API reference
Fleet API
Central-plane endpoints for tenant admins — appliances, keys, policies.
Last updated 18 Apr 2026
The fleet API lives at https://ops.<region>.operayde.com/v1/... and is
consumed by the operator portal, the operayde CLI, and (if you want) your
own internal tools.
Authentication
Staff call fleet APIs with a JWT minted by the Operayde IdP. Tenant admins can mint staff tokens from the portal for scripted access — they carry the same scopes as the portal role.
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...Appliances
GET /v1/appliances?tenant_id=acme
GET /v1/appliances/{id}
POST /v1/appliances/{id}:suspend
POST /v1/appliances/{id}:retireEnrolment tokens
GET /v1/enrolments?tenant_id=acme
POST /v1/enrolments
GET /v1/enrolments/{id}An enrolment is scoped to a single hardware serial and a single use. Tokens expire after 72 hours.
Virtual keys
GET /v1/virtual-keys?tenant_id=acme
POST /v1/virtual-keys
DELETE /v1/virtual-keys/{id}Policies
GET /v1/tenants/{tenant_id}/opa-bundles
POST /v1/tenants/{tenant_id}/opa-bundlesUploads are signed before distribution. The response includes the signed digest; verify it matches what you published.
Limits
- 30 req / second per staff token
- 5 MiB maximum bundle upload
- 50 appliances / tenant / day for enrolment creation (contact us for higher limits during a rollout)