Skip to main content
Service accounts are non-human identities that give your automation and integrations authenticated access to Cloud.Red without tying credentials to a person. Each service account is issued a client_id and secret for use with OAuth 2.0 client credentials grant.
You must be an Account Admin to create, delete, or rotate secrets for service accounts.

Create a Service Account

  1. In the Cloud.Red portal, open Settings → Service Accounts.
  2. Click Create.
  3. Enter a unique name for the service account.
  4. Click Confirm.
The client_id and secret are displayed once. Copy the secret now — it cannot be retrieved again.
The secret is shown only at creation time and is never stored by Cloud.Red. If you lose it, rotate it immediately using Reset Secret.

Get a Bearer Token

Use the client credentials grant to exchange your client_id and secret for a short-lived bearer token: 
curl -X POST \
  https://auth.cloud.red/realms/<tenant>/protocol/openid-connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=<client_id>" \
  -d "client_secret=<secret>"
The response contains an access_token. Pass it as a Bearer token in the Authorization header for subsequent API calls. 
curl https://<tenant>.portal.cloud.red/api/v1/... \
  -H "Authorization: Bearer <access_token>"

Rotate a Secret

If a secret is compromised or lost, rotate it to invalidate the old one immediately.
  1. Open Settings → Service Accounts.
  2. Find the service account and click Reset Secret.
  3. Copy the new secret — it is shown once.
The old secret stops working as soon as the new one is issued.

Delete a Service Account

  1. Open Settings → Service Accounts.
  2. Find the service account and click Delete.
Deletion is immediate. Any tokens minted from this service account stop working at their next validation check.

Limits

LimitValue
Service accounts per account25
NamesMust be unique within the account
Default roleView
Service accounts start with the View role. Use the standard permissions UI to grant additional access to specific devices or device groups.