Skip to main content
API docs by Redocly

ShellHub OpenAPI (0.19.0)

Download OpenAPI specification:Download

ShellHub contact address.: contato@ossystems.com.br License: Apache License 2.0

THE API IS NOT STABLE YET; ERROR AND INCONSISTENCIES MAY OCCUR.

This is the OpenAPI specification for ShellHub community version. It documents the parameters and bodies for performs HTTP requests to the ShellHub server endpoints related to users, namespaces, members, devices, tags, SSH, sessions, etc.

These endpoints require a JSON Web Token (JWT) as its security scheme, that means you need to send, to almost each request, an HTTP header called Authorization with the bearer token. To obtains this token, uses the /api/login route, fulfilling its request body to return that token with some essential information about the user whom logged in.

internal

Requests executed internally by ShellHub server.

Auth device

Authenticate a ShellHub agent into the ShellHub server.

Every 30 seconds, this route is hit by ShellHub agent to inform device availability.

Authorizations:
jwtapi-key
header Parameters
X-Real-IP
string^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,...
Example: 127.0.0.1

Device's IP address.

X-Real-IP header is used to set a geolocation position to device when geoip feature is enable.

Request Body schema: application/json
required
object (deviceInfo)

Device's info

sessions
Array of strings
hostname
required
string([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z...
object (deviceIdentity)

Device's identity

public_key
required
string

Device's public key.

tenant_id
required
string <uuid> (namespaceTenantID)

Namespace's tenant ID

Responses

Request samples

Content type
application/json
{
  • "info": {
    },
  • "sessions": [
    ],
  • "hostname": "string",
  • "identity": {
    },
  • "public_key": "string",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65"
}

Response samples

Content type
application/json
{
  • "uid": "13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a",
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.iUCROHt6JHANdtzT6aOuUgOqVFRalOW20SbzRsn5SkI\n",
  • "name": "example",
  • "namespace": "examplespace"
}

Auth device

Authenticate a ShellHub agent into the ShellHub server.

Every 30 seconds, this route is hit by ShellHub agent to inform device availability.

Authorizations:
jwtapi-key
header Parameters
X-Real-IP
string^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,...
Example: 127.0.0.1

Device's IP address.

X-Real-IP header is used to set a geolocation position to device when geoip feature is enable.

Request Body schema: application/json
required
object (deviceInfo)

Device's info

sessions
Array of strings
hostname
required
string([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z...
object (deviceIdentity)

Device's identity

public_key
required
string

Device's public key.

tenant_id
required
string <uuid> (namespaceTenantID)

Namespace's tenant ID

Responses

Request samples

Content type
application/json
{
  • "info": {
    },
  • "sessions": [
    ],
  • "hostname": "string",
  • "identity": {
    },
  • "public_key": "string",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65"
}

Response samples

Content type
application/json
{
  • "uid": "13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a",
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.iUCROHt6JHANdtzT6aOuUgOqVFRalOW20SbzRsn5SkI\n",
  • "name": "example",
  • "namespace": "examplespace"
}

Auth SSH public key

Authenticate a SSH public key to ShellHub server.

Authorizations:
jwtapi-key
Request Body schema: application/json
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$

Public key's fingerprint.

data
required
string

Public key's data.

Responses

Request samples

Content type
application/json
{
  • "fingerprint": "48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a",
  • "data": "string"
}

Response samples

Content type
application/json
{
  • "signature": "string"
}

Update device status to offline

Update device's status to offiline.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

external

Requests executed by the ShellHub user.

Login

Authenticate a "local" user by returning the session's JWT token and user data. Local users are those registered via the ShellHub form without relying on external Identity Providers (IdPs).

Authentication may result in an account lockout after N consecutive incorrect login attempts. The lockout applies specifically to a particular source and user combination. Check for the presence of the X-Account-Lockout header to determine the account lockout status. When it's 0, there are no active lockouts.

Users with MFA enabled cannot authenticate via this route. In such cases, the API will respond with a status 401 and an X-MFA-Token header with a UUID. Authentication must be med to /api/mfa/auth with this token in these instances.

Request Body schema: application/json
username
required
string (userUsername) [ 3 .. 30 ] characters ^[a-zA-Z0-9-_.@]{3,30}$

User's username.

password
required
string (userPassword) [ 5 .. 30 ] characters

User's password.

Responses

Request samples

Content type
application/json
{
  • "username": "example",
  • "password": "example"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

Auth a user

Authenticate a user, returning the session's JWT token and data about the user.

Request Body schema: application/json
username
required
string (userUsername) [ 3 .. 30 ] characters ^[a-zA-Z0-9-_.@]{3,30}$

User's username.

password
required
string (userPassword) [ 5 .. 30 ] characters

User's password.

Responses

Request samples

Content type
application/json
{
  • "username": "example",
  • "password": "example"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

users

Routes related to user resource.

Login

Authenticate a "local" user by returning the session's JWT token and user data. Local users are those registered via the ShellHub form without relying on external Identity Providers (IdPs).

Authentication may result in an account lockout after N consecutive incorrect login attempts. The lockout applies specifically to a particular source and user combination. Check for the presence of the X-Account-Lockout header to determine the account lockout status. When it's 0, there are no active lockouts.

Users with MFA enabled cannot authenticate via this route. In such cases, the API will respond with a status 401 and an X-MFA-Token header with a UUID. Authentication must be med to /api/mfa/auth with this token in these instances.

Request Body schema: application/json
username
required
string (userUsername) [ 3 .. 30 ] characters ^[a-zA-Z0-9-_.@]{3,30}$

User's username.

password
required
string (userPassword) [ 5 .. 30 ] characters

User's password.

Responses

Request samples

Content type
application/json
{
  • "username": "example",
  • "password": "example"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

Auth a user

Authenticate a user, returning the session's JWT token and data about the user.

Request Body schema: application/json
username
required
string (userUsername) [ 3 .. 30 ] characters ^[a-zA-Z0-9-_.@]{3,30}$

User's username.

password
required
string (userPassword) [ 5 .. 30 ] characters

User's password.

Responses

Request samples

Content type
application/json
{
  • "username": "example",
  • "password": "example"
}

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

Get user info

Authorizations:
jwtapi-key

Responses

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

Get token

Get a token from its tenant.

Authorizations:
jwt
path Parameters
tenant
string

Tenant

Responses

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

Update user

Authorizations:
jwt
Request Body schema: application/json
name
string
username
string
email
string
recovery_email
string

A recovery email serves as the user's final recourse to regain access to their account. It cannot be the same as the user's primary email. Once defined, it cannot be updated to an empty value.

password
string
current_password
string

It's required when updating the user's password.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "username": "string",
  • "email": "string",
  • "recovery_email": "string",
  • "password": "string",
  • "current_password": "string"
}

Response samples

Content type
application/json
[
  • "username",
  • "email"
]

Update user data Deprecated

Update user's data.

Authorizations:
jwt
path Parameters
id
required
string

User's ID.

Request Body schema: application/json
name
string

User's name.

username
string

User's username.

email
string <email>

User's e-mail.

recovery_email
string <email>

User's recovery e-mail. A recovery email serves as the user's final recourse to regain access to their account.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "username": "string",
  • "email": "user@example.com",
  • "recovery_email": "user@example.com"
}

Response samples

Content type
application/json
[
  • "username",
  • "email"
]

Update user password Deprecated

Update only the user password.

Authorizations:
jwt
path Parameters
id
string

User ID

Request Body schema: application/json
current_password
string

User current password

new_password
string

User new password

Responses

Request samples

Content type
application/json
{
  • "current_password": "string",
  • "new_password": "string"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Set session record

Define if sessions will be recorded.

Authorizations:
jwt
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Request Body schema: application/json
session_record
boolean
Default: false

Session's record status.

Responses

Request samples

Content type
application/json
{
  • "session_record": false
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Check session record status

Check status from if session record feature is enable.

Authorizations:
jwtapi-key

Responses

Response samples

Content type
application/json
true

devices

Routes related to device resource.

Auth device

Authenticate a ShellHub agent into the ShellHub server.

Every 30 seconds, this route is hit by ShellHub agent to inform device availability.

Authorizations:
jwtapi-key
header Parameters
X-Real-IP
string^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,...
Example: 127.0.0.1

Device's IP address.

X-Real-IP header is used to set a geolocation position to device when geoip feature is enable.

Request Body schema: application/json
required
object (deviceInfo)

Device's info

sessions
Array of strings
hostname
required
string([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z...
object (deviceIdentity)

Device's identity

public_key
required
string

Device's public key.

tenant_id
required
string <uuid> (namespaceTenantID)

Namespace's tenant ID

Responses

Request samples

Content type
application/json
{
  • "info": {
    },
  • "sessions": [
    ],
  • "hostname": "string",
  • "identity": {
    },
  • "public_key": "string",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65"
}

Response samples

Content type
application/json
{
  • "uid": "13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a",
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.iUCROHt6JHANdtzT6aOuUgOqVFRalOW20SbzRsn5SkI\n",
  • "name": "example",
  • "namespace": "examplespace"
}

Auth device

Authenticate a ShellHub agent into the ShellHub server.

Every 30 seconds, this route is hit by ShellHub agent to inform device availability.

Authorizations:
jwtapi-key
header Parameters
X-Real-IP
string^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,...
Example: 127.0.0.1

Device's IP address.

X-Real-IP header is used to set a geolocation position to device when geoip feature is enable.

Request Body schema: application/json
required
object (deviceInfo)

Device's info

sessions
Array of strings
hostname
required
string([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z...
object (deviceIdentity)

Device's identity

public_key
required
string

Device's public key.

tenant_id
required
string <uuid> (namespaceTenantID)

Namespace's tenant ID

Responses

Request samples

Content type
application/json
{
  • "info": {
    },
  • "sessions": [
    ],
  • "hostname": "string",
  • "identity": {
    },
  • "public_key": "string",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65"
}

Response samples

Content type
application/json
{
  • "uid": "13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a",
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.iUCROHt6JHANdtzT6aOuUgOqVFRalOW20SbzRsn5SkI\n",
  • "name": "example",
  • "namespace": "examplespace"
}

Accept device

Change device status to accepted.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Get devices

Get a list of devices.

Authorizations:
jwtapi-key
query Parameters
filter
string <byte>

Filter field receives a JSON object enconded as base64 string for limit a search.

The JSON enconded must follow these interafaces:

interface ParamProperty {
  name: string;
  operator: "contains" | "eq" | "bool" | "gt" | "lt";
  value: string;
}

interface ParamOperator {
  name: "and" | "or";
}

interface Filter {
  type: "property" | "operator";
  param: ParamOperator | ParamProperty;
}

interface FilterList {
  Filters: Array<Filter>;
}

Examples

This is a example to filter and get only the resource what property "confirmed" is "true"

[
  {
  "type": "property",
  "params": {
      "name": "confirmed",
      "operator": "bool",
      "value": "true"
      }
  }
]

This one, filter resource by the property "id" inside "info" structure when it is equal to "manjaro" and online property is set to "true"

[
  {
    "type": "property",
    "params": {
      "name": "info.id",
      "operator": "eq",
      "value": "manjaro"
    }
  },
  {
    "type": "property",
    "params": {
      "name": "online",
      "operator": "bool",
      "value": "true"
    }
  },
  {
    "type": "operator",
    "params": {
      "name": "and"
    }
  }
]
page
integer >= 1
Default: 1

Page number

per_page
integer [ 1 .. 100 ]
Default: 10

Items per page

status
string (deviceStatus)
Enum: "accepted" "rejected" "pending" "removed" "unused"
Example: status=accepted

Device's status

sort_by
string
Default: "last_seen"
Example: sort_by=name

Device's property to sort of

order_by
string
Default: "desc"
Enum: "asc" "desc"
Example: order_by=asc

Device's list order

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get device

Get a device.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Responses

Response samples

Content type
application/json
{
  • "uid": "13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a",
  • "name": "example",
  • "identity": {
    },
  • "info": {
    },
  • "public_key": "-----BEGIN RSA PUBLIC KEY-----MIIBCgKCAQEA0vH2Bob3mn+uWVaHlOoZD8ai01W6VnRTnXlnHVF7Ny1Vb7pl1Hc4D8bsBhb1vt7aZOYHbCyDR2r5lsrWXCELE8pY8vzfFDA+jNrLbBCJ66E1BcmTqfXCJcLospWD2lIAwU2O7IPxwZujuVkHrF8nYuEFsKeG60QTWNS++RTqydqe2KmFMEdWCQmYPm/ykN871fSR9+PzoRJMYWidY6Szn+X2ardGmS/Ldhl/PEu9h7xjcQXANWz6yV/RVReGVkLcK6TxlfuxgdpbsWAx+cS52P7xWrshNefHqjpdlm3KNbo6vqfTpU8Ld/FFISXXaa1Md5GyAHF+jzuRzQ5z5aKBGwIDAQAB-----END RSA PUBLIC KEY-----",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "last_seen": "2020-01-01T00:00:00Z",
  • "online": true,
  • "namespace": "examplespace",
  • "status": "accepted",
  • "status_update_at": "2020-05-01T00:00:00.000Z",
  • "created_at": "2020-01-01T00:00:00Z",
  • "remote_addr": "127.0.0.1",
  • "position": {
    },
  • "tags": [
    ],
  • "public_url": false,
  • "acceptable": false
}

Delete device

Delete a device.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update device

Update device's data.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
name
string (deviceName)

Device's name

By default, the name is the device's MAC address when it just added.

public_url
boolean (devicePublicURL)

Device's public URL status.

Responses

Request samples

Content type
application/json
{
  • "name": "example",
  • "public_url": false
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update device status

Update device's status.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

status
required
string
Enum: "accept" "reject" "pending" "unused"
Example: accept

Device's status

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update device status to offline

Update device's status to offiline.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Get stats ShellHub instance

Get stats ShellHub instance.

Authorizations:
jwtapi-key

Responses

Response samples

Content type
application/json
{
  • "registered_devices": 0,
  • "online_devices": 0,
  • "pending_devices": 0,
  • "rejected_devices": 0,
  • "active_sessions": 0
}

Create a tag

Create a tag

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
tag
required
string (tag) [ 3 .. 255 ] characters

Tag's name.

Responses

Request samples

Content type
application/json
{
  • "tag": "tag1"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update tags to device

Update tags to device

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
tags
required
Array of strings (deviceTags) [ 1 .. 3 ] items [ items [ 3 .. 255 ] characters ]

Device's Tags list

Responses

Request samples

Content type
application/json
{
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Delete a tag from device

Delete a tag from device.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

tag
required
string (tag) [ 3 .. 255 ] characters
Example: tag

Device's tag name

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

containers

Routes related to containers resource.

Get containers

Get a list of containers.

Authorizations:
jwtapi-key
query Parameters
filter
string <byte>

Filter field receives a JSON object enconded as base64 string for limit a search.

The JSON enconded must follow these interafaces:

interface ParamProperty {
  name: string;
  operator: "contains" | "eq" | "bool" | "gt" | "lt";
  value: string;
}

interface ParamOperator {
  name: "and" | "or";
}

interface Filter {
  type: "property" | "operator";
  param: ParamOperator | ParamProperty;
}

interface FilterList {
  Filters: Array<Filter>;
}

Examples

This is a example to filter and get only the resource what property "confirmed" is "true"

[
  {
  "type": "property",
  "params": {
      "name": "confirmed",
      "operator": "bool",
      "value": "true"
      }
  }
]

This one, filter resource by the property "id" inside "info" structure when it is equal to "manjaro" and online property is set to "true"

[
  {
    "type": "property",
    "params": {
      "name": "info.id",
      "operator": "eq",
      "value": "manjaro"
    }
  },
  {
    "type": "property",
    "params": {
      "name": "online",
      "operator": "bool",
      "value": "true"
    }
  },
  {
    "type": "operator",
    "params": {
      "name": "and"
    }
  }
]
page
integer >= 1
Default: 1

Page number

per_page
integer [ 1 .. 100 ]
Default: 10

Items per page

status
string (deviceStatus)
Enum: "accepted" "rejected" "pending" "removed" "unused"
Example: status=accepted

Container's status

sort_by
string
Default: "last_seen"
Example: sort_by=name

Container's property to sort of

order_by
string
Default: "desc"
Enum: "asc" "desc"
Example: order_by=asc

Container's list order

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get container

Get a container.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Responses

Response samples

Content type
application/json
{
  • "uid": "13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a",
  • "name": "example",
  • "identity": {
    },
  • "info": {
    },
  • "public_key": "-----BEGIN RSA PUBLIC KEY-----MIIBCgKCAQEA0vH2Bob3mn+uWVaHlOoZD8ai01W6VnRTnXlnHVF7Ny1Vb7pl1Hc4D8bsBhb1vt7aZOYHbCyDR2r5lsrWXCELE8pY8vzfFDA+jNrLbBCJ66E1BcmTqfXCJcLospWD2lIAwU2O7IPxwZujuVkHrF8nYuEFsKeG60QTWNS++RTqydqe2KmFMEdWCQmYPm/ykN871fSR9+PzoRJMYWidY6Szn+X2ardGmS/Ldhl/PEu9h7xjcQXANWz6yV/RVReGVkLcK6TxlfuxgdpbsWAx+cS52P7xWrshNefHqjpdlm3KNbo6vqfTpU8Ld/FFISXXaa1Md5GyAHF+jzuRzQ5z5aKBGwIDAQAB-----END RSA PUBLIC KEY-----",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "last_seen": "2020-01-01T00:00:00Z",
  • "online": true,
  • "namespace": "examplespace",
  • "status": "accepted",
  • "status_update_at": "2020-05-01T00:00:00.000Z",
  • "created_at": "2020-01-01T00:00:00Z",
  • "remote_addr": "127.0.0.1",
  • "position": {
    },
  • "tags": [
    ],
  • "public_url": false,
  • "acceptable": false
}

Delete container

Delete a container.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update container

Update container's data.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
name
string (deviceName)

Device's name

By default, the name is the device's MAC address when it just added.

public_url
boolean (devicePublicURL)

Device's public URL status.

Responses

Request samples

Content type
application/json
{
  • "name": "example",
  • "public_url": false
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update container status

Update container's status.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

status
required
string
Enum: "accept" "reject" "pending" "unused"
Example: accept

Container's status

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Create a tag

Create a tag

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
tag
required
string (tag) [ 3 .. 255 ] characters

Tag's name.

Responses

Request samples

Content type
application/json
{
  • "tag": "tag1"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update tags to container

Update tags to container

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
tags
required
Array of strings (deviceTags) [ 1 .. 3 ] items [ items [ 3 .. 255 ] characters ]

Device's Tags list

Responses

Request samples

Content type
application/json
{
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Delete a tag from container

Delete a tag from container.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

tag
required
string (tag) [ 3 .. 255 ] characters
Example: tag

Device's tag name

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

ssh

Routes related to SSH resource.

Auth SSH public key

Authenticate a SSH public key to ShellHub server.

Authorizations:
jwtapi-key
Request Body schema: application/json
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$

Public key's fingerprint.

data
required
string

Public key's data.

Responses

Request samples

Content type
application/json
{
  • "fingerprint": "48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a",
  • "data": "string"
}

Response samples

Content type
application/json
{
  • "signature": "string"
}

Get public keys

Get a list from all public keys.

Authorizations:
jwtapi-key
query Parameters
filter
string <byte>

Filter field receives a JSON object enconded as base64 string for limit a search.

The JSON enconded must follow these interafaces:

interface ParamProperty {
  name: string;
  operator: "contains" | "eq" | "bool" | "gt" | "lt";
  value: string;
}

interface ParamOperator {
  name: "and" | "or";
}

interface Filter {
  type: "property" | "operator";
  param: ParamOperator | ParamProperty;
}

interface FilterList {
  Filters: Array<Filter>;
}

Examples

This is a example to filter and get only the resource what property "confirmed" is "true"

[
  {
  "type": "property",
  "params": {
      "name": "confirmed",
      "operator": "bool",
      "value": "true"
      }
  }
]

This one, filter resource by the property "id" inside "info" structure when it is equal to "manjaro" and online property is set to "true"

[
  {
    "type": "property",
    "params": {
      "name": "info.id",
      "operator": "eq",
      "value": "manjaro"
    }
  },
  {
    "type": "property",
    "params": {
      "name": "online",
      "operator": "bool",
      "value": "true"
    }
  },
  {
    "type": "operator",
    "params": {
      "name": "and"
    }
  }
]
page
integer >= 1
Default: 1

Page number

per_page
integer [ 1 .. 100 ]
Default: 10

Items per page

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create public key

Create a new public key.

Authorizations:
jwt
Request Body schema: application/json
data
required
string (publicKeyData) ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[...

Public key's data.

The data field receives the public key enconded as base64 string.

required
object or object (publicKeyFilter)

Public key's filter rule.

The `filter`` rule defines how if the public key is valid to a device.

  • When hostname object is set, the public key will be used in a device what matches with hostname.
  • When tags object is set, it matches the device what contains at least one of that tags.
name
required
string

Public key's name.

username
required
string (publicKeyUsername)

Public key's regex username.

The username field define which user, in the device, may be access through this public key.

Responses

Request samples

Content type
application/json
{
  • "data": "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDWWdqRkNQUWdPejBEZ0VQQUh3blEyMGYzRUlGYjd2SkNtd1YxR25uRTU2K0htaGgyY295c3o5MnZqMW9GeElxQUlKZUZxU3lQNWwzbDZjbkFUVmxhZ2MxR21OQm5vQ0NZSlpicXdOVUFiM3RMTXdiOXBaSGVWMFczWVl4OERBSVVsL2ZYaVVhQTNpQk5BcTFrczFzYjZjbVN1VmYwTVNTSjdoOXU3c2Y2RnkyVmQ0U1FqSGd3YmNvSUY1Q0kyWkZlMEx6NTNWeGQwVlZRZG5ISGNBeldRVFlTMDIxcmVXeG5QR2RRdytmWXpCRWdRMG5sTmFzQXBRc1pVUXRPZ0t4TlNFcVJ0VnJiRUR4WisrTllQaWFuNUdSZ0huZWNUUzBaVGNjZjM4SDZYTms1Qm5XWGlEN2RCWlJBRnZ1UjBkWEF1cU9mYUM3SVl5MVJnS1lkdEsrUnY=",
  • "filter": {
    },
  • "name": "example",
  • "username": ".*"
}

Response samples

Content type
application/json
{
  • "data": "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDWWdqRkNQUWdPejBEZ0VQQUh3blEyMGYzRUlGYjd2SkNtd1YxR25uRTU2K0htaGgyY295c3o5MnZqMW9GeElxQUlKZUZxU3lQNWwzbDZjbkFUVmxhZ2MxR21OQm5vQ0NZSlpicXdOVUFiM3RMTXdiOXBaSGVWMFczWVl4OERBSVVsL2ZYaVVhQTNpQk5BcTFrczFzYjZjbVN1VmYwTVNTSjdoOXU3c2Y2RnkyVmQ0U1FqSGd3YmNvSUY1Q0kyWkZlMEx6NTNWeGQwVlZRZG5ISGNBeldRVFlTMDIxcmVXeG5QR2RRdytmWXpCRWdRMG5sTmFzQXBRc1pVUXRPZ0t4TlNFcVJ0VnJiRUR4WisrTllQaWFuNUdSZ0huZWNUUzBaVGNjZjM4SDZYTms1Qm5XWGlEN2RCWlJBRnZ1UjBkWEF1cU9mYUM3SVl5MVJnS1lkdEsrUnY=",
  • "fingerprint": "48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "name": "example",
  • "filter": {
    },
  • "username": ".*"
}

Update public key

Update a public key.

Authorizations:
jwt
path Parameters
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$
Example: 48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a

Public key's fingerprint.

Request Body schema: application/json
name
required
string

Public key's name.

username
required
string

Public key's username.

required
object or object (publicKeyFilter)

Public key's filter rule.

The `filter`` rule defines how if the public key is valid to a device.

  • When hostname object is set, the public key will be used in a device what matches with hostname.
  • When tags object is set, it matches the device what contains at least one of that tags.

Responses

Request samples

Content type
application/json
{
  • "name": "example",
  • "username": "example",
  • "filter": {
    }
}

Response samples

Content type
application/json
{
  • "data": "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDWWdqRkNQUWdPejBEZ0VQQUh3blEyMGYzRUlGYjd2SkNtd1YxR25uRTU2K0htaGgyY295c3o5MnZqMW9GeElxQUlKZUZxU3lQNWwzbDZjbkFUVmxhZ2MxR21OQm5vQ0NZSlpicXdOVUFiM3RMTXdiOXBaSGVWMFczWVl4OERBSVVsL2ZYaVVhQTNpQk5BcTFrczFzYjZjbVN1VmYwTVNTSjdoOXU3c2Y2RnkyVmQ0U1FqSGd3YmNvSUY1Q0kyWkZlMEx6NTNWeGQwVlZRZG5ISGNBeldRVFlTMDIxcmVXeG5QR2RRdytmWXpCRWdRMG5sTmFzQXBRc1pVUXRPZ0t4TlNFcVJ0VnJiRUR4WisrTllQaWFuNUdSZ0huZWNUUzBaVGNjZjM4SDZYTms1Qm5XWGlEN2RCWlJBRnZ1UjBkWEF1cU9mYUM3SVl5MVJnS1lkdEsrUnY=",
  • "fingerprint": "48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a",
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "name": "example",
  • "filter": {
    },
  • "username": ".*"
}

Delete public key

Delete a public key.

Authorizations:
jwt
path Parameters
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$
Example: 48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a

Public key's fingerprint.

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Add tag public key

Add a tag to a public key.

Authorizations:
jwtapi-key
path Parameters
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$
Example: 48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a

Public key's fingerprint.

Request Body schema: application/json
tag
required
string (tag) [ 3 .. 255 ] characters

Tag's name.

Responses

Request samples

Content type
application/json
{
  • "tag": "tag"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update tags public key

Update all tags in a public key.

Authorizations:
jwtapi-key
path Parameters
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$
Example: 48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a

Public key's fingerprint.

Request Body schema: application/json
tags
Array of strings (tag) [ 1 .. 3 ] items unique [ items [ 3 .. 255 ] characters ]

Public key's new tags.

Responses

Request samples

Content type
application/json
{
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Remove tag public key

Remove a tag from public key.

Authorizations:
jwtapi-key
path Parameters
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$
Example: 48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a

Public key's fingerprint.

tag
required
string (tag) [ 3 .. 255 ] characters
Example: tag

Tag's name.

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

api-keys

An API key is a unique identifier used to access protected endpoints. It has a defined lifespan, is associated with a namespace, and cannot be used to authenticate user routes. Typically, it replaces login-based authentication when automating processes.

To utilize an API key, it must be included in the X-API-KEY header. API keys are preferred over JWT tokens and will be used even if one is provided.

Except for GET endpoints, API key-related routes cannot be authenticated with an API key.

Creates an API key.

The created_by, tenant_id, and role (unless provided in the request body) values will be obtained from the JWT token.

Authorizations:
jwt
Request Body schema: application/json
name
required
string [ 3 .. 20 ] characters

The name of the API key. This serves as an "external ID" since the UUID will never be returned. It is unique per namespace.

expires_at
required
integer
Enum: -1 30 60 90 365

Number of days until expiration. Use -1 for no expiration.

role
string

The role of the key. It serves as a "level" indicating which endpoints the key can access. It must be less or equal than the user's role. Leave it blank to use the user's role.

key
string <uuidv4>

An optional and unique value to be used as the API key's internal identifier. This value is the "internal ID" and will NEVER be returned to the client. Leave it blank for a random one to be generated.

Responses

Request samples

Content type
application/json
{
  • "name": "dev",
  • "expires_at": 30,
  • "role": "owner",
  • "key": "c629572a-b643-4301-90fe-4572b00d007e"
}

Response samples

Content type
application/json
{
  • "id": "c629572a-b643-4301-90fe-4572b00d007e",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "created_by": "507f1f77bcf86cd799439011",
  • "role": "owner",
  • "name": "dev",
  • "expires_in": 1707958989,
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "updated_at": "2020-05-01T00:00:00.000Z"
}

List API Keys

Authorizations:
jwtapi-keyapi-key
query Parameters
page
integer >= 1
Default: 1

Page number

per_page
integer [ 1 .. 100 ]
Default: 10

Items per page

order_by
string
Default: "desc"
Enum: "asc" "desc"

The list order.

sort_by
string
Default: "expires_in"
Example: sort_by=name

The property to sort of.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Update an API key

Authorizations:
jwt
path Parameters
key
string
Example: dev

The API key name.

Request Body schema: application/json
name
string [ 3 .. 20 ] characters

The name of the API key. This serves as an "external ID" since the UUID will never be returned. It is unique per namespace.

role
string

The role of the key. It serves as a "level" indicating which endpoints the key can access. It must be less or equal than the user's role.

Responses

Request samples

Content type
application/json
{
  • "name": "dev",
  • "role": "owner"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Delete an API key

Authorizations:
jwt
path Parameters
key
string
Example: dev

The API key name.

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

system

Routes related to running instance.

Get info

Get information about ShellHub instance like version, SSH and API addresses.

query Parameters
agent_version
string

Agent's version.

Responses

Response samples

Content type
application/json
{
  • "version": "v0.19.0",
  • "endpoints": {
    },
  • "setup": true,
  • "authentication": {
    }
}

User setup

Register an user and create namespace with the same name as username

query Parameters
sign
required
string

Signature used to validate request origin generated by running ./bin/setup script

Request Body schema: application/json
name
required
string (userName) [ 3 .. 20 ] characters

User's name.

email
required
string <email> (userEmail)

User's E-mail.

username
required
string (userUsername) [ 3 .. 30 ] characters ^[a-zA-Z0-9-_.@]{3,30}$

User's username.

password
required
string (userPassword) [ 5 .. 30 ] characters

User's password.

Responses

Request samples

Content type
application/json
{
  • "name": "example",
  • "email": "example@example.com",
  • "username": "example",
  • "password": "example"
}

Response samples

Content type
application/json
{
  • "message": "Internal Server Error"
}

namespaces

Get a new namespace's token

This route works like a login's one; returns a JWT token and extra information about namespace.

You can use this route to swap between namespaces.

Authorizations:
jwtapi-key
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Responses

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

Get namespaces list

Returns a list of namespaces.

Authorizations:
jwtapi-key
query Parameters
filter
string^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[...
Example: filter=W3sidHlwZSI6InByb3BlcnR5IiwicGFyYW1zIjp7Im5hbWUiOiJuYW1lIiwib3BlcmF0b3IiOiJjb250YWlucyIsInZhbHVlIjoiZXhhbXBsZXNwYWNlIn19XQ==

Namespaces's filter.

Filter field receives a base64 enconded JSON object for limit a search. The JSON object should have a property called type, it will filter by a property called name where the value should contains examplespace.

If you want get only Namespaces name as examplespace, the JSON object will looks like this 

[
  {
    "type":"property",
    "params":{
      "name":"name",
      "operator":"contains",
      "value":"examplespace"
    }
  }
]

So, the output encoded string will result on: W3sidHlwZSI6InByb3BlcnR5IiwicGFyYW1zIjp7Im5hbWUiOiJuYW1lIiwib3BlcmF0b3IiOiJjb250YWlucyIsInZhbHVlIjoiZXhhbXBsZXNwYWNlIn19XQ==

page
integer >= 1
Default: 1

Page number

per_page
integer [ 1 .. 100 ]
Default: 10

Items per page

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create namespace

Create a namespace.

Authorizations:
jwtapi-key
Request Body schema: application/json
name
required
string (namespaceName)

Namespace's name

Responses

Request samples

Content type
application/json
{
  • "name": "examplespace"
}

Response samples

Content type
application/json
{
  • "name": "examplespace",
  • "owner": "507f1f77bcf86cd799439011",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "members": [
    ],
  • "settings": {
    },
  • "max_devices": 3,
  • "device_count": 0,
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "billing": null
}

Get a namespace

Get a namespace.

Authorizations:
jwtapi-key
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Responses

Response samples

Content type
application/json
{
  • "name": "examplespace",
  • "owner": "507f1f77bcf86cd799439011",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "members": [
    ],
  • "settings": {
    },
  • "max_devices": 3,
  • "device_count": 0,
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "billing": null
}

Edit namespace

Edit a namespace.

Authorizations:
jwtapi-key
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Request Body schema: application/json
name
string (namespaceName)

Namespace's name

object (namespaceSettings)

Namespace's settings.

Responses

Request samples

Content type
application/json
{
  • "name": "examplespace",
  • "settings": {
    }
}

Response samples

Content type
application/json
{
  • "name": "examplespace",
  • "owner": "507f1f77bcf86cd799439011",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "members": [
    ],
  • "settings": {
    },
  • "max_devices": 3,
  • "device_count": 0,
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "billing": null
}

Delete namespace

Delete a namespace.

Authorizations:
jwtapi-key
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Leave Namespace

Allows the authenticated user to leave the specified namespace. Owners cannot leave a namespace; they must delete it instead. If the user attempts to leave their current authenticated namespace, the response will provide a new token that excludes this namespace.

Authorizations:
jwtapi-key
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Responses

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

Invite member

Invites a member to a namespace.

In enterprise and community instances, the member will automatically accept the invite and will have an accepted status.

In cloud instances, the member will have a pending status until they accept the invite via an email sent to them. The invite is valid for 7 days. If the member was previously invited and the invite is no longer valid, the same route will resend the invite.

Authorizations:
jwt
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Request Body schema: application/json
email
required
string

The email of the member.

role
required
string (namespaceMemberRole)
Enum: "administrator" "operator" "observer" "owner"

Namespace's member role

Responses

Request samples

Content type
application/json
{
  • "email": "john.doe@test.com",
  • "role": "administrator"
}

Response samples

Content type
application/json
{
  • "name": "examplespace",
  • "owner": "507f1f77bcf86cd799439011",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "members": [
    ],
  • "settings": {
    },
  • "max_devices": 3,
  • "device_count": 0,
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "billing": null
}

Remove a member from a namespace

Remove a member from a namespace.

Authorizations:
jwt
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

uid
required
string

Member's ID

Responses

Response samples

Content type
application/json
{
  • "name": "examplespace",
  • "owner": "507f1f77bcf86cd799439011",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "members": [
    ],
  • "settings": {
    },
  • "max_devices": 3,
  • "device_count": 0,
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "billing": null
}

Update a member from a namespace

Update a member role from a namespace.

Authorizations:
jwt
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

uid
required
string

Member's ID

Request Body schema: application/json
role
string (namespaceMemberRole)
Enum: "administrator" "operator" "observer" "owner"

Namespace's member role

Responses

Request samples

Content type
application/json
{
  • "role": "administrator"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Creates an API key.

The created_by, tenant_id, and role (unless provided in the request body) values will be obtained from the JWT token.

Authorizations:
jwt
Request Body schema: application/json
name
required
string [ 3 .. 20 ] characters

The name of the API key. This serves as an "external ID" since the UUID will never be returned. It is unique per namespace.

expires_at
required
integer
Enum: -1 30 60 90 365

Number of days until expiration. Use -1 for no expiration.

role
string

The role of the key. It serves as a "level" indicating which endpoints the key can access. It must be less or equal than the user's role. Leave it blank to use the user's role.

key
string <uuidv4>

An optional and unique value to be used as the API key's internal identifier. This value is the "internal ID" and will NEVER be returned to the client. Leave it blank for a random one to be generated.

Responses

Request samples

Content type
application/json
{
  • "name": "dev",
  • "expires_at": 30,
  • "role": "owner",
  • "key": "c629572a-b643-4301-90fe-4572b00d007e"
}

Response samples

Content type
application/json
{
  • "id": "c629572a-b643-4301-90fe-4572b00d007e",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "created_by": "507f1f77bcf86cd799439011",
  • "role": "owner",
  • "name": "dev",
  • "expires_in": 1707958989,
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "updated_at": "2020-05-01T00:00:00.000Z"
}

List API Keys

Authorizations:
jwtapi-keyapi-key
query Parameters
page
integer >= 1
Default: 1

Page number

per_page
integer [ 1 .. 100 ]
Default: 10

Items per page

order_by
string
Default: "desc"
Enum: "asc" "desc"

The list order.

sort_by
string
Default: "expires_in"
Example: sort_by=name

The property to sort of.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Update an API key

Authorizations:
jwt
path Parameters
key
string
Example: dev

The API key name.

Request Body schema: application/json
name
string [ 3 .. 20 ] characters

The name of the API key. This serves as an "external ID" since the UUID will never be returned. It is unique per namespace.

role
string

The role of the key. It serves as a "level" indicating which endpoints the key can access. It must be less or equal than the user's role.

Responses

Request samples

Content type
application/json
{
  • "name": "dev",
  • "role": "owner"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Delete an API key

Authorizations:
jwt
path Parameters
key
string
Example: dev

The API key name.

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

sessions

Set session record

Define if sessions will be recorded.

Authorizations:
jwt
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Request Body schema: application/json
session_record
boolean
Default: false

Session's record status.

Responses

Request samples

Content type
application/json
{
  • "session_record": false
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Check session record status

Check status from if session record feature is enable.

Authorizations:
jwtapi-key

Responses

Response samples

Content type
application/json
true

Get sessions

Get a list sessions.

Authorizations:
jwtapi-key
query Parameters
page
integer >= 1
Default: 1

Page number

per_page
integer [ 1 .. 100 ]
Default: 10

Items per page

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get session

Get a session.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (sessionUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Session's UID

Responses

Response samples

Content type
application/json
{
  • "uid": "13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a",
  • "device_uid": "13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a",
  • "device": {
    },
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "username": "string",
  • "ip_address": "127.0.0.1",
  • "started_at": "2020-01-01T00:00:00Z",
  • "last_seen": "2020-01-01T00:00:00Z",
  • "active": true,
  • "authenticated": true,
  • "recorded": true,
  • "type": "web",
  • "term": "xterm.js",
  • "position": {
    },
  • "events": {
    }
}

Set session authentication status

Set session authentication status.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (sessionUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Session's UID

Request Body schema: application/json
authenticated
boolean

Session's authentication status.

Responses

Request samples

Content type
application/json
{
  • "authenticated": true
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

tags

Add tag public key

Add a tag to a public key.

Authorizations:
jwtapi-key
path Parameters
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$
Example: 48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a

Public key's fingerprint.

Request Body schema: application/json
tag
required
string (tag) [ 3 .. 255 ] characters

Tag's name.

Responses

Request samples

Content type
application/json
{
  • "tag": "tag"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update tags public key

Update all tags in a public key.

Authorizations:
jwtapi-key
path Parameters
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$
Example: 48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a

Public key's fingerprint.

Request Body schema: application/json
tags
Array of strings (tag) [ 1 .. 3 ] items unique [ items [ 3 .. 255 ] characters ]

Public key's new tags.

Responses

Request samples

Content type
application/json
{
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Remove tag public key

Remove a tag from public key.

Authorizations:
jwtapi-key
path Parameters
fingerprint
required
string (publickKeyFingerprint) ^([0-9a-f]{2}:){15}[0-9a-f]{2}$
Example: 48:6e:fc:94:01:01:74:57:eb:57:49:91:15:e4:9c:7a

Public key's fingerprint.

tag
required
string (tag) [ 3 .. 255 ] characters
Example: tag

Tag's name.

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Create a tag

Create a tag

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
tag
required
string (tag) [ 3 .. 255 ] characters

Tag's name.

Responses

Request samples

Content type
application/json
{
  • "tag": "tag1"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update tags to device

Update tags to device

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
tags
required
Array of strings (deviceTags) [ 1 .. 3 ] items [ items [ 3 .. 255 ] characters ]

Device's Tags list

Responses

Request samples

Content type
application/json
{
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Delete a tag from device

Delete a tag from device.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

tag
required
string (tag) [ 3 .. 255 ] characters
Example: tag

Device's tag name

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Get tags

Authorizations:
jwtapi-key

Responses

Response samples

Content type
application/json
[
  • "tag1",
  • "tag2",
  • "tag3",
  • "tag4"
]

Rename a tag name.

Authorizations:
jwtapi-key
path Parameters
tag
required
string (tag) [ 3 .. 255 ] characters
Example: tag

Tag's name.

Request Body schema: application/json
tag
string (tag) [ 3 .. 255 ] characters

Tag's name.

Responses

Request samples

Content type
application/json
{
  • "tag": "tag"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Delete a tag name.

Authorizations:
jwtapi-key
path Parameters
tag
required
string (tag) [ 3 .. 255 ] characters
Example: tag

Tag's name.

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Create a tag

Create a tag

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
tag
required
string (tag) [ 3 .. 255 ] characters

Tag's name.

Responses

Request samples

Content type
application/json
{
  • "tag": "tag1"
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Update tags to container

Update tags to container

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

Request Body schema: application/json
tags
required
Array of strings (deviceTags) [ 1 .. 3 ] items [ items [ 3 .. 255 ] characters ]

Device's Tags list

Responses

Request samples

Content type
application/json
{
  • "tags": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

Delete a tag from container

Delete a tag from container.

Authorizations:
jwtapi-key
path Parameters
uid
required
string (deviceUID) ^[0-9a-f]{64}$
Example: 13b0c8ea878e61ff849db69461795006a9594c8f6a6390ce0000100b0c9d7d0a

Device's UID

tag
required
string (tag) [ 3 .. 255 ] characters
Example: tag

Device's tag name

Responses

Response samples

Content type
application/json
{
  • "message": "missing or malformed jwt or API token"
}

members

Leave Namespace

Allows the authenticated user to leave the specified namespace. Owners cannot leave a namespace; they must delete it instead. If the user attempts to leave their current authenticated namespace, the response will provide a new token that excludes this namespace.

Authorizations:
jwtapi-key
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Responses

Response samples

Content type
application/json
{
  • "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJleGFtcGxlIiwibmFtZSI6ImV4YW1wbGUiLCJpYXQiOjE1MTYyMzkwMjJ9.zqCt70KspnNnitZlv89hDbFZ5iGMMRUn0wFEmmlY-to",
  • "id": "507f1f77bcf86cd799439011",
  • "origin": "local",
  • "user": "example",
  • "name": "example",
  • "email": "example@example.com",
  • "recovery_email": "user@example.com",
  • "tenant": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "role": "administrator",
  • "mfa": false,
  • "max_namespaces": 3
}

Invite member

Invites a member to a namespace.

In enterprise and community instances, the member will automatically accept the invite and will have an accepted status.

In cloud instances, the member will have a pending status until they accept the invite via an email sent to them. The invite is valid for 7 days. If the member was previously invited and the invite is no longer valid, the same route will resend the invite.

Authorizations:
jwt
path Parameters
tenant
required
string <uuid> (namespaceTenantID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Namespace's tenant ID

Request Body schema: application/json
email
required
string

The email of the member.

role
required
string (namespaceMemberRole)
Enum: "administrator" "operator" "observer" "owner"

Namespace's member role

Responses

Request samples

Content type
application/json
{
  • "email": "john.doe@test.com",
  • "role": "administrator"
}

Response samples

Content type
application/json
{
  • "name": "examplespace",
  • "owner": "507f1f77bcf86cd799439011",
  • "tenant_id": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "members": [
    ],
  • "settings": {
    },
  • "max_devices": 3,
  • "device_count": 0,
  • "created_at": "2020-05-01T00:00:00.000Z",
  • "billing": null
}

announcements

List announcements

List the announcements posted by ShellHub Cloud.

query Parameters
page
integer >= 1
Default: 1

Page number

per_page
integer [ 1 .. 100 ]
Default: 10

Items per page

order_by
string
Default: "desc"
Enum: "asc" "desc"
Example: order_by=asc

Announcements' list order.

Responses

Response samples

Content type
application/json
[
  • [
    ]
]

Get a announcement

Get a announcement.

path Parameters
uuid
required
string <uuid> (announcementUUID)
Example: 3dd0d1f8-8246-4519-b11a-a3dd33717f65

Announcement UUID.

Responses

Response samples

Content type
application/json
{
  • "uuid": "3dd0d1f8-8246-4519-b11a-a3dd33717f65",
  • "title": "string",
  • "content": "# Pendent ignarus\n\n## Inmittitur insula praecipiunt viro odiumque campis securus\n\nLorem markdownum quamvis Sipylus sanguine, *feramus deam* virtus nosse clamor\nsuperbia me vivit, lumen. Quid clamore: hi quem. Dea dedit coram, patriam crura\ndum necis de exanimem. Sub habendus, iubet gentis transformat iter; latet nemus\nes somnum praecepta saxa.\n\n if (firewire(daw, word_southbridge)) {\n art.api.displayHdtvRom(access * minimize_hover_exif,\n animated_redundancy);\n }\n var drop = real;\n var pci_mtu_binary = dropPartitionGigabit.open_sound_computer(metal -\n repositoryUrl, directx_memory + grep_remote_ram,\n zifFlopsDevice.bar.wimax(ribbonVpiSip, commerce, 65));\n if (web) {\n sectorThird = ipComputerCharacter(5, pppoe_raw_brouter(\n vpnAnimatedSubnet));\n } else {\n volumeRate += zebibyte_wired * responsiveIo;\n vram_undo += function_ppc_ole.leaf_graphic(broadbandCleanUdp);\n pci.compression_source_adsl += frozenServerNvram(tape_io, transistor);\n }\n\n## Operosa si inque\n\nIacuere ut frontem *primum* nympha nec, ex mihi; nec in! Poma dolori incomitata\nNec. Sua senex quod, flavescunt libro nostris cum.\n\n1. Subiere bracchia ergo tumulavit namque inania\n2. Ictu bellum\n3. Feratis matrumque inritata Ophionides fila agricolis quique\n\n## Quaeritis sitim\n\nVelatus quae prodest manet reparabile antraque Pallas viridique\n[ducentem](http://modo-sic.net/) arcus. Alta per, cum. **Est** vinctum animae\nanima monte Propoetides praevitiat aliter montibus sua colligit [vasta\nrabiemque](http://mox.com/pereunt) habet. Edere iste aut, peregrina feramus,\niusserat sibilat huius, et.\n\n- Corpora a sequor muneris in pietas abdidit\n- Terribili tantum\n- Ubi potitur aberat aut animi quaesita manat\n- Eas duros valerem convivia et videt mirator\n- Sonitum et ait digna persequitur Trachinia est\n- Ipse corpora et totis temptaretque neque\n\n## Iterum in tinnulaque frondes culpae spumantis\n\nSub Mavortia illa nudos obstupuere **quantum** secum mitia Apolline tumere, non\nadhuc audistis ferre. Accepto vocabant movit spe; vere medii adloquitur vano\npernocte, everterit harundine simul, sortis causa. Animam [duo\ncausa](http://augustumme.com/puppim) mihi solent in ego quaecumque tarda, et\nquas: aere quae Avernae Amphitryoniaden.\n\n> Ventos fixit culpam vocavit iubasque. Sic venit tam ferinas freto pallescere\n> vadit: tamen Editus nil te, habet tantum minatur species et enixa. Conplevit\n> tenens Ladon, fugit studioque ausae Cerberon non maiora, tollit adhuc ait in\n> quae Atlantiades altae pulcherrime. Anima signa membra cursus, grandior\n> morientis fidem.\n\nMaduere in lacrimis in ultima verbaque pelle. Cervus suas tauro eripitur traho\nscelerata Hippason et est posse exuit quem per possent valet Alcmena annis et,\nut. Utrumque nam nitor sua ultima ferox liquerunt stetimusque **Semeles ianua**.\nIlli poma implesset sive: inde sub contingere veneratur salientis pectore mirata\net Neptunum veniet turis exitium. Quem sensit iam reclusa plus resurgere nescio\nmiratur ibat flamma [tuentes Minervae\nfortibus](http://intervitae.org/caputex.aspx) canebat et.",
  • "date": "2019-08-24T14:15:22Z"
}