Authentication

Authentication guide for using the Discloud API (how to obtain and safely use your API Token).

All requests to the Discloud API must include an API Token in the api-token header.

If you don't have a token yet, generate or retrieve it in your Discloud dashboard. (Replace this note with the exact dashboard link or a screenshot.)

⚙️ How It Works

You generate a unique token linked to your account.

For every HTTP request include the header: api-token: YOUR_TOKEN_HERE.

The token authenticates and authorizes actions on behalf of your account (never share it).

Use the /user endpoint to quickly validate the token.

📤 Sending the Token

curl -X GET \
  -H "api-token: $DISCLOUD_TOKEN" \
  https://api.discloud.app/v2/user

import fetch from "node-fetch";

async function getCurrentUser() {
  const res = await fetch("https://api.discloud.app/v2/user", {
    headers: { "api-token": process.env.DISCLOUD_TOKEN },
  });

  if (!res.ok) {
    console.error("Request failed:", res.status, await res.text());
    return;
  }
  const data = await res.json();
  console.log(data);
}

// Install first: npm i discloud.app
const { discloud } = require("discloud.app");

discloud.login("DISCLOUD_API_TOKEN");

async function validateToken() {
  try {
    const user = await discloud.user.fetch();
    console.log("Authenticated user:", user);
  } catch (e) {
    console.error("Invalid token or network error:", e.message);
  }
}

🛡 Securing the Token

Never commit your token (e.g. to Git). Store it in environment variables (.env, CI/CD secrets, etc.).

📌 Best practices:

Use environment variables instead of hard‑coding.
Rotate the token periodically (e.g. every 90 days).
Revoke and regenerate immediately if you suspect exposure.
Restrict who can access infrastructure where the variable is stored.

⚡ Quick Token Verification

Call /user right after setting the environment variable. If you get HTTP 200 with user data, authentication is working.

You can also update the user locale (e.g. en-US) through /locale/{locale} to validate another authenticated route.

The operations below require the api-token header:

Get current user information

get

Returns information about the authenticated user

Authorizations

Responses

200

Successful operation

application/json

401

Authentication error

application/json

get

GET /v2/user HTTP/1.1
Host: api.discloud.app
api-token: YOUR_API_KEY
Accept: */*

{
  "status": "ok",
  "message": "User data were successfully charged",
  "user": {
    "userID": "803658045736878080",
    "totalRamMb": 16384,
    "ramUsedMb": 3386,
    "subdomains": [
      "exemplo"
    ],
    "customdomains": [
      "example.discloud.com"
    ],
    "apps": [
      "1719010867306"
    ],
    "plan": "Safira",
    "locale": "pt-BR",
    "lastDataLeft": {
      "days": 264,
      "hours": 12,
      "minutes": 6,
      "seconds": 56
    },
    "planDataEnd": "2026-01-12T22:28:58.189Z"
  }
}

Update user locale

put

Updates the user's preferred language/locale

Authorizations

Path parameters

localestring · enumRequired

The locale to set for the user

Possible values:

Responses

200

Locale successfully updated

application/json

401

Authentication error

application/json

404

Invalid locale specified

application/json

put

PUT /v2/locale/{locale} HTTP/1.1
Host: api.discloud.app
api-token: YOUR_API_KEY
Accept: */*

{
  "status": "ok",
  "locale": "en-US"
}

PreviousAPI Overview NextUser Endpoints

Last updated 4 days ago

⚙️ How It Works

📤 Sending the Token

🛡 Securing the Token

⚡ Quick Token Verification

📚 Related Endpoints References

Get current user information

Update user locale