Crusoe Cloud is currently in private beta. If you do not currently have access, please request access to continue.
Crusoe Cloud's REST API can be used to programmatically control resources such as creating Virtual Machines or fetching information about your organization.
Base URL and version
Crusoe Cloud's API is hosted at
The current version while we are in private alpha is
The full API reference is available at
In order to authenticate to Crusoe Cloud's API, you must sign all requests using the following algorithm.
To begin creating a signed request, you need several pieces of information about the request being made:
- The version of the signature being generated
- The API access key ID and secret key
- The signature payload
- A timestamp for approximately when the request was created and sent, to prevent replay attacks
Once you have this information, you can send requests with the
Authorization headers to authenticate to the API:
curl https://api.crusoecloud.com/v1alpha4/... \
-H "X-Crusoe-Timestamp: <RFC3339 timestamp>" \
-H "Authorization: Bearer <version:access_key_id:base64_encoded_signature>" \
The current version of the signature is
Getting an API access key and secret key
You can create an API access key and secret key by following the instructions in "Manage your API Keys".
Generating a signature
The signature payload consists of the following information, separated by newline ("\n") characters:
If there is no value (for example, no query params), then the line contains a single newline character.
The payload is used to generate a SHA256 HMAC signature, using a raw-urlsafe-base64 decoded version of the secret key as the HMAC secret key. The resulting HMAC signature is then base64 encoded and concatenated to the
access_key_id using the
Canonical Query Parameters
If query parameters are included in the request, you must canonicalize them into a single query string.
To create this string, you must:
- Sorted parameters by name, lexicographically.
- Separate all parameters with
If there are no query parameters, the canonical string is the newline character:
For example if you have a request that includes:
/v1alpha4/capacities?product_name=a100.8x&location=us-northcentral1-a the canonical query string would be:
As an example, imagine we have:
- An API access key ID (
gYFONy-6QKS1acgUEQrR4Q) and secret key (
GETrequest being made to
- Query params of
This would result in the following payload:
The payload is then put through:
The output is then concatenated together with
1.0:gYFONy-6QKS1acgUEQrR4Q (the version and access key ID) and placed in the authorization header:
curl https://api.crusoecloud.com/v1alpha4/capacities \
-H "X-Crusoe-Timestamp: 2022-03-01T01:23:45+09:00" \
-H "Authorization: Bearer 1.0:gYFONy-6QKS1acgUEQrR4Q:ZWFmMzVjMWMwODExNDc0OGY2ZTRmMzI0Y2UxOTI3YWQ2OTcwNmIzZTM4YWJmYjRkYWVjODBlYWE4MzY2ZGZkYw"