API Key
An API Key provides Read and Write access. If you want Read-only access, please use an Entitlement Token. API Keys and Entitlement Tokens should be treated as secrets to prevent unwarranted access.
Getting your API Key
There are two ways to retrieve your API Key:
- Via the Cloudsmith web app
- Via the Cloudsmith CLI
Via the Cloudsmith web app
On the top right corner, click on your user icon, then click on Personal API Keys and click Refresh to view the API Key. Refreshing the API key will permanently disable the current API key. Make sure you store it in a proper secret management tool to access it later.

API-Key via Cloudsmith web app
Via the Cloudsmith CLI
You can retrieve your API key using the cloudsmith login command:
cloudsmith login
Login: [email protected]
Password: PASSWORD
Repeat for confirmation: PASSWORD
NOTE: Please ensure you use your email for the 'Login' prompt.
Adding IP-Based restrictions to your API-Key
By default, you can use your API-Key from anywhere.
If you wish to restrict the use of your API-Key to a specific IP address or range, you can add the CIDR address/mask to the Allow List:

API-Key Allow List
One you have added your CIDR address/mask, just click the green "Update" button to apply your restriction.
Updated 5 days ago