Platform API
The CloudQuery Platform exposes a REST API that gives you full programmatic control over the platform. Nearly everything you can do in the CloudQuery Platform UI, you can do through the API — syncs, integrations, policies, alerts, users, reports, and more.
This means you can manage CloudQuery Platform the same way you manage other infrastructure: automate it, version-control it, drive it from CI/CD pipelines, and integrate it with your existing tooling.
Full interactive reference: Interactive API Reference ↗
Platform API vs CloudQuery API
CloudQuery has two separate APIs. It’s worth understanding the difference:
| Platform API | CloudQuery API | |
|---|---|---|
| What it controls | The CloudQuery Platform itself — syncs, users, policies, reports, alerts, integrations | CloudQuery Cloud account resources — billing, organizations, plugin registry |
| Base URL | https://<YOUR_PLATFORM_URL>/api | https://api.cloudquery.io |
| Auth | Platform API key | CloudQuery Cloud API key |
| Interactive docs | platform-multi-tenant-api-docs.cloudquery.io ↗ | api-docs.cloudquery.io ↗ |
If you’re managing your CloudQuery Platform deployment — running syncs, managing users, setting policies — you want the Platform API. This page covers the Platform API.
When to use the API
The Platform API is useful any time you want to manage CloudQuery Platform outside the UI:
- CI/CD automation — trigger syncs on a schedule or as part of a pipeline, check sync status, and fail builds when policies are violated
- Infrastructure as code — manage integrations, policies, alerts, and reports as versioned config rather than clicking through the UI
- User provisioning — automate onboarding and offboarding, sync users from your identity provider, assign roles programmatically
- Audit and compliance — pull audit logs into your SIEM or data warehouse, query compliance policy results programmatically
- Custom tooling — build internal dashboards, Slack bots, or scripts that surface CloudQuery data and trigger actions
Authentication
All API requests require an API key passed in the Authorization header:
Authorization: Bearer <YOUR_API_KEY>Create an API key in Organization Settings → API Keys. See API Keys for instructions.
API key roles
API keys are assigned a role that controls what they can access:
| Role | Access |
|---|---|
ci | CI/CD pipeline access — trigger syncs, check policy results |
general:read | Read-only access to syncs, assets, reports, and policies |
general:write | Read and write access to non-admin features |
admin:read | Read-only access including user and platform settings |
admin:write | Full access including user management, SSO configuration, and platform settings |
schema-only | Access to table schemas only |
Choose the least-privileged role for your use case. See API Keys for the full list and instructions.
Some features (such as the AI Query Writer) are only available in the UI and cannot be called via API.
Base URL
https://<YOUR_PLATFORM_URL>/apiReplace <YOUR_PLATFORM_URL> with your CloudQuery Platform deployment URL (e.g. cloudquery.mycompany.com).
Common use cases
Trigger a sync
Syncs are identified by name. POST to /syncs/<SYNC_NAME>/runs to start a new run:
curl -s -X POST \
-H "Authorization: Bearer <YOUR_API_KEY>" \
https://<YOUR_PLATFORM_URL>/api/syncs/<SYNC_NAME>/runsList syncs and check status
curl -s \
-H "Authorization: Bearer <YOUR_API_KEY>" \
https://<YOUR_PLATFORM_URL>/api/syncsFetch audit log entries
curl -s \
-H "Authorization: Bearer <YOUR_API_KEY>" \
"https://<YOUR_PLATFORM_URL>/api/audit-logs?per_page=50&page=1"List users
curl -s \
-H "Authorization: Bearer <YOUR_API_KEY>" \
https://<YOUR_PLATFORM_URL>/api/usersCreate a policy
curl -s -X POST \
-H "Authorization: Bearer <YOUR_API_KEY>" \
-H "Content-Type: application/json" \
-d '{"name": "My Policy", "query": "SELECT ..."}' \
https://<YOUR_PLATFORM_URL>/api/policiesFor the full list of endpoints, request/response schemas, and a live API explorer, see the Interactive API Reference ↗.
API categories
The Platform API is organized into the following categories:
| Category | What it covers |
|---|---|
syncs | Create, manage, trigger, and monitor sync jobs |
plugins | Manage installed integrations |
policies | Create and manage compliance policies and policy groups |
alerts | Configure alert rules, notification thresholds, and notification destinations |
audit-logs | Query the audit log for user and API activity |
rbac | Manage roles and permissions |
users | Provision and manage user accounts |
teams | Manage team membership and settings |
reports | Access and manage reports and report templates |
queries | Manage saved SQL queries, filters, and tags |
custom-columns | Create custom columns on asset tables |
admin | Platform-wide settings, SAML SSO, and user administration |
healthcheck | Platform health and version info |
Common patterns
Pagination
Most list endpoints support per_page and page query parameters:
curl -s \
-H "Authorization: Bearer <YOUR_API_KEY>" \
"https://<YOUR_PLATFORM_URL>/api/audit-logs?per_page=100&page=1"Error responses
The API returns standard HTTP status codes. Error bodies follow this structure:
{
"message": "Description of the error",
"status": 404
}Next steps
- API Keys — create and manage API keys
- Audit Log — track API usage
- Policies — manage compliance policies via API
- User Management — provision users and manage roles
- Interactive API Reference ↗ — complete interactive documentation