The veldhost API lets you script everything the portal buttons do: deploys, logs, health, staging, cron, backups, domains and DNS. It powers the mpc CLI and works from any HTTP client, CI pipeline or AI agent.
Authentication
Create a token under API tokens and send it as a bearer token:
curl -H "Authorization: Bearer mpc_..." https://manage.veldhost.eu/api/v1/sites
When you create a token you choose which apps it can touch and what it may do: read (always on), deploy, manage (staging, cron, backups & restore) and dns. Rate limit: 120 requests/minute. A machine-readable spec lives at /api/v1/openapi.json.
Sites
GET /api/v1/sites your sites: state, url, health, deploy_state
POST /api/v1/sites/{slug}/deploy deploy from git ({"ref": "main"} optional)
GET /api/v1/sites/{slug}/deploys deploy history
GET /api/v1/sites/{slug}/logs?log=app last 200 lines (app, php, nginx-error, access)
GET /api/v1/sites/{slug}/health live health + open incidents
GET /api/v1/sites/{slug}/traffic disk + monthly traffic
Backups & staging
GET /api/v1/sites/{slug}/backups list restore points
POST /api/v1/sites/{slug}/backups back up now
POST /api/v1/sites/{slug}/restore {"backup_id": 12} — replaces live content
GET /api/v1/sites/{slug}/staging staging status + url
POST /api/v1/sites/{slug}/staging {"action": "create" | "refresh" | "off"}
Staging is owner-only and billed on plans that don't include it — the same rules as the portal.
Scheduled tasks
GET /api/v1/sites/{slug}/cron list jobs with their index
POST /api/v1/sites/{slug}/cron {"schedule": "*/5 * * * *", "command": "php artisan queue:work"}
DELETE /api/v1/sites/{slug}/cron/{index} remove a job
Domains & DNS
GET /api/v1/domains registered domains: expiry, auto-renew, DNSSEC
GET /api/v1/dns your DNS zones
GET /api/v1/dns/{zone}/records zone records
POST /api/v1/dns/{zone}/records {"name": "www", "type": "CNAME", "ttl": 3600, "content": "example.com."}
PUT /api/v1/dns/{zone}/records/{id} update a record
DELETE /api/v1/dns/{zone}/records/{id} delete a record
DNS changes are live on our nameservers in under a second.
What the API deliberately won't do
Anything that spends money or needs a legal consent stays with you: POST /api/v1/sites validates and prices a new site, then returns a continue_url into the portal where you review the cost and confirm — the API never charges, and destructive account actions (deleting a site, disconnecting a domain) aren't exposed at all.