API overview
The VibeCaaS REST API — authentication, core endpoints, rate limits, response formats, SDKs, error codes, and the full endpoint reference.
API overview
The VibeCaaS API provides complete programmatic access to every platform feature. Build custom integrations, automate workflows, and manage projects at scale. The API is REST over HTTPS with JSON request and response bodies, and official SDKs are available for popular languages.
For real-time event delivery rather than polling, see Webhooks.
Quick start
Make your first API call in three steps.
- Get your API key — go to Settings → API Keys → Generate New Key. Keys look like
vcs_sk_live_50a5.... - Set the base URL — all requests go to
https://api.vibecaas.com/v1. - Make a request:
curl -H "Authorization: Bearer vcs_sk_live_50a5..." \
https://api.vibecaas.com/v1/projectsAuthentication
Bearer token
Pass your API key in the Authorization header on every request.
const response = await fetch("https://api.vibecaas.com/v1/projects", {
headers: {
Authorization: "Bearer vcs_sk_live_50a5...",
"Content-Type": "application/json",
},
});import requests
headers = {
"Authorization": "Bearer vcs_sk_live_50a5...",
"Content-Type": "application/json",
}
response = requests.get("https://api.vibecaas.com/v1/projects", headers=headers)Security: Never expose API keys in client-side code. Store them in environment variables, rotate them regularly, and use different keys for development and production.
OAuth 2.0
For third-party apps acting on behalf of a user, use the OAuth 2.0 flow:
Authorize: https://auth.vibecaas.com/oauth/authorize
Token: https://auth.vibecaas.com/oauth/token
Revoke: https://auth.vibecaas.com/oauth/revokeAvailable scopes include projects:read, projects:write, deployments:read, deployments:write, analytics:read, and ai:generate. Access tokens last 1 hour; refresh tokens last 30 days.
Core endpoints
| Method | Path | Description |
|---|---|---|
GET | /projects | List all projects |
POST | /projects | Create a new project |
GET | /projects/:id | Get project details |
PUT | /projects/:id | Update a project |
DELETE | /projects/:id | Delete a project |
POST | /deploy | Deploy a project |
GET | /analytics | Get analytics data |
POST | /ai/generate | Generate code with AI |
Endpoint reference
Endpoints are grouped into resources. Projects also supports /projects/:id/duplicate and /projects/:id/transfer. Deployments covers /deployments, /deployments/:id, /deployments/:id/cancel, /deployments/:id/rollback, and /deployments/:id/logs. Files covers listing, reading, writing, creating, deleting, and uploading project files.
A typical create request and response:
curl -X POST https://api.vibecaas.com/v1/projects \
-H "Authorization: Bearer vcs_sk_..." \
-H "Content-Type: application/json" \
-d '{ "name": "My Project", "description": "Project description" }'The AI generation endpoints (/ai/generate, /ai/refactor, /ai/tests) accept a prompt, a model, and options:
{
"prompt": "Create a React component for user authentication",
"model": "gpt-4",
"options": { "temperature": 0.7, "maxTokens": 2000, "language": "typescript" }
}Rate limits
Limits scale with your subscription tier and apply per API key.
| Tier | Requests/hour | Burst | Daily quota |
|---|---|---|---|
| Free | 100 | 10/second | 1,000 |
| Pro | 1,000 | 50/second | 10,000 |
| Business | 5,000 | 100/second | 50,000 |
| Enterprise | Unlimited | Custom | Unlimited |
Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers.
Response formats
All responses share a consistent JSON envelope.
{
"success": true,
"data": {
"id": "proj_123abc",
"name": "My Project",
"status": "active",
"url": "https://my-project.vibecaas.app"
},
"meta": { "request_id": "req_xyz789", "timestamp": "2024-01-15T14:45:00Z" }
}Errors use the same shape with success: false and an error object. List endpoints add a pagination block with page, per_page, total, total_pages, has_next, and has_previous.
Error codes
| Status | Code | Meaning |
|---|---|---|
| 400 | VALIDATION_ERROR | Invalid request parameters |
| 401 | UNAUTHORIZED | Invalid or missing API key |
| 402 | PAYMENT_REQUIRED | Subscription upgrade required |
| 403 | FORBIDDEN | Insufficient permissions |
| 404 | NOT_FOUND | Resource not found |
| 429 | RATE_LIMITED | Too many requests |
| 500 | SERVER_ERROR | Internal server error |
Official SDKs
# JavaScript / TypeScript
npm install @vibecaas/sdk
# Python
pip install vibecaas
# Go
go get github.com/vibecaas/go-sdkimport { VibeCaaS } from "@vibecaas/sdk";
const client = new VibeCaaS({ apiKey: process.env.VIBECAAS_API_KEY });
const projects = await client.projects.list();Best practices
- Use idempotency keys — include an
Idempotency-Keyheader on POST requests so retries don't create duplicates. Keys are valid for 24 hours. - Implement exponential backoff — when rate limited, wait 1s, 2s, 4s, 8s between retries.
- Secure your keys — never commit them; use environment variables and secrets management in production.
Next steps
- Receive events instead of polling with Webhooks.
- Automate full pipelines via the API with Agent workflows.
- Debug API issues in FAQ & troubleshooting.