24/7 support
$10 free credit for your accountClaim now
444Host
APIv1.12 · 2026-07-11

Developer API

Read your servers, hosting, domains, billing and support tickets programmatically. Every endpoint is protected by a scope-gated API key.

Base URL
https://api.444host.com/v1
Auth
Authorization: Bearer h444_…

AI connection (MCP)

Connect Claude and other MCP-capable tools straight to your account. Uses your API key as a Bearer token — every tool is limited to the key’s scopes.

MCP endpoint (Streamable HTTP)
https://api.444host.com/mcp
Add with Claude Code:
claude mcp add --transport http 444host https://api.444host.com/mcp \
  --header "Authorization: Bearer h444_…"

77 tools: ordering (real wallet-debited purchases, double-confirmed), VPS (incl. reverse DNS), hosting, domains, billing, tickets and webhooks. Create an API key →

OAuth-capable clients can connect without pasting a key — you approve in the browser (RFC 8628 device-code flow; AS metadata at api.444host.com/.well-known/oauth-authorization-server). Revoke connected apps from the API Keys page.

Local/stdio: H444_API_KEY=h444_… npx -y @otwa/444host-mcp · GitHub · npm

Quick start

Mint an API key from the dashboard (Account → API Keys), then:

curl -H "Authorization: Bearer h444_…" https://api.444host.com/v1/account

Rate limit: 120 requests/minute per key. Responses carry X-RateLimit-* headers.

Endpoints

Account

GET/v1/accountaccount:read

Returns the authenticated account profile and wallet balance.

{
  "id": "9032ffac-…",
  "email": "you@example.com",
  "first_name": "Jane",
  "last_name": "Doe",
  "account_type": "individual",
  "language": "en",
  "email_verified": true,
  "balance_usd_cents": 1250,
  "created_at": "2026-01-01T00:00:00.000Z"
}

Catalogue & ordering

GET/v1/productsaccount:read

Orderable VPS and hosting plans with retail price and YOUR effective price (reseller discount applied when your account has one).

[
  {
    "slug": "vps-2",
    "category": "vps",
    "name_en": "VPS 2",
    "retail_monthly_usd_cents": 1200,
    "your_monthly_usd_cents": 960,
    "specs": { "vcpu": 2, "ram_mb": 4096, "disk_gb": 60 }
  }
]
GET/v1/os-templatesvps:read

Installable OS templates for VPS orders and reinstalls. ?platform=linux (default) | windows | router — Cloud Router plans deploy MikroTik CHR only.

POST/v1/vpsorders:write

Atomic: debits your wallet at your effective price, issues a paid receipt, and provisions. Provisioning failure auto-refunds. Send an Idempotency-Key so a retried request can't order twice. Returns the server AND its initial root password (shown once).

{ "plan_slug": "vps-2", "label": "web-1", "hostname": "web-1", "os_family": "ubuntu", "os_template": "ubuntu-22.04" }
POST/v1/hostingorders:write

Same atomic debit/refund contract. Returns the account AND its SFTP/DB passwords (shown once). `php_version` defaults to 8.3.

{ "plan_slug": "hosting-starter", "domain": "example.com", "username": "examplecom" }

VPS

GET/v1/vpsvps:read

Every VPS on the account, with live status and plan specs.

GET/v1/vps/:idvps:read

Server detail (no credentials, no internal provisioning data).

GET/v1/vps/:id/statsvps:read

Live CPU / memory / network / disk usage.

GET/v1/vps/:id/ipsvps:read

Every IP on the server with its current PTR record. `zoneHosted: false` means the reverse zone is not on our DNS.

[
  {
    "ip": "46.31.78.56",
    "primary": true,
    "gateway": "46.31.78.1",
    "netmask": "255.255.255.0",
    "ptr": "mail.example.com",
    "zoneHosted": true
  }
]
GET/v1/vps/all-ipsvps:read

Every IP across all your servers, grouped per server, with PTR records — the API form of the dashboard Reverse DNS page.

GET/v1/vps/:id/plan-optionsvps:read

Plans this server can resize to — same family, same disk size (a plan change never alters disk). Returns the current plan and the switchable options, cheapest first.

{
  "current": { "id": "...", "name": "Cloud Router S", "vcpu": 1, "ramMb": 1024, "diskGb": 10, "monthlyPrice": 19.90 },
  "options": [ { "id": "...", "name": "Cloud Router M", "vcpu": 2, "ramMb": 2048, "diskGb": 10, "monthlyPrice": 29.90 } ]
}
POST/v1/vps/:id/power/:actionvps:write

Power the server start, stop, or reboot. `:action` ∈ {start,stop,reboot}.

POST/v1/vps/:id/ssovps:read

Issue a short-lived URL to the browser VM console for this server.

POST/v1/vps/:id/password-resetvps:write

Rotate the server root/admin password; the new password is returned once.

GET/v1/vps/:id/addonsvps:read

Add-ons available/attached for this server — SEO IP Pack, extra IPs, backups. Prices are in cents: `monthly_usd_cents` is the recurring charge, `prorated_usd_cents` what you pay today if you buy now.

POST/v1/vps/:id/addonsorders:write

Buy an add-on for the server. Debits your wallet **immediately**, prorated to the end of the server's current cycle; the add-on then renews with the server every month. Reseller tiers pay their discounted price. Auto-refunds if it cannot be attached.

{ "addonId": "seoip7pk" }
POST/v1/vps/:id/change-planvps:write

Switch to another plan in the same family with the same disk size — an in-place vCPU/RAM resize. The server reboots (~1 min) to apply; disk is never changed. Only the recurring price changes: no proration on an up-switch, no credit on a down-switch — the next renewal bills the new plan. Use GET /vps/:id/plan-options for valid targets.

{ "productId": "..." }
PATCH/v1/vps/:id/labelvps:write

Change the display label.

{ "label": "web-prod-1" }
PUT/v1/vps/:id/ips/:ip/ptrvps:write

Point the IP's PTR record at a hostname (e.g. `mail.example.com`). Idempotent upsert.

{ "hostname": "mail.example.com" }
DELETE/v1/vps/:id/ips/:ip/ptrvps:write

Remove the PTR record for the IP.

POST/v1/vps/:id/reinstallvps:destroy

DESTRUCTIVE — wipe the disk and rebuild from an OS template. Honours an optional Idempotency-Key header.

{ "os": "ubuntu", "osTemplate": "ubuntu-22.04" }
DELETE/v1/vps/:idvps:destroy

DESTRUCTIVE — permanently terminate the server.

Hosting

GET/v1/hostinghosting:read

Web-hosting accounts with status, quota, usage and connection hosts. Passwords are never returned on the API.

GET/v1/hosting/:idhosting:read

Hosting account detail.

POST/v1/hosting/:id/suspendhosting:write

Suspend the account (site + databases stop serving). Reversible with unsuspend.

POST/v1/hosting/:id/unsuspendhosting:write

Lift a suspension and restore service.

DELETE/v1/hosting/:idhosting:destroy

DESTRUCTIVE — permanently removes the site, databases, and mail; the username becomes reusable.

PUT/v1/hosting/:id/phphosting:write

Switch the account's PHP-FPM version. `php_version` ∈ {7.4, 8.1, 8.3}.

{ "php_version": "8.3" }
POST/v1/hosting/:id/ssl/retryhosting:write

Retry the Let's Encrypt certificate issue for the account's domain now.

Hosting control panel

GET/v1/hosting/:id/statshosting:manage

Disk/inode/bandwidth/mailbox usage for the account.

GET/v1/hosting/:id/logshosting:manage

Tail the access or error log. Query: `kind` ∈ {access,error}, `lines`.

POST/v1/hosting/:id/cert/retryhosting:manage

Retry the Let's Encrypt certificate issue now.

PATCH/v1/hosting/:id/php-versionhosting:manage

Switch the account's PHP-FPM version.

{ "php_version": "8.3" }
GET/v1/hosting/:id/cronhosting:manage

Read the crontab.

PUT/v1/hosting/:id/cronhosting:manage

Replace the crontab.

{ "jobs": [ { "schedule": "0 3 * * *", "command": "php cron.php" } ] }
GET/v1/hosting/:id/protected-dirshosting:manage

Password-protected directories (htpasswd).

POST/v1/hosting/:id/protected-dirshosting:manage

Add or update a password-protected directory.

{ "path": "/admin", "basic_user": "u", "password": "…" }
DELETE/v1/hosting/:id/protected-dirshosting:manage

Remove protection. Query: `path`.

GET/v1/hosting/:id/wafhosting:manage

ModSecurity WAF status for the account.

GET/v1/hosting/:id/waf/accesshosting:manage

Whether temporary WAF-log access is active.

POST/v1/hosting/:id/waf/accesshosting:manage

Request temporary access to WAF logs.

GET/v1/hosting/:id/ssh-terminal/accesshosting:manage

Whether browser-SSH terminal access is enabled.

POST/v1/hosting/:id/ssh-terminal/accesshosting:manage

Enable browser-SSH terminal access.

POST/v1/hosting/:id/ssh-terminal/launchhosting:manage

Start a browser-SSH session; returns a session URL/token.

POST/v1/hosting/:id/ssh-terminal/stophosting:manage

Stop the browser-SSH session.

GET/v1/hosting/:id/githosting:manage

Git-deploy status for the account.

GET/v1/hosting/:id/git/deploy-keyhosting:manage

The SSH deploy key to add to your repo.

GET/v1/hosting/:id/git/webhookhosting:manage

The push-to-deploy webhook URL/secret.

POST/v1/hosting/:id/git/webhookhosting:manage

Enable push-to-deploy.

DELETE/v1/hosting/:id/git/webhookhosting:manage

Disable push-to-deploy.

POST/v1/hosting/:id/git/deployhosting:manage

Clone/deploy a repo into the site.

{ "repo_url": "git@…", "branch": "main", "subdir": "" }
POST/v1/hosting/:id/git/pullhosting:manage

Pull the latest commit for the deployed repo.

DELETE/v1/hosting/:id/githosting:manage

Disconnect git deploy from the site.

GET/v1/hosting/:id/fileshosting:manage

List a directory. Query: `path` (default /public_html).

GET/v1/hosting/:id/files/readhosting:manage

Read a text file's contents. Query: `path`.

PUT/v1/hosting/:id/fileshosting:manage

Create or overwrite a text file.

{ "path": "/public_html/x.txt", "content": "…" }
DELETE/v1/hosting/:id/fileshosting:manage

Delete a file or directory. Query: `path`, `recursive`.

GET/v1/hosting/:id/files/downloadhosting:manage

Stream a file as an attachment. Query: `path`.

POST/v1/hosting/:id/files/uploadhosting:manage

Upload a file (multipart form field `file`). Query: `path`.

POST/v1/hosting/:id/files/mkdirhosting:manage

Create a directory.

{ "path": "/public_html/new" }
POST/v1/hosting/:id/files/renamehosting:manage

Rename or move a file/directory.

{ "from": "/a", "to": "/b" }
GET/v1/hosting/:id/backupshosting:manage

Site backups (restore points).

POST/v1/hosting/:id/backupshosting:manage

Create a new site backup.

DELETE/v1/hosting/:id/backups/:bidhosting:manage

Delete a backup.

POST/v1/hosting/:id/backups/:bid/restorehosting:manage

Restore the site from a backup.

GET/v1/hosting/:id/backups/:bid/downloadhosting:manage

Stream a backup archive (gzip).

GET/v1/hosting/:id/visitor-statshosting:manage

Visitor statistics. Query: `period` ∈ {24h,7d,30d}.

GET/v1/hosting/:id/databaseshosting:manage

Extra MySQL databases on the account.

POST/v1/hosting/:id/databaseshosting:manage

Create an extra MySQL database.

{ "suffix": "wp2" }
DELETE/v1/hosting/:id/databases/:namehosting:manage

Delete an extra MySQL database.

Mail

GET/v1/mail/domainsmail:read

Mail domains on the account (they follow your hosting accounts).

GET/v1/mail/domains/:id/mailboxesmail:read

Mailboxes under one mail domain.

GET/v1/mail/domains/:id/aliasesmail:read

Forwarding aliases under one mail domain.

GET/v1/mail/mailboxesmail:read

Every mailbox across all your mail domains.

POST/v1/mail/mailboxesmail:write

Create a mailbox on a mail domain.

{ "domain_id": 12, "local_part": "info", "password": "…", "quota_mb": 2048 }
PATCH/v1/mail/mailboxes/:id/passwordmail:write

Set a new password for a mailbox.

{ "password": "…" }
DELETE/v1/mail/mailboxes/:idmail:write

Permanently delete a mailbox and its mail.

POST/v1/mail/aliasesmail:write

Create a forwarding alias (source → destination).

{ "domain_id": 12, "source_local": "sales", "destination": "info@example.com" }
DELETE/v1/mail/aliases/:idmail:write

Remove a forwarding alias.

Domains

GET/v1/domainsdomains:read

Registered domains with status, nameservers and expiry.

GET/v1/domains/contactdomains:read

The registrant/WHOIS contact used for new registrations (returns SA defaults if none saved yet).

PUT/v1/domains/contactdomains:write

Create or update the registrant (WHOIS) contact.

{ "first_name": "Jane", "last_name": "Doe", "email": "…", "phone": "+90…", "address1": "…", "city": "…", "postal_code": "…", "country": "TR" }
POST/v1/domains/:id/auth-codedomains:write

Email the EPP transfer (auth) code to the registrant. Domain must be active with the transfer lock off.

GET/v1/domains/:iddomains:read

Domain detail.

PATCH/v1/domains/:iddomains:write

Update auto-renew, transfer lock, WHOIS privacy, or nameservers. Changes are pushed to the registry and rolled back if the push fails.

{ "auto_renew": true, "nameservers": ["ns1.example.com","ns2.example.com"] }

Billing

GET/v1/billing/invoicesbilling:read

Your invoices, newest first.

GET/v1/billing/invoices/:idbilling:read

Single invoice with line items and payment transactions.

POST/v1/billing/invoices/:id/paybilling:write

Settle an unpaid invoice from your wallet balance. Fails if the balance is insufficient (top up in the dashboard first). Returns the paid invoice.

GET/v1/billing/walletbilling:read

Prepaid wallet balance (USD cents).

GET/v1/billing/wallet/transactionsbilling:read

Recent wallet activity. Query: limit (max 200).

Support tickets

GET/v1/ticketstickets:read

Your support tickets, newest first.

GET/v1/tickets/:idtickets:read

Ticket detail with the message thread.

POST/v1/ticketstickets:write

Open a support ticket. Honours an optional Idempotency-Key header so a retried request doesn't open a duplicate.

{ "subject": "Mail deliverability", "message": "Our PTR record is set but…", "priority": "medium", "department": "technical" }
POST/v1/tickets/:id/replytickets:write

Post a customer reply. Re-opens a resolved/closed ticket.

{ "body": "Thanks — that fixed it." }
POST/v1/tickets/:id/closetickets:write

Close the ticket. Idempotent.

Webhooks

GET/v1/webhookswebhooks:read

Your webhook subscriptions (secrets masked).

POST/v1/webhookswebhooks:write

Subscribe an HTTPS URL to events. The signing secret is returned ONCE in this response.

{ "url": "https://example.com/hooks/444host", "events": ["vps.power.changed", "ticket.replied"] }
GET/v1/webhooks/:idwebhooks:read

Subscription detail (secret masked).

PATCH/v1/webhooks/:idwebhooks:write

Change url, events, description, or pause/resume via `is_active`.

{ "is_active": false }
DELETE/v1/webhooks/:idwebhooks:write

Remove the subscription and stop deliveries.

POST/v1/webhooks/:id/rotate-secretwebhooks:write

Issue a new signing secret (returned ONCE). The old secret stops signing immediately.

GET/v1/webhooks/:id/deliverieswebhooks:read

Recent delivery attempts with status, duration, and errors. Query: limit (max 200).

POST/v1/webhooks/:id/deliveries/:deliveryId/redeliverwebhooks:write

Clone a past delivery into a fresh attempt.

Webhook events

When an event fires we POST a signed payload to your URL. The signature is HMAC-SHA256: X-444host-Signature: t=<ts>,v1=HMAC(secret, "<ts>." + body). Failed deliveries retry with exponential backoff (1m → 6h).

vps.created

A server finished ordering/provisioning. Payload: vpsId, label, hostname, planSlug, status, ipv4.

hosting.created

A hosting account was provisioned. Payload: hostingId, username, domain, status.

invoice.paid

An invoice transitioned to paid (any gateway, incl. API orders and renewals). Payload: invoiceId, invoiceNumber, totalUsdCents, currency.

vps.power.changed

A power action ran. Payload: vpsId, action (start/stop/reboot).

vps.resized

A VPS changed plan (vCPU/RAM resize). Payload: vpsId, productId, vcpu, ramMb.

vps.reinstalled

A reinstall ran. Payload: vpsId, os, osTemplate.

vps.ptr.changed

A reverse-DNS (PTR) record was set or cleared. Payload: vpsId, ip, ptr (null when cleared).

vps.terminated

A server was terminated. Payload: vpsId.

ticket.created

A support ticket was opened. Payload: ticketId, ticketNumber, subject, status, priority.

ticket.replied

Support staff replied to your ticket. Payload: ticketId, ticketNumber, subject, status.

Error codes

400
Bad RequestMissing or invalid request parameters.
401
UnauthorizedMissing, invalid, or expired API key.
403
ForbiddenAPI key lacks the required scope.
404
Not FoundResource does not exist or is not yours.
429
Too Many RequestsRate limit exceeded (120/min per key). Respect Retry-After.
500
Server ErrorSomething failed on our side — retry, then open a ticket.

Changelog

v1.122026-07-11latest
  • newNew add-on: **SEO IP Pack** (seoip7pk) — 7 dedicated IPs, each from a separate /24 subnet, for SEO hosting, multi-site isolation and sender separation. Available on all Linux Cloud plans, at order time and on running servers.
  • changedGET /v1/vps/:id/addons now returns 444host pricing in cents — monthly_usd_cents (recurring) and prorated_usd_cents (charged today) — replacing the previous price / retailPrice dollar fields. Also returns owned, available, featured and ip_count.
  • changedPOST /v1/vps/:id/addons charges your wallet prorated to the end of the server's current cycle, and the add-on now renews with the server every month (previously it was not billed on renewal). Returns the invoice number and the new recurring total. Auto-refunds if the add-on cannot be attached.
v1.112026-07-08
  • newNew webhook event vps.resized — fires when a VPS changes plan (vCPU/RAM resize). Payload: vpsId, productId, vcpu, ramMb.
v1.102026-07-08
  • newDomains — GET/PUT /v1/domains/contact manage the registrant (WHOIS) contact, and POST /v1/domains/:id/auth-code emails the EPP transfer code. (Registration/renewal/transfer stay in the dashboard — they are wallet-debiting payment flows.) Also MCP tools.
v1.92026-07-08
  • newServer extras — POST /v1/vps/:id/sso (console SSO), POST /v1/vps/:id/password-reset (rotate root password), GET /v1/vps/:id/addons + POST /v1/vps/:id/addons (buy an add-on; debits wallet, scope orders:write). Also MCP tools.
v1.82026-07-08
  • newPay invoices from the API — POST /v1/billing/invoices/:id/pay settles an unpaid invoice from your wallet balance. New opt-in scope billing:write (not in defaults). Top-ups stay in the dashboard (payment flows).
v1.72026-07-08
  • newFull hosting control panel on the API — file manager (list/read/write/delete/upload/download/mkdir/rename), MySQL databases, backups (create/restore/download), cron, PHP version, SSL re-issue, protected directories, WAF, browser-SSH terminal, and git deploy. All under one new opt-in scope hosting:manage — powerful (file + shell access), so it is NOT granted by default; add it explicitly when minting a key. Also available as MCP tools.
v1.62026-07-08
  • newEmail hosting on the API — the mail panel is now scriptable: GET /v1/mail/domains (+ per-domain mailboxes/aliases), GET/POST/DELETE /v1/mail/mailboxes with PATCH /v1/mail/mailboxes/:id/password, and GET/POST/DELETE /v1/mail/aliases. New scopes: mail:read (in defaults) and mail:write. Also available as MCP tools.
v1.52026-07-08
  • newVPS resize — GET /v1/vps/:id/plan-options lists the plans a server can switch to (same family, same disk) and POST /v1/vps/:id/change-plan moves it to one, applying a new vCPU/RAM allocation. The server reboots (~1 min) and disk never changes. Only the recurring price changes — no proration on an up-switch, no credit on a down-switch. Reads carry vps:read, the switch carries vps:write. Powers the new Cloud Router line (move between Router S/M/L). Also in the dashboard and as an MCP tool.
v1.42026-06-11
  • newModel Context Protocol (MCP) server — connect Claude and other AI tools directly to your account at https://api.444host.com/mcp (Streamable HTTP) using your h444_ API key as a Bearer token. 42 tools across ordering (real wallet-debited orders with double-confirm), VPS, hosting, domains, billing, tickets and webhooks, scope-gated by the key.
  • newOAuth 2.0 device-code flow (RFC 8628). Connect AI tools by browser approval instead of pasting a key: the client opens 444host.com/oauth/device, you approve the requested scopes, and it receives a scoped h444_at_ access token (+ single-use h444_rt_ refresh, 90-day). Endpoints under /oauth/* with AS metadata at /.well-known/oauth-authorization-server. Revoke connected apps anytime from the API Keys page.
v1.32026-06-11
  • newHosting lifecycle — POST /v1/hosting/:id/suspend, POST /v1/hosting/:id/unsuspend (hosting:write) and DELETE /v1/hosting/:id (new opt-in hosting:destroy scope). Together with ordering, the full WHMCS reseller-module verb set: Create / Suspend / Unsuspend / Terminate.
v1.22026-06-11
  • newAPI ordering — POST /v1/vps and POST /v1/hosting place real orders: atomic wallet debit, paid receipt, synchronous provisioning, and automatic refund if provisioning fails. Behind the new opt-in orders:write scope (not in default keys — it spends money). Honour Idempotency-Key.
  • newReseller tier — accounts with a reseller discount see and pay discounted prices on GET /v1/products and API orders; renewals inherit the discounted price. GET /v1/account now reports reseller.enabled + discount_pct. Contact support to apply for reseller terms.
  • newThree more webhook events: vps.created, hosting.created, and invoice.paid — everything a billing/provisioning integration needs to sync state. The catalogue is now 9 events.
v1.12026-06-11
  • newWrite endpoints. vps:write — power start/stop/reboot, rename, set/clear reverse DNS (PTR). vps:destroy (opt-in, not in defaults) — reinstall, terminate. hosting:write — PHP version, SSL re-issue. domains:write — auto-renew / lock / WHOIS / nameservers. tickets:write — open, reply, close.
  • newWebhooks — subscribe a URL to account events and receive signed (HMAC-SHA256, X-444host-Signature) POSTs. Eight endpoints under /v1/webhooks behind webhooks:read / webhooks:write. Failed deliveries retry with exponential backoff (1m→6h). Events: vps.power.changed, vps.reinstalled, vps.ptr.changed, vps.terminated, ticket.created, ticket.replied. Manage them in the dashboard too (Account → Webhooks).
  • improvedIdempotency-Key header on reinstall and ticket-create dedups retried requests for 24h.
v1.02026-06-11
  • newPublic API launch — read-only endpoints for account, VPS (incl. live stats and reverse-DNS/PTR listings), hosting, domains, billing (invoices & wallet) and support tickets. Authenticate with an h444_… API key minted from the dashboard (Account → API Keys). 120 req/min per key.