Base URL
Authentication
All API endpoints require authentication. Include your API key as a Bearer token in theAuthorization header:
Getting your API key
- Open the OneCLI dashboard
- Go to Settings and copy your API key
oc_ and are scoped to a single project. A project key always operates on its own project.
Organization-scoped keys
Organization API keys start withoc_org_ and can operate across projects. For project-scoped endpoints, include the X-Project-Id header to specify which project (without it, project endpoints return 401):
/org/...) need no project header, and require the admin or owner role, with one exception: GET /org/rules/permissions/{provider} is readable by any organization member (project pages surface those inherited constraints).
Partner keys
Partner API keys start withoc_partner_ and let resellers and agencies provision and manage organizations for their customers. See the Partner API for the full workflow.
Errors
The API returns standard HTTP status codes. Validation errors return a flaterror string; authentication and service errors use an envelope with message and type:
| Status | Meaning |
|---|---|
400 | Validation error or bad request |
401 | Missing or invalid authentication |
403 | Insufficient permissions (role-gated endpoint) |
404 | Resource not found |
409 | Conflict (e.g., duplicate identifier) |