v2.4 · Cloud API Platform
API Documentation, built for developers
Everything you need to integrate the platform: authenticate requests with API keys, call REST endpoints, and handle responses predictably. Written for engineers — no marketing fluff, just the details required to ship.
- 99.99% uptime SLA
- Sub-100ms median latency
- Clear, versioned docs
curl https://api.cloudplatform.dev/v2/endpoints \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Overview
The Cloud API Platform gives you programmatic access to compute, storage, and data services through a single, predictable REST interface. Build integrations quickly with consistent request patterns, structured JSON responses, and clear versioning — no guesswork required.
Core capabilities
- Resource management for compute, storage, and networking
- Token-based authentication with scoped permissions
- Real-time webhooks for event-driven workflows
- Predictable rate limits with transparent usage headers
- Versioned endpoints for safe, backward-compatible upgrades
- SDKs and client libraries for popular languages
Getting started
-
1
Create an account & project
Sign up and generate a project to organize your API usage and billing.
-
2
Generate an API key
Issue a scoped key from your dashboard — see the Authentication section for details.
-
3
Make your first request
Call any endpoint with your key attached in the Authorization header.
-
4
Handle the JSON response
Parse the structured payload and check status codes for success or error handling.
Conventions
REST-based
Standard HTTP verbs (GET, POST, PUT, DELETE) map to resource actions.
JSON everywhere
All requests and responses use application/json.
Versioned
Breaking changes ship under a new version path, e.g. /v1, /v2.
Base URL
All requests are made to https://api.cloudplatform.dev/v1.
Authentication
Every request to the Cloud API Platform must be authenticated using either an API key or a Bearer token issued from your dashboard. Requests without valid credentials return a 401 Unauthorized response. Bearer tokens are recommended for server-to-server integrations and expire automatically, while API keys are best suited for long-lived, low-privilege access.
Authentication flow
-
Step 1
Generate credentials
Create an API key or client credentials pair from the dashboard's Credentials page.
-
Step 2
Exchange for a token
POST your client credentials to /oauth/token to receive a short-lived Bearer token.
-
Step 3
Attach the Authorization header
Include the key or token in the Authorization header on every subsequent request.
-
Step 4
Refresh before expiry
Bearer tokens expire after 1 hour — refresh proactively to avoid interrupted requests.
Securing your credentials
- Never commit API keys or tokens to source control or client-side code.
- Store secrets in environment variables or a dedicated secrets manager.
- Rotate keys periodically and revoke unused credentials immediately.
- Scope keys to the minimum permissions required for each integration.
Example — cURL request
curl https://api.cloudplatform.dev/v1/resources \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json"
Example — Node.js fetch
const res = await fetch("https://api.cloudplatform.dev/v1/resources", {
headers: {
Authorization: `Bearer ${process.env.API_TOKEN}`,
"Content-Type": "application/json"
}
});
Note: API keys use the same header, formatted as Authorization: Api-Key YOUR_API_KEY.
API Reference
Endpoints
All endpoints are served over HTTPS from https://api.cloudplatform.dev/v1. Requests and responses use application/json. Every request must include a valid bearer token in the Authorization header.
Representative endpoints
-
GET
/resourcesLists resources for the authenticated account, paginated via
?pageand?limitquery params.Returns 200 with an array; empty accounts return an empty array, not an error.
-
POST
/resourcesCreates a new resource. Requires a JSON body with
nameandtype.Returns 201 with the created object, or 422 on validation failure.
-
GET
/resources/{'{'}id{'}'}Retrieves a single resource by identifier.
Returns 200 on match, or 404 if the id does not exist.
-
PATCH
/resources/{'{'}id{'}'}Partially updates a resource. Only fields present in the body are modified.
Returns 200 with the updated object.
-
DELETE
/resources/{'{'}id{'}'}Permanently removes a resource. This action cannot be undone.
Returns 204 with no body on success.
Example request
curl -X POST https://api.cloudplatform.dev/v1/resources \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{'{'}
"name": "invoice-worker",
"type": "queue-consumer"
{'}'}'
{'{'}
"id": "res_9f2ab1",
"name": "invoice-worker",
"type": "queue-consumer",
"created_at": "2026-07-07T09:12:00Z"
{'}'}
Status code notes
| Code | Meaning |
|---|---|
| 200 / 201 / 204 | Request succeeded; 201 on creation, 204 when no body is returned. |
| 401 | Missing or invalid bearer token — see Authentication. |
| 404 | Resource identifier does not exist for this account. |
| 422 | Request body failed schema or field validation. |
| 429 | Rate limit exceeded; retry after the window in the Retry-After header. |
04 — FAQ
Frequently Asked Questions
Quick answers to the questions engineering teams ask most often when integrating with the API. Can't find what you need? Reach out via our support channel below.
What are the API rate limits?
Standard accounts are limited to 100 requests/minute per API key. Rate limit status is returned in the X-RateLimit-Remaining header. Exceeding the limit returns a 429 response with a Retry-After header indicating backoff time in seconds.
Why am I getting authentication errors?
A 401 Unauthorized response usually means a missing, expired, or malformed bearer token. Confirm the Authorization: Bearer <token> header is present, that the token hasn't expired, and that clock skew between client and server is under 60 seconds when using signed requests.
How is API versioning handled?
Versions are specified via URL path, e.g. /v1/, /v2/. Breaking changes are only introduced in a new major version, and each version is supported for a minimum of 12 months after deprecation notice via the Deprecation response header.
How does pagination work on list endpoints?
List endpoints use cursor-based pagination. Pass limit and cursor query parameters; each response includes a next_cursor field. Continue requesting with the returned cursor until it is null, which indicates the last page.
Is there a sandbox for testing?
Yes. Use base URL https://sandbox.api.example.com with test-mode keys prefixed sk_test_. Sandbox data resets every 24 hours and mirrors production schemas, so integrations can be validated end-to-end without touching live data.
How do I get support if I'm stuck?
Check the Endpoints reference and Authentication guide first. For unresolved issues, email [email protected] with your request ID from the X-Request-Id response header for fastest triage.
Still have questions? Review the Overview section for a high-level walkthrough of the platform before contacting support.