Email + password, no KYC. Returns a 24-hour access token straight away — no email confirmation step.
curl -sS https://nordbastion.com/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]","password":"••••••••••••"}'Open a per-coin invoice. The response carries a deposit address, QR code and expiry timestamp.
amount_usd must be between $30 and $10,000 (server-enforced). Lower returns HTTP 422 amount_too_low, higher returns amount_too_high.
curl -sS https://nordbastion.com/v1/billing/topups \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{"amount_usd":50,"coin":"xmr"}'Pick a tier (service_code), a bastion and an image. Server is booted with SSH in about ninety seconds.
curl -sS https://nordbastion.com/v1/servers \
-H "Authorization: Bearer $TOKEN" \
-d '{"service_code":"NB-V3","bastion":"STO","image":"debian-12"}'每个 SDK 均为 MIT 许可、源代码可用、从 v1.0 起遵循 semver 稳定版本。所有 SDK 共享相同的认证客户端接口——用任意语言列出服务器。
These SDKs are planned for v1.1. The REST API at /v1/* is fully usable from any HTTP client today — see the agents page for cURL and MCP examples.
pip install nordbastion
from nordbastion import Client
nb = Client(api_key="nb_live_••••")
for s in nb.servers.list():
print(s.id, s.name, s.status)npm i @nordbastion/api
import { NordBastion } from '@nordbastion/api';
const nb = new NordBastion({ apiKey: 'nb_live_••••' });
const servers = await nb.servers.list();
servers.forEach(s => console.log(s.id, s.name, s.status));go get go.nordbastion.com/api
import nb "go.nordbastion.com/api"
c := nb.New(nb.WithAPIKey("nb_live_••••"))
servers, _ := c.Servers.List(ctx)
for _, s := range servers {
fmt.Println(s.ID, s.Name, s.Status)
}cargo add nordbastion
use nordbastion::Client;
let nb = Client::builder()
.api_key("nb_live_••••").build()?;
for s in nb.servers().list().await? {
println!("{} {} {}", s.id, s.name, s.status);
}curl -sSL https://get.nordbastion.com | sh
nb auth login --api-key nb_live_••••
nb servers list
nb servers create --tier NB-V3 --bastion STO
nb servers snap NB-srv-1234 --name pre-upgradeREST API 与任何 HTTP 客户端兼容。JSON 请求和响应体,JWT bearer 或限定范围的 API 密钥,已签名的 webhook 载荷。无 SDK 锁定。
curl -H "Authorization: Bearer nb_live_••••" https://nordbastion.com/v1/servers
| POST | /v1/auth/register LIVE | |
| POST | /v1/auth/login LIVE | |
| POST | /v1/auth/login/totp LIVE | |
| POST | /v1/auth/token/refresh LIVE | |
| POST | /v1/auth/recover LIVE | |
| GET | /v1/auth/sessions LIVE | |
| DELETE | /v1/auth/sessions/{token_id} LIVE | |
| POST | /v1/auth/totp/setup LIVE | |
| POST | /v1/auth/totp/enable LIVE | |
| POST | /v1/auth/totp/disable LIVE | |
| POST | /v1/auth/password LIVE | |
| POST | /v1/auth/api-keys LIVE | |
| GET | /v1/auth/api-keys LIVE | |
| DELETE | /v1/auth/api-keys/{key_id} LIVE |
| GET | /v1/account LIVE | |
| PATCH | /v1/account LIVE | |
| GET | /v1/account/balance LIVE | |
| GET | /v1/account/usage LIVE | |
| GET | /v1/account/audit-log LIVE |
| POST | /v1/billing/topups LIVE | |
| GET | /v1/billing/topups LIVE | |
| GET | /v1/billing/topups/{order_number} LIVE | |
| POST | /v1/billing/topups/{order_number}/cancel LIVE | |
| GET | /v1/billing/bonus-tiers LIVE | |
| GET | /v1/billing/coins LIVE | |
| GET | /v1/billing/invoices PLANNED | roadmap |
| GET | /v1/billing/invoices/{id} PLANNED | roadmap |
| GET | /v1/catalog LIVE | |
| GET | /v1/catalog/vps LIVE | |
| GET | /v1/catalog/dedicated LIVE | |
| GET | /v1/catalog/bastions LIVE | |
| GET | /v1/catalog/images LIVE | |
| GET | /v1/catalog/{code} LIVE | |
| GET | /v1/catalog/iso PLANNED | roadmap |
| POST | /v1/servers LIVE | |
| GET | /v1/servers LIVE | |
| GET | /v1/servers/{order_number} LIVE | |
| PATCH | /v1/servers/{order_number} LIVE | |
| DELETE | /v1/servers/{order_number} LIVE | |
| POST | /v1/servers/{id}/power PLANNED | roadmap |
| POST | /v1/servers/{id}/reinstall PLANNED | roadmap |
| POST | /v1/servers/{id}/rescue PLANNED | roadmap |
| POST | /v1/servers/{id}/resize PLANNED | roadmap |
| POST | /v1/servers/{id}/migrate PLANNED | roadmap |
| POST | /v1/servers/{id}/password-reset PLANNED | roadmap |
| GET | /v1/servers/{id}/metrics PLANNED | roadmap |
| GET | /v1/servers/{id}/console PLANNED | roadmap |
| GET | /v1/servers/{id}/serial PLANNED | roadmap |
| POST | /v1/servers/{id}/snapshots PLANNED | roadmap |
| GET | /v1/servers/{id}/snapshots PLANNED | roadmap |
| POST | /v1/servers/{id}/snapshots/{snapId}/restore PLANNED | roadmap |
| DELETE | /v1/servers/{id}/snapshots/{snapId} PLANNED | roadmap |
| POST | /v1/servers/{id}/snapshots/{snapId}/export PLANNED | roadmap |
| POST | /v1/ssh-keys LIVE | |
| GET | /v1/ssh-keys LIVE | |
| GET | /v1/ssh-keys/{id} LIVE | |
| DELETE | /v1/ssh-keys/{id} LIVE |
| GET | /v1/networking/ips PLANNED | roadmap |
| POST | /v1/networking/ips/floating PLANNED | roadmap |
| POST | /v1/networking/rdns PLANNED | roadmap |
| POST | /v1/networking/firewall PLANNED | roadmap |
| GET | /v1/networking/firewall PLANNED | roadmap |
| POST | /v1/networking/private-network PLANNED | roadmap |
| POST | /v1/networking/byoip PLANNED | roadmap |
| POST | /v1/networking/lookingglass PLANNED | roadmap |
| POST | /v1/storage/volumes PLANNED | roadmap |
| GET | /v1/storage/volumes PLANNED | roadmap |
| POST | /v1/storage/volumes/{id}/attach PLANNED | roadmap |
| POST | /v1/storage/volumes/{id}/detach PLANNED | roadmap |
| POST | /v1/storage/volumes/{id}/resize PLANNED | roadmap |
| POST | /v1/images/iso/upload PLANNED | roadmap |
| POST | /v1/images/templates PLANNED | roadmap |
| GET | /v1/images/templates PLANNED | roadmap |
| POST | /v1/webhooks LIVE | |
| GET | /v1/webhooks LIVE | |
| DELETE | /v1/webhooks/{id} LIVE | |
| POST | /v1/webhooks/{id}/test LIVE |
| GET | /v1/transparency/canary LIVE | |
| GET | /v1/transparency/peering LIVE | |
| GET | /v1/transparency/status LIVE | |
| GET | /v1/transparency/incidents PLANNED | roadmap |
| GET | /v1/agents/directory LIVE | |
| POST | /v1/agents/directory LIVE |
| POST | /v1/oauth/register LIVE | |
| POST | /v1/oauth/token LIVE | |
| POST | /v1/oauth/revoke LIVE | |
| GET | /v1/oauth/introspect LIVE |
所有端点遵循 JSON 输入/JSON 输出,分页使用 ?page= 和 ?per_page=,过滤使用 ?filter[field]=,字段选择使用 ?fields=。每个请求均可携带 Idempotency-Key 头。
通过 POST /v1/auth/login 签发的短期 JWT。携带权限声明和会话撤销 ID。可通过 /v1/auth/token/refresh 在 30 天内刷新。
Authorization: Bearer eyJhbGciOi••••
权限范围:只读、账单读取、账单写入、服务器读取、服务器写入、完全权限。可选 IP 白名单(CIDR),可选有效期。推荐用于 CI 和基础设施脚本。
Authorization: Bearer nb_live_3f9c2a••••
将 mTLS 客户端证书绑定到 API 密钥。提交错误客户端证书的请求在任何应用逻辑运行之前就在 TLS 层被拒绝。可通过面板申请。
curl --cert client.pem --key client.key https://nordbastion.com/v1/servers
在任意请求上设置 X-NB-Sign: 1。响应体将使用 NordBastion 密钥(指纹见 /pgp/)封装为分离式 PGP 明文签名。适用于不完全信任 TLS 链的合规管道。
curl -H "X-NB-Sign: 1" -H "Authorization: Bearer ..." https://nordbastion.com/v1/transparency/canary
NordBastion 在注册时不收集身份信息,API 不改变这一底线。没有 SMS 验证 webhook,没有邮箱确认流程,没有身份证件上传端点。API 暴露的是资金、机器和元数据——这就是全部接触面。
每个响应均携带 X-RateLimit-Limit、X-RateLimit-Remaining、X-RateLimit-Reset。更高限额可通过面板申请。
端点在 /v1/ 下进行 URL 版本控制。破坏性变更仅在新主版本中发布。前一主版本至少支持十二个月。已弃用的端点携带 Sunset 和 Deprecation 响应头。
Sunset: Wed, 01 Jul 2027 00:00:00 GMT
Deprecation: true
{
"error": {
"type": "invalid_request",
"code": "invalid_bastion",
"message": "Unknown bastion 'mxp'.",
"request_id": "req_2VqK8e...",
"doc_url": "https://nordbastion.com/api/#errors"
}
}每个事件负载均使用你的 webhook 密钥进行 HMAC 签名。在一小时内进行三次指数退避重试,之后丢弃。可通过 POST /v1/webhooks/{id}/test 进行测试投递。
Balance dropped below the configured threshold.
Crypto top-up address generated, waiting for first confirmation.
Top-up settled on-chain. Balance credited.
Top-up address expired without confirmation.
Monthly invoice issued. PDF + PGP-signed PDF available.
Provisioning started — image being written.
Server is booted and reachable on SSH.
Server powered on (manual or scheduled).
Server powered off (manual or scheduled).
OS reinstalled. Root password rotated.
VPS tier changed. Applied on the next reboot.
Server moved to another bastion via snapshot redeploy.
Server terminated. Pro-rated credit returned.
Snapshot completed and is downloadable.
Snapshot restored in place.
Snapshot removed.
Block volume attached to a server.
Block volume detached.
Firewall ruleset applied to one or more servers.
Warrant canary reaffirmed (first of every month).
Operational incident opened on a bastion or shared service.
Operational incident closed.
AS213232 peering or prefix announcement updated.
大多数云 API 暴露产品和计费信息。NordBastion 也以编程方式暴露自己的透明度界面。发布于 /warrant-canary/ 的相同金丝雀声明可作为签名 JSON 负载在 /v1/transparency/canary 获取。驱动 /status/ 的相同事件历史在 /v1/transparency/incidents。位于 /peering/ 的相同对等互联记录在 /v1/transparency/peering。相同的 AS213232 前缀公告可实时查询。
订阅 canary.updated webhook,每月第一天您将收到推送通知——若推送停止,金丝雀已断,无需轮询即可知晓。在您自己的基础设施中构建告警,使用可离线对照已发布 PGP 密钥验证的加密签名。
这是任何商业云都不具备的 API 部分,因为没有任何商业云有原则立场支撑它。
开发者在将基础设施对接主机 API 之前必问的问题。
是——控制面板中您能执行的每个操作,今天或在已发布的路线图中均有对应的 API 等效方式,API 本身由相同的已认证控制面板账户(电子邮件和密码)守护。获取或使用 API 凭证无需身份验证。
四个官方 SDK 和一个 CLI。Python(pip install nordbastion)、TypeScript / Node(npm install @nordbastion/api)、Go(go install go.nordbastion.com/cli/nb@latest)、Rust(cargo add nordbastion)以及可通过 curl 安装的单二进制跨平台 CLI(nb)。所有 SDK 均为 MIT 许可且源代码可用。
是的。POST /v1/billing/topups 创建充值意图并返回每种币种的目标地址、二维码和到期时间戳。网络确认支付后,您的预付余额自动到账,并触发 topup.confirmed webhook。支持十二种加密货币,列表见 /v1/billing/coins。
明网端点 api.nordbastion.com 目前对 Tor 友好,无特殊速率限制或反 Tor 封锁。API 的 v3 onion 镜像在控制面板路线图中,上线时将通过 Onion-Location 响应头共享相同的 TLS 认证内容。
您可以为 API 密钥选择启用 PGP 签名响应体。每个 JSON 响应使用 NordBastion 密钥(指纹见 /pgp/)封装为分离式明文 PGP 签名。该封装可离线验证,适用于不完全信任 TLS 链的合规和来源证明场景。
按 API 密钥计。已发布的基准为每分钟 1000 个读取请求和 100 个写入请求,加上认证敏感端点(登录、密码重置、密钥创建)每分钟 10 个请求。每个响应携带 X-RateLimit-Limit、X-RateLimit-Remaining 和 X-RateLimit-Reset 头;429 响应包含 Retry-After 头。已验证的开发者账户可通过面板申请更高限额。
端点在 /v1/ 下进行 URL 版本控制。破坏性变更仅在新主版本(/v2/、/v3/)中发布,前一主版本在下一版本发布后至少支持十二个月。已弃用的端点在每个响应上携带包含截止日期的 Sunset 头和 Deprecation: true 头。
因为 NordBastion 的原则是只记录必须记录的内容。运营请求指标在速率限制器所需的滚动窗口内存在,之后过期;每个客户的 API 操作审计日志所包含的数据超出运营平台的需要,因此默认关闭。需要的客户可以启用 /v1/account/audit-log;一旦启用,它同等覆盖面板和 API,并可导出。