API Reference
The Atlantas REST API gives both human engineers and AI agents full control over the Terraform lifecycle. Every operation available in the dashboard is accessible programmatically.
Base URL
https://api.atlantascloud.com/api/v1Authentication
All endpoints require a Bearer token: either a JWT from login or a scoped API token.
Header
Authorization: Bearer <token>/auth/loginAuthenticate with email and password. Returns a JWT access token.
Request Body
{ "email": "you@company.com", "password": "..." }Response
{ "access_token": "eyJ...", "token_type": "bearer" }/auth/meGet the authenticated user's profile.
Response
{ "id": "uuid", "tenant_id": "uuid", "email": "...",
"name": "...", "role": "admin", "is_active": true }/auth/registerRegister a new user in the tenant. Admin only.
Request Body
{ "email": "new@company.com", "password": "...",
"name": "New User", "role": "member" }Rate Limits
Rate limits are applied per API token. Exceeding limits returns HTTP 429.
Instances
Manage Atlantis deployments. Each instance runs in its own isolated environment.
/instancesList all instances in the tenant.
Response
[{ "id": "uuid", "name": "infra-prod", "status": "running",
"version": "v0.28.5", "config_json": {...} }]/instancesCreate a new Atlantis instance.
Request Body
{ "name": "infra-prod", "version": "v0.28.5",
"config_json": { "uiReplicas": 1, "serverReplicas": 1 } }/instances/{id}Get instance details.
/instances/{id}Update instance configuration.
Request Body
{ "status": "running", "version": "v0.29.0" }/instances/{id}Delete an instance and its associated resources.
Environments
Cloud environments linked to instances. Supports AWS, GCP, Azure, Hetzner, and DigitalOcean.
/environmentsList all environments.
/environmentsCreate an environment.
Request Body
{ "name": "production", "cloud_provider": "aws",
"region": "eu-west-1", "terraform_workspace": "prod",
"repository_url": "https://github.com/org/infra" }/environments/{id}Update environment settings.
/environments/{id}Delete an environment.
/environments/{id}/drift-checkTrigger a drift detection scan.
Response
{ "detail": "Drift check initiated", "environment_id": "uuid" }/environments/{id}/drift-resolveMark drift as resolved.
Projects
Terraform projects mapped to repositories. Assign projects to instances via the graph API.
/projectsList all projects.
/projectsCreate a Terraform project.
Request Body
{ "name": "vpc-core", "repository_url": "https://github.com/org/infra",
"terraform_path": "modules/vpc", "workspace": "default",
"branch": "main", "state_backend": "platform" }/projects/{id}Update project settings.
/projects/{id}Delete a project and its dependencies.
/projects/{id}/assign/{instance_id}Assign a project to an Atlantis instance.
/projects/{id}/assignUnassign project from its instance.
/projects/{id}/dependenciesAdd a dependency between projects.
Request Body
{ "depends_on_project_id": "uuid", "output_mapping": {} }/projects/{id}/dependencies/{dep_id}Remove a project dependency.
/projects/graphGet the full project/instance graph for visualization.
Response
{ "nodes": [{ "id": "...", "type": "project", "data": {...},
"position": { "x": 0, "y": 0 } }],
"edges": [{ "id": "...", "source": "...", "target": "...",
"type": "assignment" }] }/projects/graph/layoutSave graph node positions.
Request Body
[{ "id": "uuid", "position_x": 100, "position_y": 200 }]Runs
Terraform plan, apply, and destroy operations. AI agents can create runs and approve applies programmatically.
/runsList runs. Filter by status or environment.
Response
[{ "id": "uuid", "title": "Plan VPC", "status": "planning",
"command": "plan", "resources_added": 2,
"resources_changed": 0, "resources_destroyed": 0 }]/runs/scheduledList scheduled future runs.
/runsCreate and trigger a new run.
Request Body
{ "title": "Scale EKS nodes", "command": "apply",
"repo": "org/infra", "branch": "main",
"workspace": "production", "scheduled_at": "2026-03-20T10:00:00Z" }/runs/{id}Get run details including log output.
/runs/{id}/approveApprove a planned run to proceed with apply.
/runs/{id}/cancelCancel a pending or planning run.
State Backend
Terraform HTTP state backend. Configure your projects to store encrypted state on Atlantas.
# backend.tf
terraform {
backend "http" {
address = "https://api.atlantascloud.com/api/v1/tfstate/my-project/default"
lock_address = "https://api.atlantascloud.com/api/v1/tfstate/my-project/default"
unlock_address = "https://api.atlantascloud.com/api/v1/tfstate/my-project/default"
lock_method = "LOCK"
unlock_method = "UNLOCK"
}
}/tfstate/{project}/{workspace}Retrieve the current Terraform state (decrypted).
/tfstate/{project}/{workspace}Store a new state version. Encrypted with AES-256 before storage.
/tfstate/{project}/{workspace}Acquire a state lock. Returns 409 if already locked.
Request Body
{ "ID": "lock-uuid", "Operation": "OperationTypeApply",
"Info": "", "Who": "user@host", "Version": "1.7.0",
"Created": "2026-03-15T10:00:00Z", "Path": "" }/tfstate/{project}/{workspace}Release a state lock.
Request Body
{ "ID": "lock-uuid" }State Management
UI-facing API for browsing states and version history.
/statesList all Terraform states in the tenant.
Response
[{ "id": "uuid", "project_name": "vpc-core", "workspace": "default",
"serial": 4, "is_locked": false, "lineage": "..." }]/states/{id}Get state metadata.
/states/{id}/versionsList version history for a state.
/states/{id}/unlockForce-unlock a stuck state.
/states/{id}Delete a state and all its versions.
Agents
Autonomous operators that monitor, fix, and maintain infrastructure. Types: drift_monitor, state_watcher, apply_bot, upgrade_bot, codebase_monitor.
/agentsList all configured agents.
/agentsCreate an agent.
Request Body
{ "name": "prod-drift-watcher", "agent_type": "drift_monitor",
"schedule": "*/15 * * * *",
"target_instance_id": "uuid",
"config": { "auto_remediate": true } }/agents/{id}Update agent settings.
/agents/{id}Delete an agent.
/agents/{id}/activateActivate an agent to run on its schedule.
/agents/{id}/deactivatePause an active agent.
/agents/{id}/triggerManually trigger an agent run outside its schedule.
GitHub Apps
Register GitHub Apps to browse repos, branches, and auto-discover Terraform workspaces.
/github/appsList registered GitHub Apps.
/github/appsRegister a GitHub App. Private key is encrypted at rest.
Request Body
{ "name": "My Org App", "app_id": "12345",
"installation_id": "67890", "account_login": "my-org",
"private_key": "-----BEGIN RSA PRIVATE KEY-----..." }/github/apps/{id}Remove a GitHub App registration.
/github/apps/{id}/reposList accessible repositories.
/github/apps/{id}/repos/{owner}/{repo}/branchesList branches for a repository.
/github/apps/{id}/repos/{owner}/{repo}/treeGet full directory tree. Query param: ref (default: main).
/github/apps/{id}/repos/{owner}/{repo}/terraform-workspacesAuto-discover Terraform workspaces by scanning for .tf files.
Cloud Credentials
Encrypted storage for cloud provider credentials. Supports AWS, GCP, Azure, Hetzner, and DigitalOcean.
/cloud-credentialsList credentials. Secrets are never returned.
/cloud-credentialsStore new credentials. Encrypted with AES-256.
Request Body
{ "name": "AWS Production", "provider": "aws",
"credential_type": "access_key",
"credentials_json": { "access_key_id": "...", "secret_access_key": "..." } }/cloud-credentials/{id}Update credential name or rotate secrets.
/cloud-credentials/{id}Delete a credential.
/cloud-credentials/{id}/validateTest that stored credentials are valid.
SSO Providers
Configure OIDC, SAML, Google, or GitHub SSO for your tenant.
/sso-providersList configured SSO providers.
/sso-providersCreate an SSO provider.
Request Body
{ "name": "Corporate Okta", "provider_type": "oidc",
"client_id": "...", "client_secret": "...",
"issuer_url": "https://company.okta.com" }/sso-providers/{id}Update SSO configuration.
/sso-providers/{id}Remove an SSO provider.
/sso-providers/{id}/testTest SSO provider connectivity.
Users & API Tokens
Manage team members and issue scoped API tokens for agents.
/usersList all users in the tenant.
/users/{id}/roleChange a user's role.
Request Body
{ "role": "member" }/users/{id}Deactivate a user.
/users/tokensList your API tokens.
/users/tokensGenerate a new API token. The raw token is only shown once.
Request Body
{ "name": "CI/CD Token", "expires_in_days": 90 }Response
{ "id": "uuid", "name": "CI/CD Token", "raw_token": "atl_...",
"expires_at": "2026-06-15T00:00:00Z" }/users/tokens/{id}Revoke an API token.
Tenant & Quotas
View and manage tenant-level settings and resource quotas.
/tenantGet tenant info including quotas.
Response
{ "id": "uuid", "name": "Acme Corp", "slug": "acme",
"max_instances": 10, "max_environments": 20,
"cpu_quota": "4000m", "memory_quota": "8Gi" }/tenant/quotasUpdate resource quotas.
Request Body
{ "max_instances": 20, "cpu_quota": "8000m" }/tenant/usageGet current resource usage vs limits.
Response
{ "instances_used": 3, "instances_limit": 10,
"environments_used": 5, "environments_limit": 20 }Billing
View billing records and export invoices.
/billingList all billing records.
/billing/currentGet current month billing summary.
Response
{ "current_resources": 42, "current_changes": 156,
"current_amount_cents": 2100,
"period_start": "2026-03-01", "period_end": "2026-03-31" }/billing/exportDownload billing records as CSV.
Dashboard
Aggregated statistics for the tenant overview.
/dashboard/statsGet dashboard statistics.
Response
{ "total_runs": 1247, "applied_runs": 1089,
"errored_runs": 23, "pending_runs": 5,
"active_instances": 4, "total_environments": 8,
"success_rate": 87.3 }