Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cyberun.cloud/llms.txt

Use this file to discover all available pages before exploring further.

An integration credential (sk-...) is the general-purpose programmatic key for Cyberun. Use it from CI, scripts, partner integrations, and MCP clients.

Create the key

  1. In Cloud, open Access in the sidebar.
  2. Switch to the Integration tab.
  3. Click Create integration key.
  4. Name it after the integration it’ll serve — ci-prod-image-build, claude-code-personal, partner-acme-readonly. Names are visible to other team members.
  5. Optionally set an expiry (1–365 days). Leave blank for “never”.
  6. Click Create.
  7. Copy the sk-... value shown. Cloud does not show it again — only the prefix and a hash are stored after this screen closes.

Use the key

Send it as a Bearer token. The team is bound to the credential at issue time, so you don’t add an X-Team-ID header — it’s ignored for sk- keys. 
GET /api/v1/r/workflows HTTP/1.1
Host: core.cyberun.cloud
Authorization: Bearer sk-...
The runtime endpoints — the ones you’ll use from scripts and CI — live under the /api/v1/r/ prefix. The full surface is in the API reference.

cURL

curl https://core.cyberun.cloud/api/v1/r/workflows \
  -H "Authorization: Bearer sk-..."

JavaScript

const res = await fetch('https://core.cyberun.cloud/api/v1/r/workflows', {
	headers: {
		Authorization: `Bearer ${process.env.CYBERUN_KEY}`
	}
});
const { workflow_list } = await res.json();

Python

import os, httpx

r = httpx.get(
    "https://core.cyberun.cloud/api/v1/r/workflows",
    headers={
        "Authorization": f"Bearer {os.environ['CYBERUN_KEY']}",
    },
)
workflow_list = r.json()["workflow_list"]

The endpoints you’ll use most

Runtime API, all under /api/v1/r/. Full reference: API reference.
EndpointWhat it does
GET /r/workflowsList workflows visible to the team.
GET /r/workflows/{workflowId}Read a workflow’s parameters and label requirements.
POST /r/workflows/{workflowId}/runSubmit a task.
GET /r/tasks/{taskId}Read a task’s current state.
GET /r/tasks/{taskId}/events (SSE)Stream live progress events.
GET /r/tasks/{taskId}/resultFetch output metadata and presigned download URLs.
POST /r/tasks/{taskId}/cancelCancel a non-terminal task.
GET /r/agentsList the team’s agents and their status.
Some fields (per-agent system stats, member emails) appear in a reduced form when fetched via an integration key instead of a signed-in user — this is by design, so a leaked key reveals less about the team’s hardware and members than a user session would.

Rotate and revoke

  • Rotate: create the new key, switch your integration to it, then revoke the old one. Don’t revoke first — you’ll create a window of broken requests.
  • Revoke: Access → Integration, click Revoke on the row. Effective immediately; the next request returns 401.

Best practices

  • One key per integration. Sharing a key across three systems means you can’t revoke one without breaking the others.
  • Never paste keys into shared notes, screenshots, or commits. Use a secret manager.
  • Use the shortest expiry that still covers the use case. Long-lived keys accumulate exposure risk.
  • Match the team to the principle of least privilege — a script that only touches Team A should hold a Team A key, not your personal admin key for an organization-wide team.
  • Credentials — the full key family (integration sk-, device dk-, agent ak-).
  • Connect via MCP — use this key with an AI client (Claude Code, Cursor, Windsurf, …) instead of writing HTTP calls yourself.
  • Webhooks — get notified when tasks finish rather than polling.