> ## Documentation Index
> Fetch the complete documentation index at: https://mintlify.com/ovh/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# OVHcloud API

> Automate and manage all OVHcloud services programmatically using the REST API or Terraform provider.

The OVHcloud API lets you purchase, manage, update, and configure OVHcloud products without using the Control Panel. Everything the Control Panel does is backed by this same API, which means you can automate any operation you can perform in the UI.

<CardGroup cols={3}>
  <Card title="API console" icon="terminal" href="https://eu.api.ovh.com/console-preview/">
    Explore and test API endpoints interactively in the browser.
  </Card>

  <Card title="SDK wrappers" icon="code" href="/manage/api#sdk-wrappers">
    Official clients for Python, Node.js, Go, PHP, and more.
  </Card>

  <Card title="Terraform provider" icon="layers" href="/manage/api#terraform-provider">
    Manage OVHcloud infrastructure as code with the OVH Terraform provider.
  </Card>
</CardGroup>

## What is the OVHcloud API?

The OVHcloud API is a REST API available at `https://eu.api.ovh.com/v1/` (EU) and `https://ca.api.ovh.com/v1/` (CA). It exposes endpoints for every OVHcloud product — from dedicated servers and VPS to domain names, Public Cloud, and account management.

The API uses four standard HTTP methods:

| Method   | Purpose                                |
| -------- | -------------------------------------- |
| `GET`    | Retrieve data                          |
| `POST`   | Create a resource or trigger an action |
| `PUT`    | Replace existing data                  |
| `DELETE` | Delete a resource                      |

You can explore all available endpoints in the [interactive API console](https://eu.api.ovh.com/console-preview/). The console also lists the IAM action names associated with each call, which you need when writing IAM policies.

<Note>
  A v2 branch of the API (`/v2`) is available for select products with an improved data model. You can switch between `/v1` and `/v2` in the console using the version selector on the left.
</Note>

## Authentication

The OVHcloud API uses a **three-token authentication model** for application access:

| Token                   | Name    | Description                                                             |
| ----------------------- | ------- | ----------------------------------------------------------------------- |
| Application Key (AK)    | Public  | Identifies your application. Safe to share.                             |
| Application Secret (AS) | Private | Signs requests. Keep this secret.                                       |
| Consumer Key (CK)       | Private | Links the application to a specific OVHcloud account. Keep this secret. |

Every API request is signed using these three values together with a timestamp and a SHA1 hash. The SDKs handle signing for you automatically.

### Creating API credentials

<Steps>
  <Step title="Go to the token creation page">
    Navigate to [https://eu.api.ovh.com/createToken/](https://eu.api.ovh.com/createToken/) and sign in with your OVHcloud credentials.
  </Step>

  <Step title="Fill in the application details">
    Enter an **Application Name** and an optional description. You can also set an expiry period for the credentials.
  </Step>

  <Step title="Set the rights">
    In the **Rights** section, specify which HTTP methods and API paths the token can access. To allow all GET requests across every endpoint, set the method to `GET` and the path to `*`. You can combine multiple rules.

    For example, to allow read access to all APIs and write access only to VPS:

    ```text theme={null}
    GET /*
    POST /vps/*
    PUT /vps/*
    DELETE /vps/*
    ```
  </Step>

  <Step title="Click Create keys">
    After clicking **Create keys**, you receive three values:

    * **Application Key (AK)** — for example: `7kbG7Bk7S9Nt7ZSV`
    * **Application Secret (AS)** — for example: `EXEgWIz07P0HYwtQDs7cNIqCiQaWSuHF`
    * **Consumer Key (CK)** — for example: `MtSwSrPpNjqfVSmJhLbPyr2i45lSwPU1`

    Store all three values securely. The Application Secret and Consumer Key cannot be retrieved again after this page.
  </Step>
</Steps>

<Warning>
  Never commit your Application Secret or Consumer Key to source control. Use environment variables or a secrets manager to store them.
</Warning>

### Making your first API call

Once you have your credentials, you can make authenticated API calls. The request signature is computed as:

```text theme={null}
"$1$" + SHA1_HEX(AS + "+" + CK + "+" + METHOD + "+" + QUERY + "+" + BODY + "+" + TSTAMP)
```

The SDKs handle this for you. If you want to test manually using `curl`, you can call read-only endpoints that work with basic authentication via the browser console, or use one of the SDKs below for a signed request.

Here is an example that retrieves your account details using the Python SDK:

```python theme={null}
import ovh

client = ovh.Client(
    endpoint='ovh-eu',
    application_key='<application_key>',
    application_secret='<application_secret>',
    consumer_key='<consumer_key>',
)

me = client.get('/me')
print("Welcome", me['firstname'])
```

To retrieve a list of your VPS servers:

```python theme={null}
vps_list = client.get('/vps')
print(vps_list)
# ['vps-xxxxxxxx.vps.ovh.net', ...]
```

### Listing and revoking credentials

You can manage existing API credentials from the [OVHcloud Control Panel](https://www.ovh.com/manager/#/iam/api-keys) or via the API:

```bash theme={null}
# List all application IDs
GET /me/api/application

# Get details of a specific application
GET /me/api/application/{applicationId}

# Revoke a credential
DELETE /me/api/application/{applicationId}
```

## SDK wrappers

OVHcloud maintains official API wrappers for multiple languages. They handle request signing, retries, and response parsing automatically.

<CodeGroup>
  ```python python theme={null}
  # Install: pip install ovh
  import ovh

  client = ovh.Client(
      endpoint='ovh-eu',
      application_key='<application_key>',
      application_secret='<application_secret>',
      consumer_key='<consumer_key>',
  )

  # List dedicated servers
  servers = client.get('/dedicated/server')
  print(servers)

  # Reboot a server
  client.post('/dedicated/server/{serviceName}/reboot',
              serviceName='ns123456.ip-1-2-3.eu')
  ```

  ```javascript node.js theme={null}
  // Install: npm install ovh
  const OvhClient = require('ovh');

  const client = OvhClient({
    endpoint: 'ovh-eu',
    appKey: '<application_key>',
    appSecret: '<application_secret>',
    consumerKey: '<consumer_key>',
  });

  // List VPS
  client.request('GET', '/vps', (err, vps) => {
    if (err) throw err;
    console.log(vps);
  });
  ```

  ```go go theme={null}
  // Install: go get github.com/ovh/go-ovh/ovh
  package main

  import (
      "fmt"
      "github.com/ovh/go-ovh/ovh"
  )

  func main() {
      client, _ := ovh.NewClient(
          "ovh-eu",
          "<application_key>",
          "<application_secret>",
          "<consumer_key>",
      )

      var servers []string
      client.Get("/dedicated/server", &servers)
      fmt.Println(servers)
  }
  ```

  ```php php theme={null}
  <?php
  // Install: composer require ovh/ovh
  require 'vendor/autoload.php';

  use \Ovh\Api;

  $ovh = new Api(
      '<application_key>',
      '<application_secret>',
      'ovh-eu',
      '<consumer_key>'
  );

  $servers = $ovh->get('/dedicated/server');
  print_r($servers);
  ```
</CodeGroup>

All SDKs are open source and available on GitHub:

* Python: [github.com/ovh/python-ovh](https://github.com/ovh/python-ovh)
* Node.js: [github.com/ovh/node-ovh](https://github.com/ovh/node-ovh)
* Go: [github.com/ovh/go-ovh](https://github.com/ovh/go-ovh)
* PHP: [github.com/ovh/php-ovh](https://github.com/ovh/php-ovh)
* C#: [github.com/ovh/csharp-ovh](https://github.com/ovh/csharp-ovh)
* Perl: [github.com/ovh/perl-ovh](https://github.com/ovh/perl-ovh)

## Terraform provider

The [OVH Terraform provider](https://registry.terraform.io/providers/ovh/ovh/latest) allows you to manage OVHcloud resources using Infrastructure as Code. It wraps the OVHcloud API and supports a wide range of products.

### Quick start

<Steps>
  <Step title="Configure provider credentials">
    Export your API credentials as environment variables:

    ```bash theme={null}
    export OVH_ENDPOINT="ovh-eu"
    export OVH_APPLICATION_KEY="<application_key>"
    export OVH_APPLICATION_SECRET="<application_secret>"
    export OVH_CONSUMER_KEY="<consumer_key>"
    ```
  </Step>

  <Step title="Declare the provider in your Terraform configuration">
    ```hcl theme={null}
    terraform {
      required_providers {
        ovh = {
          source  = "ovh/ovh"
          version = ">= 0.46.0"
        }
      }
    }

    provider "ovh" {
      endpoint = "ovh-eu"
    }
    ```
  </Step>

  <Step title="Define resources">
    For example, create an IAM policy that grants a local user read access to a VPS:

    ```hcl theme={null}
    resource "ovh_iam_policy" "vps_readonly" {
      name        = "vps-readonly"
      description = "Allow user1 to read VPS info"

      identities = [
        "urn:v1:eu:identity:user:xx1111-ovh/user1"
      ]

      resources = [
        "urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net"
      ]

      permissions = {
        allow = [
          { action = "vps:apiovh:get" }
        ]
      }
    }
    ```
  </Step>

  <Step title="Apply">
    ```bash theme={null}
    terraform init
    terraform plan
    terraform apply
    ```
  </Step>
</Steps>

The OVH provider supports many resource types across Bare Metal, Public Cloud, Web Cloud, and Network products. See the [complete provider documentation](https://registry.terraform.io/providers/ovh/ovh/latest/docs) for all available resources and data sources.

<Tip>
  You can also use OVHcloud Object Storage (S3-compatible) as a [Terraform remote backend](https://docs.ovh.com/gb/en/public-cloud/use_object_storage_terraform_backend_state/) to store your state file securely.
</Tip>

## OVHcloud CLI

The OVHcloud CLI (`ovhcloud`) lets you interact with OVHcloud services directly from your terminal without writing code.

### Installation

<Tabs>
  <Tab title="Linux / macOS (script)">
    ```bash theme={null}
    curl -fsSL https://raw.githubusercontent.com/ovh/ovhcloud-cli/main/install.sh | sh
    ```
  </Tab>

  <Tab title="Homebrew">
    ```bash theme={null}
    brew install --cask ovh/tap/ovhcloud-cli
    ```
  </Tab>

  <Tab title="Manual">
    Download the binary for your OS from the [GitHub releases page](https://github.com/ovh/ovhcloud-cli/releases), unpack the archive, and move the binary to a directory in your `$PATH`.

    ```bash theme={null}
    ovhcloud version
    ```
  </Tab>
</Tabs>

### Authentication

Log in interactively to create API credentials:

```bash theme={null}
ovhcloud login
```

Or configure credentials using environment variables:

```bash theme={null}
export OVH_ENDPOINT=ovh-eu
export OVH_APPLICATION_KEY=xxx
export OVH_APPLICATION_SECRET=xxx
export OVH_CONSUMER_KEY=xxx
```

### Basic commands

```bash theme={null}
# List your Public Cloud projects
ovhcloud cloud project list

# Show details of a specific project
ovhcloud cloud project get <PROJECT_ID>

# List instances in a project
ovhcloud cloud instance list --cloud-project <PROJECT_ID>

# Create a new instance
ovhcloud cloud instance create BHS5 \
  --cloud-project <PROJECT_ID> \
  --name my-instance \
  --flavor-selector \
  --image-selector \
  --network.public \
  --ssh-key.name <SSH_KEY_NAME>
```

The CLI covers most OVHcloud products including Bare Metal, Public Cloud (Instances, Managed Kubernetes, Storage, Network), VPS, and IAM. See the [full command reference](https://github.com/ovh/ovhcloud-cli/blob/main/doc/ovhcloud.md) for all available commands.

## Service accounts and OAuth2

For production automation where credentials must not be tied to a specific human user, use **service accounts**. Service accounts authenticate with the OAuth2 **client credentials** flow, which is stateless and does not require a consumer key.

<Steps>
  <Step title="Create a service account">
    Call the API to create an OAuth2 client with the `CLIENT_CREDENTIALS` flow:

    ```bash theme={null}
    POST /me/api/oauth2/client
    ```

    ```json theme={null}
    {
      "callbackUrls": [],
      "flow": "CLIENT_CREDENTIALS",
      "name": "my-automation-script",
      "description": "Deployed in CI/CD pipeline for VPS management"
    }
    ```

    The response contains a `clientId` and a `clientSecret`. Store the `clientSecret` securely — it cannot be retrieved again.
  </Step>

  <Step title="Attach an IAM policy to the service account">
    Retrieve the service account's URN:

    ```bash theme={null}
    GET /me/api/oauth2/client/{clientId}
    ```

    The `identity` field returns a URN in this format:

    ```text theme={null}
    urn:v1:eu:identity:credential:xx11111-ovh/oauth2-<clientId>
    ```

    Use this URN as an identity in an IAM policy. See [Identity & Access Management](/manage/iam) for how to create a policy.
  </Step>

  <Step title="Get an access token">
    Exchange your client credentials for a Bearer token:

    ```bash theme={null}
    curl --request POST \
      --url 'https://www.ovh.com/auth/oauth2/token' \
      --header 'content-type: application/x-www-form-urlencoded' \
      --data grant_type=client_credentials \
      --data client_id=<clientId> \
      --data client_secret=<clientSecret> \
      --data scope=all
    ```

    The response contains an `access_token` valid for \~1 hour:

    ```json theme={null}
    {
      "access_token": "eyJ...",
      "token_type": "Bearer",
      "expires_in": 3599,
      "scope": "all"
    }
    ```
  </Step>

  <Step title="Make authenticated API calls">
    Use the Bearer token in the `Authorization` header:

    ```bash theme={null}
    curl -X GET "https://eu.api.ovh.com/v1/vps" \
      -H "accept: application/json" \
      -H "Authorization: Bearer <access_token>"
    ```
  </Step>
</Steps>

<Note>
  Service accounts are designed for machine-to-machine access. Their credentials are tied to your root OVHcloud account, not to any individual user. This means they remain valid even if team members leave or change their credentials.
</Note>

## Next steps

<CardGroup cols={2}>
  <Card title="Identity & Access Management" icon="shield" href="/manage/iam">
    Create IAM policies to control what your API tokens and service accounts can do.
  </Card>

  <Card title="Observability & Monitoring" icon="chart-line" href="/manage/observability">
    Forward API activity logs to Logs Data Platform for auditing and alerting.
  </Card>
</CardGroup>