API Key
In order to use the Cloudsmith API, or any other integrations or tools that make use of the Cloudsmith API, you will first need to get your API Key.
An API Key provides Read and Write access. If you want Read-only access, please use an Entitlement Token. API Keys and Entitlement Tokens should be treated as secrets to prevent unwarranted access.
Getting your API Key
There are two ways to retrieve your API Key:
- Via the Cloudsmith web app
- Via the Cloudsmith CLI
Via the Cloudsmith web app
On the top right corner, click on your user icon, then click on Personal API Keys and click Refresh to view the API Key. Refreshing the API key will permanently disable the current API key. Make sure you store it in a proper secret management tool to access it later.
Via the Cloudsmith CLI
You can retrieve your API key using the cloudsmith login command:
cloudsmith login
Login: you@example.com
Password: PASSWORD
Repeat for confirmation: PASSWORDNote
Please ensure you use your email for the 'Login' prompt.
Adding IP-Based restrictions to your API-Key
By default, you can use your API-Key from anywhere.
If you wish to restrict the use of your API-Key to a specific IP address or range, you can add the CIDR address/mask to the Allow List in the API Key Restrictions tab:
One you have added your CIDR address/mask, just click the "+ Add" button to apply your restriction.