Cloud API Platform logo Cloud API Platform Docs \u00b7 v1.0
API Status: Operational
API Status: Operational

One API. Predictable responses. Full control of your infrastructure.

The Cloud API Platform gives engineering teams a single, consistent interface for provisioning compute, managing storage, and orchestrating data resources. Every request is authenticated, every response follows a stable schema, and every endpoint ships with real request and response examples — so you integrate once and scale without surprises.

request.sh
$ curl -X GET https://api.cloudapi.dev/v1/resources \
  -H "Authorization: Bearer sk_live_************" \
  -H "Accept: application/json"

# 200 OK
{
  "data": [{ "id": "res_8f2a", "type": "instance" }],
  "meta": { "page": 1, "next": null }
}

Key Capabilities

Everything you need to integrate quickly

Authentication

API keys and bearer tokens, scoped permissions, and short-lived credentials for secure, auditable access on every request.

Resource Access

Consistent REST endpoints for compute, storage, networking, and data resources, addressed through predictable, versioned paths.

Predictable Responses

Stable JSON schemas, explicit status codes, and structured error objects mean your integration doesn't break on minor releases.

Developer-Friendly Integration

Copy-paste request examples, idempotent operations, and versioned contracts get you from first call to production fast.

Authentication

Authenticate every request

The platform supports two authentication methods: API keys for server-to-server integrations, and bearer tokens for scoped, user-level access. Every request must carry valid credentials in the X-API-Key or Authorization header. Once authenticated, explore available routes in Endpoints, or check the FAQ for common issues.

API keys & bearer tokens

Choose the credential type that matches how your integration calls the API.

X-API-Key

Long-lived credential tied to a project or service account. Suited for backend services, CI pipelines, and internal tooling where a fixed identity is acceptable. Sent on every request as a header.

Authorization: Bearer

Short-lived, scoped token issued through OAuth 2.0 client-credentials or authorization-code flow. Use when a request must act on behalf of a specific user or account.

Step-by-step flow

  1. 1

    Generate credentials

    From the developer dashboard, create an API key or register an OAuth client to receive a client_id and client_secret.

  2. 2

    Request an access token

    Exchange client credentials for a short-lived token via POST /v1/oauth/token. Skip this step if you're using a static API key.

  3. 3

    Attach credentials to each request

    Include the credential in the appropriate header — X-API-Key or Authorization: Bearer — on every outgoing call.

  4. 4

    Handle expiry & rotation

    Refresh bearer tokens before they expire and rotate API keys on a fixed schedule from the dashboard, without downtime.

Security best practices

  • Never expose keys client-side

    Keep keys and secrets on the server. Never ship them in mobile apps, browser bundles, or public repositories.

  • Scope tokens narrowly

    Request only the OAuth scopes required for the operation to limit exposure if a token is compromised.

  • Rotate credentials regularly

    Rotate API keys on a fixed schedule and revoke unused keys immediately from the dashboard.

  • Enforce TLS everywhere

    All requests must use HTTPS. Requests sent over plain HTTP are rejected at the edge.

Code examples

Reference requests using each credential type.

API key — cURLbash
curl -X GET https://api.cloudplatform.dev/v1/projects \
  -H "X-API-Key: {your_api_key}"
Bearer token — cURLbash
curl -X POST https://api.cloudplatform.dev/v1/resources \
  -H "Authorization: Bearer {access_token}" \
  -H "Content-Type: application/json" \
  -d '{"name": "example"}'
FAQ

Frequently asked questions

Straight answers to what developers ask most while integrating with the API — rate limits, authentication errors, versioning, pagination, sandbox testing, and support.

Rate limitsWhat are the rate limits, and what happens if I exceed them?
Requests are limited per API key on a rolling window — 120 requests/minute on the Standard tier and 600 requests/minute on Enterprise. Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers. Exceeding the limit returns 429 Too Many Requests with a Retry-After header — back off and retry after that interval rather than resending immediately.
AuthenticationWhy am I getting a 401 or 403 error on authenticated requests?
A 401 Unauthorized usually means the Authorization: Bearer <token> header is missing, malformed, or expired — generate a fresh token from the dashboard. A 403 Forbidden means the credentials are valid but lack permission for that resource; check the API key's scopes. Sandbox tokens prefixed sk_test_ never authenticate against production. See the Authentication guide for setup steps.
VersioningHow does API versioning work, and how should I plan upgrades?
The API is versioned in the URL path (e.g. /v1/, /v2/) and each version stays supported for at least 18 months after a successor ships. Breaking changes only ship in a new major version; additive fields can appear at any time, so clients should ignore unrecognized fields rather than fail on them. Pin integrations to an explicit version and watch the changelog before migrating.
PaginationHow do I paginate through large result sets?
List endpoints use cursor-based pagination. Each response includes a next_cursor field — pass it as the cursor query parameter on the next request until next_cursor is null. Use limit (default 25, max 100) to control page size; cursors stay stable even as records are inserted, unlike offset pagination. Full request/response samples are in the Endpoints section.
SandboxIs there a sandbox environment for testing before going live?
Yes — every account includes a sandbox at api.sandbox.example.com that mirrors production behavior without processing real data or incurring charges. Sandbox keys are prefixed sk_test_ and can simulate specific error codes, rate-limit responses, and webhook events, so failure handling can be tested before switching to sk_live_ credentials.
SupportWhat support channels and response times can I expect?
Standard tiers get email support with a one-business-day first response and access to the community forum. Enterprise plans add a private Slack channel, a named solutions engineer, and a 4-hour SLA for production-impacting issues. Status and incident history are published on the status page linked in the footer.