API Overview
Reoclo provides programmatic access through API keys. The dashboard handles most operations, but you can automate workflows using the API directly.
For Your Organization
Section titled “For Your Organization”The dashboard handles most operations automatically. For programmatic access, use API keys.
Reoclo receives webhooks from GitHub (push events, installations, etc.). You don’t need to configure webhooks manually. The GitHub App handles this automatically.
Authentication
Section titled “Authentication”Reoclo supports two authentication mechanisms, each with its own use case:
- OAuth 2.0 (device flow) — for IDEs, MCP servers, scripts, and any interactive programmatic use. Run
reoclo loginto authenticate; the CLI handles token refresh automatically. No keys to mint or paste. - Automation Keys (
rca_prefix) — for CI/CD systems like GitHub Actions and unattended scripts. Scoped to specific servers and operations with optional IP allowlist and rate limiting. Create them from Automation Keys in the dashboard sidebar.
Tenant Integration Keys (rk_t_*) have been retired. Existing integrations should migrate to reoclo login for interactive use or Automation Keys for CI/CD. See the API Keys guide.
Example request (interactive)
Section titled “Example request (interactive)”After reoclo login, call the CLI directly:
reoclo servers ls -o jsonExample request (Automation Key)
Section titled “Example request (Automation Key)”curl -X POST https://api.reoclo.com/api/automation/v1/exec \ -H "Authorization: Bearer rca_your_key_here" \ -H "Content-Type: application/json" \ -d '{"server_id": "your-server-id", "command": "docker compose up -d"}'Security
Section titled “Security”- API keys are scoped to an organization (you can’t access other organizations’ resources)
- API keys don’t expire (until you revoke them)
- API keys can be revoked at any time in the dashboard
- Each key has a name for easy identification
Revoking API Keys
Section titled “Revoking API Keys”If an API key is compromised:
- Navigate to Settings → API Keys
- Find the key in the list
- Click “Revoke”
The key is invalidated immediately. Any requests using that key will fail with a 401 Unauthorized error.
Automation API
Section titled “Automation API”The Automation API is a versioned external API designed for CI/CD integration. It lets you execute operations on your servers from GitHub Actions, GitLab CI, Jenkins, or any system that can make HTTP requests.
Key differences from regular API keys:
| API Keys | Automation API Keys | |
|---|---|---|
| Auth header | X-API-Key | Authorization: Bearer rca_... |
| Scope | Full organization access | Scoped to specific servers and operations |
| IP restriction | No | Optional IP allowlist |
| Rate limiting | Global (100 req/min) | Per-key, configurable (default 100 req/min) |
| Audit trail | Standard | Enhanced with CI run context |
Create automation keys in the dashboard: navigate to API Keys, select the Automation Keys tab, and click Create Key.
For full endpoint documentation, see the Automation API reference.
For a step-by-step setup guide with GitHub Actions, see GitHub Actions Integration.
MCP Server
Section titled “MCP Server”The Reoclo CLI’s embedded MCP server lets AI coding tools manage your infrastructure directly — servers, applications, deployments, domains, logs, monitors, status pages, and scheduled operations. It works with Claude Code, Cursor, Windsurf, VS Code, Zed, JetBrains, Cline, and any MCP-compatible client.
See the MCP Server Setup guide for step-by-step instructions for your editor.
Common Operations
Section titled “Common Operations”Here are the most common operations you might want to automate:
List Servers
Section titled “List Servers”GET /api/serversReturns all servers in your organization.
List Applications
Section titled “List Applications”GET /api/applicationsReturns all applications in your organization.
Trigger a Deployment
Section titled “Trigger a Deployment”POST /api/tenants/{tenant_id}/applications/{application_id}/deployTriggers a deployment for the specified application. This schedules the deployment and returns immediately. Poll the deployment status to see when it completes.
View Deployment History
Section titled “View Deployment History”GET /api/tenants/{tenant_id}/applications/{application_id}/deploymentsReturns deployment history for the specified application, including status, duration, and commit information.
Manage Environment Variables
Section titled “Manage Environment Variables”POST /api/tenants/{tenant_id}/applications/{application_id}/envAdd or update environment variables for an application. Remember that environment variables are write-only after saving. You can’t read them back.
Webhook Integration
Section titled “Webhook Integration”Reoclo’s GitHub App receives webhooks automatically. You don’t need to configure webhooks manually.
How It Works
Section titled “How It Works”- You install the Reoclo GitHub App on your organization or repositories
- GitHub sends webhooks to Reoclo when events occur (pushes, installations, etc.)
- Reoclo processes the webhooks and takes action (e.g., triggering auto-deploy on push)
Supported Events
Section titled “Supported Events”- Push events: Trigger auto-deploy (if enabled for the application)
- Installation events: Manage repository access when you install or uninstall the GitHub App
- Repository events: Sync repository metadata when you add or remove repositories
All of this happens automatically. You don’t need to configure webhook URLs or secrets.
Rate Limiting
Section titled “Rate Limiting”API requests are rate-limited to prevent abuse:
- 100 requests per minute per API key
- 1000 requests per hour per API key
If you exceed the rate limit, you’ll get a 429 Too Many Requests response. Wait a minute and try again.
For higher rate limits, contact support.
Next Steps
Section titled “Next Steps”- MCP Server Setup for editor-specific setup instructions
- Generate your first API key to start automating deployments
- Automation API reference for CI/CD endpoint documentation
- GitHub Actions Integration to set up
@reoclo/runand@reoclo/checkout - Understand access control to see how API keys are scoped to organizations
- Set up auto-deploy to trigger deployments automatically on git push