Warning: JavaScript is not enabled or not loaded. Please enable JavaScript for the best experience.
Cloud API Platform Docs logo
cloud-api
Cloud API Platform Docs logo cloud-api/docs

Documentation

Get API Key
v2.4 · stable Updated Apr 28, 2026

Overview

The Cloud API Platform gives developers a single, predictable interface to deploy, scale, and observe cloud workloads. Built on REST principles with JSON payloads, every endpoint is versioned, rate-limited, and designed for production use from day one.

This guide walks you through the core concepts, authentication flow, available endpoints, and common integration patterns. If you've used a modern REST API before, you'll feel at home in minutes.

# Key capabilities

  • Predictable REST API

    Resource-oriented URLs, JSON bodies, standard HTTP codes.

  • Token-based auth

    Scoped API keys with rotation and per-environment isolation.

  • Global low-latency edge

    Sub-100ms response times across 30+ regions worldwide.

  • Webhooks & streaming

    Real-time events via signed webhooks or persistent SSE streams.

  • Idempotent writes

    Safely retry any mutating request with idempotency keys.

  • First-class SDKs

    Official libraries for Node, Python, Go, Ruby, and Rust.

# Quick start

You'll need an API key from your dashboard. All requests are sent to https://api.cloudplatform.dev/v2 over HTTPS. Authenticate by passing your key as a Bearer token in the Authorization header.

  1. 1Generate an API key from the Authentication section.
  2. 2Send a test request to /v2/ping to verify connectivity.
  3. 3Explore available Endpoints and integrate.

# Example request

A simple authenticated GET request and the JSON response you can expect:

GET /v2/projects/proj_8f2a/status 
$ curl https://api.cloudplatform.dev/v2/projects/proj_8f2a/status \
  -H "Authorization: Bearer sk_live_xxxxxxxxxxxx" \
  -H "Accept: application/json"
200 OK application/json 
{
  "id": "proj_8f2a",
  "name": "production-api",
  "status": "healthy",
  "region": "us-east-1",
  "uptime": 99.998,
  "updated_at": "2026-04-28T14:22:09Z"
}
Continue to Authentication Browse endpoints
auth/v1 Updated Apr 2026

Authentication

All requests to the Cloud API must be authenticated. We support two methods: API keys for server-to-server access and bearer tokens for short-lived, user-scoped sessions. Credentials must be sent over HTTPS in the request header.

API Keys

Long-lived secret keys for backend services. Prefix: sk_live_

Header: X-API-Key

Bearer Tokens

Short-lived JWTs for user sessions. Default expiry: 3600s

Header: Authorization: Bearer

Required Headers

Every authenticated request must include the following headers.

Header Required Description
Authorization yes Bearer token or API key credential.
Content-Type yes application/json for all POST / PUT requests.
X-Request-Id optional Idempotency / tracing identifier (UUID v4).
X-API-Version optional Pin to a specific API version, e.g. 2026-01-01.

Authentication Flow

Follow these four steps to obtain credentials and send your first authenticated request.

  1. 01

    Create an account & project

    Sign in to the dashboard and create a project. Each project gets isolated keys, environments, and rate limits.

  2. 02

    Generate an API key

    Go to Settings → API Keys and create a new key. Copy it immediately — secret keys are shown only once.

  3. 03

    Exchange for a bearer token (optional)

    For user-scoped access, POST your API key to /v1/auth/token to receive a short-lived JWT.

  4. 04

    Send authenticated requests

    Include the credential in the Authorization header on every request to protected endpoints.

Example Request

An authenticated GET request using a bearer token.

cURL
request.sh 
# Replace YOUR_TOKEN with the bearer token from /v1/auth/token
curl https://api.cloudplatform.dev/v1/projects \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-API-Version: 2026-01-01"

Heads up: Never expose secret keys in client-side code. Use bearer tokens for browsers and rotate keys regularly via the dashboard. See the FAQ for rotation policies.

03 Reference

Endpoints

All endpoints are reachable over HTTPS at https://api.example.com/v1. Requests and responses are JSON-encoded and authenticated via bearer tokens.

GET /v1/resources List

Returns a paginated list of resources owned by the authenticated workspace, ordered by creation date (most recent first).

Query parameters

limit
integer · default 20, max 100
cursor
string · optional pagination token
status
string · filter: active, archived
Request cURL 
curl https://api.example.com/v1/resources \
  -H "Authorization: Bearer $TOKEN" \
  -G -d limit=20
Response 200 OK 
{
  "data": [
    { "id": "res_8f2a", "name": "Primary", "status": "active" },
    { "id": "res_3c91", "name": "Staging", "status": "active" }
  ],
  "next_cursor": "eyJpZCI6..."
}
GET /v1/resources/{id} Retrieve

Retrieves a single resource by its unique identifier. Returns the full resource object, including timestamps and metadata.

Path parameters

id
required · resource identifier
Request cURL 
curl https://api.example.com/v1/resources/res_8f2a \
  -H "Authorization: Bearer $TOKEN"
Response 200 OK 
{
  "id": "res_8f2a",
  "name": "Primary",
  "status": "active",
  "created_at": "2026-03-14T09:21:00Z"
}
POST /v1/resources Create

Creates a new resource. The request body must be JSON-encoded and include the required name field.

Body parameters

name
required · string, 1–80 chars
region
string · default us-east
metadata
object · key/value pairs
Request cURL 
curl https://api.example.com/v1/resources \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Analytics",
    "region": "eu-west"
  }'
Response 201 Created 
{
  "id": "res_b71d",
  "name": "Analytics",
  "region": "eu-west",
  "status": "active"
}
PATCH /v1/resources/{id} Update

Updates one or more fields on an existing resource. Only the provided fields are modified; omitted fields remain unchanged.

Body parameters

name
string · optional
status
string · active or archived
Request cURL 
curl -X PATCH https://api.example.com/v1/resources/res_8f2a \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "status": "archived" }'
Response 200 OK 
{
  "id": "res_8f2a",
  "status": "archived",
  "updated_at": "2026-04-28T10:02:11Z"
}
DELETE /v1/resources/{id} Delete

Permanently deletes a resource. This action cannot be undone. Returns an empty body on success.

Path parameters

id
required · resource identifier
Request cURL 
curl -X DELETE https://api.example.com/v1/resources/res_8f2a \
  -H "Authorization: Bearer $TOKEN"
Response 204 No Content 
// empty body
04 — FAQ

Frequently asked questions

Common answers about rate limits, errors, versioning, and getting help. Can't find what you need?

Contact developer support
01

What are the API rate limits?

Free tier: 60 req/min. Pro: 1,000 req/min. Enterprise: custom. Each response includes X-RateLimit-Remaining and X-RateLimit-Reset headers. Exceeding the limit returns 429 Too Many Requests.

02

Why am I getting a 401 Unauthorized error?

Most 401 errors come from a missing or malformed Authorization header. Ensure you're sending:

Authorization: Bearer sk_live_••••••••

See the Authentication section for token rotation and scopes.

03

How does API versioning work?

Versions are pinned via the URL path (e.g. /v2/resources). Breaking changes ship in a new major version; non-breaking additions are released continuously. Deprecated versions are supported for at least 12 months with advance notice via the changelog and Sunset headers.

04

How do I paginate through results?

List endpoints use cursor-based pagination. Pass limit (max 100) and cursor query params. Each response returns a next_cursor field — pass it back to fetch the next page. When has_more is false, you've reached the end.

05

Which HTTP error codes should I handle?
  • 400 — malformed request body or params
  • 401 — missing/invalid API key
  • 403 — authenticated but lacks required scope
  • 429 — rate limited, retry with backoff
  • 5xx — transient server error, retry idempotent calls
06

How do I get developer support?

Email [email protected] with your request ID (returned in the X-Request-Id header), join the community Discord, or check live status at status.example.dev. Enterprise customers get a dedicated Slack channel and 1-hour SLA.