Every MIOSA API endpoint is REST over HTTPS, returns JSON, and follows a consistent envelope format. The SDKs wrap these endpoints - you can use them directly when you need low-level control or want to integrate from a language without an official SDK.
Base URL
https://api.miosa.ai/api/v1Authentication
All requests require a Bearer token:
Authorization: Bearer msk_live_...MIOSA API keys (msk_*) and short-lived JWT tokens are both accepted. Keys are scoped to an organization and its workspaces/projects. See API Keys for scope details.
Request format
Content-Type: application/jsonfor all request bodies.- File uploads use
multipart/form-data. - All field names are snake_case.
- Mutation requests (
POST,PUT,PATCH,DELETE) should include anIdempotency-Keyheader to enable safe retries:
POST /api/v1/sandboxes
Authorization: Bearer msk_live_...
Idempotency-Key: 550e8400-e29b-41d4-a716-446655440000
Content-Type: application/json
{
"template": "miosa-sandbox",
"workspace_slug": "dr-smith-clinic",
"project_slug": "lead-magnet",
"external_workspace_id": "clinic_123",
"external_user_id": "dr-smith-456",
"external_project_id": "project_789"
}Use a UUID v4 as the idempotency key. Repeating the same key within 24 hours returns the original response without re-executing the mutation.
Response envelope
Single-resource responses:
{
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "my-sandbox",
"status": "running",
"created_at": "2026-05-17T10:00:00Z"
}
}List responses include a pagination object:
{
"data": [ { "id": "...", "name": "..." } ],
"page": {
"page": 1,
"page_size": 20,
"total": 150
}
}Pagination parameters accepted by all list endpoints:
| Parameter | Type | Default | Max |
|---|---|---|---|
page | integer | 1 | - |
page_size | integer | 20 | 100 |
Error envelope
All errors follow a single shape:
{
"error": {
"code": "sandbox_not_found",
"message": "No sandbox with id sbx_abc exists in this workspace.",
"request_id": "req_01jv..."
}
}Include the request_id when contacting support.
HTTP status codes
| Status | Meaning |
|---|---|
| 200 | Success |
| 201 | Created |
| 202 | Accepted - async operation started |
| 400 | Bad request - missing or invalid parameters |
| 401 | Unauthorized - invalid or missing token |
| 403 | Forbidden - valid token, insufficient scope |
| 404 | Not found |
| 409 | Conflict - invalid state transition (e.g. starting a running computer) |
| 413 | Payload too large - file upload exceeds 10 MB |
| 422 | Unprocessable entity - validation error |
| 429 | Rate limited |
| 500 | Internal server error |
| 502 | Bad gateway - command service unreachable |
Rate limits
| Scope | Limit |
|---|---|
| General API | 300 req/min per workspace |
| Auth endpoints | 20 req/min |
| Public/unauthenticated | 60 req/min |
IDs and timestamps
All resource IDs are UUID v4. All timestamps are ISO 8601 in UTC: 2026-05-17T10:00:00Z.
Ownership fields
Create endpoints for resources accept the same ownership selectors:
| Field | Use |
|---|---|
workspace_id | Existing MIOSA workspace UUID |
workspace_slug | Existing or auto-created workspace slug |
workspace_name | Display name used when auto-creating a workspace |
project_id | Existing MIOSA project UUID |
project_slug | Existing or auto-created project slug |
project_name | Display name used when auto-creating a project |
external_workspace_id | Your customer/account/workspace ID |
external_user_id | Your end-user ID |
external_project_id | Your project/app/document ID |
Responses include workspace_id and project_id when the resource is owned by a workspace/project. See Ownership and Attribution.
Compute
Create, list, get, stop, and delete sandbox environments. The core compute primitive. Open →
Run bash commands and Python code inside a running computer or sandbox. Open →
Server-sent events stream for long-running commands - line-by-line stdout/stderr. Open →
Read, write, stat, mkdir, rename, copy, and chmod files inside a computer. Open →
Directory listings, multi-file operations, and archive upload/download. Open →
Create, restore, and delete point-in-time snapshots of a computer’s disk state. Open →
Deploy
Manage static and server deployments - create, list, get, and delete. Open →
Immutable deployment versions. Each publish creates a new version. Open →
Promote a version to a named release (production, staging, etc.). Open →
Register, verify, and manage custom domains on deployments. Open →
Computers
Full lifecycle for desktop VM computers - create, start, stop, restart, clone, resize. Open →
Desktop control actions: screenshot, click, type, key, scroll, drag, hotkey, windows, accessibility tree. Open →
Register your own hardware as a MIOSA computer (BYOC). One command, any machine. Open →
Platform
Customer/client workspaces inside an organization. Open →
Apps, websites, documents, and workflows inside a workspace. Open →
Managed background services attached to a computer (databases, queues, etc.). Open →
Inbound and outbound network rules for a computer. Open →
Lifecycle events emitted by computers and sandboxes - for webhooks and audit logs. Open →
Read credit balance, list usage transactions, and top up. Open →
List available regions and their current capacity. Open →