Use Spinly as the control plane for ephemeral infrastructure workflows.

Overview

Spinly is infrastructure workflows, not just infrastructure provisioning. A typical workflow combines:

Authentication

Create an API key in /account/api, copy it once, and send it as a bearer token.

Authorization: Bearer sply_<prefix>_<secret>

Keys can be scoped to read-only, full access, or admin. Spinly stores only the hashed secret server-side.

Endpoints

Example workflows

Launch a reusable infrastructure workflow, poll the environment, extend TTL if needed, then terminate it when work is done.

curl -X POST "$SPINLY_API/api/environments/launch" \
  -H "Authorization: Bearer $SPINLY_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "launchpack_slug": "ceph-cluster-demo",
    "ssh_public_key": "ssh-ed25519 AAAA..."
  }'

import requests

resp = requests.post(
    f"{api_base}/api/environments/launch",
    headers={"Authorization": f"Bearer {api_key}"},
    json={"template_slug": "jumpbox-baseline", "ssh_public_key": public_key},
    timeout=30,
)
resp.raise_for_status()
print(resp.json())

const response = await fetch(`${apiBase}/api/environments/${environmentId}/terminate`, {
  method: 'POST',
  headers: { Authorization: `Bearer ${apiKey}` },
})

Using Spinly from AI agents

Give the agent a scoped API key, store it securely, and let it launch or inspect infrastructure workflows through the same control plane used by humans. A common flow is: create key, launch a launchpack, poll environment state, open the runbook if returned, then terminate the environment when finished.

Error handling and guardrails

The API enforces the same TTL limits, launch guardrails, workspace quotas, and asset ownership checks as the web app. Invalid credentials return 401, scope failures return 403, and quota or policy rejections return the same backend error messages used by the UI.