This new API endpoint will likely be a PUT or POST that takes a service spec key as a parameter.

The new endpoint should:

• return 401 if user is not authorized (e.g. no JWT, expired, invalid, etc)
• return 403 if user requests to run a spec that is not present in their catalog
• lookup the current user's applications based on their JWT
  • if user's applications do not include one matching the desired spec key, create a new instance
• retrieve the first id of the first instance matching the desired spec key
• call "start" on the id returned in the previous step
• immediately return the endpoint URL of the started stack - don't wait for stack to start