v1.0Get API key
Authentication
Authentication
FixMyCloud API uses short-lived JWT bearer tokens. Every request must include a valid token and your workspace slug.
Getting a token
POST to /auth/login with your email and password:
bash
curl -X POST https://api.fixmycloud.ai/api/v1/auth/login -H "Content-Type: application/json" -d '{"email":"you@company.com","password":"your-password"}'json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"expires_in": 3600
}Using the token
Include the token in the Authorization header of every request:
bash
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Workspace context
All API endpoints are scoped to a workspace (tenant). Include the workspace slug in every request:
bash
X-Tenant-Slug: my-companyFind your slug in the app URL: app.fixmycloud.ai/my-company/dashboard
Complete request example
bash
curl https://api.fixmycloud.ai/api/v1/connections -H "Authorization: Bearer <your_token>" -H "X-Tenant-Slug: my-company" -H "Accept: application/json"Token expiry and refresh
Access tokens expire after 1 hour. Use the refresh token to get a new access token without re-authenticating:
bash
curl -X POST https://api.fixmycloud.ai/api/v1/auth/refresh -H "Content-Type: application/json" -d '{"refresh_token":"<your_refresh_token>"}'Security: Never expose tokens in client-side code, URLs, or version control. Store tokens in environment variables or a secrets manager. Rotate credentials if they are compromised.
Authentication errors
401UnauthorizedMissing or invalid token. Re-authenticate.403ForbiddenToken valid but lacks permission for this resource.422Unprocessable EntityRequest body schema invalid.