Provision servers, take snapshots, top up in cryptocurrency, run ping from any bastion. Every panel action has a REST endpoint and four SDKs. Same identity floor as the panel: an email and a password, nothing more.
Email + password, no KYC. Returns a 24-hour access token straight away — no email confirmation step.
curl -sS https://nordbastion.com/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]","password":"••••••••••••"}'Open a per-coin invoice. The response carries a deposit address, QR code and expiry timestamp.
amount_usd must be between $30 and $10,000 (server-enforced). Lower returns HTTP 422 amount_too_low, higher returns amount_too_high.
curl -sS https://nordbastion.com/v1/billing/topups \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"amount_usd":50,"coin":"xmr"}'Pick a tier (service_code), a bastion and an image. Server is booted with SSH in about ninety seconds.
curl -sS https://nordbastion.com/v1/servers \
-H "Authorization: Bearer $TOKEN" \
-d '{"service_code":"NB-V3","bastion":"STO","image":"debian-12"}'Each SDK is MIT-licensed, source-available, semver-stable from v1.0. All share the same authenticated client interface — list servers, in any language.
These SDKs are planned for v1.1. The REST API at /v1/* is fully usable from any HTTP client today — see the agents page for cURL and MCP examples.
pip install nordbastion
from nordbastion import Client
nb = Client(api_key="nb_live_••••")
for s in nb.servers.list():
print(s.id, s.name, s.status)npm i @nordbastion/api
import { NordBastion } from '@nordbastion/api';
const nb = new NordBastion({ apiKey: 'nb_live_••••' });
const servers = await nb.servers.list();
servers.forEach(s => console.log(s.id, s.name, s.status));go get go.nordbastion.com/api
import nb "go.nordbastion.com/api"
c := nb.New(nb.WithAPIKey("nb_live_••••"))
servers, _ := c.Servers.List(ctx)
for _, s := range servers {
fmt.Println(s.ID, s.Name, s.Status)
}cargo add nordbastion
use nordbastion::Client;
let nb = Client::builder()
.api_key("nb_live_••••").build()?;
for s in nb.servers().list().await? {
println!("{} {} {}", s.id, s.name, s.status);
}curl -sSL https://get.nordbastion.com | sh
nb auth login --api-key nb_live_••••
nb servers list
nb servers create --tier NB-V3 --bastion STO
nb servers snap NB-srv-1234 --name pre-upgradeThe REST API works with any HTTP client. JSON request and response bodies, JWT bearer or scoped API key, signed webhook payloads. No SDK lock-in.
curl -H "Authorization: Bearer nb_live_••••" https://nordbastion.com/v1/servers
| POST | /v1/auth/register LIVE | |
| POST | /v1/auth/login LIVE | |
| POST | /v1/auth/login/totp LIVE | |
| POST | /v1/auth/token/refresh LIVE | |
| POST | /v1/auth/recover LIVE | |
| GET | /v1/auth/sessions LIVE | |
| DELETE | /v1/auth/sessions/{token_id} LIVE | |
| POST | /v1/auth/totp/setup LIVE | |
| POST | /v1/auth/totp/enable LIVE | |
| POST | /v1/auth/totp/disable LIVE | |
| POST | /v1/auth/password LIVE | |
| POST | /v1/auth/api-keys LIVE | |
| GET | /v1/auth/api-keys LIVE | |
| DELETE | /v1/auth/api-keys/{key_id} LIVE |
| GET | /v1/account LIVE | |
| PATCH | /v1/account LIVE | |
| GET | /v1/account/balance LIVE | |
| GET | /v1/account/usage LIVE | |
| GET | /v1/account/audit-log LIVE |
| POST | /v1/billing/topups LIVE | |
| GET | /v1/billing/topups LIVE | |
| GET | /v1/billing/topups/{order_number} LIVE | |
| POST | /v1/billing/topups/{order_number}/cancel LIVE | |
| GET | /v1/billing/bonus-tiers LIVE | |
| GET | /v1/billing/coins LIVE | |
| GET | /v1/billing/invoices PLANNED | roadmap |
| GET | /v1/billing/invoices/{id} PLANNED | roadmap |
| GET | /v1/catalog LIVE | |
| GET | /v1/catalog/vps LIVE | |
| GET | /v1/catalog/dedicated LIVE | |
| GET | /v1/catalog/bastions LIVE | |
| GET | /v1/catalog/images LIVE | |
| GET | /v1/catalog/{code} LIVE | |
| GET | /v1/catalog/iso PLANNED | roadmap |
| POST | /v1/servers LIVE | |
| GET | /v1/servers LIVE | |
| GET | /v1/servers/{order_number} LIVE | |
| PATCH | /v1/servers/{order_number} LIVE | |
| DELETE | /v1/servers/{order_number} LIVE | |
| POST | /v1/servers/{id}/power PLANNED | roadmap |
| POST | /v1/servers/{id}/reinstall PLANNED | roadmap |
| POST | /v1/servers/{id}/rescue PLANNED | roadmap |
| POST | /v1/servers/{id}/resize PLANNED | roadmap |
| POST | /v1/servers/{id}/migrate PLANNED | roadmap |
| POST | /v1/servers/{id}/password-reset PLANNED | roadmap |
| GET | /v1/servers/{id}/metrics PLANNED | roadmap |
| GET | /v1/servers/{id}/console PLANNED | roadmap |
| GET | /v1/servers/{id}/serial PLANNED | roadmap |
| POST | /v1/servers/{id}/snapshots PLANNED | roadmap |
| GET | /v1/servers/{id}/snapshots PLANNED | roadmap |
| POST | /v1/servers/{id}/snapshots/{snapId}/restore PLANNED | roadmap |
| DELETE | /v1/servers/{id}/snapshots/{snapId} PLANNED | roadmap |
| POST | /v1/servers/{id}/snapshots/{snapId}/export PLANNED | roadmap |
| POST | /v1/ssh-keys LIVE | |
| GET | /v1/ssh-keys LIVE | |
| GET | /v1/ssh-keys/{id} LIVE | |
| DELETE | /v1/ssh-keys/{id} LIVE |
| GET | /v1/networking/ips PLANNED | roadmap |
| POST | /v1/networking/ips/floating PLANNED | roadmap |
| POST | /v1/networking/rdns PLANNED | roadmap |
| POST | /v1/networking/firewall PLANNED | roadmap |
| GET | /v1/networking/firewall PLANNED | roadmap |
| POST | /v1/networking/private-network PLANNED | roadmap |
| POST | /v1/networking/byoip PLANNED | roadmap |
| POST | /v1/networking/lookingglass PLANNED | roadmap |
| POST | /v1/storage/volumes PLANNED | roadmap |
| GET | /v1/storage/volumes PLANNED | roadmap |
| POST | /v1/storage/volumes/{id}/attach PLANNED | roadmap |
| POST | /v1/storage/volumes/{id}/detach PLANNED | roadmap |
| POST | /v1/storage/volumes/{id}/resize PLANNED | roadmap |
| POST | /v1/images/iso/upload PLANNED | roadmap |
| POST | /v1/images/templates PLANNED | roadmap |
| GET | /v1/images/templates PLANNED | roadmap |
| POST | /v1/webhooks LIVE | |
| GET | /v1/webhooks LIVE | |
| DELETE | /v1/webhooks/{id} LIVE | |
| POST | /v1/webhooks/{id}/test LIVE |
| GET | /v1/transparency/canary LIVE | |
| GET | /v1/transparency/peering LIVE | |
| GET | /v1/transparency/status LIVE | |
| GET | /v1/transparency/incidents PLANNED | roadmap |
| GET | /v1/agents/directory LIVE | |
| POST | /v1/agents/directory LIVE |
| POST | /v1/oauth/register LIVE | |
| POST | /v1/oauth/token LIVE | |
| POST | /v1/oauth/revoke LIVE | |
| GET | /v1/oauth/introspect LIVE |
All endpoints follow JSON in / JSON out, pagination by ?page= & ?per_page=, filtering by ?filter[field]= and field selection by ?fields=. Every request can carry an Idempotency-Key header.
Short-lived JWT issued by POST /v1/auth/login. Carries scope claims and a session-revocation ID. Refreshable for 30 days via /v1/auth/token/refresh.
Authorization: Bearer eyJhbGciOi••••
Scopes: read-only, billing-read, billing-write, servers-read, servers-write, full. Optional IP allowlist (CIDR), optional expiry. Recommended for CI and infrastructure scripts.
Authorization: Bearer nb_live_3f9c2a••••
Pin an mTLS client certificate to an API key. Requests that present the wrong client certificate are rejected at the TLS layer before any application logic runs. Available on request via the panel.
curl --cert client.pem --key client.key https://nordbastion.com/v1/servers
Set X-NB-Sign: 1 on any request. The response body is wrapped in a detached PGP cleartext signature using the NordBastion key (fingerprint at /pgp/). Used by compliance pipelines that mistrust the TLS chain alone.
curl -H "X-NB-Sign: 1" -H "Authorization: Bearer ..." https://nordbastion.com/v1/transparency/canary
NordBastion does not collect identity at signup, and the API does not change that floor. There is no SMS verification webhook, no email-confirmation flow, no identity-document upload endpoint. The API exposes money, machines and metadata — that is the whole surface area.
Every response carries X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset. Higher tiers are available on request from the panel.
Endpoints are URL-versioned under /v1/. Breaking changes only ship in a new major version. The previous major remains supported for at least twelve months. Deprecated endpoints carry Sunset and Deprecation response headers.
Sunset: Wed, 01 Jul 2027 00:00:00 GMT
Deprecation: true
{
"error": {
"type": "invalid_request",
"code": "invalid_bastion",
"message": "Unknown bastion 'mxp'.",
"request_id": "req_2VqK8e...",
"doc_url": "https://nordbastion.com/api/#errors"
}
}Every event payload is HMAC-signed with your webhook secret. Three retry attempts with exponential backoff over an hour, then dropped. Test deliveries available from POST /v1/webhooks/{id}/test.
Balance dropped below the configured threshold.
Crypto top-up address generated, waiting for first confirmation.
Top-up settled on-chain. Balance credited.
Top-up address expired without confirmation.
Monthly invoice issued. PDF + PGP-signed PDF available.
Provisioning started — image being written.
Server is booted and reachable on SSH.
Server powered on (manual or scheduled).
Server powered off (manual or scheduled).
OS reinstalled. Root password rotated.
VPS tier changed. Applied on the next reboot.
Server moved to another bastion via snapshot redeploy.
Server terminated. Pro-rated credit returned.
Snapshot completed and is downloadable.
Snapshot restored in place.
Snapshot removed.
Block volume attached to a server.
Block volume detached.
Firewall ruleset applied to one or more servers.
Warrant canary reaffirmed (first of every month).
Operational incident opened on a bastion or shared service.
Operational incident closed.
AS213232 peering or prefix announcement updated.
Most cloud APIs expose products and billing. NordBastion also exposes its own transparency surface — programmatically. The same warrant canary that is published at /warrant-canary/ is available as a signed JSON payload at /v1/transparency/canary. The same incident history that drives /status/ is at /v1/transparency/incidents. The same peering record that lives on /peering/ is at /v1/transparency/peering. The same AS213232 prefix announcements are queryable in real time.
Subscribe to the canary.updated webhook and you get a push notification the first day of every month — if it stops firing, the canary is broken, and you know without polling. Build the alert yourself, in your own infrastructure, with the cryptographic signature you can verify offline against the published PGP key.
This is the part of the API that no commercial cloud has, because no commercial cloud has the doctrine to back it.
The questions a developer asks before committing infrastructure to a host's API.
Yes — every action you can take in the control panel has an API equivalent today or on the published roadmap, and the API itself is gated by the same authenticated panel account: an email and a password. No identity verification is required to obtain or use API credentials.
Four official SDKs and one CLI. Python (pip install nordbastion), TypeScript / Node (npm install @nordbastion/api), Go (go install go.nordbastion.com/cli/nb@latest), Rust (cargo add nordbastion) and a single-binary cross-platform CLI (nb) installable via curl. All SDKs are MIT-licensed and source-available.
Yes. POST /v1/billing/topups creates a top-up intent and returns a per-coin destination address, QR code and expiry timestamp. When the network confirms the payment, your prepaid balance is credited automatically and a topup.confirmed webhook fires. Twelve cryptocurrencies are supported, listed at /v1/billing/coins.
The clearnet endpoint api.nordbastion.com is Tor-friendly today with no special-case rate limits or anti-Tor blocking. A v3 onion mirror of the API surface is on the panel roadmap and will share the same TLS-certified material via Onion-Location response headers when it ships.
You can opt your API key into PGP-signed response bodies. Each JSON response is wrapped in a detached cleartext PGP signature using the NordBastion key (fingerprint at /pgp/). The wrapping is verifiable offline and is useful for compliance and source-attestation in environments that mistrust the TLS chain alone.
Per API key. The published baseline is 1000 read requests per minute and 100 write requests per minute, plus 10 requests per minute on auth-sensitive endpoints (login, password reset, key creation). Every response carries X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers; 429 responses include a Retry-After header. Verified developer accounts can request higher tiers from the panel.
Endpoints are URL-versioned under /v1/. Breaking changes only ship in a new major version (/v2/, /v3/) and the previous major remains supported for at least twelve months after the next is released. Deprecated endpoints carry a Sunset header with the cut-off date and a Deprecation: true header on every response.
Because the NordBastion doctrine says we log only what we must. Operational request metrics live for the rolling window the rate-limiter needs and then expire; a per-customer audit log of API actions is more data than we need to run the platform, so it is off by default. Customers who want it can enable /v1/account/audit-log; once enabled it covers panel + API equally and can be exported.