API Authentication
Authenticate Kubeadapt API requests using Bearer tokens with API keys. Covers key creation, cluster scoping, permission scopes, and auth error handling.
All API requests (except health endpoints) require authentication via an API key. Keys are scoped to your organization.
API Keys
Create API keys in the Kubeadapt dashboard. Each key has:
- Permission scopes that control which endpoints it can access. See Permission Scopes for the full list.
- Optional cluster restrictions via
allowed_cluster_ids. If you don't restrict a key to specific clusters, it has access to all clusters in your organization.
Keep your API keys secret. Don't expose them in client-side code or public repositories.
Making Authenticated Requests
Pass your API key as a Bearer token in the Authorization header:
curl -H "Authorization: Bearer ka_your_api_key" \
https://public-api.kubeadapt.io/v1/clustersEvery request must include this header. There's no session-based auth or cookie support.
API Key Scoping
Keys can be restricted to specific clusters by setting allowed_cluster_ids when creating the key. When a key has cluster restrictions:
- Requests for a cluster not in
allowed_cluster_idsreturn403 Forbidden. - List endpoints only return data for clusters the key is allowed to access.
If allowed_cluster_ids is empty, the key can access all clusters in the organization.
Error Responses
| Status | Cause |
|---|---|
401 Unauthorized | The Authorization header is missing, malformed, or the key is invalid. |
403 Forbidden | The key is valid but lacks the required permission scope, or the requested cluster is not in the key's allowed_cluster_ids. |
Example 401 response:
{
"detail": "API key required. Use 'Authorization: Bearer <api_key>'"
}Example 403 response:
{
"detail": "Missing required permission: clusters:read"
}Related
- Permission Scopes - Full scope reference table
- Error Handling - Full error code reference including 401 and 403
- REST API Overview - Base URL, versioning, and request format