Coolify REST API
Self-hosted platform-as-a-service that lets you deploy apps, databases, and services on your own infrastructure via a REST API, replacing Heroku/Netlify/Vercel with full data ownership.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS is configured by Coolify automatically via Let's Encrypt for managed domains, but depends on correct self-hosted setup. API tokens are flat with no scope or expiry controls. Secret values (env vars) are stored encrypted at rest in the Coolify database. No audit log for API token usage.
⚡ Reliability
Best When
An agent needs to manage deployments and infrastructure on self-hosted servers where the team controls the underlying hardware and wants to avoid vendor lock-in to managed PaaS platforms.
Avoid When
You need managed infrastructure with no ops overhead, global edge distribution, or enterprise compliance guarantees that a self-hosted tool cannot provide.
Use Cases
- • Automating deployment of new app versions by triggering Coolify deploy webhooks or API endpoints from CI pipelines
- • Provisioning and managing databases (Postgres, MySQL, Redis, MongoDB) on self-hosted infrastructure programmatically
- • Creating and configuring new application resources (servers, services, environments) for ephemeral review environments
- • Monitoring deployment status and service health by polling resource endpoints during agent-driven release workflows
- • Managing environment variables and secrets for deployed services without direct server access
Not For
- • Multi-region or global edge deployments — Coolify targets single-server or small cluster self-hosted setups
- • Teams without access to a VPS or bare-metal server — Coolify requires your own infrastructure
- • Enterprise teams needing SOC 2 compliance or managed SLA guarantees — it is self-managed open-source software
Interface
Authentication
Bearer token generated per-user from the Coolify dashboard. Tokens are not scoped — a token has full access to everything the user account can access. Token rotation requires manual regeneration via UI. No per-resource or per-team scope granularity.
Pricing
Self-hosted is completely free and open source (Apache 2.0). Coolify Cloud offers a managed option if you don't want to run the control plane yourself. Most agent use cases will target a self-hosted instance.
Agent Metadata
Known Gotchas
- ⚠ Deployment status is asynchronous — the deploy endpoint returns immediately but agents must poll a separate status endpoint to determine when deployment completes or fails
- ⚠ API tokens have no scope granularity — a leaked token gives full control of all resources on the instance, making token rotation critical in automated pipelines
- ⚠ The OpenAPI spec may lag behind the actual API implementation, especially on minor versions; always verify endpoint behavior against the running instance
- ⚠ Coolify uses internal UUIDs for resource identification that must be fetched before any operation — there is no slug-based addressing
- ⚠ Webhook signatures are optional and not enforced by default — agents accepting Coolify webhooks should verify signatures manually to prevent spoofing
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Coolify REST API.
Scores are editorial opinions as of 2026-03-06.