Developer-friendly & type-safe C# SDK specifically catered to leverage the Cloudinary Account Provisioning API.
Cloudinary Account Provisioning API: Accounts with provisioning API access can create and manage their product environments, users and user groups using the RESTful Provisioning API.
Provisioning API access is available upon request for accounts on an Enterprise plan.
The API uses Basic Authentication over HTTPS. Your Account API Key and Account API Secret (previously referred to as Provisioning API keys) are used for the authentication. These credentials (as well as your ACCOUNT_ID) are located in the Cloudinary Console under Settings > Account API Keys.
The Provisioning API has dedicated SDKs for the following languages:
Useful links:
- Provisioning API reference (Classic) (includes SDKs for additional languages)
Accounts with Permissions API access can assign roles, made up of system policies, to control what principals (users, groups, and API keys) can do across the Cloudinary account and product environments. For more information about Cloudinary roles and permissions, see the Role-based permissions guide.
Permissions API access is available upon request for accounts on an Enterprise plan.
The API uses Basic Authentication over HTTPS. Your Account API Key and Account API Secret (previously referred to as Provisioning API keys) are used for the authentication. These credentials (as well as your ACCOUNT_ID) are located in the Cloudinary Console under Settings > Account API Keys.
Important:
Cloudinary's Roles and Permissions Management is now available as a Beta. This is an early stage release, and while it's functional and ready for real-world testing, it's subject to change as we continue refining the experience based on what we learn, including your feedback. During the Beta period, core functionality is considered stable, though some APIs, scopes, or response formats may evolve.
How you can help:
- Use Roles and Permissions Management in real projects, prototypes, or tests.
- Share feedback, issues, or ideas with our support team.
Thank you for exploring this early release and helping us shape these tools to best meet your needs.
To add the NuGet package to a .NET project:
dotnet add package Cloudinary.Account.ProvisioningTo add a reference to a local instance of the SDK in a .NET project:
dotnet add reference src/Cloudinary/Account/Provisioning/Cloudinary.Account.Provisioning.csprojusing Cloudinary.Account.Provisioning;
using Cloudinary.Account.Provisioning.Models.Components;
using Cloudinary.Account.Provisioning.Models.Requests;
var sdk = new CldProvisioning(
accountId: "<id>",
security: new Security() {
ProvisioningApiKey = "CLOUDINARY_PROVISIONING_API_KEY",
ProvisioningApiSecret = "CLOUDINARY_PROVISIONING_API_SECRET",
}
);
GetProductEnvironmentsRequest req = new GetProductEnvironmentsRequest() {
Enabled = true,
Prefix = "product",
};
var res = await sdk.ProductEnvironments.ListAsync(req);
// handle responseThe SDK loads credentials and configuration automatically from environment variables. The simplest way to configure the SDK is to set the CLOUDINARY_ACCOUNT_URL environment variable:
export CLOUDINARY_ACCOUNT_URL=account://<PROVISIONING_API_KEY>:<PROVISIONING_API_SECRET>@<ACCOUNT_ID>This single URL provides all three required values. You can find these credentials in the Cloudinary Console under Settings > Account API Keys.
Alternatively, you can set each value individually:
| Environment Variable | Description |
|---|---|
CLOUDINARY_ACCOUNT_URL |
Account URL (recommended — provides all values below) |
CLOUDINARY_PROVISIONING_API_KEY |
Account API Key |
CLOUDINARY_PROVISIONING_API_SECRET |
Account API Secret |
CLOUDINARY_ACCOUNT_ID |
Account ID |
Individual environment variables take precedence over values parsed from CLOUDINARY_ACCOUNT_URL.
When environment variables are set:
using Cloudinary.Account.Provisioning;
var sdk = new CldProvisioning(new SDKConfig(client: null));
var result = await sdk.ProductEnvironments.ListAsync();You can also pass credentials directly:
using Cloudinary.Account.Provisioning;
using Cloudinary.Account.Provisioning.Models.Components;
var sdk = new CldProvisioning(
security: new Security()
{
ProvisioningApiKey = "YOUR_API_KEY",
ProvisioningApiSecret = "YOUR_API_SECRET",
},
accountId: "YOUR_ACCOUNT_ID"
);This SDK supports the following security scheme globally:
| Name | Type | Scheme | Environment Variable |
|---|---|---|---|
ProvisioningApiKeyProvisioningApiSecret |
http | Custom HTTP | CLOUDINARY_PROVISIONING_API_KEYCLOUDINARY_PROVISIONING_API_SECRET |
You can set the security parameters through the security optional parameter when initializing the SDK client instance. For example:
using Cloudinary.Account.Provisioning;
using Cloudinary.Account.Provisioning.Models.Components;
using Cloudinary.Account.Provisioning.Models.Requests;
var sdk = new CldProvisioning(
security: new Security() {
ProvisioningApiKey = "CLOUDINARY_PROVISIONING_API_KEY",
ProvisioningApiSecret = "CLOUDINARY_PROVISIONING_API_SECRET",
},
accountId: "<id>"
);
GetProductEnvironmentsRequest req = new GetProductEnvironmentsRequest() {
Enabled = true,
Prefix = "product",
};
var res = await sdk.ProductEnvironments.ListAsync(req);
// handle responseAvailable methods
- List - Get access keys
- Generate - Generate an access key
- DeleteByName - Delete access key by name
- Update - Update an access key
- Delete - Delete access key
- Get - Get billing usage information
- List - Get custom policies
- Create - Create custom policy
- Get - Get custom policy
- Update - Update custom policy
- Delete - Delete custom policy
- List - Get effective policies
- ListRoles - Get a principal's roles
- UpdateRoles - Assign roles to a principal
- Inspect - Inspect
- InspectMultiple - Inspect multiple
- List - Get product environments
- Create - Create product environment
- Get - Get product environment
- Update - Update product environment
- Delete - Delete product environment
- GetCatalog - Get system roles and policies catalog
- ValidatePolicy - Validate a Cedar policy
- GetSchema - Get Cedar schema
- List - Get roles
- Create - Create custom role
- Get - Get role
- Update - Update custom role
- Delete - Delete custom role
- ListPrincipals - Get a role's principals
- UpdatePrincipals - Assign principals to a role
- List - Get system policies
A parameter is configured globally. This parameter may be set on the SDK client instance itself during initialization. When configured as an option during SDK initialization, This global value will be used as the default on the operations that use it. When such operations are called, there is a place in each to override the global value, if needed.
For example, you can set account_id to "<id>" at SDK initialization and then you do not have to pass the same value on calls to operations like List. But if you want to do so you may, which will locally override the global setting. See the example code below for a demonstration.
The following global parameter is available. Global parameters can also be set via environment variable.
| Name | Type | Description | Environment |
|---|---|---|---|
| accountId | string | Account ID | CLOUDINARY_ACCOUNT_ID |
using Cloudinary.Account.Provisioning;
using Cloudinary.Account.Provisioning.Models.Components;
using Cloudinary.Account.Provisioning.Models.Requests;
var sdk = new CldProvisioning(
accountId: "<id>",
security: new Security() {
ProvisioningApiKey = "CLOUDINARY_PROVISIONING_API_KEY",
ProvisioningApiSecret = "CLOUDINARY_PROVISIONING_API_SECRET",
}
);
GetProductEnvironmentsRequest req = new GetProductEnvironmentsRequest() {
Enabled = true,
Prefix = "product",
};
var res = await sdk.ProductEnvironments.ListAsync(req);
// handle responseCldProvisioningException is the base exception class for all HTTP error responses. It has the following properties:
| Property | Type | Description |
|---|---|---|
Message |
string | Error message |
StatusCode |
int | HTTP status code |
Headers |
HttpResponseHeaders | HTTP headers |
ContentType |
string? | HTTP content type |
RawResponse |
HttpResponseMessage | HTTP response object |
Body |
string | HTTP response body |
Some exceptions in this SDK include an additional Payload field, which will contain deserialized custom error data when present. Possible exceptions are listed in the Error Classes section.
using Cloudinary.Account.Provisioning;
using Cloudinary.Account.Provisioning.Models.Components;
using Cloudinary.Account.Provisioning.Models.Errors;
using Cloudinary.Account.Provisioning.Models.Requests;
var sdk = new CldProvisioning(
accountId: "<id>",
security: new Security() {
ProvisioningApiKey = "CLOUDINARY_PROVISIONING_API_KEY",
ProvisioningApiSecret = "CLOUDINARY_PROVISIONING_API_SECRET",
}
);
try
{
GetProductEnvironmentsRequest req = new GetProductEnvironmentsRequest() {
Enabled = true,
Prefix = "product",
};
var res = await sdk.ProductEnvironments.ListAsync(req);
// handle response
}
catch (CldProvisioningException ex) // all SDK exceptions inherit from CldProvisioningException
{
// ex.ToString() provides a detailed error message
System.Console.WriteLine(ex);
// Base exception fields
HttpResponseMessage rawResponse = ex.RawResponse;
HttpResponseHeaders headers = ex.Headers;
int statusCode = ex.StatusCode;
string? contentType = ex.ContentType;
var responseBody = ex.Body;
if (ex is ErrorResponse) // different exceptions may be thrown depending on the method
{
// Check error data fields
ErrorResponsePayload payload = ex.Payload;
Error Error = payload.Error;
}
// An underlying cause may be provided
if (ex.InnerException != null)
{
Exception cause = ex.InnerException;
}
}
catch (OperationCanceledException ex)
{
// CancellationToken was cancelled
}
catch (System.Net.Http.HttpRequestException ex)
{
// Check ex.InnerException for Network connectivity errors
}Primary exception:
CldProvisioningException: The base class for HTTP error responses.
Less common exceptions (4)
-
System.Net.Http.HttpRequestException: Network connectivity error. For more details about the underlying cause, inspect theex.InnerException. -
Inheriting from
CldProvisioningException:ErrorResponse: Bad request. Applicable to 26 of 47 methods.*PermissionsErrorResponse: Applicable to 18 of 47 methods.*ResponseValidationError: Thrown when the response data could not be deserialized into the expected type.
* Refer to the relevant documentation to determine whether an exception applies to a specific operation.
You can override the default server globally by passing a server index to the serverIndex: int optional parameter when initializing the SDK client instance. The selected server will then be used as the default on the operations that use it. This table lists the indexes associated with the available servers:
| # | Server | Variables | Description |
|---|---|---|---|
| 0 | https://{region}.cloudinary.com |
region |
Regional API endpoints for optimal performance. |
| 1 | https://{host} |
host |
Custom domains for enterprise deployments. |
If the selected server has variables, you may override its default values through the additional parameters made available in the SDK constructor:
| Variable | Parameter | Supported Values | Default | Description |
|---|---|---|---|---|
region |
region: Cloudinary.Account.Provisioning.Models.ServerRegion |
- "api"- "api-eu"- "api-ap" |
"api" |
Regional endpoint selection |
host |
host: string |
string | "api.cloudinary.com" |
API host domain. |
using Cloudinary.Account.Provisioning;
using Cloudinary.Account.Provisioning.Models.Components;
using Cloudinary.Account.Provisioning.Models.Requests;
var sdk = new CldProvisioning(
serverIndex: 0,
region: "api-ap",
accountId: "<id>",
security: new Security() {
ProvisioningApiKey = "CLOUDINARY_PROVISIONING_API_KEY",
ProvisioningApiSecret = "CLOUDINARY_PROVISIONING_API_SECRET",
}
);
GetProductEnvironmentsRequest req = new GetProductEnvironmentsRequest() {
Enabled = true,
Prefix = "product",
};
var res = await sdk.ProductEnvironments.ListAsync(req);
// handle responseThe default server can also be overridden globally by passing a URL to the serverUrl: string optional parameter when initializing the SDK client instance. For example:
using Cloudinary.Account.Provisioning;
using Cloudinary.Account.Provisioning.Models.Components;
using Cloudinary.Account.Provisioning.Models.Requests;
var sdk = new CldProvisioning(
serverUrl: "https://api.cloudinary.com",
accountId: "<id>",
security: new Security() {
ProvisioningApiKey = "CLOUDINARY_PROVISIONING_API_KEY",
ProvisioningApiSecret = "CLOUDINARY_PROVISIONING_API_SECRET",
}
);
GetProductEnvironmentsRequest req = new GetProductEnvironmentsRequest() {
Enabled = true,
Prefix = "product",
};
var res = await sdk.ProductEnvironments.ListAsync(req);
// handle responseThe C# SDK makes API calls using an ISpeakeasyHttpClient that wraps the native
HttpClient. This
client provides the ability to attach hooks around the request lifecycle that can be used to modify the request or handle
errors and response.
The ISpeakeasyHttpClient interface allows you to either use the default SpeakeasyHttpClient that comes with the SDK,
or provide your own custom implementation with customized configuration such as custom message handlers, timeouts,
connection pooling, and other HTTP client settings.
The following example shows how to create a custom HTTP client with request modification and error handling:
using Cloudinary.Account.Provisioning;
using Cloudinary.Account.Provisioning.Utils;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
// Create a custom HTTP client
public class CustomHttpClient : ISpeakeasyHttpClient
{
private readonly ISpeakeasyHttpClient _defaultClient;
public CustomHttpClient()
{
_defaultClient = new SpeakeasyHttpClient();
}
public async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken? cancellationToken = null)
{
// Add custom header and timeout
request.Headers.Add("x-custom-header", "custom value");
request.Headers.Add("x-request-timeout", "30");
try
{
var response = await _defaultClient.SendAsync(request, cancellationToken);
// Log successful response
Console.WriteLine($"Request successful: {response.StatusCode}");
return response;
}
catch (Exception error)
{
// Log error
Console.WriteLine($"Request failed: {error.Message}");
throw;
}
}
public void Dispose()
{
_httpClient?.Dispose();
_defaultClient?.Dispose();
}
}
// Use the custom HTTP client with the SDK
var customHttpClient = new CustomHttpClient();
var sdk = new CldProvisioning(client: customHttpClient);You can also provide a completely custom HTTP client with your own configuration:
using Cloudinary.Account.Provisioning.Utils;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
// Custom HTTP client with custom configuration
public class AdvancedHttpClient : ISpeakeasyHttpClient
{
private readonly HttpClient _httpClient;
public AdvancedHttpClient()
{
var handler = new HttpClientHandler()
{
MaxConnectionsPerServer = 10,
// ServerCertificateCustomValidationCallback = customCertValidation, // Custom SSL validation if needed
};
_httpClient = new HttpClient(handler)
{
Timeout = TimeSpan.FromSeconds(30)
};
}
public async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken? cancellationToken = null)
{
return await _httpClient.SendAsync(request, cancellationToken ?? CancellationToken.None);
}
public void Dispose()
{
_httpClient?.Dispose();
}
}
var sdk = CldProvisioning.Builder()
.WithClient(new AdvancedHttpClient())
.Build();For simple debugging, you can enable request/response logging by implementing a custom client:
public class LoggingHttpClient : ISpeakeasyHttpClient
{
private readonly ISpeakeasyHttpClient _innerClient;
public LoggingHttpClient(ISpeakeasyHttpClient innerClient = null)
{
_innerClient = innerClient ?? new SpeakeasyHttpClient();
}
public async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken? cancellationToken = null)
{
// Log request
Console.WriteLine($"Sending {request.Method} request to {request.RequestUri}");
var response = await _innerClient.SendAsync(request, cancellationToken);
// Log response
Console.WriteLine($"Received {response.StatusCode} response");
return response;
}
public void Dispose() => _innerClient?.Dispose();
}
var sdk = new CldProvisioning(client: new LoggingHttpClient());The SDK also provides built-in hook support through the SDKConfiguration.Hooks system, which automatically handles
BeforeRequestAsync, AfterSuccessAsync, and AfterErrorAsync hooks for advanced request lifecycle management.
This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.