API Authentication

CLOUD

All Cloud Platform endpoints require authentication using Bearer tokens.

Getting an API Token

Log in to the msh cloud platform at https://app.msh.io
Navigate to Account → API Tokens
Create a new token
Copy the token (shown only once)

Using API Token

Include the token in the Authorization header:

export API_TOKEN="your-token-here"

curl -X GET \
  -H "Authorization: Bearer $API_TOKEN" \
  https://api.msh.io/api/msh/projects/

Token Expiration

API tokens:

Never expire (unless revoked)
Can be revoked at any time
Are project-specific (some tokens)
Have rate limits based on tier

Security Best Practices

Store Securely: Never commit tokens to version control
Use Environment Variables: Store tokens in environment variables
Rotate Regularly: Rotate tokens periodically
Limit Scope: Use project-specific tokens when possible
Revoke Unused: Revoke unused tokens

Example: Environment Variables

# .env file (never commit)
MSH_API_TOKEN=your-token-here
MSH_PROJECT_ID=1

# Use in scripts
curl -X GET \
  -H "Authorization: Bearer $MSH_API_TOKEN" \
  https://api.msh.io/api/msh/projects/$MSH_PROJECT_ID/

CI/CD Integration

Store tokens as secrets:

# GitHub Actions
env:
  MSH_API_TOKEN: ${{ secrets.MSH_API_TOKEN }}

# GitLab CI
variables:
  MSH_API_TOKEN: $MSH_API_TOKEN_SECRET

Error Responses

Unauthorized

{
  "error": "Unauthorized",
  "details": "Invalid or missing API token"
}

Status Code: 401

Forbidden

{
  "error": "Forbidden",
  "details": "Token does not have access to this resource"
}

Status Code: 403

Getting Started - Set up Cloud Platform
API Reference - Complete API documentation
Rate Limiting - Rate limit information

Getting an API Token​

Using API Token​

Token Expiration​

Security Best Practices​

Example: Environment Variables​

CI/CD Integration​

Error Responses​

Unauthorized​

Forbidden​

Related Documentation​