Cloudways Access Tokens provide a secure way to connect applications, automation tools, scripts, and third-party integrations to your Cloudways account through the Cloudways API.
Unlike the legacy API key, Access Tokens allow you to create multiple credentials for different integrations. Each token can have its own name, expiration period, and access permissions.
This means you can give an integration only the permissions it requires instead of providing unrestricted access to your entire Cloudways account.
This article explains how Access Tokens work, how to create one, how to use it in the Cloudways API Playground, and how to manage existing tokens.
Important:
The legacy Cloudways API key is being deprecated and is scheduled to reach end of life on October 15, 2026. Existing users can continue using their API key during the transition period, but they should migrate their active integrations to Access Tokens before the retirement date.
New users can use Access Tokens only. After the deprecation period ends, existing API keys will be revoked and integrations that still use them may stop working.
What is a Cloudways Access Token?
An Access Token is a secure credential that allows an application or integration to communicate with the Cloudways API.
The Cloudways API enables software to perform supported Cloudways operations programmatically. For example, an integration may use the API to retrieve server information, manage applications, monitor resources, or automate repetitive tasks.
An Access Token works like a password for an API integration. It should never be shared publicly, included in screenshots, stored in an unsecured document, or added directly to publicly accessible source code.
Why should you use Access Tokens?
Previously, Cloudways accounts could use a single API key that provided broad access to the account. Sharing the same key across multiple integrations made it difficult to control what each integration could access.
Access Tokens provide greater control by allowing you to:
Create separate tokens for different applications and integrations.
Assign a descriptive name to each token.
limit a token to selected API operations.
Provide read-only access when an integration only needs to retrieve information.
Set an expiration period for temporary access.
Revoke one token without affecting other integrations.
Review when a token was created and last used.
This approach follows the principle of least privilege. The principle of least privilege means giving an integration only the minimum permissions required to perform its intended task.
Who can create Access Tokens?
Access Token management is available through the API Integration section of the Cloudways Platform.
Access to API credentials is restricted to the primary Cloudways account owner.
Team members cannot access or generate API credentials through their team-member accounts.
Access Token permission types
When creating an Access Token, you must select the level of API access that the token will receive.
Limited Access
Limited Access allows you to select specific API endpoint groups and individual operations.
An API endpoint is a specific API operation used to retrieve information or perform an action. For example, one endpoint may retrieve application information, while another may update a server setting.
Use Limited Access when an integration requires only selected Cloudways operations. This is the recommended option for most integrations because it reduces unnecessary account access.
Available endpoint categories may include:
App Management
Application
Git
Lists
Monitoring
Server
Services
The exact categories and endpoints available on the screen may change as Cloudways expands its API coverage.
Read-Only Access
Read-Only Access allows the integration to retrieve information but prevents it from creating, changing, or deleting resources.
This permission primarily covers API operations that use the GET method.
Use Read-Only Access for monitoring tools, reporting systems, dashboards, and integrations that only need to view Cloudways information.
Full Access
Full Access grants access to all supported API endpoints and HTTP methods.
This may allow the integration to retrieve, create, update, and delete supported Cloudways resources.
Only select Full Access when the integration genuinely requires complete API access and you trust the system that will store and use the token.
Access Token expiration options
Every Access Token can be assigned an expiration period. The expiration determines how long the token remains valid.
Available options include:
1 day
1 month
3 months
6 months
1 year
Never
When you select an expiration option, the Cloudways Platform displays the corresponding expiration date.
For temporary integrations or testing, select a short expiration period. Select Never only when long-term access is necessary and the token will be stored securely.
After a token expires, integrations using it will no longer be able to authenticate with the Cloudways API.
How to create a Cloudways Access Token
Follow these steps to create an Access Token from the Cloudways Platform.
Step #1 - Open the API Integration section:
Log in to the Cloudways Platform.
From the left navigation menu, click the grid icon near the bottom of the screen.
The additional platform options will appear.
Click API Integration.
Step #2 - Start creating an Access Token:
On the Cloudways Developer APIs page, locate the Access Token Details section.
This section displays all Access Tokens currently associated with your account, including their names, scopes, creation dates, last-used information, and expiration periods.
Click Create Access Token.
Step #3 - Enter an Access Token name, Expiration period, Scope, :
In the Access Token Name field, enter a descriptive name for the token.
Choose a name that helps you identify where the token will be used. For example:
Monitoring Dashboard
Cloudways MCP Integration
Monthly Reporting Tool
Development Automation
Staging Deployment Script
The name does not affect the token’s permissions. It is used only to help you identify and manage the token later.
Open the Expiration menu and select how long the Access Token should remain valid.
The resolved expiration date will appear below the selected option.
For improved security, choose the shortest period that meets the requirements of your integration.
Open the Scope menu and select one of the following permission types:
Limited Access
Read-Only Access
Full Access
For most integrations, Limited Access is recommended.
Configuring Limited Access
When Limited Access is selected, the available API endpoint categories appear below the token settings.
You can:
Search for an endpoint using the search field.
Select an entire endpoint category.
Expand a category to view its individual endpoints.
Select only the specific endpoints required by your integration.
Review the number of selected endpoints.
For example, selecting the Lists category may allow the integration to retrieve reference information such as supported providers, regions, packages, applications, and settings.
Only select the endpoint categories and operations that the integration needs.
Note:
The Create Access Token button remains unavailable until you enter a token name, select an expiration period, select a scope, and complete any required endpoint selection.
After reviewing the name, expiration period, scope, and selected endpoints, click Create Access Token.
The platform will generate the token and display a confirmation screen.
On the Access Token Created screen, click the copy icon next to the generated token.
Store the token immediately in a secure password manager, secrets-management system, or another protected location used by your organization.
After copying the token, select:
I have successfully copied the Access Token.
Then click Done.
Important:
The complete Access Token is displayed only once. After you close this screen, it cannot be viewed, retrieved, or regenerated.
If you lose the token, you must revoke it if necessary and create a new Access Token.
The platform does not display the complete token again to help prevent unauthorized access.
How to use an Access Token in the Cloudways API Playground
The Cloudways API Playground is an interactive browser-based interface where you can explore supported API endpoints and test API requests.
Step #1 - Open the API Playground:
Visit the Cloudways Platform API website and click Playground in the top navigation menu.
Step #2 - Open the authorization window:
On the Cloudways Platform API page, click Authorize.
Step #3 - Enter your Access Token:
In the authorization window, select the Access Token tab.
Paste the Access Token that you copied from the Cloudways Platform into the Access Token field.
Click Authorize.
After successful authorization, you can expand an API endpoint, provide any required information, and execute the request.
The API Playground will only allow operations covered by the permissions assigned to your token. For example, a Read-Only Access Token cannot perform API operations that create, update, or delete resources.
How to manage existing Access Tokens
The Access Token Details table provides an overview of the Access Tokens created for your account.
The table may display the following information:
Name
The descriptive name assigned when the token was created.
Scopes
The token’s permission level:
Limited Access
Read-Only Access
Full Access
Created
The approximate time when the token was created.
Last Used
The approximate time when the token was last used to access the Cloudways API.
If the token has not yet been used, this field displays Never.
Expires
The token’s expiration period or status.
Depending on its configuration, this field may display an expiration time, Never, or Expired.
Actions
The three-dot menu provides the available management options for the selected token.
Edit an Access Token
To edit an Access Token:
Locate the token in the Access Token Details table.
Click the three-dot menu beside it.
Select Edit.
Update the available token settings.
Confirm the changes.
Depending on the final platform implementation, editable settings may include the token name, expiration period, and scope.
Changing a token’s name does not change its token value.
View Limited Access scopes
The View Scopes option is available for tokens created with Limited Access.
To review the selected permissions:
Locate the Limited Access Token.
Click its three-dot menu.
Select View Scopes.
Review the endpoint categories and individual operations available to the token.
Use this option to confirm that an integration has only the access it requires.
Revoke an Access Token
Revoking a token permanently prevents it from authenticating with the Cloudways API.
To revoke a token:
Locate the token in the Access Token Details table.
Click the three-dot menu.
Select Revoke.
Review the confirmation warning.
Click Revoke Key to confirm.
Any application, script, or integration using the revoked token will immediately stop working.
Before revoking a token, confirm that it is no longer required or replace it in the connected integration with another valid token.
Access Token security recommendations
Follow these practices to keep your Cloudways account and integrations secure.
Create a separate token for each integration
Do not use one Access Token for multiple unrelated systems.
Separate tokens make it easier to identify usage, apply suitable permissions, and revoke access without interrupting other integrations.
Use Limited Access whenever possible
Only provide the endpoints required by the integration.
Avoid selecting Full Access for an integration that only needs to retrieve server or application information.
Use short expiration periods
For testing, temporary projects, and one-time integrations, select a short expiration period.
Long-lived tokens should be periodically reviewed and rotated according to your organization’s security policy.
Never share Access Tokens publicly
Do not include Access Tokens in:
Public Git repositories
Knowledge Base screenshots
Support tickets
Chat messages
Unsecured documents
Publicly accessible application files
Client-side website code
Treat an Access Token in the same way you would treat an account password.
Store tokens in a secure system
Store Access Tokens in a password manager, environment variable, encrypted secrets vault, or another secure credential-management system.
Avoid saving them as plain text.
Revoke unused or exposed tokens immediately
Revoke a token when:
An integration is no longer used.
A project has ended.
A team member or vendor no longer requires access.
The token may have been exposed.
The storage location has been compromised.
You cannot identify where the token is being used.
Legacy Cloudways API key deprecation
The legacy Cloudways API key provided broad account-level API access and did not support separate names, individual expiration periods, or granular scopes for different integrations.
Cloudways is replacing this method with Access Tokens to provide better control and security.
During the migration period, existing account owners may see both:
The new Access Token Details section.
Their existing API key marked as Deprecated.
The ability to regenerate the legacy API key may also be unavailable during this period.
Before the API key reaches end of life:
Identify every integration using the legacy API key.
Create a separate Access Token for each integration.
Select only the permissions required by that integration.
Replace the API key in the integration with the new Access Token.
Test the integration to confirm that it works correctly.
Remove the old API key from stored configurations after migration.
After the deprecation period ends, legacy API keys will be revoked. Any integration that has not been migrated may stop working.
How to Use the Cloudways API
Step #1 — Launch API
Log into the Cloudways Platform with your credentials and click on the bottom left menu icon and then click 'API Integration'.
Step #2 — Generate an API Key
On the next page, you will need to create an API Key. This API Key will be needed for you to authorize yourself to the API in order to use it. To do that, click on Generate Key.
Step #3 — Access API Documentation and Playground
Once the key is generated, click on it to copy and proceed to the next step.
You can also access API Documentation and API Playground right from here.
Once customers understand how to use the Cloudways API, it’s equally important to guide them on where they can access the API Documentation, explore the purpose of the API Playground, and learn how to use it to test requests safely before implementing them in real workflows.
Important Details
Important Details
API Secret Key:
If you ever wish to change your API Key, click on Regenerate Key. This will revoke your old Key, so please keep a note of your Key at a safe place to use it in the future.
API Documentation:
For details of the API and each of its end-points, the API Documentation is the authoritative source. It covers detailed specifications and documentation of the Platform API.
The Cloudways API is organized into several categories, helping you automate different areas of your Cloudways platform. Below is a brief overview of the features shown in the API documentation menu:
Lists:
Provides endpoints to retrieve predefined values used across the API, such as cloud providers, regions, plans, and other selectable parameters.
Server:
Includes endpoints to create, manage, and control your servers. You can perform actions like launching a server, checking server details, and managing server operations.
Server Management:
Contains advanced controls for server-level operations, such as scaling resources, restarting services, monitoring usage, and managing settings.
Service:
Allows you to manage specific services running on your servers—such as Apache, Nginx, PHP-FPM, MySQL—by starting, stopping, and restarting them through API requests.
Application:
Covers all operations related to your applications. You can create applications, retrieve app details, manage settings, perform backups, and trigger deployment actions.
Authentication:
Provides endpoints for generating and validating your API access tokens. This is required before making authorized requests to the Cloudways API.
Projects:
Enables you to organize your servers and applications into projects. You can create, update, delete, and retrieve projects via API.
Git:
Contains endpoints for managing Git deployments, allowing you to link repositories, pull changes, and automate code updates on your applications.
CloudwaysBot:
Allows you to interact with CloudwaysBot settings using the API. This includes retrieving notifications, managing channels, and customizing alert preferences.
App Management:
Focuses on day-to-day app controls such as domain management, cron job management, SSL installation, and general application configurations.
Security:
Provides endpoints for whitelist/blacklist IP management and controlling access lists for enhanced server and application security.
Operation:
Includes system-level operational endpoints used for performing certain platform actions, retrieving logs, and triggering maintenance or utility tasks.
API Playground:
This is an online, in-browser playground for interacting with the API. This is by far the best way to become familiar with the API and test-friendly waters.
Please note that while we call it the Playground, any actions performed on the playground will be performed against your main account with which you will authenticate.
You will have to be careful which end-points you call on which of your servers. The safest path would be to use a test server under your account for this.
Refer to the following Step #4 to understand how to use the API Playground.
Important:
Please note that Cloudways API rate limit is 100 requests per minute.
Step #4 — Use the API Playground to Become Familiar With the API
In this step, click on the Authorize button on the top right corner and enter your registered Cloudways account email ID and the API Key you copied in Step #3.
The API Playground will make it very easy for you to test out different API end-points and observe how they behave.
You will also find helpful examples of each API endpoint call. Once you have become familiar and comfortable with the API, you can dive deep into the API Documentation and begin coding up your programs to use the Platform API.
API Access for Team Members
API access is only available to the primary account owner on Cloudways. The API Integration menu option is not accessible from team member accounts, even if the team member has full access to other areas of the platform.
This restriction is in place for security reasons. An API key provides account-level permissions similar to the primary account owner, and currently, API access cannot be limited for specific team members or restricted to certain actions. Therefore, only the primary account owner can generate and use Cloudways API keys.
Important:
If a team member gets access to the primary account owner’s API key, they may be able to perform account-level actions through the API. For this reason, API keys should be kept secure and shared only with trusted users when absolutely necessary.
Frequently Asked Questions
Can I create more than one Access Token?
Yes. You can create multiple Access Tokens and use a separate token for each application, automation process, or third-party integration.
Can I view an Access Token again after creating it?
No. The complete token is displayed only once during creation. Copy and securely store it before closing the confirmation screen.
Can a lost Access Token be regenerated?
No. Access Tokens cannot be regenerated. Create a new token and update the affected integration with the new value. You may also revoke the previous token if it is no longer required or may have been exposed.
What is the difference between Limited Access and Read-Only Access?
Limited Access allows you to select specific API endpoints and may include both read and modification operations. Read-Only Access allows the integration to retrieve information but prevents it from changing Cloudways resources.
When should I use Full Access?
Use Full Access only when the integration requires all supported API operations. Limited Access is safer for integrations that need only specific functionality.
What happens when an Access Token expires?
The token can no longer authenticate with the Cloudways API. Applications using it will begin receiving authorization errors until they are updated with a valid token.
What happens when I revoke a token?
The token becomes invalid immediately. Any integration using it will stop communicating with the Cloudways API.
Will revoking one token affect my other tokens?
No. Each Access Token is managed independently. Revoking one token does not revoke or modify the others.
Can I use an Access Token in the API Playground?
Yes. Open the Cloudways API Playground, click Authorize, select the Access Token tab, paste your token, and complete the authorization.
Can I continue using my existing API key?
Existing users can continue using the legacy API key during the announced transition period. However, you should migrate all active integrations to Access Tokens before the API key retirement date.
That’s it! We hope this article was helpful.
Need Help?
If you need assistance, feel free to:
Visit the Cloudways Support Center
Chat with us: Need a Hand > Send us a Message
Or create a support ticket anytime.
We're here 24/7 to help you!










