Overview

The Kupe API gives you programmatic access to the same tenant-scoped platform resources you manage through the console. Use it when you want repeatable automation, CI integration, or a direct interface for your own tooling.

Base URL

https://api.kupe.cloud/api/v1

How the API is organised

Most API routes are tenant-scoped:

/api/v1/tenants/{tenant}/...

That includes clusters, secrets, members, API keys, invoices, and tenant settings.

Plan endpoints are the exception. These are public and do not require authentication:

/api/v1/plans
/api/v1/plans/{name}

What you can manage

Area	What the API covers
Clusters	Create, inspect, update, delete, and fetch connection details
Secrets	Create secret definitions, manage sync targets, inspect sync status, and delete the definition
Members	Add members, change roles, and remove access
API keys	Create, list, and revoke tenant-scoped API keys
Tenant settings	Inspect tenant status and update plan or observability enforcement
Invoices and plans	Read invoice history and public plan metadata

Authentication model

Use bearer authentication for tenant-scoped routes:

API keys are the standard way to authenticate to tenant-scoped routes
generate keys in the console, then use them in CI, Terraform, scripts, and direct integrations

For most automation, use an API key with the narrowest role that works.

Concurrency and updates

Read-modify-write flows support optimistic locking with ETag and If-Match. Use that pattern when automation might race with another user or pipeline.

API vs Terraform

Use the API when you want:

direct scripting
custom integration logic
event-driven automation

Use Terraform when you want:

declarative state management
plan and apply workflows
drift detection and repeatable infrastructure changes

Recommended starting points

The reference section is generated from the OpenAPI spec, so it stays aligned with the API surface as the server evolves.