API reference

CloudNx exposes a REST API split across three services. Every route returns JSON and authenticates with the same RS256 JWT.

Base URLs

Authentication

There are two ways to authenticate, both produce the same JWT internally:

1. Session cookie (browser)

After POST /auth/login, the browser receives cnx_access (15 min) and cnx_refresh (30 days) HttpOnly cookies. These are used automatically by the dashboard and any same-origin client.

2. Access keys + SigV4 (programmatic)

For CLI / SDK / CI use:

1. Create an IAM user via /iam.
2. Issue an access key (you’ll see the secret once).
3. Sign requests with AWS SigV4 (region in-mum, service cloudnx) — or use POST /auth/iam/exchange-credentials with the secret in the body to get a 15-minute JWT and use that as a Bearer token.

Easiest path: install the cloudnx CLI, run cloudnx configure, and let it handle signing.

Request / response shape

Requests with bodies use Content-Type: application/json. Responses are always JSON with one of these shapes:

// Success — varies per route
{ "id": "…", "status": "running", "…": "…" }

// List
{ "instances": [ … ], "next_cursor": "…" }

// Error (any 4xx / 5xx)
{ "error": "human-readable explanation" }

Status codes

Idempotency

Mutating routes accept an optional Idempotency-Key header. Resending the same request with the same key returns the original response without a side-effect. Keys live for 24 hours.

Rate limits

Per-user soft limit of 30 requests / second across all services. Programmatic clients should back off on 429; the response includes a Retry-After header in seconds.

SDKs

First-party CLI shipped (cloudnx CLI); language SDKs are on the roadmap. For now you can:

• Use any HTTP client + the SigV4 specification.
• Use the AWS SDK for S3 against https://s3.cloudnx.in for object storage — fully compatible.
• Wrap the CLI in your scripts with --output json.