Skip to content

API Overview

Reoclo provides programmatic access through API keys. The dashboard handles most operations, but you can automate workflows using the API directly.

The dashboard handles most operations automatically. For programmatic access, use API keys.

Reoclo receives webhooks from GitHub (push events, installations, etc.). You don’t need to configure webhooks manually. The GitHub App handles this automatically.

Reoclo supports two authentication mechanisms, each with its own use case:

  • OAuth 2.0 (device flow) — for IDEs, MCP servers, scripts, and any interactive programmatic use. Run reoclo login to authenticate; the CLI handles token refresh automatically. No keys to mint or paste.
  • Automation Keys (rca_ prefix) — for CI/CD systems like GitHub Actions and unattended scripts. Scoped to specific servers and operations with optional IP allowlist and rate limiting. Create them from Automation Keys in the dashboard sidebar.

Tenant Integration Keys (rk_t_*) have been retired. Existing integrations should migrate to reoclo login for interactive use or Automation Keys for CI/CD. See the API Keys guide.

After reoclo login, call the CLI directly:

Terminal window
reoclo servers ls -o json
Terminal window
curl -X POST https://api.reoclo.com/api/automation/v1/exec \
-H "Authorization: Bearer rca_your_key_here" \
-H "Content-Type: application/json" \
-d '{"server_id": "your-server-id", "command": "docker compose up -d"}'
  • API keys are scoped to an organization (you can’t access other organizations’ resources)
  • API keys don’t expire (until you revoke them)
  • API keys can be revoked at any time in the dashboard
  • Each key has a name for easy identification

If an API key is compromised:

  1. Navigate to Settings → API Keys
  2. Find the key in the list
  3. Click “Revoke”

The key is invalidated immediately. Any requests using that key will fail with a 401 Unauthorized error.

The Automation API is a versioned external API designed for CI/CD integration. It lets you execute operations on your servers from GitHub Actions, GitLab CI, Jenkins, or any system that can make HTTP requests.

Key differences from regular API keys:

API KeysAutomation API Keys
Auth headerX-API-KeyAuthorization: Bearer rca_...
ScopeFull organization accessScoped to specific servers and operations
IP restrictionNoOptional IP allowlist
Rate limitingGlobal (100 req/min)Per-key, configurable (default 100 req/min)
Audit trailStandardEnhanced with CI run context

Create automation keys in the dashboard: navigate to API Keys, select the Automation Keys tab, and click Create Key.

For full endpoint documentation, see the Automation API reference.

For a step-by-step setup guide with GitHub Actions, see GitHub Actions Integration.

The Reoclo CLI’s embedded MCP server lets AI coding tools manage your infrastructure directly — servers, applications, deployments, domains, logs, monitors, status pages, and scheduled operations. It works with Claude Code, Cursor, Windsurf, VS Code, Zed, JetBrains, Cline, and any MCP-compatible client.

See the MCP Server Setup guide for step-by-step instructions for your editor.

Here are the most common operations you might want to automate:

Terminal window
GET /api/servers

Returns all servers in your organization.

Terminal window
GET /api/applications

Returns all applications in your organization.

Terminal window
POST /api/tenants/{tenant_id}/applications/{application_id}/deploy

Triggers a deployment for the specified application. This schedules the deployment and returns immediately. Poll the deployment status to see when it completes.

Terminal window
GET /api/tenants/{tenant_id}/applications/{application_id}/deployments

Returns deployment history for the specified application, including status, duration, and commit information.

Terminal window
POST /api/tenants/{tenant_id}/applications/{application_id}/env

Add or update environment variables for an application. Remember that environment variables are write-only after saving. You can’t read them back.

Reoclo’s GitHub App receives webhooks automatically. You don’t need to configure webhooks manually.

  1. You install the Reoclo GitHub App on your organization or repositories
  2. GitHub sends webhooks to Reoclo when events occur (pushes, installations, etc.)
  3. Reoclo processes the webhooks and takes action (e.g., triggering auto-deploy on push)
  • Push events: Trigger auto-deploy (if enabled for the application)
  • Installation events: Manage repository access when you install or uninstall the GitHub App
  • Repository events: Sync repository metadata when you add or remove repositories

All of this happens automatically. You don’t need to configure webhook URLs or secrets.

API requests are rate-limited to prevent abuse:

  • 100 requests per minute per API key
  • 1000 requests per hour per API key

If you exceed the rate limit, you’ll get a 429 Too Many Requests response. Wait a minute and try again.

For higher rate limits, contact support.