API Guide

The API enables cloud integration with third party applications. This guide is a complete reference for all API calls and includes detailed API information, code and output examples. The version of the guide corresponds to the latest OnApp API version. For comprehensive instructions on previous versions, refer to corresponding guides at docs.onapp.com.

  • The OnApp API is RESTful
  • All function calls respond to XML and JSON exchange formats
  • All function calls need authorization and authentication (Basic HTTP or API key)
  • The OnApp API is backward compatible within one major version. However, a new major version might include changes that are not  backward compatible with the previous one.

API Authentication

To authenticate using HTTP Basic, just use your username/password combination. Curl example:

curl -u user:userpass 

To authenticate using API key, put your account email as a login and the key to the server as a password.

HTTP Methods

The API uses the following HTTP methods:

GET - used for retrieving information from a particular URI

POST - used for creating new object and adding new transactions into the queue

PUT - used for altering object properties

NOTE: updated_at value is changed in PUT requests even if the request fails.

DELETE - used for object deletion

HTTP Response Codes

The API returns appropriate HTTP status codes for every request: 

200 OK

The request completed successfully

204 No content

The request completed successfully. The 204 status is returned on DELETE and PUT requests

201 Scheduled

The request has been accepted and scheduled for processing

403 Forbidden

The request is correct, but could not be processed.

404 Not Found

The requested URL is incorrect or the resource does not exist. For example, if you request to delete a user with ID {5}, but there is no such a user in the cloud, you will get a 404 error. 

422 Unprocessable Entity

The sent parameters are erroneous.

500 Internal Server Error

  An error occurred. Please contact support.

503 Service UnavailableThe request cannot be handled currently, due to a temporary overloading or maintenance of the server. This condition is temporary and the request will be handed after a certain delay.

Formatting and Naming Conventions

The table below represents all the existing formatting and naming conventions used in this guide:





stands for username:password combination



stands for address, where your Control Panel is located



stands for the resource ID.
Sometimes also: :resource_id



all the parameters are italicised


* (asterisk)

marks the required parameters

label *


indicates request examples in XML or JSON

GET /roles.xml

Code block indicates console requests and response examples.



An info message emphasizes or explains the information within the chapter.

Clicking the OFF button performs graceful shutdown and then powers off the VS.


A note message contains information essential for the task completion.

The maximum length of a Mount Point is 256 characters.


A warning message informs you of something you should not do or be cautious.

You won't be able to restore a VS after deleting it.

(lightbulb)The element showing new parameters added in the latest release of API.(lightbulb) limit_type – hourly or monthly limit type set for the resource


Q: Is it possible to enable API access via https?

A: We can enable https for your cloud, which can be used for both WebUI access and API access. Or you can do so yourself: the Apache config file is located at: /etc/httpd/conf.d/onapp.conf

Q: Can you create a VS on behalf of another user?

A: No. It is possible to switch VS owners, however. Refer to Change VS owner section for details.

Q: How are passwords stored – in plain text?

A: No, passwords are not stored in plain text. Except for a login and password combination, you can use email + API key combination to authorize a user via the API. API keys can be generated and changed easily on a user's profile page (as well as through the API). For security reasons we recommend users authenticate through the API key, not the login and password.

Q: Which parameters are required, and which are optional?

A: Required parameters are marked in this guide with an asterisk *.


The OnApp CDN API guide describes API requests you can use to manage your CDN related resources.

Refer to one of the following sections for details:

For information on how to manage CDN related resources on OnApp UI refer to the Administration or the User guide.