Terraform Cloud/Enterprise REST API

The Terraform Cloud and Enterprise REST API lets agents programmatically manage workspaces, trigger and monitor plan/apply runs, read and write state, configure variables, and manage organizations and teams.

Evaluated Mar 06, 2026 (0d ago) vcurrent

Homepage ↗ Other terraform hashicorp iac infrastructure cloud workspace runs

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

100

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Sensitive variables are write-only (cannot be read back via API once set), protecting secrets from exfiltration. Team-scoped tokens limit blast radius. Audit logging available on paid tiers.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

An agent needs to orchestrate infrastructure provisioning or changes through Terraform Cloud as part of a GitOps or self-service infrastructure pipeline.

Avoid When

Your team uses only open-source Terraform CLI without Terraform Cloud — the API has no equivalent for local state backends.

Use Cases

• Trigger a Terraform plan and apply run for a workspace when infrastructure changes are detected, then poll for completion status
• Read workspace state outputs to discover resource attributes (e.g., load balancer DNS names) for use in downstream automation
• Create and update workspace variables to inject environment-specific configuration or secrets before a run
• List all workspaces in an organization and check for runs stuck in a pending state to alert or auto-cancel them
• Create a new workspace, link it to a VCS repository, and queue an initial speculative plan as part of an onboarding workflow

Not For

• Executing Terraform locally — the API only manages Terraform Cloud/Enterprise, not the open-source CLI
• Real-time streaming of Terraform logs — log access requires polling or a separate log streaming endpoint with buffered reads
• Managing the Terraform provider registry or module registry at the public scale

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

SDK

Yes

Webhooks

Yes

Authentication

Methods: bearer-token

OAuth: No Scopes: Yes

Uses Bearer token authentication via a Terraform Cloud user token or organization/team token. Organization tokens have broad access; team tokens are scoped to specific workspaces. All requests must include Authorization: Bearer <token> header.

Pricing

Model: freemium

Free tier: Yes

Requires CC: No

Free tier is generous for small teams. Enterprise pricing is negotiated contract-based.

Agent Metadata

Pagination

cursor

Idempotent

Partial

Retry Guidance

Documented

Known Gotchas

⚠ Run status transitions are asynchronous — agents must poll the run endpoint repeatedly; webhook notifications are available but require setup
⚠ The API uses JSON:API format (not plain JSON) — data is nested under 'data', 'attributes', and 'relationships' keys, which can trip up naive JSON parsers
⚠ Workspace locks block new runs silently — check for a locked workspace before queuing runs to avoid mysterious queue buildup
⚠ Speculative plans and confirmed applies are different run types — a plan that succeeds does not auto-apply unless the workspace has auto-apply enabled
⚠ State versions are immutable — reading the current state requires fetching the latest state version, not a fixed URL

Alternatives

pulumi-api aws-cloudformation-api github-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Terraform Cloud/Enterprise REST API.

$99

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.