One API. Predictable responses. Full control of your infrastructure.
The Cloud API Platform gives engineering teams a single, consistent interface for provisioning compute, managing storage, and orchestrating data resources. Every request is authenticated, every response follows a stable schema, and every endpoint ships with real request and response examples — so you integrate once and scale without surprises.
$ curl -X GET https://api.cloudapi.dev/v1/resources \
-H "Authorization: Bearer sk_live_************" \
-H "Accept: application/json"
# 200 OK
{
"data": [{ "id": "res_8f2a", "type": "instance" }],
"meta": { "page": 1, "next": null }
}Key Capabilities
Everything you need to integrate quickly
Authentication
API keys and bearer tokens, scoped permissions, and short-lived credentials for secure, auditable access on every request.
Resource Access
Consistent REST endpoints for compute, storage, networking, and data resources, addressed through predictable, versioned paths.
Predictable Responses
Stable JSON schemas, explicit status codes, and structured error objects mean your integration doesn't break on minor releases.
Developer-Friendly Integration
Copy-paste request examples, idempotent operations, and versioned contracts get you from first call to production fast.
Authenticate every request
The platform supports two authentication methods: API keys for server-to-server integrations, and bearer tokens for scoped, user-level access. Every request must carry valid credentials in the X-API-Key or Authorization header. Once authenticated, explore available routes in Endpoints, or check the FAQ for common issues.
API keys & bearer tokens
Choose the credential type that matches how your integration calls the API.
X-API-Key
Long-lived credential tied to a project or service account. Suited for backend services, CI pipelines, and internal tooling where a fixed identity is acceptable. Sent on every request as a header.
Authorization: Bearer
Short-lived, scoped token issued through OAuth 2.0 client-credentials or authorization-code flow. Use when a request must act on behalf of a specific user or account.
Step-by-step flow
- 1
Generate credentials
From the developer dashboard, create an API key or register an OAuth client to receive a
client_idandclient_secret. - 2
Request an access token
Exchange client credentials for a short-lived token via
POST /v1/oauth/token. Skip this step if you're using a static API key. - 3
Attach credentials to each request
Include the credential in the appropriate header —
X-API-KeyorAuthorization: Bearer— on every outgoing call. - 4
Handle expiry & rotation
Refresh bearer tokens before they expire and rotate API keys on a fixed schedule from the dashboard, without downtime.
Security best practices
Never expose keys client-side
Keep keys and secrets on the server. Never ship them in mobile apps, browser bundles, or public repositories.
Scope tokens narrowly
Request only the OAuth scopes required for the operation to limit exposure if a token is compromised.
Rotate credentials regularly
Rotate API keys on a fixed schedule and revoke unused keys immediately from the dashboard.
Enforce TLS everywhere
All requests must use HTTPS. Requests sent over plain HTTP are rejected at the edge.
Code examples
Reference requests using each credential type.
curl -X GET https://api.cloudplatform.dev/v1/projects \
-H "X-API-Key: {your_api_key}"curl -X POST https://api.cloudplatform.dev/v1/resources \
-H "Authorization: Bearer {access_token}" \
-H "Content-Type: application/json" \
-d '{"name": "example"}'Frequently asked questions
Straight answers to what developers ask most while integrating with the API — rate limits, authentication errors, versioning, pagination, sandbox testing, and support.
Rate limitsWhat are the rate limits, and what happens if I exceed them?
X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers. Exceeding the limit returns 429 Too Many Requests with a Retry-After header — back off and retry after that interval rather than resending immediately.AuthenticationWhy am I getting a 401 or 403 error on authenticated requests?
Authorization: Bearer <token> header is missing, malformed, or expired — generate a fresh token from the dashboard. A 403 Forbidden means the credentials are valid but lack permission for that resource; check the API key's scopes. Sandbox tokens prefixed sk_test_ never authenticate against production. See the Authentication guide for setup steps.VersioningHow does API versioning work, and how should I plan upgrades?
/v1/, /v2/) and each version stays supported for at least 18 months after a successor ships. Breaking changes only ship in a new major version; additive fields can appear at any time, so clients should ignore unrecognized fields rather than fail on them. Pin integrations to an explicit version and watch the changelog before migrating.PaginationHow do I paginate through large result sets?
next_cursor field — pass it as the cursor query parameter on the next request until next_cursor is null. Use limit (default 25, max 100) to control page size; cursors stay stable even as records are inserted, unlike offset pagination. Full request/response samples are in the Endpoints section.SandboxIs there a sandbox environment for testing before going live?
api.sandbox.example.com that mirrors production behavior without processing real data or incurring charges. Sandbox keys are prefixed sk_test_ and can simulate specific error codes, rate-limit responses, and webhook events, so failure handling can be tested before switching to sk_live_ credentials.