Authentication
All API requests require authentication using an API key or OAuth 2.0 access token. Include your credentials in the Authorization header.
API Key Format
Authorization: Bearer cn_live_sk_<your_api_key>
| Header | Required | Description |
|---|---|---|
Authorization |
Yes | Bearer token or API key |
X-CloudNexus-Id |
Yes | Your account identifier |
Content-Type |
Yes | Always application/json |
Core Endpoints
Base URL: https://api.cloudnexus.io/v2
| Method | Endpoint | Description |
|---|---|---|
| GET | /servers |
List all compute instances |
| POST | /servers |
Provision a new server |
| PUT | /servers/{id} |
Update server configuration |
| DELETE | /servers/{id} |
Terminate a server |
| GET | /clusters/k8s |
List Kubernetes clusters |
| POST | /webhooks |
Create a webhook subscription |
Code Examples
curl -X POST https://api.cloudnexus.io/v2/servers \
-H "Authorization: Bearer cn_live_sk_abc123" \
-H "Content-Type: application/json" \
-d '{
"region": "us-east-1",
"plan": "professional",
"image": "ubuntu-22.04",
"count": 2
}'import { CloudNexus } from '@cloudnexus/sdk';
const cn = new CloudNexus(process.env.CN_API_KEY);
async function deployServer() {
const server = await cn.servers.create({
region: 'us-east-1',
plan: 'professional',
image: 'ubuntu-22.04',
count: 2
});
console.log(`Deployed: ${server.id}`);
}
deployServer();import cloudnexus
client = cloudnexus.Client(api_key="cn_live_sk_abc123")
server = client.servers.create(
region="us-east-1",
plan="professional",
image="ubuntu-22.04",
count=2
)
print(f"Deployed: {server.id}")Webhooks
Webhooks allow your application to receive real-time HTTP POST notifications when specific events occur in your CloudNexus account. Configure endpoints via the API or dashboard.
Supported Events
| Event Type | Description |
|---|---|
server.created | Triggered when a new instance finishes provisioning |
server.scaled | Triggered on auto-scale up/down events |
billing.invoice.finalized | Monthly invoice is ready |
security.threat.detected | DDoS or intrusion attempt blocked |
cluster.node.joined | New Kubernetes worker attached |
Webhook Payload Structure
server.created
{
"event": "server.created",
"id": "evt_9f8a7b6c5d4e",
"timestamp": "2025-01-15T14:22:00Z",
"data": {
"server_id": "srv_2x9k4m",
"region": "us-east-1",
"ip": "10.244.1.5",
"status": "running"
}
}
security.threat.detected
{
"event": "security.threat.detected",
"id": "evt_1a2b3c4d5e6f",
"timestamp": "2025-01-15T16:45:12Z",
"data": {
"source_ip": "185.220.101.44",
"attack_type": "SYN_FLOOD",
"mitigated": true,
"packets_blocked": 45200
}
}
Verifying Signatures
All webhooks are signed using HMAC-SHA256. Include the X-CloudNexus-Signature header validation in your endpoint handler.
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload, 'utf-8')
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expected)
);
}Rate Limits & Status Codes
API requests are rate-limited per account tier to ensure platform stability. Exceeding limits returns 429 Too Many Requests.
| Status Code | Meaning | Action |
|---|---|---|
200 OK | Request succeeded | Process response |
400 Bad Request | Invalid parameters | Check request body |
401 Unauthorized | Missing/invalid auth | Verify API key |
403 Forbidden | Insufficient permissions | Check role/scopes |
429 Rate Limited | Too many requests | Wait & retry with exponential backoff |
500 Server Error | Internal failure | Check status page or contact support |
Rate Limits by Tier
Starter: 100 req/min | Professional: 500 req/min | Enterprise: 2,000 req/min (customizable)
Rate limit headers are included in every response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset