Verda API changes¶

For full API documentation go to Verda API docs

2026-03-30 Startup script quota and pagination¶

Total number of startup scripts in a project now limited by a per-user quota with a default of 100 scripts and a hard maximum of 1000.

GET /v1/scripts now supports pagination via the page and pageSize query parameters. For backward compatibility, the response payload shape is unchanged and pagination metadata is returned in headers instead. See the Pagination section for details.

Query parameters¶

page=1
pageSize=10 (can be extended to a maximum of 100 records per page)

When pagination is available, the response includes these headers:

X-Page: 1 - current page number
X-Page-Size: 100 - current page size
X-Total-Count: 10000 - total number of matching items

Example request:

GET /v1/scripts?page=1&pageSize=100

Example response:

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 11111
X-Page: 1
X-Page-Size: 100
X-Total-Count: 10000

[{ "id": "2b1af58-7537-4edb-ba81-82cee082c5e9", "name": "My startup script" }]

2026-03-23 Property `location_code` is now required¶

The location_code property is now required in the request body when creating instances, clusters, or volumes via the Public API. Requests that omit it will receive an HTTP 400 Bad Request response instead of silently defaulting to FIN-01. This brings the API in line with the SDK, where specifying a region has always been mandatory.

Breakdown of API changes¶

Description	Endpoint	Schema change
Deploy instance	`POST /v1/instances`	`{ /* required */ location_code: string, ... }`
Deploy cluster	`POST /v1/clusters`	`{ /* required */ location_code: string, ... }`
Create block volume or SFS	`POST /v1/volumes`	`{ /* required */ location_code: string, ... }`

2026-03-20 Scope-based access control for API tokens¶

API tokens created via the OAuth 2.0 Client Credentials flow are now issued with the scope cloud-api-v1 and restricted to documented Public API endpoints only. Previously, these tokens could access internal endpoints not intended for external use. If you are using API tokens for any undocumented endpoints, those requests will now return 403 Forbidden with "Insufficient scope". Only the endpoints listed in this API documentation are accessible with API tokens.

2026-03-20 Long term periods endpoints¶

Endpoint GET /v1/long-term/periods is now deprecated. Use the dedicated endpoints instead:

GET /v1/long-term/periods/instances — long term periods for instances
GET /v1/long-term/periods/clusters — long term periods for clusters

Improved OpenAPI documentation for all long term period endpoints with detailed property descriptions and examples.

2026-03-19 OpenAPI spec auth fix¶

Fixed the OpenAPI specification incorrectly requiring bearer authentication on public endpoints (/v1/instance-types, /v1/cluster-types, /v1/container-types, /v1/long-term/periods/*). These endpoints are publicly accessible and no longer show an authentication requirement in the spec.

2026-03-16 Volume response improvements¶

GET /v1/volumes/{id} now includes is_permanently_deleted and deleted_at fields when the volume is in deleted status. These fields are omitted for active volumes. The OpenAPI schema for this endpoint now uses oneOf to distinguish between the active-volume and deleted-volume response shapes.

2026-03-12 Improved instance action and volume deletion responses¶

Bulk instance actions (PUT /v1/instances) now return structured per-action results. Each result includes the instance id, a status (success or error), and an error message when applicable. When all actions succeed the response is 202 Accepted; when some fail, you receive a 207 Multi-Status with individual outcomes. A single-instance action that is already in the requested state now returns 204 No Content instead of an error.

Volume deletion (DELETE /v1/volumes/{id}) now returns 204 No Content when the volume is already deleted, making the operation idempotent.

OpenAPI schema fields that accept both a single UUID string and an array of UUIDs (id, ssh_key_ids, volume_ids) are now documented with oneOf for accurate client generation.

2026-03-11 API rate limits¶

Introduced rate limits to our Public API to ensure the stability of our API and platform for everyone. Rate limits are restrictions our API enforces on how frequently a user or client can make requests to our services within a given timeframe.

Please take a look at our API documentation section "Rate limits".

2026-02-03 Spot instance volume policy¶

When creating a spot instance, it is now possible to specify a removal policy for the OS volume and any additional volumes created alongside it. Use the on_spot_discontinue field:

POST /v1/instances

POST v1/instances
{
  "instance_type": "CPU.4V.16G",
  "image": "ubuntu-24.04",
  "ssh_key_ids": ["442e6a59-26c2-4cea-a619-39762c0d2385"],
  "hostname": "test-instance",
  "location_code": "FIN-03",
  "is_spot": true,
  "os_volume": {
    "name": "test-instance-os-volume",
    "size": 55,
    // If "delete_permanently", the volume will be deleted when the spot instance is discontinued
    "on_spot_discontinue": "keep_detached" | "move_to_trash" | "delete_permanently"
  }
}

2026-02-03 Delete volumes permanently when deleting an instance¶

When deleting an instance, you can now specify whether its volumes should be moved to deleted storage (default) or deleted permanently:

PUT /v1/instances

PUT v1/instances
{
  "action": "delete",
  "id": "442e6a59-26c2-4cea-a619-39762c0d2385",
  "volume_ids": ["5e9e63a9-fc3b-427b-b259-0c77dce61090"],
  // Will delete the instance and volumes permanently
  "delete_permanently": true
}