Skip to main content

Create sandbox

Endpoint: POST /api/v1/sandboxes 
curl -X POST "$BASE/api/v1/sandboxes" \
  -H "X-API-Key: $K7_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "my-sandbox",
    "image": "alpine:latest",
    "namespace": "default",
    "limits": {"cpu": "500m", "memory": "512Mi"}
  }'
Body example: 
{
  "name": "my-sandbox",
  "image": "alpine:latest",
  "namespace": "default",
  "limits": {"cpu": "500m", "memory": "512Mi"}
}
Body example with egress whitelist (safe pattern: proxy IP only): 
{
  "name": "my-restricted-sandbox",
  "image": "alpine:latest",
  "namespace": "default",
  "egress_whitelist": ["10.0.0.5/32"],
  "limits": {"cpu": "500m", "memory": "512Mi"}
}

{
  "data": {
    "name": "my-sandbox",
    "namespace": "default",
    "image": "alpine:latest"
  }
}

Request body schema

Fields accepted in the JSON body when creating a sandbox:
  • name (string, required): Unique sandbox name in the namespace
  • image (string, required): Container image, e.g. alpine:latest
  • namespace (string, default default): Kubernetes namespace
  • env_file (string | null): Path (on API host) to .env file to inject as Secret
  • before_script (string, default empty): Shell commands to run before the container is marked Ready
  • limits (object): Resource limits/requests; keys supported: cpu, memory, ephemeral-storage
  • egress_whitelist (string[] | [] | null): See Egress section below
  • pod_non_root (boolean, default false): Run pod as non-root (UID/GID/FSGroup 65532)
  • container_non_root (boolean, default false): Run container as non-root (UID 65532)
  • cap_drop (string[] | null): List of capabilities to drop; default policy is ALL
  • cap_add (string[] | null): List of capabilities to add back

Responses

  • 201 Created with Location header to the created resource:
{ "data": { "name": "my-sandbox", "namespace": "default", "image": "alpine:latest" } }
  • 400 BadRequest when validation fails (invalid limits, bad env file, already exists, etc.)

List sandboxes

Endpoint: GET /api/v1/sandboxes
namespace
string
default:"default"
Namespace
curl -H "X-API-Key: $K7_API_KEY" "$BASE/api/v1/sandboxes?namespace=default"
Returns list of sandbox objects with fields: name, namespace, status, ready, restarts, age, image, error_message. 
{
  "data": [
    {
      "name": "my-sandbox",
      "namespace": "default",
      "status": "Running",
      "ready": "True",
      "restarts": 0,
      "age": "0:05:42",
      "image": "alpine:latest",
      "error_message": ""
    }
  ]
}

Get sandbox

Endpoint: GET /api/v1/sandboxes/{name}
name
string
required
Sandbox name
namespace
string
default:"default"
Namespace
curl -H "X-API-Key: $K7_API_KEY" "$BASE/api/v1/sandboxes/my-sandbox?namespace=default"

{
  "data": {
    "name": "my-sandbox",
    "namespace": "default",
    "status": "Running",
    "ready": "True",
    "restarts": 0,
    "age": "0:05:42",
    "image": "alpine:latest",
    "error_message": ""
  }
}

Delete sandbox

Endpoint: DELETE /api/v1/sandboxes/{name}
name
string
required
Sandbox name
namespace
string
default:"default"
Namespace
curl -X DELETE -H "X-API-Key: $K7_API_KEY" \
  "$BASE/api/v1/sandboxes/my-sandbox?namespace=default"

{ "data": { "message": "Sandbox my-sandbox deleted successfully" } }

Delete all sandboxes

Endpoint: DELETE /api/v1/sandboxes
namespace
string
default:"default"
Namespace
curl -X DELETE -H "X-API-Key: $K7_API_KEY" \
  "$BASE/api/v1/sandboxes?namespace=default"

{
  "data": {
    "message": "Deleted 1 sandboxes",
    "results": [ { "name": "my-sandbox", "success": true, "error": null } ]
  }
}
Deleting sandboxes is irreversible.

See also

  • API Security & networking: /api/security