Operator Quickstart

Register an account, create an OAuth app, install the Buddo CLI, and deploy your first container to buddocloud hosting. This guide takes about 15 minutes.

Base URL: All API endpoints use https://api.buddo.xyz. All examples use curl.

Step 1: Register an account

Create a new Buddo account by posting your email, username, and password to /api/auth/register.

Request

curl -X POST https://api.buddo.xyz/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "username": "myoperator",
    "password": "a-strong-password"
  }'

Response 201

{
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "you@example.com",
    "username": "myoperator",
    "tier": "free",
    "points": 0,
    "referral_code": "ABC123",
    "email_verified": false,
    "registration_number": 42
  }
}

Check your inbox for a verification email and confirm your address before proceeding. Registration is limited to 5 requests per hour per IP.

Step 2: Log in and get a JWT

Authenticate with your credentials to receive a JWT. Pass it as a Bearer token in the Authorization header for all authenticated requests.

Request

curl -X POST https://api.buddo.xyz/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "a-strong-password"
  }'

Response 200

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "you@example.com",
    "username": "myoperator",
    "tier": "free",
    "is_admin": false,
    "email_verified": true,
    "totp_enabled": false
  }
}

Save the token value. The examples below use JWT as a placeholder — substitute your actual token.

Step 3: Create an OAuth app

Deploy endpoints require an OAuth access token with the deploy:manage scope. The first step is registering an OAuth app so the platform can issue tokens for your application.

Endpoint

POST /api/oauth/apps — requires JWT authentication

Request

curl -X POST https://api.buddo.xyz/api/oauth/apps \
  -H "Authorization: Bearer JWT" \
  -H "Content-Type: application/json" \
  -d '{
    "app_name": "My Deploy App",
    "redirect_uris": ["http://localhost:9876/callback"],
    "requested_scopes": ["deploy:manage"]
  }'

Response 201

{
  "app": {
    "id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
    "client_id": "client_abc123",
    "client_secret": "secret_xyz789",
    "app_name": "My Deploy App",
    "redirect_uris": ["http://localhost:9876/callback"],
    "approved_scopes": ["deploy:manage"]
  }
}

Store your client_id and client_secret securely. The secret is only shown once. The deploy:manage scope gives your app permission to create, stop, restart, and destroy deployments on your account.

OAuth app creation is limited to 3 requests per hour. If you need to inspect an existing app, use GET /api/oauth/my-apps (JWT auth) to list all apps you own.

Step 4: Install the Buddo CLI

The Buddo CLI (buddo) is the fastest way to deploy and manage applications from your terminal. Download the binary for your platform:

Platform	Binary
Linux (x86_64)	`buddo-linux-amd64`
macOS (ARM)	`buddo-darwin-arm64`
Windows (x86_64)	`buddo-windows-amd64.exe`

Linux / macOS install

# Download (replace PLATFORM with linux-amd64 or darwin-arm64)
curl -Lo buddo https://releases.buddocloud.com/cli/latest/buddo-PLATFORM
chmod +x buddo
sudo mv buddo /usr/local/bin/

Verify

buddo --version
# buddo v0.1.0

Step 5: Log in via CLI

Authenticate the CLI with your Buddo credentials. The CLI stores a JWT locally and uses it for subsequent commands.

buddo login

You will be prompted for your email and password:

Email: you@example.com
Password: ••••••••••••
Logged in as myoperator

CLI auth uses JWT. The CLI logs in with your account credentials (not OAuth tokens) to manage your own deployments. OAuth tokens are for applications acting on behalf of end users. See JWT vs OAuth Tokens for when to use each.

Step 6: Deploy your first app

Create a new container deployment with a single command. The CLI calls POST /api/deploy/apps on your behalf.

buddo deploy \
  --name my-app \
  --image docker.io/library/nginx:latest \
  --port 80

The CLI will prompt you to choose a deploy tier if one is not specified. For this quickstart, select the default Buddo starter tier.

What the CLI does

Calls GET /api/deploy/tiers to list available tiers.
Calls POST /api/deploy/apps with your name as the subdomain, your image, the selected tier, and the port.
Polls GET /api/deploy/apps/{id}/status until the deployment reaches running.
Prints the live URL.

Output

Creating deployment "my-app"...
Deployment ID: 550e8400-e29b-41d4-a716-446655440000
Status: pending → deploying → running
Live at: https://my-app.buddocloud.com

Supported image registries. Images must be pulled from one of three whitelisted sources: harbor.buddo.xyz:4443/, docker.io/library/, or ghcr.io/. Custom or private registries are not supported in the starter tier.

Equivalent API call

curl -X POST https://api.buddo.xyz/api/deploy/apps \
  -H "Authorization: Bearer OAUTH_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "subdomain": "my-app",
    "image": "docker.io/library/nginx:latest",
    "tier": "buddo-starter",
    "port": 80
  }'

Step 7: Check status

Poll your deployment's status to confirm it is running and passing health checks.

buddo status my-app

Output

Deployment: my-app (550e8400-e29b-41d4-a716-446655440000)
Status:      running
Health:      healthy
Last check:  2026-05-21T10:05:00Z
URL:         https://my-app.buddocloud.com

Equivalent API call

curl https://api.buddo.xyz/api/deploy/apps/DEPLOYMENT_ID/status \
  -H "Authorization: Bearer OAUTH_TOKEN"

Response

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "status": "running",
  "subdomain": "my-app",
  "health_status": "healthy",
  "last_health_check": "2026-05-21T10:05:00Z"
}

Deployment statuses

Status	Meaning
`pending`	Created, container not yet provisioned
`deploying`	Image is being pulled and started
`running`	Container is live and passing health checks
`stopped`	Container stopped (manually or by platform)
`destroyed`	Permanently removed

Step 8: View logs

The deploy audit log records every action performed on a deployment: create, deploy, stop, restart, and destroy. Each entry includes the initiating user, timestamp, and completion status.

buddo deploy logs DEPLOYMENT_ID

Output

Action     Status     Initiated by   Time
------     ------     ------------   ----
create     completed  myoperator     2026-05-21T10:00:00Z
deploy     completed  platform       2026-05-21T10:00:05Z

Equivalent API call

curl https://api.buddo.xyz/api/deploy/apps/DEPLOYMENT_ID/logs \
  -H "Authorization: Bearer OAUTH_TOKEN"

Response

{
  "logs": [
    {
      "id": "...",
      "action": "create",
      "status": "completed",
      "initiated_by": "550e8400-e29b-41d4-a716-446655440000",
      "inserted_at": "2026-05-21T10:00:00Z",
      "details": null
    },
    {
      "id": "...",
      "action": "deploy",
      "status": "completed",
      "initiated_by": null,
      "inserted_at": "2026-05-21T10:00:05Z",
      "details": null
    }
  ]
}

Step 9: Stop and destroy

When you no longer need a deployment, stop it to pause the container (billing pauses but the subdomain reservation is kept) or destroy it to permanently remove everything.

Stop

buddo deploy stop DEPLOYMENT_ID

The container halts. Status transitions to stopped. You can restart it later with buddo deploy restart DEPLOYMENT_ID.

Equivalent API call

curl -X POST https://api.buddo.xyz/api/deploy/apps/DEPLOYMENT_ID/stop \
  -H "Authorization: Bearer OAUTH_TOKEN"

Destroy

buddo deploy destroy DEPLOYMENT_ID

Permanently removes the deployment, its container, and all associated configuration. This action cannot be undone. Status transitions to destroyed.

Equivalent API call

curl -X DELETE https://api.buddo.xyz/api/deploy/apps/DEPLOYMENT_ID \
  -H "Authorization: Bearer OAUTH_TOKEN"

Response

{
  "message": "Deployment destroyed",
  "id": "550e8400-e29b-41d4-a716-446655440000"
}

Stop vs. Destroy. Use stop if you plan to restart later — the subdomain reservation is preserved. Use destroy when you are done with the deployment entirely.

CLI Command Reference

Summary of all CLI commands used in this guide:

Command	Description
`buddo login`	Authenticate with your Buddo credentials and store a local JWT
`buddo deploy --name NAME --image IMAGE --port PORT`	Create a new container deployment
`buddo status NAME`	Show status and health for a named deployment
`buddo deploy logs ID`	Show the action audit log for a deployment
`buddo deploy stop ID`	Stop a running deployment (preserves subdomain)
`buddo deploy restart ID`	Restart a stopped or running deployment (pulls latest image)
`buddo deploy destroy ID`	Permanently destroy a deployment and free all resources

API Quick Reference

All deploy endpoints require an OAuth token with deploy:manage scope. For full schemas see the Deploy API Reference.

Endpoint	Description
POST `/api/auth/register`	Create a new account
POST `/api/auth/login`	Get a JWT token
POST `/api/oauth/apps`	Register an OAuth app to obtain `deploy:manage` scope
GET `/api/deploy/tiers`	List available deployment tiers with pricing
POST `/api/deploy/apps`	Create a new deployment
GET `/api/deploy/apps/{id}/status`	Poll deployment status
GET `/api/deploy/apps/{id}/logs`	Deployment audit log
POST `/api/deploy/apps/{id}/stop`	Stop a running deployment
POST `/api/deploy/apps/{id}/restart`	Restart a deployment
DELETE `/api/deploy/apps/{id}`	Permanently destroy a deployment

What's next

Guide	When to use it
Deploy Lifecycle	Deep dive into deploy tiers, billing, custom domains, and architecture
OAuth PKCE Flow	Building apps that act on behalf of Buddo users
JWT vs OAuth Tokens	Understanding when to use JWT auth vs. OAuth tokens
Deploy API Reference	Complete endpoint schemas for all deploy routes