API Overview

Quazzar exposes two distinct REST APIs for different parts of the platform. The Cloud OS API runs on each Quazzar Cloud OS instance and manages apps, system resources, backups, domains, VPN, and more. The Control Panel API is the centralized management plane that handles fleet management, billing, governance, and multi-instance orchestration.

Cloud OS API

The Cloud OS API runs on every Quazzar Cloud OS instance. The base URL is the instance address itself:


http://localhost:8080/api/

Replace localhost:8080 with the actual host and port of your Cloud OS instance. If the built-in reverse proxy is enabled with HTTPS, use the configured domain:


https://cloud.example.com/api/

All Cloud OS API endpoints use the /api/ prefix with no version number in the path.

Control Panel API

The Control Panel API is the centralized SaaS management plane. The base URL is:


https://panel.quazzar.cloud/api/

Replace panel.quazzar.cloud with your Control Panel domain if self-hosting. All endpoints are tenant-scoped and require a valid JWT bearer token.

Authentication

Both APIs use JWT bearer tokens for authentication. The Cloud OS API also supports API keys with the qzr_ prefix. See Authentication for complete details on both authentication systems.

Response Format

Both APIs return JSON responses. Successful responses use standard HTTP status codes:

Status	Meaning
`200 OK`	Request succeeded
`201 Created`	Resource created
`204 No Content`	Request succeeded, no body returned

Successful responses with a body return the resource directly:


{
  "id": "app_abc123",
  "name": "my-nextcloud",
  "status": "running",
  "created_at": "2025-01-15T10:30:00Z"
}

List endpoints return an array of items:


[
  {
    "id": "app_abc123",
    "name": "my-nextcloud",
    "status": "running"
  },
  {
    "id": "app_def456",
    "name": "my-gitea",
    "status": "stopped"
  }
]

Error Format

Error responses include an error field with a human-readable message:


{
  "error": "App not found"
}

Validation errors may include additional detail:


{
  "error": "Validation failed",
  "details": {
    "name": "Name is required",
    "port": "Port must be between 1 and 65535"
  }
}

Error Codes

Status	Meaning
`400 Bad Request`	Invalid request body or parameters
`401 Unauthorized`	Missing or invalid authentication
`403 Forbidden`	Insufficient permissions
`404 Not Found`	Resource does not exist
`409 Conflict`	Resource already exists or conflicts with current state
`422 Unprocessable Entity`	Validation error
`429 Too Many Requests`	Rate limit exceeded
`500 Internal Server Error`	Unexpected server error

Rate Limiting

Both APIs enforce rate limiting to protect against abuse. Rate limit headers are included in every response:


X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1709312400

When you exceed the limit, the API returns 429 Too Many Requests with a Retry-After header indicating how many seconds to wait.

Default rate limits:

API	Limit
Cloud OS API	100 requests per minute per client
Control Panel API	200 requests per minute per tenant

Rate limits can be adjusted in the Cloud OS configuration file. See the Configuration guide for details.

Next Steps

Authentication — learn how to authenticate with both APIs
Cloud OS API — complete Cloud OS endpoint reference
Control Panel API — complete Control Panel endpoint reference
Webhooks — receive event notifications from Cloud OS