Developer Portal โ†’ ๐Ÿ”‘ API Keys & Authentication

API Keys & Authentication

Manage your credentials, configure authentication flows, and integrate securely with the CloudNexus infrastructure API.

Active API Keys

Keys grant programmatic access to your account. Keep them secure.

Production - Web App

Active Created: Oct 12, 2024 Scope: full
cnx_prod_a8f3k2m9p4x7q1w5 โ€ขโ€ขโ€ขโ€ข

CI/CD Pipeline

Restricted Created: Nov 03, 2024 Scope: deploy, read
cnx_ci_z9x8c7v6b5n4m3l2 โ€ขโ€ขโ€ขโ€ข

Authentication Methods

๐Ÿ”‘

API Key Authentication

Simple bearer token authentication via HTTP headers. Best for server-to-server communication and CLI tools.

  • Header: Authorization: Bearer <key>
  • Supports scoped permissions
  • Rate limit aware
๐Ÿ”„

OAuth 2.0 / OIDC

Full-featured authorization flow for third-party integrations, user delegation, and single sign-on scenarios.

  • Authorization Code + PKCE
  • Refresh token rotation
  • JWT ID tokens included
๐Ÿ›ก๏ธ

Service Account JWT

Cryptographically signed tokens for automated deployments, infrastructure-as-code, and zero-trust architectures.

  • RS256/ES256 signatures
  • Auto-rotation capable
  • Audience & issuer validation

Integration Examples

# List all active instances curl -X GET "https://api.cloudnexus.io/v1/instances" \\ -H "Authorization: Bearer cnx_prod_a8f3k2m9p4x7q1w5" \\ -H "Content-Type: application/json" \\ -H "X-API-Version: 2024-10"
import requests headers = { "Authorization": "Bearer cnx_prod_a8f3k2m9p4x7q1w5", "Content-Type": "application/json", "X-API-Version": "2024-10" } response = requests.get( "https://api.cloudnexus.io/v1/instances", headers=headers ) print(response.json())
const axios = require('axios'); const fetchInstances = async () => { try { const res = await axios.get( 'https://api.cloudnexus.io/v1/instances', { headers: { 'Authorization': 'Bearer cnx_prod_a8f3k2m9p4x7q1w5', 'X-API-Version': '2024-10' } } ); console.log(res.data); } catch (err) { console.error(err.response?.data || err.message); } }; fetchInstances();

Security & Rate Limits

โšก Rate Limits (API Key)

Endpoint Type Limit / Min
GET /read operations1,200
POST /create operations120
DELETE /critical ops30
WebSocket streams50 concurrent

Limits are enforced per key. Burst capacity available on Enterprise tier.

๐Ÿ” Security Best Practices

  • Never expose API keys in client-side code or public repositories
  • Use environment variables (process.env.CNX_API_KEY)
  • Apply least-privilege scopes to pipeline keys
  • Rotate keys quarterly and monitor audit logs
  • Enable IP allowlisting for production keys
โœ… Copied to clipboard!