inc", "updated_at": "2024-01-20T14:25:00Z" }
Projects
Create and manage your projects
/projects List all projects in your account
| Parameter | Type | Description |
|---|---|---|
page | integer | Page number (default: 1) |
limit | integer | Items per page (default: 20, max: 100) |
{ "data": [ { "id": "prj_abc123", "name": "my-app", "region": "us-east-1", "status": "active", "created_at": "2024-01-15T10:30:00Z" } ], "pagination": { "page": 1, "limit": 20, "total": 45 } }
/projects Create a new project
{ "name": "my-new-app", "region": "us-west-2", "framework": "nodejs" }
{ "id": "prj_xyz789", "name": "my-new-app", "region": "us-west-2", "framework": "nodejs", "status": "pending", "created_at": "2024-01-20T15:45:00Z" }
Deployments
Deploy and manage your applications
/projects/:id/deployments Create a new deployment for a project
{ "git_url": "https://github.com/user/repo.git", "branch": "main", "environment": { "NODE_ENV": "production", "API_KEY": "secret_key" } }
{ "id": "dep_123abc", "project_id": "prj_abc123", "status": "building", "url": "https://my-app-dep123.example.com", "created_at": "2024-01-20T16:00:00Z" }
Error Handling
Understanding API error responses
Error Response Format
All errors follow a consistent JSON format:
{ "error": { "code": "invalid_request", "message": "The request is missing required parameters", "details": { "missing_fields": ["name", "region"] } } }
Common Error Codes
| Status Code | Error Code | Description |
|---|---|---|
| 400 | invalid_request | The request is malformed or missing required parameters |
| 401 | unauthorized | Invalid or missing authentication credentials |
| 403 | forbidden | You don't have permission to access this resource |
| 404 | not_found | The requested resource does not exist |
| 429 | rate_limit_exceeded | Too many requests, please slow down |
| 500 | internal_error | An unexpected error occurred on our servers |
Rate Limiting
API usage limits and best practices
Free Tier
requests per hour
Pro Tier
requests per hour
Enterprise
unlimited requests
Rate Limit Headers
Every API response includes rate limit information in the headers:
SDK & Code Examples
Use our official SDKs or make direct HTTP requests
Webhooks
Receive real-time notifications for events
Setting Up Webhooks
Webhooks allow you to receive real-time HTTP notifications when events occur in your account. Configure webhook endpoints in your dashboard or via API.
Available Events
deployment.created deployment.succeeded deployment.failed project.created project.deleted billing.invoice.created Webhook Payload Example
Example payload for deployment.succeeded event:
{ "event": "deployment.succeeded", "timestamp": "2024-01-20T16:30:00Z", "data": { "deployment_id": "dep_123abc", "project_id": "prj_abc123", "status": "live", "url": "https://my-app-dep123.example.com", "duration_ms": 45000 } }
Webhook Security
All webhook requests include a signature in the X-Orbitra-Signature header. Verify this signature to ensure the request came from Orbitra.
Ready to Start Building?
Get your API key and start integrating Orbitra into your applications today. Need help? Our support team is here for you.
Free tier includes 1,000 requests per hour • No credit card required