Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/gnmyt/Nexterm/llms.txt

Use this file to discover all available pages before exploring further.

The Nexterm REST API gives you programmatic access to every resource managed by your Nexterm server — entries, folders, identities, organizations, scripts, snippets, and monitoring data. All endpoints are served over HTTP or HTTPS on port 6989 and return JSON.

Base URL

http(s)://your-server:6989/api
Replace your-server with the hostname or IP address of the machine running Nexterm. If you have TLS configured, use https.

Authentication

Most endpoints require a valid session token passed as a Bearer token in the Authorization header. Step 1 — Obtain a token 
curl --request POST \
  --url http://your-server:6989/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '{"username": "admin", "password": "your-password"}'
A successful response includes a token field and also sets the token in the Authorization response header. 
{
  "token": "a1b2c3d4...",
  "message": "Your session got successfully created"
}
Step 2 — Pass the token on every request 
curl --request GET \
  --url http://your-server:6989/api/entry/list \
  --header 'Authorization: Bearer a1b2c3d4...'
If the Authorization header is missing or the token is invalid, the API returns 400 or 401 respectively. Tokens remain valid until explicitly revoked via POST /api/auth/logout or deleted from the Sessions panel.

Common response format

All responses are JSON objects. Successful responses return the requested data directly. Error responses always include a code field matching the HTTP status code and a human-readable message. Success 
{
  "id": 42,
  "message": "Entry got successfully created"
}
Error 
{
  "code": 404,
  "message": "Entry not found"
}

HTTP status codes

CodeMeaning
200Request succeeded.
201Resource created successfully.
400Bad request — missing or invalid parameters.
401Unauthorized — token missing, expired, or invalid.
403Forbidden — authenticated but insufficient permissions.
404Resource not found.
409Conflict — resource already exists.
429Too many requests — rate limit exceeded.
500Internal server error.

Rate limiting

The device authorization endpoints (POST /api/auth/device/create) are rate-limited to 10 requests per hour per IP address for unauthenticated callers. Authenticated users bypass this limit. When the limit is exceeded the API returns: 
{
  "code": 429,
  "message": "Too many requests. Please try again later."
}
The response includes standard RateLimit-* headers so your client can back off gracefully.

Admin-only endpoints

Certain endpoints — such as global monitoring settings — are restricted to accounts with the admin role. Calling them with a non-admin token returns 403 Forbidden.

Next steps

Authentication

Login, logout, passkey, and device auth flows.

Entries

Create and manage server connection entries.

Folders

Organize entries into folders.

Identities

Manage SSH keys and credentials.

Monitoring

Server health and performance metrics.

Organizations

Multi-user collaboration and access control.

Scripts & Snippets

Reusable automation scripts and command snippets.

Build docs developers (and LLMs) love

Get started for freeTalk to us