Authentication

Authentication guide for using the Discloud API (how to obtain and safely use your API Token).

All requests to the Discloud API must include an API Token in the api-token header.

If you don't have a token yet, generate or retrieve it in your Discloud dashboard. (Replace this note with the exact dashboard link or a screenshot.)

⚙️ How It Works

You generate a unique token linked to your account.

For every HTTP request include the header: api-token: YOUR_TOKEN_HERE.

The token authenticates and authorizes actions on behalf of your account (never share it).

Use the /user endpoint to quickly validate the token.

📤 Sending the Token

curl -X GET \
  -H "api-token: $DISCLOUD_TOKEN" \
  https://api.discloud.app/v2/user

import fetch from "node-fetch";

async function getCurrentUser() {
  const res = await fetch("https://api.discloud.app/v2/user", {
    headers: { "api-token": process.env.DISCLOUD_TOKEN },
  });

  if (!res.ok) {
    console.error("Request failed:", res.status, await res.text());
    return;
  }
  const data = await res.json();
  console.log(data);
}

// Install first: npm i discloud.app
const { discloud } = require("discloud.app");

discloud.login("DISCLOUD_API_TOKEN");

async function validateToken() {
  try {
    const user = await discloud.user.fetch();
    console.log("Authenticated user:", user);
  } catch (e) {
    console.error("Invalid token or network error:", e.message);
  }
}

🛡 Securing the Token

Never commit your token (e.g. to Git). Store it in environment variables (.env, CI/CD secrets, etc.).

📌 Best practices:

Use environment variables instead of hard‑coding.
Rotate the token periodically (e.g. every 90 days).
Revoke and regenerate immediately if you suspect exposure.
Restrict who can access infrastructure where the variable is stored.

⚡ Quick Token Verification

Call /user right after setting the environment variable. If you get HTTP 200 with user data, authentication is working.

You can also update the user locale (e.g. en-US) through /locale/{locale} to validate another authenticated route.

The operations below require the api-token header:

Get current user information

get

Returns information about the authenticated user

Authorizations

api-tokenstringRequired

Responses

200

Successful operation

application/json

401

Authentication error

application/json

get

/user

GET /v2/user HTTP/1.1
Host: api.discloud.app
api-token: YOUR_API_KEY
Accept: */*

{
  "status": "ok",
  "message": "User data were successfully charged",
  "user": {
    "userID": "803658045736878080",
    "totalRamMb": 16384,
    "ramUsedMb": 3386,
    "subdomains": [
      "exemplo"
    ],
    "customdomains": [
      "example.discloud.com"
    ],
    "apps": [
      "1719010867306"
    ],
    "plan": "Safira",
    "locale": "pt-BR",
    "lastDataLeft": {
      "days": 264,
      "hours": 12,
      "minutes": 6,
      "seconds": 56
    },
    "planDataEnd": "2026-01-12T22:28:58.189Z"
  }
}

PreviousAPI Overview NextUser

Last updated 1 month ago

hashtag⚙️ How It Works

hashtag📤 Sending the Token

hashtag🛡 Securing the Token

hashtag⚡ Quick Token Verification

hashtag📚 Related Endpoints References

hashtagGet current user information

⚙️ How It Works

📤 Sending the Token

🛡 Securing the Token

⚡ Quick Token Verification

📚 Related Endpoints References

Get current user information