logoCloudomation Docs


    To use Cloudomation you need an account. Please see signing up on how to sign up for an account. When you sign up you create a workspace with one user. You can later add more users to your workspace. All users of your workspace will share the same resources in Cloudomation.

    Below are the descriptions on how to authenticate with Cloudomation using different methods.

    Via the User Interface

    To authenticate via the user interface you need to visit the login page. You need to enter your workspace name, user name, and your password. If you enabled Two-Factor-Authentication (2FA) for your user you also have to enter the current 2FA code.

    Once all the required fields are filled in, you can click on “Login”. If the authentication is successful your browser receives a cookie. The cookie contains a JWT token which is used to authenticate by subsequent requests. The validity of the token depends on the “Remember me” setting. If “Remember me” was chosen, the cookie is valid for 90 days. Otherwise, it is valid for the browser session only. The browser session usually ends when the browser window is closed.

    Via the REST API

    To authenticate using the REST API you need to POST a JSON string containing your credentials to An example JSON might look like:

    "client_name": "CorpInc AG",
    "user_name": "kevin",
    "password": "secret"

    If successful, the reply might look like:

    "client_id": "8ea28b78-3da5-468a-a553-2b504d301552",
    "client_name": "CorpInc AG",
    "user_id": "75a66b62-3c91-416b-a555-72672bfd319b",
    "user_name": "kevin",
    "is_client_admin": true,
    "is_system_admin": false,
    "token": "eyJ...",
    "token_expiry": 1538822075.055123

    If unsuccessful, the API returns with HTTP 401: Unauthorized

    Via the Command Line

    In the command line, you can use a command line tool like curl to authenticate against the Cloudomation REST API. The schema of the request is described in the section “via the REST API“. Below are two example scripts which you can use to handle the authentication and to extract the token for further use.

    Run the script via the command line. It will promt you to enter your workspace name, user name, and password. Do not store any of them in plain text within the script. The script will take your input and create an authentication token which you can then use to authenticate against the Cloudomation API.


    #!/usr/bin/env bash
    echo "Authenticating..."
    read -e -p "Workspace Name: " -i "CorpInc AG" CLIENT_NAME
    read -e -p "User Name: " -i "kevin" USER_NAME
    stty -echo
    read -p "Password: " PASSWORD
    stty echo
    echo ""
    echo "Sending auth..."
    REPLY=$(curl -m 2 -s -d "${AUTH}"
    if [ "$?" -ne "0" ]; then
    echo "Failed to send auth!" 1>&2
    return 1
    if [ "${REPLY}" == "401: Unauthorized" ]; then
    echo "Authentication failed: ${REPLY}" 1>&2
    return 1
    echo "Extracting token..."
    TOKEN=$(echo ${REPLY} | jq -r ".token")
    if [ "$?" -ne "0" ]; then
    echo "Failed to extract token!" 1>&2
    return 1
    DIR=$(dirname $0)
    touch "${TOKEN_FILE}"
    chmod 600 "${TOKEN_FILE}" || exit 1
    echo "${TOKEN}" > "${TOKEN_FILE}"
    chmod 400 "${TOKEN_FILE}"
    echo "Token was stored in ${TOKEN_FILE}. All done!"


    Write-Host "Authenticating..."
    $CLIENT_NAME = Read-Host -Prompt "Workspace Name [${CLIENT_NAME_DEFAULT}]"
    if ("${CLIENT_NAME}" -eq "") {
    $USER_NAME_DEFAULT = "kevin"
    $USER_NAME = Read-Host -Prompt "User Name [${USER_NAME_DEFAULT}]"
    if ("${USER_NAME}" -eq "") {
    $PASSWORD_SEC = Read-Host -AsSecureString 'Password'
    $PASSWORD = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR(${PASSWORD_SEC}))
    $AUTH = @{
    client_name = "${CLIENT_NAME}"
    user_name = "${USER_NAME}"
    password = "${PASSWORD}"
    } | ConvertTo-Json
    Write-Host "Sending auth..."
    try {
    $REPLY = Invoke-RestMethod -Uri "" -Method Post -Body "${AUTH}"
    catch {
    $STATUS_CODE = $_.Exception.Response.StatusCode.value__
    if ($STATUS_CODE -eq "401") {
    Write-Error "Authentication failed: ${STATUS_CODE}"
    Exit 1
    echo "Extracting token..."
    if(${REPLY}.token -eq $null) {
    Write-Error "Failed to extract token!"
    Exit 1
    $TOKEN = ${REPLY}.token
    $DIR = Split-Path -Parent $MyInvocation.MyCommand.Definition
    $TOKEN_FILE = "${DIR}/token"
    if (-Not (Test-Path "${TOKEN_FILE}"))
    New-Item -ItemType file "${TOKEN_FILE}" | Out-Null
    if ($IsLinux) {
    Invoke-Expression "chmod 600 `"${TOKEN_FILE}`""
    } elseif($IsWindows) {
    Set-ItemProperty "${TOKEN_FILE}" -name IsReadOnly -value $false
    Set-Content -Path "${TOKEN_FILE}" -Value "${TOKEN}"
    if ($IsLinux) {
    Invoke-Expression "chmod 400 `"${TOKEN_FILE}`""
    } elseif($IsWindows) {
    Set-ItemProperty "${TOKEN_FILE}" -name IsReadOnly -value $true
    Write-Host "Token was stored in ${TOKEN_FILE}. All done!"

    The script saves the obtained token in a file called token next to the script itself. To use the token other scripts can read the content of the file:

    $ ./auth.bash
    Workspace Name: CorpInc AG
    User Name: kevin
    Sending auth...
    Extracting token...
    Token was stored in ./token. All done!
    $ TOKEN=$(cat ./token)
    $ echo $TOKEN

    You can then use the token to authenticate further requests:

    $ curl -s '' -H "Authorization: $TOKEN" | jq .
    "updated": {
    "last_activity": "1531049907.7785194",
    "status": "active",
    "name": "kevin",
    "id": "75a66b62-3c91-416b-a555-72672bfd319b",
    "email": ""
    Knowledge Base — Previous
    Accessing and Manipulating Records
    Next — Knowledge Base
    Connection Resource