Skip to main content

Automating Your VPS with API Tokens

The FREAKHOSTING VPS Control Panel has a REST API that lets you do everything the web interface can do — but through code. Want to automatically restart a server every night? Build a monitoring dashboard that pulls live stats? Spin up a new server from a deployment script? The API makes all of that possible. To use the API, you need an API token — a long string of characters that acts as your identity and password rolled into one. You include it with every API request, and the system knows it is you. Who needs this? If you are a developer writing scripts, a DevOps engineer building automation pipelines, or a system administrator who wants to integrate FREAKHOSTING with tools like Ansible, Terraform, or custom monitoring systems — API tokens are for you. If you just manage your servers through the web panel, you can skip this feature entirely.

Difficulty

Advanced

Time

3 Minutes

Generating an API Token

1

Navigate to Account Settings

Click on Account in the top navigation bar of the control panel.
2

Open the API Tab

Click on the API tab in the account settings navigation. You will see a description of the API along with a link to the full API Documentation.
3

Generate a New Token

Click the Generate Token button. A new API token will be created and displayed on screen.
4

Copy and Save Your Token Immediately

This is critical. Copy your token right now and store it in a secure location — a password manager is ideal. The full token may only be displayed once. If you navigate away without saving it, you may need to delete it and generate a new one.Treat your API token like a password. Anyone with this token can manage your servers, view your data, and take actions on your behalf.

Using Your API Token

Include the token in the Authorization header of your HTTP requests. Here is a quick example that lists all your servers: 
curl -H "Authorization: Bearer YOUR_API_TOKEN" \
     https://cloud.freakhosting.com/api/v1/servers

A Practical Automation Example

Let’s say you want a simple script that checks if your server is running and restarts it if it is not. Here is a basic Bash example: 
#!/bin/bash
TOKEN="YOUR_API_TOKEN"
SERVER_ID="your-server-id"
API_URL="https://cloud.freakhosting.com/api/v1"

# Get server status
STATUS=$(curl -s -H "Authorization: Bearer $TOKEN" \
  "$API_URL/servers/$SERVER_ID" | jq -r '.status')

if [ "$STATUS" != "running" ]; then
  echo "Server is $STATUS — restarting..."
  curl -s -X POST -H "Authorization: Bearer $TOKEN" \
    "$API_URL/servers/$SERVER_ID/restart"
  echo "Restart command sent."
else
  echo "Server is running normally."
fi
You could run this on a cron job every five minutes for basic self-healing automation. For comprehensive API documentation — including all available endpoints, request parameters, and response formats — click the API Documentation link on the API page within the control panel.

Managing Existing Tokens

The API page displays all your active tokens. For each token, you can:
  • View the token name and when it was created
  • Delete a token that is no longer needed or that may have been compromised
Create separate tokens for each application or script. Name them descriptively — “Monitoring Cron Job,” “Deploy Script,” “Grafana Dashboard.” This way, if one token is compromised, you can revoke just that one without breaking every integration you have.

API Token Best Practices

Use Descriptive Names

Name your tokens based on what they do: “Nightly Backup Script,” “Uptime Monitor,” “CI/CD Pipeline.” When you have five tokens in the list, you will be glad you can tell them apart at a glance.

Rotate Tokens Periodically

Even if nothing seems wrong, generating a fresh token every few months and deleting the old one limits the damage if a token was silently exposed. Update your scripts with the new token, then delete the old one.

Never Hardcode Tokens

Storing tokens directly in your source code is a recipe for accidental exposure (especially if that code ends up on GitHub). Use environment variables or a secrets manager instead:
export FREAKHOSTING_TOKEN="your-token-here"
Then reference $FREAKHOSTING_TOKEN in your scripts.

Revoke Compromised Tokens Instantly

If you suspect a token has been exposed — found it in a log file, pasted it in a chat accidentally, committed it to a repo — delete it from the API page immediately and generate a new one. Do not wait.
You can create multiple API tokens on your account. There is no strict limit, but we recommend keeping it manageable — one token per application or integration. This gives you granular control over what to revoke if something goes wrong.
The full API documentation is linked directly from the API tab in your account settings. It includes all available endpoints, authentication details, request/response formats, and code examples for common operations.
Any application, script, or integration using that token will immediately lose access to the API and start getting authentication errors. Before deleting a token, make sure you have already updated any systems that depend on it with a replacement token.
Currently, API tokens have the same level of access as your account. If you need different permission levels, the best approach is to use separate FREAKHOSTING accounts with shared server access (see our sharing guide) and generate tokens on those accounts instead.

Need Extra Help?

If you encounter any issues, our support team is ready to assist:

Save on Your Hosting

Ready to get a new server? Use code KB20 at checkout for 20% off your first month!
Last Updated: March 2026 | VPS Support: API management simplified.