HydraCore
API by router

Lifecycle

Renew Certificate

Renew mTLS certificate for running instance.

Requires:

  • Current valid mTLS cert
  • WireGuard public key verification
  • Instance status = 'running'
  • Rate limit: 1 renewal per hour per instance

Certificate lifecycle:

  1. Verify current cert is valid and not revoked
  2. Check rate limit (last renewal < 1 hour ago)
  3. Issue new 24-hour cert from CSR
  4. Record new cert in InternalCertInventory
  5. Revoke old cert (set revoked_at)

Args: instance_id: Instance UUID request_body: CSR PEM + WG public key request: FastAPI request (for mTLS cert extraction) db: Database session

Returns: cert_pem: New PEM-encoded mTLS certificate cert_serial: New certificate serial number expires_at: Expiry timestamp (ISO 8601)

Errors: 401: Invalid mTLS cert or identity verification failed 404: Instance not found 409: Instance not running 429: Rate limit exceeded (1 renewal per hour) 400: Invalid CSR 500: CA error

POST
/internal/v1/instances/{instance_id}/cert/renew

Path Parameters

instance_idInstance Id
Formatuuid

Request Body

csr_pemCsr Pem
Length100 <= length <= 10000
wg_public_keyWg Public Key

Response Body

curl -X POST "https://loading/internal/v1/instances/497f6eca-6276-4993-bfeb-53cbbbba6f08/cert/renew" \  -H "Content-Type: application/json" \  -d '{    "csr_pem": "stringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstringstri",    "wg_public_key": "string"  }'
{
  "cert_pem": "string",
  "cert_serial": "string",
  "expires_at": "string"
}
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Refresh Secrets

Refresh agent secrets for running instance.

Requires:

  • mTLS client cert matching instance
  • VPN IP verification
  • WireGuard public key verification
  • Instance status = 'running'

Args: instance_id: Instance UUID request_body: VPN IP + WG public key request: FastAPI request (for mTLS cert extraction) db: Database session

Returns: agent_secrets: Refreshed secrets (API keys, etc.)

Errors: 401: Invalid mTLS cert or identity verification failed 404: Instance not found 409: Instance not running

POST
/internal/v1/instances/{instance_id}/secrets/refresh

Path Parameters

instance_idInstance Id
Formatuuid

Request Body

vpn_ipVpn Ip
Match^10\.\d{1,3}\.\d{1,3}\.\d{1,3}$
wg_public_keyWg Public Key

Response Body

curl -X POST "https://loading/internal/v1/instances/497f6eca-6276-4993-bfeb-53cbbbba6f08/secrets/refresh" \  -H "Content-Type: application/json" \  -d '{    "vpn_ip": "string",    "wg_public_key": "string"  }'
{
  "agent_secrets": {}
}
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Knowledge internal

Previous Page

Logs

Next Page