Authentication - Cube Documentation

How you authenticate depends on which API you call. The REST management API (/api/v1/…) uses an API key; the SCIM API (/api/scim/v2/…) uses a bearer token. Both are sent in the Authorization header, and only HTTPS is accepted.

REST API (`/api/v1`)

Authenticate deployment, report, and workbook requests with an API key from your Cube Cloud account, sent with the Api-Key prefix:

Authorization: Api-Key <YOUR_API_KEY>

Generate an API key (access token) in your Cube Cloud account settings.

curl --request GET \
  --url 'https://<tenant>.cubecloud.dev/api/v1/deployments' \
  --header 'Authorization: Api-Key <YOUR_API_KEY>'

SCIM API (`/api/scim/v2`)

Authenticate user and group provisioning requests with a SCIM bearer token, configured in your identity provider’s SCIM integration:

Authorization: Bearer <YOUR_SCIM_TOKEN>

Generate a SCIM token in your Cube Cloud account settings, then configure it in your identity provider alongside the base URL.

curl --request GET \
  --url 'https://<tenant>.cubecloud.dev/api/scim/v2/Users?count=100&startIndex=1' \
  --header 'Authorization: Bearer <YOUR_SCIM_TOKEN>'

Treat API keys and SCIM tokens like passwords — they grant full access to your account’s resources. Store them securely and rotate them if they are exposed.

A 401 Unauthorized response means the credential is missing, malformed, or expired.

Introduction List users

⌘I

​REST API (/api/v1)

​SCIM API (/api/scim/v2)

REST API (`/api/v1`)

SCIM API (`/api/scim/v2`)