Teams and Accounts

API Key

In order to use the Cloudsmith API, or any other integrations or tools that make use of the Cloudsmith API, you will first need to get your API Key.

An API Key provides Read and Write access. If you want Read-only access, please use an Entitlement Token. API Keys and Entitlement Tokens should be treated as secrets to prevent unwarranted access.

Getting your API Key

There are two ways to retrieve your API Key:

Via the Cloudsmith web app
Via the Cloudsmith CLI

Via the Cloudsmith web app

On the top right corner, click on your user icon, then click on Personal API Keys and click Refresh to view the API Key. Refreshing the API key will permanently disable the current API key. Make sure you store it in a proper secret management tool to access it later.

Via the Cloudsmith CLI

You can retrieve your API key using the cloudsmith login command:

cloudsmith login
Login: you@example.com
Password: PASSWORD
Repeat for confirmation: PASSWORD

Note

Please ensure you use your email for the 'Login' prompt.

Adding IP-Based restrictions to your API-Key

By default, you can use your API-Key from anywhere.

If you wish to restrict the use of your API-Key to a specific IP address or range, you can add the CIDR address/mask to the Allow List in the API Key Restrictions tab:

Setting API restrictions for a user API key

One you have added your CIDR address/mask, just click the "+ Add" button to apply your restriction.

Refreshing a Personal/User API Key

If you lose the API key associated with your account, or suspect it has been compromised, you'll need to refresh the key, generating a new one.

To do this, under your profile menu, select Personal API Keys.

Click the "Refresh API Key" button to generate a new API key.

Updated 6 days ago