Skip to main content
The OVHcloud API lets you purchase, manage, update, and configure OVHcloud products without using the Control Panel. Everything the Control Panel does is backed by this same API, which means you can automate any operation you can perform in the UI.

API console

Explore and test API endpoints interactively in the browser.

SDK wrappers

Official clients for Python, Node.js, Go, PHP, and more.

Terraform provider

Manage OVHcloud infrastructure as code with the OVH Terraform provider.

What is the OVHcloud API?

The OVHcloud API is a REST API available at https://eu.api.ovh.com/v1/ (EU) and https://ca.api.ovh.com/v1/ (CA). It exposes endpoints for every OVHcloud product — from dedicated servers and VPS to domain names, Public Cloud, and account management. The API uses four standard HTTP methods:
MethodPurpose
GETRetrieve data
POSTCreate a resource or trigger an action
PUTReplace existing data
DELETEDelete a resource
You can explore all available endpoints in the interactive API console. The console also lists the IAM action names associated with each call, which you need when writing IAM policies.
A v2 branch of the API (/v2) is available for select products with an improved data model. You can switch between /v1 and /v2 in the console using the version selector on the left.

Authentication

The OVHcloud API uses a three-token authentication model for application access:
TokenNameDescription
Application Key (AK)PublicIdentifies your application. Safe to share.
Application Secret (AS)PrivateSigns requests. Keep this secret.
Consumer Key (CK)PrivateLinks the application to a specific OVHcloud account. Keep this secret.
Every API request is signed using these three values together with a timestamp and a SHA1 hash. The SDKs handle signing for you automatically.

Creating API credentials

1

Go to the token creation page

Navigate to https://eu.api.ovh.com/createToken/ and sign in with your OVHcloud credentials.
2

Fill in the application details

Enter an Application Name and an optional description. You can also set an expiry period for the credentials.
3

Set the rights

In the Rights section, specify which HTTP methods and API paths the token can access. To allow all GET requests across every endpoint, set the method to GET and the path to *. You can combine multiple rules.For example, to allow read access to all APIs and write access only to VPS:
GET /*
POST /vps/*
PUT /vps/*
DELETE /vps/*
4

Click Create keys

After clicking Create keys, you receive three values:
  • Application Key (AK) — for example: 7kbG7Bk7S9Nt7ZSV
  • Application Secret (AS) — for example: EXEgWIz07P0HYwtQDs7cNIqCiQaWSuHF
  • Consumer Key (CK) — for example: MtSwSrPpNjqfVSmJhLbPyr2i45lSwPU1
Store all three values securely. The Application Secret and Consumer Key cannot be retrieved again after this page.
Never commit your Application Secret or Consumer Key to source control. Use environment variables or a secrets manager to store them.

Making your first API call

Once you have your credentials, you can make authenticated API calls. The request signature is computed as: 
"$1$" + SHA1_HEX(AS + "+" + CK + "+" + METHOD + "+" + QUERY + "+" + BODY + "+" + TSTAMP)
The SDKs handle this for you. If you want to test manually using curl, you can call read-only endpoints that work with basic authentication via the browser console, or use one of the SDKs below for a signed request. Here is an example that retrieves your account details using the Python SDK: 
import ovh

client = ovh.Client(
    endpoint='ovh-eu',
    application_key='<application_key>',
    application_secret='<application_secret>',
    consumer_key='<consumer_key>',
)

me = client.get('/me')
print("Welcome", me['firstname'])
To retrieve a list of your VPS servers: 
vps_list = client.get('/vps')
print(vps_list)
# ['vps-xxxxxxxx.vps.ovh.net', ...]

Listing and revoking credentials

You can manage existing API credentials from the OVHcloud Control Panel or via the API: 
# List all application IDs
GET /me/api/application

# Get details of a specific application
GET /me/api/application/{applicationId}

# Revoke a credential
DELETE /me/api/application/{applicationId}

SDK wrappers

OVHcloud maintains official API wrappers for multiple languages. They handle request signing, retries, and response parsing automatically. 
# Install: pip install ovh
import ovh

client = ovh.Client(
    endpoint='ovh-eu',
    application_key='<application_key>',
    application_secret='<application_secret>',
    consumer_key='<consumer_key>',
)

# List dedicated servers
servers = client.get('/dedicated/server')
print(servers)

# Reboot a server
client.post('/dedicated/server/{serviceName}/reboot',
            serviceName='ns123456.ip-1-2-3.eu')
All SDKs are open source and available on GitHub:

Terraform provider

The OVH Terraform provider allows you to manage OVHcloud resources using Infrastructure as Code. It wraps the OVHcloud API and supports a wide range of products.

Quick start

1

Configure provider credentials

Export your API credentials as environment variables:
export OVH_ENDPOINT="ovh-eu"
export OVH_APPLICATION_KEY="<application_key>"
export OVH_APPLICATION_SECRET="<application_secret>"
export OVH_CONSUMER_KEY="<consumer_key>"
2

Declare the provider in your Terraform configuration

terraform {
  required_providers {
    ovh = {
      source  = "ovh/ovh"
      version = ">= 0.46.0"
    }
  }
}

provider "ovh" {
  endpoint = "ovh-eu"
}
3

Define resources

For example, create an IAM policy that grants a local user read access to a VPS:
resource "ovh_iam_policy" "vps_readonly" {
  name        = "vps-readonly"
  description = "Allow user1 to read VPS info"

  identities = [
    "urn:v1:eu:identity:user:xx1111-ovh/user1"
  ]

  resources = [
    "urn:v1:eu:resource:vps:vps-5b48d78b.vps.ovh.net"
  ]

  permissions = {
    allow = [
      { action = "vps:apiovh:get" }
    ]
  }
}
4

Apply

terraform init
terraform plan
terraform apply
The OVH provider supports many resource types across Bare Metal, Public Cloud, Web Cloud, and Network products. See the complete provider documentation for all available resources and data sources.
You can also use OVHcloud Object Storage (S3-compatible) as a Terraform remote backend to store your state file securely.

OVHcloud CLI

The OVHcloud CLI (ovhcloud) lets you interact with OVHcloud services directly from your terminal without writing code.

Installation

curl -fsSL https://raw.githubusercontent.com/ovh/ovhcloud-cli/main/install.sh | sh

Authentication

Log in interactively to create API credentials: 
ovhcloud login
Or configure credentials using environment variables: 
export OVH_ENDPOINT=ovh-eu
export OVH_APPLICATION_KEY=xxx
export OVH_APPLICATION_SECRET=xxx
export OVH_CONSUMER_KEY=xxx

Basic commands

# List your Public Cloud projects
ovhcloud cloud project list

# Show details of a specific project
ovhcloud cloud project get <PROJECT_ID>

# List instances in a project
ovhcloud cloud instance list --cloud-project <PROJECT_ID>

# Create a new instance
ovhcloud cloud instance create BHS5 \
  --cloud-project <PROJECT_ID> \
  --name my-instance \
  --flavor-selector \
  --image-selector \
  --network.public \
  --ssh-key.name <SSH_KEY_NAME>
The CLI covers most OVHcloud products including Bare Metal, Public Cloud (Instances, Managed Kubernetes, Storage, Network), VPS, and IAM. See the full command reference for all available commands.

Service accounts and OAuth2

For production automation where credentials must not be tied to a specific human user, use service accounts. Service accounts authenticate with the OAuth2 client credentials flow, which is stateless and does not require a consumer key.
1

Create a service account

Call the API to create an OAuth2 client with the CLIENT_CREDENTIALS flow:
POST /me/api/oauth2/client

{
  "callbackUrls": [],
  "flow": "CLIENT_CREDENTIALS",
  "name": "my-automation-script",
  "description": "Deployed in CI/CD pipeline for VPS management"
}
The response contains a clientId and a clientSecret. Store the clientSecret securely — it cannot be retrieved again.
2

Attach an IAM policy to the service account

Retrieve the service account’s URN:
GET /me/api/oauth2/client/{clientId}
The identity field returns a URN in this format:
urn:v1:eu:identity:credential:xx11111-ovh/oauth2-<clientId>
Use this URN as an identity in an IAM policy. See Identity & Access Management for how to create a policy.
3

Get an access token

Exchange your client credentials for a Bearer token:
curl --request POST \
  --url 'https://www.ovh.com/auth/oauth2/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=<clientId> \
  --data client_secret=<clientSecret> \
  --data scope=all
The response contains an access_token valid for ~1 hour:
{
  "access_token": "eyJ...",
  "token_type": "Bearer",
  "expires_in": 3599,
  "scope": "all"
}
4

Make authenticated API calls

Use the Bearer token in the Authorization header:
curl -X GET "https://eu.api.ovh.com/v1/vps" \
  -H "accept: application/json" \
  -H "Authorization: Bearer <access_token>"
Service accounts are designed for machine-to-machine access. Their credentials are tied to your root OVHcloud account, not to any individual user. This means they remain valid even if team members leave or change their credentials.

Next steps

Identity & Access Management

Create IAM policies to control what your API tokens and service accounts can do.

Observability & Monitoring

Forward API activity logs to Logs Data Platform for auditing and alerting.

Build docs developers (and LLMs) love

Get started for freeTalk to us