Authentication

All API requests to Tenuo Cloud require authentication using an API key.

API Key Format

Tenuo Cloud API keys follow this format:

tc_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Using Your API Key

Include your API key in the Authorization header as a Bearer token:

curl -H "Authorization: Bearer tc_your_api_key_here" \
  https://api.tenuo.cloud/v1/keys

import requests
 
headers = {"Authorization": "Bearer tc_your_api_key_here"}
response = requests.get("https://api.tenuo.cloud/v1/keys", headers=headers)

API Key Scopes

API keys have scopes that control access:

Scope Requirements by Endpoint

Error Responses

Invalid API Key

{
  "error": {
    "code": "invalid_api_key",
    "message": "The provided API key is invalid"
  }
}

Missing Authorization

{
  "error": {
    "code": "unauthorized",
    "message": "Authorization header is required"
  }
}

Insufficient Scope

{
  "error": {
    "code": "insufficient_scope",
    "message": "This endpoint requires 'admin' scope"
  }
}

Rate Limiting

API requests are rate limited per API key:

Rate limit headers are included in responses:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1706123456

When rate limited, you'll receive a 429 Too Many Requests response.

Best Practices

Use environment variables

Never hardcode API keys. Use environment variables or secret management.

export TENUO_API_KEY=tc_your_api_key_here

Use least-privilege scopes

Create API keys with only the scopes needed for their purpose.

Rotate keys regularly

Create new keys and deprecate old ones every 90 days.

Monitor key usage

Review the audit log for unusual API key activity.

Managing API Keys