Skip to main content
The full interactive API reference is available in the API Reference tab.

Base URL & Authentication

All API requests go through the control plane:
Base URLAuth Header
https://app.opencomputer.dev/apiX-API-Key: <key>
The control plane handles sandbox lifecycle (create, list, kill, hibernate, wake) and transparently proxies data-plane requests (exec, files, agents, PTY) to the worker that owns the sandbox. SDK users only need the API key.

WebSocket Binary Protocol

Exec and PTY WebSocket sessions use binary frames with a 1-byte stream prefix:
ByteDirectionMeaning
0x00Client → Serverstdin data
0x01Server → Clientstdout data
0x02Server → Clientstderr data
0x03Server → ClientExit code (4-byte big-endian int32)
0x04Server → ClientScrollback end marker
Connection flow:
  1. Client opens WebSocket with ?api_key=<key>
  2. Server replays scrollback buffer (historical output)
  3. Server sends 0x04 to mark end of scrollback
  4. Live output streams as 0x01/0x02 frames
  5. When the process exits, server sends 0x03 with the exit code
  6. Server closes the connection
Sending input: Prefix your data with 0x00 and send as a binary frame. PTY sessions use the same binary framing but without stream prefixes — raw bidirectional terminal data.

Error Format

All errors use a consistent envelope: 
{
  "error": "descriptive error message"
}
Status CodeMeaning
400Invalid request (missing fields, bad values)
401Missing or invalid authentication
403Insufficient permissions
404Resource not found
409Conflict (duplicate resource, e.g. checkpoint name)
429Quota exceeded
500Internal server error
503Feature unavailable in current deployment mode