v2.4 · Cloud API Platform

API Documentation, built for developers

Everything you need to integrate the platform: authenticate requests with API keys, call REST endpoints, and handle responses predictably. Written for engineers — no marketing fluff, just the details required to ship.

  • 99.99% uptime SLA
  • Sub-100ms median latency
  • Clear, versioned docs
request.sh
curl https://api.cloudplatform.dev/v2/endpoints \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"
01 · Getting Started

Overview

The Cloud API Platform gives you programmatic access to compute, storage, and data services through a single, predictable REST interface. Build integrations quickly with consistent request patterns, structured JSON responses, and clear versioning — no guesswork required.


Core capabilities

  • Resource management for compute, storage, and networking
  • Token-based authentication with scoped permissions
  • Real-time webhooks for event-driven workflows
  • Predictable rate limits with transparent usage headers
  • Versioned endpoints for safe, backward-compatible upgrades
  • SDKs and client libraries for popular languages

Getting started

  1. 1

    Create an account & project

    Sign up and generate a project to organize your API usage and billing.

  2. 2

    Generate an API key

    Issue a scoped key from your dashboard — see the Authentication section for details.

  3. 3

    Make your first request

    Call any endpoint with your key attached in the Authorization header.

  4. 4

    Handle the JSON response

    Parse the structured payload and check status codes for success or error handling.


Conventions

REST-based

Standard HTTP verbs (GET, POST, PUT, DELETE) map to resource actions.

JSON everywhere

All requests and responses use application/json.

Versioned

Breaking changes ship under a new version path, e.g. /v1, /v2.

Base URL

All requests are made to https://api.cloudplatform.dev/v1.

Docs / 02

Authentication

Every request to the Cloud API Platform must be authenticated using either an API key or a Bearer token issued from your dashboard. Requests without valid credentials return a 401 Unauthorized response. Bearer tokens are recommended for server-to-server integrations and expire automatically, while API keys are best suited for long-lived, low-privilege access.

Authentication flow

  1. Step 1

    Generate credentials

    Create an API key or client credentials pair from the dashboard's Credentials page.

  2. Step 2

    Exchange for a token

    POST your client credentials to /oauth/token to receive a short-lived Bearer token.

  3. Step 3

    Attach the Authorization header

    Include the key or token in the Authorization header on every subsequent request.

  4. Step 4

    Refresh before expiry

    Bearer tokens expire after 1 hour — refresh proactively to avoid interrupted requests.

Securing your credentials

  • Never commit API keys or tokens to source control or client-side code.
  • Store secrets in environment variables or a dedicated secrets manager.
  • Rotate keys periodically and revoke unused credentials immediately.
  • Scope keys to the minimum permissions required for each integration.

Example — cURL request

request.sh
curl https://api.cloudplatform.dev/v1/resources \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json"

Example — Node.js fetch

auth.js
const res = await fetch("https://api.cloudplatform.dev/v1/resources", {
  headers: {
    Authorization: `Bearer ${process.env.API_TOKEN}`,
    "Content-Type": "application/json"
  }
});

Note: API keys use the same header, formatted as Authorization: Api-Key YOUR_API_KEY.

API Reference

Endpoints

All endpoints are served over HTTPS from https://api.cloudplatform.dev/v1. Requests and responses use application/json. Every request must include a valid bearer token in the Authorization header.

Representative endpoints

  • GET /resources

    Lists resources for the authenticated account, paginated via ?page and ?limit query params.

    Returns 200 with an array; empty accounts return an empty array, not an error.

  • POST /resources

    Creates a new resource. Requires a JSON body with name and type.

    Returns 201 with the created object, or 422 on validation failure.

  • GET /resources/{'{'}id{'}'}

    Retrieves a single resource by identifier.

    Returns 200 on match, or 404 if the id does not exist.

  • PATCH /resources/{'{'}id{'}'}

    Partially updates a resource. Only fields present in the body are modified.

    Returns 200 with the updated object.

  • DELETE /resources/{'{'}id{'}'}

    Permanently removes a resource. This action cannot be undone.

    Returns 204 with no body on success.

Example request

Request POST
curl -X POST https://api.cloudplatform.dev/v1/resources \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{'{'}
    "name": "invoice-worker",
    "type": "queue-consumer"
  {'}'}'
Response 201 Created
{'{'}
  "id": "res_9f2ab1",
  "name": "invoice-worker",
  "type": "queue-consumer",
  "created_at": "2026-07-07T09:12:00Z"
{'}'}

Status code notes

Code Meaning
200 / 201 / 204 Request succeeded; 201 on creation, 204 when no body is returned.
401 Missing or invalid bearer token — see Authentication.
404 Resource identifier does not exist for this account.
422 Request body failed schema or field validation.
429 Rate limit exceeded; retry after the window in the Retry-After header.

04 — FAQ

Frequently Asked Questions

Quick answers to the questions engineering teams ask most often when integrating with the API. Can't find what you need? Reach out via our support channel below.

What are the API rate limits?

Standard accounts are limited to 100 requests/minute per API key. Rate limit status is returned in the X-RateLimit-Remaining header. Exceeding the limit returns a 429 response with a Retry-After header indicating backoff time in seconds.

Why am I getting authentication errors?

A 401 Unauthorized response usually means a missing, expired, or malformed bearer token. Confirm the Authorization: Bearer <token> header is present, that the token hasn't expired, and that clock skew between client and server is under 60 seconds when using signed requests.

How is API versioning handled?

Versions are specified via URL path, e.g. /v1/, /v2/. Breaking changes are only introduced in a new major version, and each version is supported for a minimum of 12 months after deprecation notice via the Deprecation response header.

How does pagination work on list endpoints?

List endpoints use cursor-based pagination. Pass limit and cursor query parameters; each response includes a next_cursor field. Continue requesting with the returned cursor until it is null, which indicates the last page.

Is there a sandbox for testing?

Yes. Use base URL https://sandbox.api.example.com with test-mode keys prefixed sk_test_. Sandbox data resets every 24 hours and mirrors production schemas, so integrations can be validated end-to-end without touching live data.

How do I get support if I'm stuck?

Check the Endpoints reference and Authentication guide first. For unresolved issues, email [email protected] with your request ID from the X-Request-Id response header for fastest triage.

Still have questions? Review the Overview section for a high-level walkthrough of the platform before contacting support.