/docs · v1

Fast, reliable documentation for the Cloud API.

Integrate in minutes, authenticate with confidence, and explore every endpoint with precise, scannable reference material built for developers.

Jump to FAQ for common integration questions.

quickstart.sh
# 1. Authenticate
curl -H "Authorization: Bearer $TOKEN" \
  https://api.cloudplatform.dev/v1/ping

# 2. Call an endpoint
curl -X GET \
  https://api.cloudplatform.dev/v1/resources

200 OK {"status":"connected"}

Documentation

Overview

Our Cloud API Platform gives development teams a single, consistent interface to provision infrastructure, move data, and automate workflows across environments — without managing separate SDKs for every provider.

It is built as a REST-first API with predictable resource naming, versioned endpoints, and structured error responses, so integrations remain stable as your systems scale.

Typical use cases

  • Infrastructure provisioning

    Spin up and tear down compute, storage, and network resources programmatically.

  • CI/CD pipeline automation

    Trigger deployments and manage environments directly from build pipelines.

  • Multi-tenant data sync

    Keep application data consistent across regions and customer workspaces.

  • Custom internal tooling

    Build internal dashboards and CLI tools on top of a single documented API surface.

Core capabilities

Resource management
Create, read, update, and delete resources through predictable, versioned endpoints.
Token-based auth
Secure every request with scoped API keys and short-lived access tokens.
Webhooks & events
Subscribe to resource lifecycle events for real-time automation.
Structured errors
Consistent, machine-readable error codes and messages for reliable handling.
Rate limits & quotas
Transparent usage headers so integrations can adapt gracefully at scale.

Why developers choose it

  • One API surface instead of juggling multiple provider SDKs.
  • Stable, versioned contracts that avoid breaking changes mid-integration.
  • Reference documentation with real request and response examples.
  • Built-in observability through detailed logs and event webhooks.

Reference · Auth

Authentication #

Every request to the platform API must be authenticated. The API supports token-based authentication using either a long-lived API key or a short-lived bearer token, sent with each request over HTTPS.

API Keys

Static credentials issued per project. Ideal for server-to-server integrations, background jobs, and internal tooling where rotation is managed manually.

Bearer Tokens

Short-lived tokens issued via the token endpoint after authenticating with your client credentials. Recommended for production workloads requiring frequent rotation.

Using Your Token

Include your credential in the Authorization header of every request, prefixed with Bearer. Requests missing or presenting an invalid credential are rejected with an authorization error before reaching application logic.

  • 1Generate a key or token from your account dashboard.
  • 2Attach it to the Authorization header on outbound requests.
  • 3Rotate or refresh before expiry to avoid interrupted requests.

Security Best Practices

Never expose credentials in client-side code, public repositories, or logs. Store them in a secrets manager or environment variables.

Scope credentials to the minimum required permissions and rotate them on a regular schedule.

Use separate credentials per environment — development, staging, and production should never share a key.

Revoke unused or compromised credentials immediately from the dashboard to prevent unauthorized access.

Example Request

A typical authenticated request pairs your endpoint URL with the Authorization header shown below.

GET /v1/resources HTTP/1.1
Host: api.yourplatform.dev
Authorization: Bearer <your_token>
Accept: application/json

Reference · §03

Endpoints #

Base URL: https://api.cloudplatform.dev/v1

Every resource below follows the same REST conventions: JSON payloads, standard HTTP verbs, and predictable status codes. Authenticate every request as described in the Authentication section.

Projects

/projects

Create and manage isolated project namespaces that scope billing, quotas, and resources.

  • GET /projects List all projects for the authenticated account
  • POST /projects Create a new project
  • PATCH /projects/{'{'}id{'}'} Update project name or metadata
  • DELETE /projects/{'{'}id{'}'} Permanently delete a project and its resources
View example & notes

Request

POST /projects
{'{'}
  "name": "payments-prod",
  "region": "us-east-1"
{'}'}

Response 201

{'{'}
  "id": "proj_8k2n",
  "name": "payments-prod",
  "status": "active"
{'}'}

Note: project names must be unique per account. Deletes are asynchronous and return 202 Accepted.

Compute Instances

/instances

Provision, inspect, and terminate virtual compute instances within a project.

  • GET /instances List instances with optional status filter
  • POST /instances Launch a new instance from an image
  • GET /instances/{'{'}id{'}'} Retrieve instance status and metadata
  • DELETE /instances/{'{'}id{'}'} Terminate an instance
View example & notes

Request

POST /instances
{'{'}
  "image": "ubuntu-22-04",
  "size": "standard-2"
{'}'}

Response 202

{'{'}
  "id": "inst_5q1z",
  "status": "provisioning"
{'}'}

Note: instance creation is rate-limited to 20 requests/min per project. Poll the instance resource for provisioning state.

Storage Buckets

/storage/buckets

Object storage containers with configurable access policies and lifecycle rules.

  • GET /storage/buckets List buckets in the current project
  • POST /storage/buckets Create a bucket with a region and access policy
  • PUT /storage/buckets/{'{'}name{'}'}/policy Replace the bucket's access policy
View example & notes

Request

POST /storage/buckets
{'{'}
  "name": "assets-eu",
  "region": "eu-west-1",
  "access": "private"
{'}'}

Response 201

{'{'}
  "name": "assets-eu",
  "created_at": "2026-07-07T10:00:00Z"
{'}'}

Note: bucket names are globally unique across all accounts and cannot be renamed after creation.

Webhooks

/webhooks

Subscribe to asynchronous platform events such as instance state changes and billing alerts.

  • GET /webhooks List configured webhook subscriptions
  • POST /webhooks Register a new webhook endpoint and event types
  • DELETE /webhooks/{'{'}id{'}'} Remove a webhook subscription
View example & notes

Request

POST /webhooks
{'{'}
  "url": "https://app.example.com/hooks",
  "events": ["instance.ready"]
{'}'}

Response 201

{'{'}
  "id": "whk_29fa",
  "secret": "whsec_***"
{'}'}

Note: payloads are signed with HMAC-SHA256; verify the X-Signature header before processing.

All responses use standard HTTP status codes. Errors return a JSON body with code and message fields for consistent handling across endpoints.

Reference

Frequently Asked Questions

Common questions about rate limits, authentication, versioning, testing, and support. If your question isn't answered here, reach out to our support team.

What are the API rate limits?

Standard accounts are limited to 120 requests/min per API key, enforced with a sliding window. Rate limit status is returned on every response via the X-RateLimit-Remaining header. Exceeding the limit returns a 429 status with a Retry-After header.

Why am I getting authentication errors?

A 401 Unauthorized usually means a missing or malformed Authorization header, an expired bearer token, or a revoked key. Confirm your key is active in the dashboard and that tokens are refreshed before their exp claim elapses. See the Authentication section for full setup.

How does API versioning work?

Versions are specified via URL path, e.g. /v2/endpoint. Each major version is supported for a minimum of 18 months after the next is released, with deprecation notices sent through the dashboard and Sunset response headers. Breaking changes never ship within an existing major version.

Is there a sandbox for testing?

Yes. Every account includes a sandbox environment at api.sandbox.example.com with isolated data, no billing impact, and synthetic responses for common failure cases. Sandbox keys are prefixed sk_test_ and are generated in the dashboard alongside live keys.

What should I expect from support?

Standard tier support responds within 1 business day via the support portal. Enterprise plans include a dedicated Slack channel with a 4-hour SLA for production-impacting issues. Status and incident history are published at status.example.com.