Skip to Content
APIAuthentication

Authentication

Authenticate requests to the redu.cloud API using an API key.


Generate an API key

Log in to the Console:

https://console.redu.cloud

Open API Keys:

https://console.redu.cloud/category/user/api-keys

Generate a key and copy it immediately.

API keys are only shown once after creation.


Base URL

https://api.redu.cloud/v1

Authentication header

Include your API key in the x-api-key header:

x-api-key: YOUR_API_KEY

Example: get current user

curl https://api.redu.cloud/v1/me \ -H "x-api-key: YOUR_API_KEY"

Successful response

{ "id": "usr_01HZX8YF2", "username": "joe", "email": "joe@example.com", "roles": ["user"] }

Scopes

An API key can be limited to specific actions. A key with no scopes set has full access; a scoped key is restricted to the resource:action capabilities you grant it. See Scopes and Permissions for the grammar and least-privilege examples.


Common errors

Two distinct cases:

  • 401 means the key is missing, malformed, expired, or invalid. Fix the credential.
  • 403 means a valid key without permission for the request. Either the key lacks the required scope (insufficient_scope), or the route is protected and no key was sent.
{ "error": { "code": "unauthorized", "message": "Invalid API key" } }

A scope failure is specific about what was missing:

{ "error": { "code": "insufficient_scope", "message": "This API key lacks the 'instance:delete' scope required for this request.", "required_scope": "instance:delete", "granted_scopes": ["instance:read"] } }

Compatibility note: most errors follow the { "error": { "code", "message" } } shape above, but some endpoints currently return a plain string body, { "error": "message" }. If you parse errors programmatically, handle both shapes until the envelope is unified.

Last updated on