WL Demo Cloud
Sign in

API

Create and manage your services programmatically — databases, functions, proxies, registry, and WAF — with an API token instead of the portal UI.

Authentication

Create an API token under Account → API tokens (the full token is shown once). Send it on every request as a Bearer header. A token has the same access as your account and is subject to the same plan quotas; keep it secret and revoke it immediately if leaked.

Authorization: Bearer htx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Base URL: https://portal.vinacis.com · Machine-readable spec: /api/openapi (OpenAPI 3.1)

Databases

List your databases:

curl -H "Authorization: Bearer $HTX_TOKEN" \
  https://portal.vinacis.com/api/portal/databases

Create a PostgreSQL database:

curl -X POST https://portal.vinacis.com/api/portal/databases \
  -H "Authorization: Bearer $HTX_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name":"analytics","engine":"postgresql","sku":"db-s-1vcpu-2gb"}'

Get one / trigger a backup / delete:

curl -H "Authorization: Bearer $HTX_TOKEN" https://portal.vinacis.com/api/portal/databases/analytics
curl -X POST -H "Authorization: Bearer $HTX_TOKEN" https://portal.vinacis.com/api/portal/databases/analytics/backups
curl -X DELETE -H "Authorization: Bearer $HTX_TOKEN" https://portal.vinacis.com/api/portal/databases/analytics
Functions & proxies
# Serverless functions
curl -H "Authorization: Bearer $HTX_TOKEN" https://portal.vinacis.com/api/portal/functions

# SOCKS5 proxies
curl -H "Authorization: Bearer $HTX_TOKEN" https://portal.vinacis.com/api/portal/proxies

Every portal action has a route under /api/portal/* and accepts the same Bearer token — the OpenAPI spec is the source of truth for shapes.

Scopes, rate limits & rotation

Choose a scope when you create a token to limit what it can do:

  • full — read and write everything (same as your account).
  • read — list and read your resources; cannot create or delete databases, functions, or proxies.
  • databases / functions / proxies — create and delete that one product only.

A call outside a token's scope returns 403 (enforced on resource create, delete, and database backups; coverage is expanding to all endpoints). Requests are rate-limited per token (default 120/min); exceeding the limit returns 429 with a Retry-After header. Rotate a token at Developer → API tokens to issue a fresh secret with the same name and scope and immediately retire the old one.

IP allowlist (recommended): restrict a token to specific IPv4/IPv6 addresses or IPv4 CIDRs when you create it. Requests from any other IP are rejected on everyendpoint, so a leaked server/CI token is useless off your network. The client IP is taken from the edge and cannot be spoofed via request headers.

Terraform & CLI

Manage resources as code with the htx Terraform provider and CLI (both authenticate with HTX_TOKEN):

resource "htx_database" "app" {
  name           = "app-db"
  engine         = "postgresql"
  sku            = "db-s-1vcpu-1gb"
  wait_for_ready = true
}
Notes
  • Tokens honor your plan quotas — a script can't exceed what the portal allows.
  • Revoke or rotate a token any time at Account → API tokens; both take effect immediately.
  • Token management (create/revoke/rotate) requires a browser login, not a token.
  • Pre-existing tokens created before scopes shipped are treated as full — rotate to get a scoped token.