Developer-friendly & type-safe PHP SDK for the Cloudinary Account Provisioning and Permissions APIs.
Cloudinary Account Provisioning API: Accounts with provisioning API access can create and manage their product environments, users and user groups using the RESTful Provisioning API.
Provisioning API access is available upon request for accounts on an Enterprise plan.
The API uses Basic Authentication over HTTPS. Your Account API Key and Account API Secret (previously referred to as Provisioning API keys) are used for the authentication. These credentials (as well as your ACCOUNT_ID) are located in the Cloudinary Console under Settings > Account API Keys.
The Provisioning API has dedicated SDKs for the following languages:
Useful links:
- Provisioning API reference (Classic) (includes SDKs for additional languages)
Accounts with Permissions API access can assign roles, made up of system policies, to control what principals (users, groups, and API keys) can do across the Cloudinary account and product environments. For more information about Cloudinary roles and permissions, see the Role-based permissions guide.
Permissions API access is available upon request for accounts on an Enterprise plan.
The API uses Basic Authentication over HTTPS. Your Account API Key and Account API Secret (previously referred to as Provisioning API keys) are used for the authentication. These credentials (as well as your ACCOUNT_ID) are located in the Cloudinary Console under Settings > Account API Keys.
Important:
Cloudinary's Roles and Permissions Management is now available as a Beta. This is an early stage release, and while it's functional and ready for real-world testing, it's subject to change as we continue refining the experience based on what we learn, including your feedback. During the Beta period, core functionality is considered stable, though some APIs, scopes, or response formats may evolve.
How you can help:
- Use Roles and Permissions Management in real projects, prototypes, or tests.
- Share feedback, issues, or ideas with our support team.
Thank you for exploring this early release and helping us shape these tools to best meet your needs.
The SDK relies on Composer to manage its dependencies.
To install the SDK and add it as a dependency to an existing composer.json file:
composer require "cloudinary/account-provisioning"declare(strict_types=1);
require 'vendor/autoload.php';
use Cloudinary\Account\Provisioning;
use Cloudinary\Account\Provisioning\Models\Components;
use Cloudinary\Account\Provisioning\Models\Operations;
$sdk = Provisioning\CldProvisioning::builder()
->setAccountId('<id>')
->setSecurity(
new Components\Security(
provisioningApiKey: 'CLOUDINARY_PROVISIONING_API_KEY',
provisioningApiSecret: 'CLOUDINARY_PROVISIONING_API_SECRET',
)
)
->build();
$request = new Operations\GetProductEnvironmentsRequest(
enabled: true,
prefix: 'product',
);
$response = $sdk->productEnvironments->list(
request: $request
);
if ($response->productEnvironmentsResponse !== null) {
// handle response
}This SDK supports the following security scheme globally:
| Name | Type | Scheme | Environment Variable |
|---|---|---|---|
provisioningApiKeyprovisioningApiSecret |
http | Custom HTTP | CLOUDINARY_PROVISIONING_API_KEYCLOUDINARY_PROVISIONING_API_SECRET |
You can set the security parameters through the setSecurity function on the SDKBuilder when initializing the SDK. For example:
declare(strict_types=1);
require 'vendor/autoload.php';
use Cloudinary\Account\Provisioning;
use Cloudinary\Account\Provisioning\Models\Components;
use Cloudinary\Account\Provisioning\Models\Operations;
$sdk = Provisioning\CldProvisioning::builder()
->setSecurity(
new Components\Security(
provisioningApiKey: 'CLOUDINARY_PROVISIONING_API_KEY',
provisioningApiSecret: 'CLOUDINARY_PROVISIONING_API_SECRET',
)
)
->setAccountId('<id>')
->build();
$request = new Operations\GetProductEnvironmentsRequest(
enabled: true,
prefix: 'product',
);
$response = $sdk->productEnvironments->list(
request: $request
);
if ($response->productEnvironmentsResponse !== null) {
// handle response
}Available methods
- list - Get access keys
- generate - Generate an access key
- deleteByName - Delete access key by name
- update - Update an access key
- delete - Delete access key
- get - Get billing usage information
- list - Get custom policies
- create - Create custom policy
- get - Get custom policy
- update - Update custom policy
- delete - Delete custom policy
- list - Get effective policies
- listRoles - Get a principal's roles
- updateRoles - Assign roles to a principal
- inspect - Inspect
- inspectMultiple - Inspect multiple
- list - Get product environments
- create - Create product environment
- get - Get product environment
- update - Update product environment
- delete - Delete product environment
- getCatalog - Get system roles and policies catalog
- validatePolicy - Validate a Cedar policy
- getSchema - Get Cedar schema
- list - Get roles
- create - Create custom role
- get - Get role
- update - Update custom role
- delete - Delete custom role
- listPrincipals - Get a role's principals
- updatePrincipals - Assign principals to a role
- list - Get system policies
A parameter is configured globally. This parameter may be set on the SDK client instance itself during initialization. When configured as an option during SDK initialization, This global value will be used as the default on the operations that use it. When such operations are called, there is a place in each to override the global value, if needed.
For example, you can set account_id to '<id>' at SDK initialization and then you do not have to pass the same value on calls to operations like list. But if you want to do so you may, which will locally override the global setting. See the example code below for a demonstration.
The following global parameter is available. Global parameters can also be set via environment variable.
| Name | Type | Description | Environment |
|---|---|---|---|
| accountId | string | Account ID | CLOUDINARY_ACCOUNT_ID |
declare(strict_types=1);
require 'vendor/autoload.php';
use Cloudinary\Account\Provisioning;
use Cloudinary\Account\Provisioning\Models\Components;
use Cloudinary\Account\Provisioning\Models\Operations;
$sdk = Provisioning\CldProvisioning::builder()
->setAccountId('<id>')
->setSecurity(
new Components\Security(
provisioningApiKey: 'CLOUDINARY_PROVISIONING_API_KEY',
provisioningApiSecret: 'CLOUDINARY_PROVISIONING_API_SECRET',
)
)
->build();
$request = new Operations\GetProductEnvironmentsRequest(
enabled: true,
prefix: 'product',
);
$response = $sdk->productEnvironments->list(
request: $request
);
if ($response->productEnvironmentsResponse !== null) {
// handle response
}Handling errors in this SDK should largely match your expectations. All operations return a response object or throw an exception.
By default an API error will raise a Errors\APIException exception, which has the following properties:
| Property | Type | Description |
|---|---|---|
$message |
string | The error message |
$statusCode |
int | The HTTP status code |
$rawResponse |
?\Psr\Http\Message\ResponseInterface | The raw HTTP response |
$body |
string | The response content |
When custom error responses are specified for an operation, the SDK may also throw their associated exception. You can refer to respective Errors tables in SDK docs for more details on possible exception types for each operation. For example, the list method throws the following exceptions:
| Error Type | Status Code | Content Type |
|---|---|---|
| Errors\ErrorResponse | 400, 401, 403, 404, 409, 420, 429 | application/json |
| Errors\APIException | 4XX, 5XX | */* |
declare(strict_types=1);
require 'vendor/autoload.php';
use Cloudinary\Account\Provisioning;
use Cloudinary\Account\Provisioning\Models\Components;
use Cloudinary\Account\Provisioning\Models\Errors;
use Cloudinary\Account\Provisioning\Models\Operations;
$sdk = Provisioning\CldProvisioning::builder()
->setAccountId('<id>')
->setSecurity(
new Components\Security(
provisioningApiKey: 'CLOUDINARY_PROVISIONING_API_KEY',
provisioningApiSecret: 'CLOUDINARY_PROVISIONING_API_SECRET',
)
)
->build();
try {
$request = new Operations\GetProductEnvironmentsRequest(
enabled: true,
prefix: 'product',
);
$response = $sdk->productEnvironments->list(
request: $request
);
if ($response->productEnvironmentsResponse !== null) {
// handle response
}
} catch (Errors\ErrorResponseThrowable $e) {
// handle $e->$container data
throw $e;
} catch (Errors\APIException $e) {
// handle default exception
throw $e;
}You can override the default server globally using the setServerIndex(int $serverIdx) builder method when initializing the SDK client instance. The selected server will then be used as the default on the operations that use it. This table lists the indexes associated with the available servers:
| # | Server | Variables | Description |
|---|---|---|---|
| 0 | https://{region}.cloudinary.com |
region |
Regional API endpoints for optimal performance. |
| 1 | https://{host} |
host |
Custom domains for enterprise deployments. |
If the selected server has variables, you may override its default values using the associated builder method(s):
| Variable | BuilderMethod | Supported Values | Default | Description |
|---|---|---|---|---|
region |
setRegion(Provisioning\ServerRegion region) |
- "api"- "api-eu"- "api-ap" |
"api" |
Regional endpoint selection |
host |
setHost(string host) |
string | "api.cloudinary.com" |
API host domain. |
declare(strict_types=1);
require 'vendor/autoload.php';
use Cloudinary\Account\Provisioning;
use Cloudinary\Account\Provisioning\Models\Components;
use Cloudinary\Account\Provisioning\Models\Operations;
$sdk = Provisioning\CldProvisioning::builder()
->setServerIndex(0)
->setRegion('api-ap')
->setAccountId('<id>')
->setSecurity(
new Components\Security(
provisioningApiKey: 'CLOUDINARY_PROVISIONING_API_KEY',
provisioningApiSecret: 'CLOUDINARY_PROVISIONING_API_SECRET',
)
)
->build();
$request = new Operations\GetProductEnvironmentsRequest(
enabled: true,
prefix: 'product',
);
$response = $sdk->productEnvironments->list(
request: $request
);
if ($response->productEnvironmentsResponse !== null) {
// handle response
}The default server can also be overridden globally using the setServerUrl(string $serverUrl) builder method when initializing the SDK client instance. For example:
declare(strict_types=1);
require 'vendor/autoload.php';
use Cloudinary\Account\Provisioning;
use Cloudinary\Account\Provisioning\Models\Components;
use Cloudinary\Account\Provisioning\Models\Operations;
$sdk = Provisioning\CldProvisioning::builder()
->setServerURL('https://api.cloudinary.com')
->setAccountId('<id>')
->setSecurity(
new Components\Security(
provisioningApiKey: 'CLOUDINARY_PROVISIONING_API_KEY',
provisioningApiSecret: 'CLOUDINARY_PROVISIONING_API_SECRET',
)
)
->build();
$request = new Operations\GetProductEnvironmentsRequest(
enabled: true,
prefix: 'product',
);
$response = $sdk->productEnvironments->list(
request: $request
);
if ($response->productEnvironmentsResponse !== null) {
// handle response
}This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.