Skip to main content
Conventions

Authentication

The Qoder Cloud Agents API authenticates via PAT (Personal Access Token). Every API request must carry a valid PAT in the HTTP header.

How to get a PAT

  1. Sign in to the Qoder CN console.
  2. Go to Settings > API Tokens.
  3. Click Create Token, then set a name and permission scopes.
  4. Copy the generated token (shown only once, keep it safe).
A PAT uses the pt- prefix, for example pt-your-token-here. Never commit tokens to source control or share them publicly.

Bearer header format

Pass the PAT in the Authorization header of every request using the Bearer scheme:
Authorization: Bearer pt-your-token-here

Full request example:
# List agents
curl -s "https://api.qoder.com.cn/api/v1/cloud/agents" \
  -H "Authorization: Bearer $QODER_PAT"

We recommend storing the PAT as an environment variable instead of hard-coding it:
# Add to ~/.bashrc or ~/.zshrc
export QODER_PAT="pt-your-token-here"

# Verify the configuration
curl -s "https://api.qoder.com.cn/api/v1/cloud/agents?limit=1" \
  -H "Authorization: Bearer $QODER_PAT"

Security best practices

  • Create separate PATs for different environments (development / testing / production).
  • Rotate tokens on a regular schedule.
  • Grant tokens only the scopes they actually need (least privilege).
  • Immediately revoke any compromised token from the console.
Guides
Tutorials
API Reference