API v2 · 99.99% uptime SLA

Build on a cloud API designed for speed and clarity.

Clean, predictable REST endpoints, token-based authentication, and documentation written for engineers. Go from API key to first successful request in under five minutes.

request.sh
# authenticate and fetch a resource
curl https://api.platform.dev/v2/orders \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json"

→ 200 OK
{
  "id": "ord_9f2a",
  "status": "confirmed",
  "latency_ms": 42
}
Avg. Latency
42ms
Uptime
99.99%
Time to First Call
<5min

Documentation

Platform Overview

The Nimbus Cloud API gives you programmatic access to compute, storage, and data services through a single, consistent REST interface. Every resource speaks JSON over HTTPS, so you can provision infrastructure, manage data pipelines, and orchestrate services without leaving your existing tooling.

The API is designed for predictability: stable resource naming, explicit versioning, and consistent error semantics across every endpoint. Whether you're automating a single workflow or building a full integration layer, the same primitives apply everywhere.

Key capabilities

  • Unified REST interface

    One consistent request/response model across every service.

  • Real-time webhooks

    Subscribe to resource events instead of polling for state.

  • Fine-grained access control

    Scope API keys down to specific resources and actions.

  • Global edge availability

    Low-latency routing across regional points of presence.

  • Usage-based billing

    Transparent quotas and metered pricing per project.

  • Versioned releases

    Backward-compatible changes with a clear deprecation policy.

Core concepts

Resources
The core objects the API manages — e.g. instances, buckets, and jobs — each addressable by a stable identifier.
Projects
Logical containers that isolate resources, billing, and access for a team or environment.
API keys & scopes
Credentials tied to explicit permission scopes, used to authenticate every request.
Rate limits
Per-key request thresholds returned in response headers to help you back off gracefully.
Regions
Geographic deployment targets you select per resource for latency and data residency.

Getting started

5 steps
  1. 1Create a project and generate an API key — see Authentication.
  2. 2Send your first authenticated request to a base endpoint.
  3. 3Browse available routes and payloads in Endpoints.
  4. 4Handle pagination, error codes, and rate-limit headers in your client.
  5. 5Promote to production with narrowly-scoped keys per environment.
GET /v1/status
curl https://api.nimbus.dev/v1/status \
  -H "Authorization: Bearer YOUR_API_KEY"

Need common gotchas or troubleshooting tips? Check the FAQ.

02 · Authentication

Secure every request

Every call to the API must be authenticated using a bearer token or API key. Requests without valid credentials are rejected with a 401 Unauthorized response.

API key or bearer token

Every account is issued a secret API key from the dashboard. This key is used directly as a bearer token, or optionally as an API key header, depending on the client you're integrating. Both methods authenticate the same underlying identity and permissions.

Bearer token

Recommended for server-to-server calls and most SDK-free integrations.

API key header

Alternative for tooling or environments that expect a custom header name.

Sending the authorization header

Attach your credential to every request using one of the following headers.

1 Authorization: Bearer <API_KEY>
2 X-API-Key: <API_KEY>

Security notes

  • Never expose API keys in client-side code, mobile apps, or public repositories.

  • All requests must be made over HTTPS. Unencrypted requests are rejected.

  • Rotate keys periodically and revoke unused ones from the dashboard immediately.

  • Scope keys to the minimum permissions required for the integration.

Request example

authenticated-request.sh
# Fetch a list of resources
curl -X GET "https://api.example.com/v1/resources" \
  -H "Authorization: Bearer sk_live_51Hc9f...redacted" \
  -H "Content-Type: application/json"

# 200 OK
{ "data": [ ... ], "has_more": false }
API Reference

Endpoints

A representative set of endpoints for working with resources on the platform. Every response is JSON, every request is authenticated—see the full reference in the API explorer for the complete list.

Resources

Core CRUD operations for creating and managing resource objects.

GET /v1/resources
200 OK

List all resources in your account, with support for pagination, filtering, and sorting.

Request
curl -X GET https://api.example.com/v1/resources \
  -H "Authorization: Bearer YOUR_API_KEY"
GET /v1/resources/{id}
200 OK

Retrieve a single resource by its unique identifier, including all associated metadata.

POST /v1/resources
201 Created

Create a new resource by submitting a JSON payload describing its properties.

System

Operational endpoints for monitoring platform availability.

GET /v1/status
200 OK

Check platform health and current operational status without authentication.

View full API reference
FAQ

Frequently asked questions

Practical answers for developers integrating the API — covering rate limits, authentication errors, versioning, sandbox access, and support channels.

Rate limits What are the API rate limits?

Default limits are 100 requests/second on Standard plans and 500 requests/second on Enterprise plans. Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers.

Exceeding the limit returns a 429 Too Many Requests response. Use exponential backoff and respect the Retry-After header. See the Endpoints reference for per-route limits.

Authentication Why am I getting 401 Unauthorized errors?

The most common causes are a missing or malformed Authorization: Bearer header, an expired or revoked API key, or using a sandbox key against the production host.

Also check for client clock drift, which can invalidate signed requests. Full setup steps are in the Authentication section.

Versioning How does API versioning work?

Versions are path-based, e.g. /v1/…. Breaking changes are shipped under a new version; non-breaking additions land in the current one.

Deprecated versions remain live for at least 12 months, with warnings sent via the Deprecation response header before sunset.

Sandbox Is there a sandbox environment for testing?

Yes. Use base URL https://sandbox.api.example.com with a test key prefixed sk_test_….

Sandbox data resets nightly, webhooks can be simulated on demand, and no requests incur billing or affect production resources.

Support How do I get help or report an issue?

Check the status page first for ongoing incidents, then reach the developer support team via the contact details in the footer or the community forum.

Enterprise plans include a dedicated support SLA with guaranteed first-response times.