Developer Portal Authentication API Keys & Tokens

API Keys & Tokens

Manage your authentication credentials, configure scopes, and securely integrate with the CloudNexus API. All tokens are encrypted at rest and support automated rotation.

Create & Manage Keys

Generate API keys from the Developer Console or via the management API. Each key can be scoped to specific services, environments, and permission levels.

⚠️ Security Notice

API keys are revealed only once upon creation. Store them securely in environment variables or a secrets manager. Never commit them to version control.

Generate New Key

📅 Created: Oct 24, 2024 ⏳ Expires: Jan 24, 2025 Active

Scopes: compute:read storage:write network:admin

Active Tokens

Key ID Name Last Used Status Actions
cnx_prod_8xK9... Production Backend 2 mins ago Active
cnx_stg_mQ4v... Staging CI/CD 3 hrs ago Active
cnx_dev_pL9z... Local Development Never Expired

Authentication Examples

Include your API key in the Authorization header or as a query parameter. Header-based authentication is strongly recommended for production.

curl -X GET "https://api.cloudnexus.io/v2/instances" \\
  -H "Authorization: Bearer cnx_prod_8xK9mP2vL5qR7wN3tJ6yH1cZ4bA0eD" \\
  -H "Content-Type: application/json"
import requests

api_key = "cnx_prod_8xK9mP2vL5qR7wN3tJ6yH1cZ4bA0eD"
headers = {
    "Authorization": f"Bearer {api_key}",
    "Content-Type": "application/json"
}

response = requests.get("https://api.cloudnexus.io/v2/instances", headers=headers)
print(response.json())
const fetch = require('node-fetch');

const apiKey = 'cnx_prod_8xK9mP2vL5qR7wN3tJ6yH1cZ4bA0eD';
const response = await fetch('https://api.cloudnexus.io/v2/instances', {
    headers: {
        'Authorization': `Bearer ${apiKey}`,
        'Content-Type': 'application/json'
    }
});

console.log(await response.json());

Token Types & Scopes

ℹ️ Scope-Based Access

CloudNexus uses fine-grained OAuth-style scopes. Combine resources and actions using the format <resource>:<action>. Available scopes include compute, storage, network, billing, and admin.

  • compute:read - List and describe VPS/VM instances
  • compute:write - Create, update, and terminate instances
  • storage:admin - Full access to object storage and databases
  • network:read - View load balancers, firewalls, and DNS records

Rate Limits & Best Practices

Plan Requests / Min Burst Limit Response Code
Starter 60 100 429 Too Many Requests
Professional 1,000 2,000 429 Too Many Requests
Enterprise Custom Unlimited 429 Too Many Requests

When rate limited, the API returns a 429 status with a Retry-After header. Implement exponential backoff in your client logic.

Frequently Asked Questions

How do I rotate an API key without downtime?

Use the POST /v2/keys/rotate endpoint. It generates a new key while keeping the old one active for 24 hours. Update your systems during this grace period, then revoke the old key manually or automatically.

Can I restrict keys to specific IP addresses?

Yes. Under key settings, enable IP allowlisting. You can add CIDR ranges (e.g., 203.0.113.0/24) to restrict where the token can be used. This is recommended for production deployments.

What happens when a token expires?

Expired tokens immediately return 401 Unauthorized on all requests. You will receive email and webhook notifications 7 and 1 day before expiration. Use the CLI or API to auto-renew if configured.