Base URL: https://<your-endpoint> (see k7 api-status / k7 get-api-endpoint).

Authentication

Send your API key via either header: 
X-API-Key: <your-key>
# or
Authorization: Bearer <your-key>
All endpoints return standard HTTP codes. 401 Unauthorized if the key is missing/invalid/expired.

Response envelope

Successful responses: 
{ "data": ... }
Errors: 
{ "error": { "code": "BadRequest", "message": "..." } }
Common error codes:
  • BadRequest (400): Invalid input or missing parameters
  • Unauthorized (401): Missing or invalid API key
  • NotFound (404): Resource was not found
  • Conflict (409): Resource already exists
  • UnprocessableEntity (422): Validation failed
  • InternalServerError (500): Unhandled error

Headers

Required headers for requests with body: 
Content-Type: application/json
Authentication headers (either): 
X-API-Key: <your-key>
# or
Authorization: Bearer <your-key>

Resources

  • Sandboxes: create, list, get, delete, delete-all
  • Exec: run a command in a sandbox and get stdout/stderr/exit_code
  • Metrics: CPU and memory usage per sandbox
Health endpoints:
  • GET / → basic API info
  • GET /health → health check