Get Started
Welcome to DoiT Cloud Intelligence™ Public API
API Tokens
DoiT authenticates and authorizes API requests with API keys using HTTP Bearer authentication.
Authorization: Bearer <YOUR_API_TOKEN>
Get a token
DoiT supports two token types for programmatic access.
-
Personal API token: Use when building something for yourself: exporting billing data, pulling Cloud Analytics reports, or running internal scripts.
-
Service account API token: Use when automation runs on shared infrastructure and must keep working if you change roles or leave your organization.
Choose based on whether the integration runs as you or as shared organizational automation.
| Token type | Best for | Where to create it |
|---|---|---|
| Personal API token | Scripts, local tools, or automation tied to your user |
|
| Service account API token | Shared automation (CI/CD, scheduled jobs, integrations) that should not depend on one person |
|
Permission behavior
- Personal API tokens are limited to permissions your user role already grants. If your role changes, effective permissions may narrow.
- Service account API tokens use the service account's current permissions. Permission changes on the service account take effect immediately; removed permissions cause 403 on affected endpoints.
- Service accounts have no user email. For Cloud Analytics, reports must be shared organization-wide or be preset reports. Private user-only reports are not accessible via service account tokens.
- Each API operation enforces its own permissions.
Security
Treat API tokens like passwords. Store them in a secrets manager or CI/CD secret store. Do not commit tokens to source control or share them in chat.
Legacy API tokens
If you still use a legacy API token from your user profile, it continues to work until revoked and reflects your current role permissions. Creating new legacy tokens is deprecated. Use a scoped personal API token or a service account token for new integrations.
Use tokens
Pass the token in every request's Authorization header.
When you sign in to the API reference with your DoiT account, your legacy API token (if you still have one) may be prefilled in the Authorization header field in the top-right corner of the API pages.
Personal API tokens and service account API tokens are not auto-selected. Copy a token from the DoiT console and paste it into the Authorization header field, or send it in your own requests as Authorization: Bearer <YOUR_API_TOKEN>.
API endpoints
The production version of the DoiT Platform API is hosted at https://api.doit.com.
Choosing the right endpointAlways use the production endpoint unless you're specifically looking for something not yet launched.
Your first request
After you create an API token in the DoiT console, verify that requests require authentication by calling the API endpoint without a token:
$ curl 'https://api.doit.com'
{
"error": "Authorization field missing"
}To call an endpoint, pass your token in the Authorization header: Authorization: Bearer <YOUR API KEY>.
When you are signed in to the API reference, a legacy API token (if you still have one) may be prefilled in the Authorization field. Personal API tokens and service account API tokens are not auto-selected. Copy the token from the DoiT console and paste it into the field, or include it in your own requests.
Below is an example request that returns five reports:
$ curl --request GET \
--head \
--url 'https://api.doit.com/analytics/v1/reports?maxResults=5' \
--header 'Authorization: Bearer eyJhbGci...' \
--header 'Accept: application/json'We are happy to support you!
To open a support ticket, go to https://support.doit.com, sign in with your DoiT account, select DoiT Platform as the Cloud Platform and DoiT Platform API as the Product.
See Create expert inquiries for more information.