Base URL: https://<your-host>/api/v2/compute

Authentication

All endpoints require an authenticated session: send a bearer JWT (Authorization: Bearer <token>) or the _dro_token cookie. Unauthenticated requests get 401. The tenant is resolved from the token; it is never read from the body.

Endpoints

Create — request body

Settable fields (everything else is platform-controlled and ignored):

• name — short name, namespaced per-tenant (required).
• host_key — target fleet host in an allocated region.
• registry, repository, tag, digest — image coordinates.
• env — environment map (≤ 200 keys).
• ports — container ports (≤ 50; host bindings are rejected).
• cpu_limit — vCPUs as a string (e.g. "1.0").
• mem_limit — Docker memory (e.g. "512m", "2g").

Responses

Success returns { "data": ... }. A container projects to a tenant-safe subset: id, tenant_id, name, host_key, registry, repository, tag, digest, pull_policy, ports, env, cpu_limit, mem_limit, status, inserted_at, updated_at. Operator-only fields (secret refs, config files, reconciler state) are never returned.

Examples

# Create
curl -X POST https://<your-host>/api/v2/compute/ \
  -H "Authorization: Bearer $DRO_TOKEN" -H "Content-Type: application/json" \
  -d '{"name":"web","host_key":"mia-1","repository":"nginx","tag":"stable","cpu_limit":"1.0","mem_limit":"512m"}'

# List
curl https://<your-host>/api/v2/compute/ -H "Authorization: Bearer $DRO_TOKEN"

# Quota
curl "https://<your-host>/api/v2/compute/quota?region=*" -H "Authorization: Bearer $DRO_TOKEN"

# Tail logs
curl "https://<your-host>/api/v2/compute/<id>/logs?limit=100" -H "Authorization: Bearer $DRO_TOKEN"

# Stop / start
curl -X POST https://<your-host>/api/v2/compute/<id>/stop -H "Authorization: Bearer $DRO_TOKEN"