Rateplane exposes two surfaces: - **Public catalog** — searchable, normalized compute/region/pricing data across the customer-visible provider catalog. No authentication required. - **Workspace API** — agent and integration endpoints scoped to a single workspace. Authenticated via a workspace-scoped Bearer token (issued at `/dashboard/api-keys`, prefix `rp_live_`). This spec covers the supported, stable surface. Internal cron, webhook, and admin routes are intentionally undocumented and subject to change without notice.
2 endpoints
/api/account/deletePermanently removes the authenticated user's account and all associated workspace data (cascade-deleted by Prisma). A pseudonymised log line is emitted to the structured logs so operators can confirm the deletion happened without retaining the user's email.
/api/account/exportReturns a JSON dump of every record the authenticated user is entitled to under GDPR / DPA 2018: the user row, workspace memberships, owned-workspace data (with credential fields scrubbed), and AuditEvent rows for actions they took. Hard-capped at 5000 rows per collection. The export is itself audit-logged.
3 endpoints
/api/accounts/api/accountsEncrypts AWS/Azure/GCP credentials at rest using envelope encryption. Audit-logged as `account.connect`.
/api/accounts/{id}2 endpoints
/api/agent/tools/api/agent/tools3 endpoints
/api/alerts/api/alerts/api/alerts/{id}2 endpoints
/api/api-keys/api/api-keys3 endpoints
/api/budgets/api/budgets/api/budgets/{id}3 endpoints
/api/compare/api/instancesReturns normalized instance + pricing rows across providers. Filterable by provider, region, vCPUs, memory, hourly cost, family category, and service category. When the live catalog DB is unavailable and a static snapshot fallback is enabled, the response includes a `note` indicating the snapshot is hidden from this endpoint to prevent stale data from leaking into procurement workflows.
/api/regions