unsandbox.com - Secure Code Execution API Execute code in 42 supported programming languages via a simple REST API. No infrastructure to manage. API Endpoints POST /execute Execute code synchronously. Returns stdout, stderr, exit code. Request: JSON with language (required), code (required), input_files (optional array of base64 files), network_mode (zerotrust or semitrusted), ttl (1-900 seconds). Response: success, stdout, stderr, language, exit_code. POST /execute/async Execute code asynchronously. Returns job_id immediately. Request: Same as /execute. Response: job_id, status (pending). POST /run Auto-detect language from shebang and execute synchronously. Request: Raw text (text/plain), no JSON wrapper. Response: success, stdout, stderr, detected_language. POST /run/async Auto-detect language and execute asynchronously. Request: Raw text (text/plain). Response: job_id, status, detected_language. GET /jobs List all active jobs for your API key. Response: Array of job summaries. GET /jobs/{id} Get status and results of a specific job. Response: status, stdout, stderr, success, timestamps. DELETE /jobs/{id} Cancel a running job. Returns partial output. Response: status (cancelled), partial stdout/stderr. GET /languages List all supported languages and aliases. Response: languages array, count, aliases mapping. Interactive Sessions POST /sessions Create a persistent shell session (interactive container). Request: JSON with network_mode (optional), ttl (optional, 0=no limit), shell (optional, default bash). Response: session_id, container_name, websocket_url, status. GET /sessions List all active sessions for your API key. Response: sessions array with session_id, status, container_name, network_mode, remaining_ttl. GET /sessions/{id} Get session status and connection info. Response: session_id, status, websocket_url, created_at, expires_at. POST /sessions/{id}/sleep Freeze a session to save resources. State preserved. Response: status (sleeping). POST /sessions/{id}/wake Wake a sleeping session. Response: status, wake_time. POST /sessions/{id}/lock Lock session to prevent accidental deletion. Response: locked (true). POST /sessions/{id}/unlock Unlock a locked session. Response: locked (false). POST /sessions/{id}/snapshot Create a snapshot of the session's container state. Request: JSON with hot (optional, bool), name (optional), ttl (optional seconds). Response: snapshot_id, name, size_bytes. DELETE /sessions/{id} Terminate a session and destroy its container. Response: status (terminated). WebSocket /sessions/{id}/shell Connect to session for interactive shell access. Authentication: Query params auth=public_key, timestamp=unix, signature=hmac. Messages: JSON with type (stdin, resize, ping) and data. Services (Persistent Containers) POST /services Create a long-running service with custom subdomain. Request: JSON with name (required), network_mode, ports (array), custom_domains (array), bootstrap or bootstrap_content, input_files (optional array of base64 files). Response: service_id, name, url, status, ports. GET /services List all services for your API key. Response: services array with service_id, name, state, domains, ports. GET /services/{id} Get service status, IP, ports, and health. Response: service_id, name, state, url, ports, created_at. GET /services/{id}/logs Get bootstrap and application logs. Response: log (string). POST /services/{id}/sleep Freeze a service. Auto-wakes on first HTTP request. Response: state (sleeping). POST /services/{id}/wake Manually wake a sleeping service. Response: state, wake_time. POST /services/{id}/redeploy Re-run the bootstrap script. Request: Optionally include new bootstrap_content. Response: state (redeploying). POST /services/{id}/execute Run a command inside a running service. Request: JSON with command (string). Response: stdout, stderr, exit_code. POST /services/{id}/lock Lock service to prevent accidental deletion. Response: locked (true). POST /services/{id}/unlock Unlock a locked service. Response: locked (false). POST /services/{id}/snapshot Create a snapshot of the service's container state. Request: JSON with hot (optional, bool), name (optional), ttl (optional seconds). Response: snapshot_id, name, size_bytes. DELETE /services/{id} Destroy a service and its container. Response: status (destroyed). Snapshots (Paid Tiers Only) POST /snapshots Create a snapshot from a session or service. Request: JSON with source_type (session or service), source_id, name (optional), hot (optional), ttl (optional). Response: snapshot_id, name, source_type, source_id, size_bytes. GET /snapshots List all snapshots for your API key. Response: snapshots array with id, name, source_type, source_id, container_name, size_bytes, locked. GET /snapshots/{id} Get snapshot details. Response: id, name, source_type, source_id, container_name, size_bytes, created_at. POST /snapshots/{id}/clone Create new session or service from snapshot. Request: JSON with type (session or service), name (optional for service), shell (optional for session). Response: session_id or service_id depending on type. POST /snapshots/{id}/restore Restore snapshot to its original source. Response: status (restored). POST /snapshots/{id}/lock Lock snapshot to prevent accidental deletion. Response: locked (true). POST /snapshots/{id}/unlock Unlock a locked snapshot. Response: locked (false). DELETE /snapshots/{id} Permanently delete a snapshot. Response: status (deleted). Authentication Headers: Authorization: Bearer X-Timestamp: X-Signature: Environment: UNSANDBOX_PUBLIC_KEY and UNSANDBOX_SECRET_KEY The public key (unsb-pk-xxxx-xxxx-xxxx-xxxx) identifies the account. The signature is HMAC-SHA256(secret_key, "timestamp:METHOD:path:body") as lowercase hex. Body is the raw request body (empty string for GET/DELETE). Timestamp must be within +/-5 minutes of server time. The secret key is never transmitted - only used to compute the signature. When implementing a client, read API keys from environment variables rather than hardcoding them. Supported Languages (42) python, javascript, typescript, ruby, perl, php, lua, bash, r, elixir, erlang, tcl, scheme, powershell, clojure, commonlisp, crystal, groovy, deno, awk, raku, c, cpp, go, rust, java, kotlin, cobol, fortran, d, zig, nim, v, objc, dart, julia, haskell, ocaml, fsharp, csharp, prolog, forth Aliases: node and js map to javascript, ts maps to typescript, lisp maps to commonlisp. Documentation OpenAPI spec: https://api.unsandbox.com/openapi Human-readable docs: https://api.unsandbox.com/docs Language-specific guides: https://unsandbox.com/docs/python, https://unsandbox.com/docs/go, etc. Each supported programming language has integration examples. Available in 20 human languages. API Keys: https://unsandbox.com/pricing-for-agents Web Console: https://unsandbox.com/console (browser-based management UI) Rate limits and pricing vary by plan. Free tier available for testing. Source of truth: https://api.unsandbox.com/static/unsandbox.txt CLI Tool Download: https://unsandbox.com/cli Single binary, no dependencies. Run code files directly from your terminal. Usage: un [options] un session [options] un service [options] un snapshot [options] un key Execute options: -e KEY=VALUE Set environment variable -f FILE Add input file to /tmp/ -F FILE Add input file with path preserved -a Return and save artifacts (compiled binaries) -o DIR Output directory for artifacts -n MODE Network mode: zerotrust (default) or semitrusted -v N vCPU count 1-8, each vCPU gets 2GB RAM Session options: --shell SHELL Shell/REPL to use (bash, python3, node, etc.) --list List active sessions --attach ID Reconnect to existing session --freeze ID Freeze a session --unfreeze ID Unfreeze a session --kill ID Terminate a session Service options: --name NAME Service name (becomes NAME.on.unsandbox.com) --ports PORTS Comma-separated ports (e.g., 80,443) --domains DOMS Custom domains (comma-separated) --bootstrap Bootstrap script/URL to run on startup --bootstrap-file File containing bootstrap script -f FILE Add input file (can use multiple times) --list List all services --info ID Get service details --logs ID Get bootstrap logs --execute ID CMD Run command in service container --freeze ID Freeze a service --unfreeze ID Unfreeze a service --redeploy ID Re-run bootstrap script --snapshot ID Create snapshot of service --destroy ID Destroy a service Snapshot options: --list List all snapshots --clone ID Clone snapshot to new session/service --restore ID Restore snapshot to original source --delete ID Delete a snapshot Key options: (no args) Check API key validity and expiration Examples: un script.py # execute Python script un -e DEBUG=1 main.go # with environment variable un -f data.csv process.py # with input file un -a -o ./bin program.c # save compiled artifacts un session # interactive bash shell un session --shell python3 # Python REPL un session --attach unsb-vm-abc # reconnect to session un session --freeze unsb-vm-abc # freeze session un session --unfreeze unsb-vm-abc # unfreeze session un service --name web --ports 80 --bootstrap ./setup.sh un service --name api -f app.tar.gz --bootstrap ./deploy.sh un service --list # list all services un service --logs abc123 # view service logs un service --unfreeze abc123 # unfreeze sleeping service un service --snapshot abc123 # create snapshot un snapshot --list # list all snapshots un snapshot --clone xyz789 # clone snapshot to new resource un key # check key validity CI/CD: Perfect for GitHub Actions and GitLab runners. Download once, run any language without installing runtimes. No Docker required. Claude Code: Works seamlessly with Claude Code CLI. Let Claude write and execute code in any language without local runtime setup. Deep Freeze When API keys expire, services don't die - they enter deep freeze: - Container state preserved indefinitely - All data intact on disk - Auto-wakes when key is extended - Anyone can pay to extend the key and wake the service Services can sleep for years and wake up exactly where they left off. See: https://unsandbox.com/blog/deep-unfreeze