API Authentication

Generate API keys and authenticate your requests.

API Keys

Go to Profile → API Keys
Click Generate New Key
Copy the key — it's only shown once
Use it in the Authorization header

Authorization: Bearer zephly_sk_abc123...

Security

API keys are encrypted at rest using Fernet encryption
Each key is scoped to your account
Revoke keys instantly from the Profile page
Rate limited: 100 requests/minute per key

JWT tokens

For frontend integrations, you can also use JWT tokens from the auth endpoints:

POST /api/v1/auth/login
{
  "email": "you@example.com",
  "password": "your-password"
}

Response:
{
  "access_token": "eyJ...",
  "token_type": "bearer",
  "expires_in": 86400
}

Never expose API keys in client-side code. Use them only in server-side applications or secure environments.

Last updated: 2026-03-27

PreviousOverview Next Workflows