Guides

Quickstart

From zero to your first authenticated call in five minutes.

1. 1. Create a developer account

   Sign up at app.cloudsealed.com. Every new tenant starts in sandbox mode with synthetic findings, so you can test without touching production data.

2. 2. Mint a Personal Access Token

   Go to Settings → Developer → Tokens. Pick scopes (findings:read and resources:read are enough to start). Tokens are shown exactly once — store them in your secret manager immediately.

3. 3. Call the API

   Hit GET https://api.cloudsealed.com/v1/findings with your token in the Authorization header. You'll receive a paginated list of forensic findings from your sandbox.

   cURL

   Copy

   curl https://api.cloudsealed.com/v1/findings \
     -H "Authorization: Bearer $CS_TOKEN" \
     -H "Accept: application/json"
   
   # Response
   {
     "data": [
       {
         "id": "fnd_8f3a2c1b",
         "severity": "critical",
         "dimension": "security",
         "resource_id": "res_aws_s3_42",
         "title": "Public S3 bucket exposing customer PII",
         "detected_at": "2026-06-06T14:22:11Z"
       }
     ],
     "next_cursor": "eyJpZCI6Imp..."
   }

4. 4. Subscribe to webhooks (optional)

   Register a public endpoint at Settings → Developer → Webhooks. Pick events (finding.created, audit.completed). Every payload is HMAC-SHA256 signed — verify before trusting.

5. 5. Promote to production

   Once your integration is solid in sandbox, request production access from your admin. Production tokens inherit your tenant's IP allowlist and SSO policy.