API Reference
API Overview
PodWarden and PodWarden Hub REST API reference
Base URLs
| Service | URL | Description |
|---|
| PodWarden API | http://localhost:8000/api/v1 | Fleet management API |
| PodWarden Hub | https://apps.podwarden.com/api/v1 | Catalog and account API |
Authentication
All API requests require authentication via one of:
- Bearer token (JWT) — Obtained via OIDC login flow
- API key — For PodWarden Hub catalog access (
Bearer pwc_...)
- MCP token — For PodWarden API automation (
Bearer mcp_...)
See Authentication for details.
PodWarden API Endpoints
Health
| Method | Path | Description |
|---|
GET | /api/v1/health | Health check with DB ping |
Hosts
| Method | Path | Description |
|---|
GET | /api/v1/hosts | List hosts (filter by status, hostname) |
GET | /api/v1/hosts/:id | Get host details |
POST | /api/v1/hosts | Create host manually (by IP/hostname) |
PATCH | /api/v1/hosts/:id | Update host fields (display name, notes, network types) |
POST | /api/v1/hosts/:id/provision | Provision host via Ansible (install Docker, k3s-agent, GPU drivers) |
POST | /api/v1/hosts/:id/probe | Probe host (gather facts: CPU, RAM, disk, GPU) |
POST | /api/v1/hosts/:id/wipe | Wipe host (uninstall k3s-agent, reset to discovered) |
POST | /api/v1/hosts/:id/provision-as-control-plane | Install K3s server (creates new cluster) |
POST | /api/v1/hosts/:id/register-cluster | Register detected K8s cluster from host |
POST | /api/v1/hosts/:id/detach | Detach host from cluster (clear DB and/or wipe k3s-agent) |
POST | /api/v1/hosts/discover | Trigger manual Tailscale host discovery |
Clusters
| Method | Path | Description |
|---|
GET | /api/v1/clusters | List clusters |
GET | /api/v1/clusters/:id | Get cluster with member nodes and live info |
GET | /api/v1/clusters/:id/affected | Preview resources affected by cluster deletion |
GET | /api/v1/clusters/:id/extended | Get K8s version, namespaces, metrics, events |
GET | /api/v1/clusters/:id/storage-classes | List available storage classes |
POST | /api/v1/clusters | Create cluster (manual kubeconfig or SSH fetch) |
PUT | /api/v1/clusters/:id | Update cluster (name, env, namespace, kubeconfig) |
DELETE | /api/v1/clusters/:id | Delete cluster (cascade: unprotect hosts, delete assignments) |
DELETE | /api/v1/clusters/:id/nodes/:name | Delete stale node from cluster |
Stacks
| Method | Path | Description |
|---|
GET | /api/v1/stacks | List stacks |
GET | /api/v1/stacks/:id | Get stack with all fields |
POST | /api/v1/stacks | Create stack |
PUT | /api/v1/stacks/:id | Update stack |
DELETE | /api/v1/stacks/:id | Delete stack |
Deployments
| Method | Path | Description |
|---|
GET | /api/v1/deployments | List deployments (filter by cluster, stack) |
GET | /api/v1/deployments/:id | Get deployment |
POST | /api/v1/deployments | Create deployment |
PUT | /api/v1/deployments/:id | Update deployment |
DELETE | /api/v1/deployments/:id | Delete deployment |
POST | /api/v1/deployments/:id/deploy | Deploy to cluster (generates K8s manifest, applies via kubectl) |
POST | /api/v1/deployments/:id/undeploy | Undeploy from cluster (delete deployment, optionally delete PVCs) |
GET | /api/v1/deployments/:id/check-network | Pre-flight network compatibility check |
GET | /api/v1/deployments/:id/logs | Get pod logs (with tail limit) |
Deployments (CI/CD)
| Method | Path | Description |
|---|
GET | /api/v1/deployments | List deployments (filter by worker_type, environment) |
GET | /api/v1/deployments/:id | Get deployment |
POST | /api/v1/deployments | Record deployment (from CI/CD pipeline) |
POST | /api/v1/deployments/:id/rollback | Rollback to previous deployment image tag |
Storage Connections
| Method | Path | Description |
|---|
GET | /api/v1/storage-connections | List storage connections |
GET | /api/v1/storage-connections/:id | Get connection |
POST | /api/v1/storage-connections | Create connection (NFS or S3) |
PUT | /api/v1/storage-connections/:id | Update connection |
DELETE | /api/v1/storage-connections/:id | Delete connection |
POST | /api/v1/storage-connections/:id/test | Test connectivity and speed |
Provisioning Jobs
| Method | Path | Description |
|---|
GET | /api/v1/provisioning-jobs | List jobs (filter by host_id, status) |
GET | /api/v1/provisioning-jobs/:id | Get job with stdout/stderr |
POST | /api/v1/provisioning-jobs/:id/cancel | Cancel running job |
System Configuration
| Method | Path | Description |
|---|
GET | /api/v1/system-config | Get system config (SMTP, OIDC, Hub) |
PUT | /api/v1/system-config | Update system config |
POST | /api/v1/system-config/test-smtp | Send test email |
POST | /api/v1/system-config/test-oidc | Test OIDC discovery |
Users
| Method | Path | Description |
|---|
GET | /api/v1/users | List users (filter by search, role, status) |
GET | /api/v1/users/:id | Get user |
POST | /api/v1/users | Create local user |
PUT | /api/v1/users/:id | Update user (name, role, status) |
DELETE | /api/v1/users/:id | Delete user |
POST | /api/v1/users/:id/set-password | Set local user password |
Secrets
| Method | Path | Description |
|---|
GET | /api/v1/secrets | List secret keys |
GET | /api/v1/secrets/:key | Get secret value |
POST | /api/v1/secrets | Create secret |
PUT | /api/v1/secrets/:key | Update secret |
DELETE | /api/v1/secrets/:key | Delete secret |
POST | /api/v1/secrets/generate-ssh-key-pair | Generate ed25519 SSH key pair |
GET | /api/v1/secrets/ssh-key-pairs | List SSH key pairs |
GET | /api/v1/secrets/ssh-key-pairs-in-use | List key pairs used by provisioned hosts |
Tailscale Settings
| Method | Path | Description |
|---|
GET | /api/v1/tailscale-settings | Get Tailscale config (tailnet, tags) |
PUT | /api/v1/tailscale-settings | Set Tailscale API key, tailnet, discovery tags |
Registry Settings
| Method | Path | Description |
|---|
GET | /api/v1/settings | Get default registry URL and image tag |
PUT | /api/v1/settings | Update default registry URL and image tag |
Hub Integration
| Method | Path | Description |
|---|
GET | /api/v1/hub/test-connection | Test Hub URL + API key connectivity |
GET | /api/v1/hub/catalog/categories | Proxy: list Hub categories |
GET | /api/v1/hub/catalog/templates | Proxy: list Hub templates (search, category, tags, pagination) |
GET | /api/v1/hub/catalog/templates/:slug | Proxy: get single Hub template |
POST | /api/v1/hub/catalog/templates/:slug/import | Import Hub template as local stack |
GET | /api/v1/hub/catalog/check-updates | Check for newer versions of imported templates |
MCP Tokens
| Method | Path | Description |
|---|
GET | /api/v1/mcp-tokens | List tokens |
POST | /api/v1/mcp-tokens | Create token (name, role, expiry_days) |
POST | /api/v1/mcp-tokens/:id/revoke | Revoke token |
POST | /api/v1/mcp-tokens/:id/reissue | Reissue token (new key, same name/role) |
GET | /api/v1/mcp-tokens/:id/audit | Get audit log for token |
GET | /api/v1/mcp-tokens/recent-audit | Get recent audit across all tokens |
PodWarden Hub API Endpoints
See Catalog API for the full Hub API reference.
Response Format
PodWarden API responses return JSON. Successful responses return the data directly. Error responses include an error message:
{
"detail": "Description of what went wrong"
}
PodWarden Hub API wraps responses in a standard format:
{
"templates": [...],
"pagination": { "page": 1, "limit": 50, "total": 42, "totalPages": 1 }
}