Skip to main content
The PlanD API uses Bearer token authentication and API key authentication to secure your requests. You must include authentication credentials in your requests to access the API.

Authentication Methods

  • Bearer Token
  • API Key
Include your Bearer token in the Authorization header:
Authorization: Bearer YOUR_JWT_TOKEN

curl -X GET "https://cloud-api.pland.app/v2/users" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json"
The Bearer token uses JWT (JSON Web Token) format as specified in the API security schemes.

API Servers

The PlanD API is available on multiple servers:

Production

https://cloud-api.pland.app/v2Production environment for live applications

Sandbox

https://beta-api.pland.app/v2Testing environment for development

Local Development

http://localhost:3000/v2Local development server

Getting API Keys

You can manage your API keys through the API itself:
1

List existing API keys

Use the GET /apiKeys endpoint to view your current API keys
GET /apiKeys?limit=10&offset=0
2

Create a new API key

Use the POST /apiKeys endpoint to generate a new API key
The API key is returned in clear text only once during creation
3

Store securely

Store your API key in environment variables or secure configuration
export PLAND_API_KEY="your_api_key_here"

User Authentication

For user login and authentication management:
  • User Login
  • SMS Authentication
  • Change Password
Authenticate users with username and password:
POST /auth/login

curl -X POST "https://cloud-api.pland.app/v2/auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "user@example.com",
    "password": "SecurePassword123",
    "type": "dashboard"
  }'

Testing Authentication

Verify your authentication is working correctly: 
curl -X GET "https://cloud-api.pland.app/v2/users" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Common Authentication Errors

Common causes:
  • Invalid or expired JWT token
  • Missing Authorization header
  • Invalid API key
Solutions:
  • Verify your token/key is correct
  • Check the header format matches the specification
  • Ensure the token hasn’t expired
Common causes:
  • Valid authentication but insufficient permissions
  • API key doesn’t have required access level
Solutions:
  • Check your account permissions
  • Verify the API key has the necessary scope
  • Contact your administrator for access

Security Best Practices

Environment Variables

Store credentials in environment variables, never in code
export PLAND_JWT_TOKEN="your_jwt_token_here"
export PLAND_API_KEY="your_api_key_here"

Token Management

Regularly rotate your API keys and monitor their usageUse the API key management endpoints to track active keys