API documentation

REST APIs for programmatic control. Pick the surface that matches what you need — every endpoint is bearer-authenticated and scope-gated.

User API

Manage your own servers, invoices, and credit balance from scripts and integrations.

user:read · user:write

Admin / Server API

Issued by an admin. Inspect users, grant credits, mint vouchers, audit accounts.

admin:read · admin:write

Reseller API

For panels integrating with this provider. Sign up customers, report credit events.

reseller:signup · reseller:credit

Paymenter API

Drop-in surface for a Paymenter extension. Create users, drive server lifecycle, report invoice payments.

paymenter:provision

Authentication

All endpoints accept the key in either an Authorization: Bearer <key> header or an X-Api-Key: <key> header. Keys start with vfc_live_ and are shown once at creation. Manage your own keys at /api-keys.

curl https://<host>/api/v1/me \
  -H "Authorization: Bearer vfc_live_..."

Errors

All responses are JSON. Errors carry { "error": "human-readable reason" } with the appropriate HTTP status:

400 bad request — missing/invalid params
401 unauthorized — missing, malformed, expired, or revoked key
403 forbidden — key lacks required scope, or resource not yours
404 not found
409 conflict — duplicate / already-applied
410 gone — feature retired
429 rate limited — backoff and retry
500/502 server / upstream error

Rate limits

Per-key, per-IP: user keys 120 req/min, admin keys 240 req/min, reseller keys 600 req/min. Exceeding returns 429.