API v1 • Stable

Fast, reliable cloud API documentation for builders.

Find authentication details, production-ready endpoint references, and copy-ready examples in a single, scannable docs flow for developers, integrators, and engineering teams.

Read Overview Browse Endpoints

Quick auth snippet

curl -X GET https://api.cloud.dev/v1/projects \
  -H "Authorization: Bearer <token>" \
  -H "Accept: application/json"

Request checklist

1. Generate API key and exchange for token.
2. Send versioned path and required headers.
3. Handle standard error and retry responses.

Documentation / Overview

Cloud API Platform Overview

This API platform provides a consistent HTTP interface for authentication, resource access, event ingestion, and operational telemetry. The documentation below gives a practical orientation so teams can authenticate quickly, test endpoints, and ship reliable integrations.

What the platform does

The platform exposes core cloud resources through versioned REST endpoints. It standardizes request authentication, validation, pagination, and error responses so client implementations remain predictable across services.

Core capabilities

Versioned API surface: stable contract per version with explicit deprecation windows.
Secure access model: token-based authentication with scoped permissions.
Operational consistency: common pagination, filtering, sorting, and idempotency behavior.
Observability hooks: request IDs and structured error payloads for easier tracing and debugging.

Typical use cases

Sync customer, project, or environment metadata into internal tools.
Automate provisioning workflows in CI/CD pipelines.
Ingest platform events into monitoring or analytics systems.
Build internal dashboards backed by live resource state.

Base URL example

https://api.cloudplatform.dev/v1

All endpoints in this documentation are relative to the versioned base URL above.

Response format notes

{
  "data": {},
  "meta": {
    "request_id": "req_01HZX...",
    "pagination": {
      "next_cursor": "cur_..."
    }
  },
  "error": null
}

data contains the requested resource or collection payload.
meta.request_id should be logged for support and tracing.
error is null on success and populated on non-2xx responses.

Authentication

API key authentication

Authenticate every request using a project-scoped API key. Send the key in the Authorization header over HTTPS. Requests without a valid key return 401 Unauthorized.

How it works

Keys are tied to a workspace and inherit the permissions of their assigned role. Use separate keys per environment (development, staging, production) and scope each key to the smallest required access.

Required headers

Authorization: Format: Bearer <API_KEY>
Content-Type: Use application/json for JSON payloads.
X-Request-Id (recommended): Client-generated unique ID for request tracing and support diagnostics.

Example request

cURL

POST /v1/projects

curl https://api.cloudplatform.dev/v1/projects \
  -X POST \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -H "X-Request-Id: 3f2d1a0b-9e73-4d34-89df-412fa1c4c312" \
  -d '{
    "name": "edge-cache",
    "region": "us-east-1"
  }'

Security best practices

Never commit keys to source control or client-side bundles.
Store secrets securely using a managed secret store or environment variables.
Use least privilege by creating role-scoped keys for each service.
Monitor usage and alert on unusual request volume, regions, or endpoints.
Transmit only over HTTPS; plaintext transport is blocked.

Key rotation notes

1. Create a new key with the same scope as the active key.
2. Deploy the new key to all services, then validate successful authenticated traffic.
3. Revoke the old key after cutover; do not keep overlapping keys longer than required.
4. Rotate on a fixed schedule (for example, every 90 days) and immediately after any suspected exposure.

Endpoints

Core project management endpoints with concise request and response examples. All examples assume a valid bearer token and JSON content type.

GET

/projects

Returns a paginated list of projects available to the authenticated account.

HTTP/1.1 200 OK
{
  "data": [
    { "id": "prj_01", "name": "Billing API", "status": "active" },
    { "id": "prj_02", "name": "Webhook Worker", "status": "active" }
  ],
  "next_cursor": "eyJwYWdlIjoyfQ=="
}

POST

/projects

Creates a new project in the current workspace.

POST /projects
Content-Type: application/json

{
  "name": "New Integration",
  "environment": "production"
}

GET

/projects/{id}

Fetches detailed metadata for a single project by project identifier.

HTTP/1.1 200 OK
{
  "id": "prj_01",
  "name": "Billing API",
  "environment": "production",
  "status": "active",
  "created_at": "2026-03-17T08:43:12Z"
}

DELETE

/projects/{id}

Deletes a project. This action is irreversible and invalidates project-scoped keys.

HTTP/1.1 204 No Content

Documentation

Frequently asked questions

Quick answers to common integration issues. For implementation details, see Authentication and Endpoints.

: Most workspace keys are limited to 120 requests/minute per key. Short bursts are allowed up to 2x for a few seconds. On limit exceed, the API returns 429 Too Many Requests with Retry-After and remaining quota headers.
: 401 Unauthorized usually means a missing, expired, or malformed bearer token. 403 Forbidden means the token is valid but lacks required scopes. Verify token audience, environment (sandbox vs production), and scope mapping in Authentication.
: List endpoints use cursor-based pagination with limit and cursor. Responses return next_cursor when more data is available. Avoid page-number assumptions; always iterate using the returned cursor to prevent missing records during concurrent writes.
: Versions are date-based and sent via API-Version header. Additive field changes are backward compatible. Breaking changes (removed fields, semantic response shifts, required parameter changes) are released under a new version. Pin your version in production and validate upgrades in sandbox first.
: Use sandbox credentials and base URL for all integration tests. Seed test data through dedicated endpoints, run idempotency checks, then replay production-like traffic at reduced throughput. Do not reuse sandbox tokens in production. Endpoint examples are listed in Endpoints.
: For sev-1 incidents, use the emergency channel in your enterprise support plan and include request IDs, timestamps (UTC), region, and failing endpoint paths. For standard issues, open a ticket via the contact details in Support with reproducible steps and sanitized payloads.