🚀 Noida region now live — deploy in 43 seconds.See plans
SparrowHost
← Back to SparrowHost

API Reference

v1

The SparrowHost REST API lets you deploy, manage, and delete cloud servers programmatically. Authenticate with an API key generated from your dashboard.

Base URL: https://api.sparrowhost.netContent-Type: application/json

Introduction

The SparrowHost API is a REST API that gives you full programmatic control over your cloud infrastructure. Every action available in the dashboard — deploying servers, starting and stopping instances, viewing invoices — is available through the API.

All requests are made over HTTPS to https://api.sparrowhost.net. Requests and responses use JSON. All monetary values are in Indian Rupees (₹ / INR).

⚠ī¸A minimum account balance of ₹1,000 is required before you can deploy any servers — both via the dashboard and the API.

Authentication

The API uses Bearer token authentication. Pass your API key in the Authorization header with every request.

Authorization: Bearer sph_your_api_key_here

Getting an API key

API keys are generated from the SparrowHost dashboard:

  1. Log in to your SparrowHost dashboard.
  2. Navigate to Account → API Keys.
  3. Click + Create API Key.
  4. Give your key a name, select the required scopes, and optionally set an IP allowlist or expiry date.
  5. Copy the key — it is shown only once. Store it securely (e.g., an environment variable).
⚠ī¸Never commit API keys to source control. Use environment variables or a secrets manager.

Key format

API keys always start with the prefix sph_ followed by 48 hex characters (192 bits of entropy). Example:

sph_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6

IP allowlisting

When creating a key you can restrict it to specific IPv4 or IPv6 addresses. Requests arriving from unlisted IPs will be rejected with a 403 Forbidden response.

Key expiry

Keys can have an optional expiry date. Expired keys return 401 Unauthorized. You can also revoke a key at any time from the dashboard.

Scopes

Every API key has one or more scopes that determine what actions it can perform. Select only the scopes your use-case needs (principle of least privilege).

ScopeDescriptionEndpoints
vps:readList and view serversGET /servers, GET /servers/:id
vps:writeStart, stop, reboot, shutdown, rename serversPOST /servers/:id/actions, PATCH /servers/:id
vps:deployCreate new servers (requires ₹1,000 balance)POST /servers
vps:deletePermanently delete serversDELETE /servers/:id
billing:readView account balance and invoices (returned in /account)GET /account
ℹī¸GET /api/v1/account does not require a scope — any valid key can call it.

Rate Limits

The API enforces rate limits per API key to ensure fair usage.

LimitValue
Requests per minute (per key)120
Concurrent deploys5
Max API keys per account10

When you exceed the rate limit, the API returns 429 Too Many Requests. Back off exponentially and retry.

Responses & Errors

Success envelope

All successful responses are wrapped in a standard envelope:

{
  "success": true,
  "data": { ... }
}

Error envelope

{
  "success": false,
  "message": "Human-readable error description"
}

HTTP status codes

CodeMeaning
200 OKRequest succeeded.
201 CreatedResource was created (e.g., server deployed).
400 Bad RequestMissing or invalid request parameters.
401 UnauthorizedAPI key is missing, invalid, expired, or revoked.
402 Payment RequiredAccount balance too low (minimum ₹1,000 required).
403 ForbiddenKey lacks the required scope, or request IP not in allowlist.
404 Not FoundThe requested resource does not exist.
409 ConflictOperation conflicts with the current resource state.
429 Too Many RequestsRate limit exceeded. Retry after backing off.
500 Internal Server ErrorSomething went wrong on our side. Contact support.

Account

GET/api/v1/account

Returns the authenticated account's profile and current balance. No scope required.

Response

{
  "success": true,
  "data": {
    "id": "clxyz123",
    "name": "Anant Pandey",
    "email": "anant@sparrowhost.in",
    "balance": "2500.00",
    "currency": "INR",
    "kycVerified": true
  }
}

List Servers

GET/api/v1/servers

Returns all VPS servers belonging to the authenticated account. Requires the vps:read scope.

Response

{
  "success": true,
  "data": [
    {
      "id": "clserver123",
      "name": "test.com",
      "status": "running",
      "ipv4": "192.0.2.10",
      "ipv6": null,
      "region": "in-noida-1",
      "plan": "vps-amd-2vcpu-4gb",
      "os": "Ubuntu 24.04 LTS",
      "cpuCores": 2,
      "ramMb": 4096,
      "diskGb": 80,
      "bandwidthGb": 2000,
      "monthlyPrice": "850.00",
      "createdAt": "2026-01-15T10:00:00.000Z"
    }
  ]
}

Get Server

GET/api/v1/servers/:id

Returns details for a single server. Requires vps:read.

Path parameters

ParameterTypeDescription
idstringThe server ID (CUID).

Response

Same shape as a single item from the list endpoint above.

Deploy Server

POST/api/v1/servers

Provisions a new VPS server. Requires the vps:deploy scope. Your account balance must be at least ₹1,000 before this call will succeed.

Request body

FieldTypeRequiredDescription
namestringYesHostname / label for the server (e.g. web-01).
productIdstringYesThe plan ID to deploy (from the pricing page).
regionIdstringYesRegion identifier (e.g. in-noida-1).
osIdstringYesOS template ID (e.g. ubuntu-24-04).
sshKeyIdstringNoSSH key ID to inject at deploy time.
{
  "name": "web-01",
  "productId": "vps-amd-2vcpu-4gb",
  "regionId": "in-noida-1",
  "osId": "ubuntu-24-04"
}

Response

{
  "success": true,
  "data": {
    "id": "clserver456",
    "name": "web-01",
    "status": "provisioning",
    "ipv4": null,
    "region": "in-noida-1",
    "plan": "vps-amd-2vcpu-4gb",
    "createdAt": "2026-05-08T12:00:00.000Z"
  }
}
ℹī¸The status will be provisioning immediately after creation. Poll GET /api/v1/servers/:id every 5 seconds until it transitions to running.

Server Actions

POST/api/v1/servers/:id/actions

Perform a power or lifecycle action on a server. Requires vps:write.

Path parameters

ParameterTypeDescription
idstringThe server ID.

Request body

FieldTypeRequiredDescription
actionstringYesOne of: start, stop, reboot, shutdown, poweron, poweroff
{ "action": "reboot" }

Actions reference

ActionDescription
startPower on a stopped server.
stopForce power off (equivalent to pulling the plug).
rebootGraceful OS reboot.
shutdownGraceful OS shutdown (ACPI power off).
poweronAlias for start.
poweroffAlias for stop.

Response

{
  "success": true,
  "data": { "message": "reboot initiated" }
}

Rename Server

PATCH/api/v1/servers/:id

Update the display name / hostname label of a server. Requires vps:write.

Request body

FieldTypeRequiredDescription
namestringYesThe new hostname / label (3–63 chars).
{ "name": "api-server-prod" }

Response

{
  "success": true,
  "data": { "id": "clserver123", "name": "api-server-prod" }
}

Delete Server

DELETE/api/v1/servers/:id

Permanently terminates and deletes a server and all its data. This action is irreversible. Requires vps:delete.

⚠ī¸Deleting a server immediately terminates the instance and wipes all storage. There is no recycle bin or undo. Make sure you have backups before calling this endpoint.

Response

{
  "success": true,
  "data": { "message": "Server deleted successfully" }
}

Examples

Check your balance (curl)

curl -s \
  -H "Authorization: Bearer sph_your_key_here" \
  https://api.sparrowhost.net/api/v1/account | jq .data.balance

List all servers

curl -s \
  -H "Authorization: Bearer sph_your_key_here" \
  https://api.sparrowhost.net/api/v1/servers | jq .

Reboot a server

curl -s -X POST \
  -H "Authorization: Bearer sph_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"action":"reboot"}' \
  https://api.sparrowhost.net/api/v1/servers/clserver123/actions

Deploy a new server

curl -s -X POST \
  -H "Authorization: Bearer sph_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "web-01",
    "productId": "vps-amd-2vcpu-4gb",
    "regionId": "in-noida-1",
    "osId": "ubuntu-24-04"
  }' \
  https://api.sparrowhost.net/api/v1/servers

Node.js example

const API_KEY = process.env.SPARROWHOST_API_KEY;
const BASE    = "https://api.sparrowhost.net";

async function listServers() {
  const res = await fetch(`${BASE}/api/v1/servers`, {
    headers: { Authorization: `Bearer ${API_KEY}` },
  });
  const { data } = await res.json();
  return data; // array of servers
}

async function rebootServer(id) {
  const res = await fetch(`${BASE}/api/v1/servers/${id}/actions`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${API_KEY}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ action: "reboot" }),
  });
  return res.json();
}

listServers().then(console.log);

Python example

import os, requests

API_KEY = os.environ["SPARROWHOST_API_KEY"]
BASE    = "https://api.sparrowhost.net"
HEADERS = {"Authorization": f"Bearer {API_KEY}"}

# List servers
servers = requests.get(f"{BASE}/api/v1/servers", headers=HEADERS).json()["data"]

# Reboot first server
server_id = servers[0]["id"]
requests.post(
    f"{BASE}/api/v1/servers/{server_id}/actions",
    headers=HEADERS,
    json={"action": "reboot"},
)

Changelog

DateVersionChanges
8 May 2026v1.0Initial release. Endpoints: account, servers (CRUD), server actions.
Have a question or found a bug? Email support@sparrowhost.net or open a support ticket from your dashboard.