Authentication
Authenticate your API requests using API keys. Learn how to manage keys, rotate them, and secure your integration.
API Keys
CloudVNO uses API keys for authentication. All API requests must include your API key in the Authorization header as a Bearer token.
curl https://api.cloudvno.com/v1/messages \
-H "Authorization: Bearer YOUR_API_KEY"
Getting Your API Key
- Sign in to your CloudVNO dashboard
- Navigate to Settings → API Keys
- Click Create new API key
- Give it a name and select the appropriate permissions
- Copy your key immediately — it will not be shown again
Key Permissions
Each API key can be scoped to specific actions:
| Permission | Description |
|---|---|
messages:read | Read message history and status |
messages:write | Send SMS, MMS, and RCS messages |
calls:read | Read call logs and recordings |
calls:write | Make and control calls |
numbers:read | View provisioned numbers |
numbers:write | Provision and release numbers |
verify:write | Send and check verifications |
lookups:read | Perform number intelligence lookups |
Security Best Practices
- Never hardcode API keys in your source code or commit them to version control
- Store keys in environment variables or a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.)
- Use separate API keys for development and production
- Rotate keys regularly and immediately if compromised
- Scope keys to the minimum permissions needed
Using Environment Variables
import os
from cloudvno import Client
client = Client(os.environ["CLOUDVNO_API_KEY"])
import { CloudVNO } from '@cloudvno/sdk';
const client = new CloudVNO({
apiKey: process.env.CLOUDVNO_API_KEY,
});
Key Rotation
To rotate a compromised key:
- Create a new API key in the dashboard
- Update your application to use the new key
- Verify the new key works in production
- Revoke the old key from the dashboard
Revoking a key is immediate and irreversible.