Skip to content

Authentication ‚Äč


This documentation is work in progress and subject to change. If you have any questions or feedback, please reach out to us via Support.

Zetl API uses private key to authenticate all requests. Your private key is unique to your organisation, please talk to your Zetl contact if you do not yet have a private key.

Your private key is sensitive information and should be stored securely.

  1. Store your API keys in a secure location such as a password manager or encrypted file. Make sure only authorised personnel have access to the location where the keys are stored.

  2. Avoid hard-coding your private key into your code. Instead, use environment or CI/CD variables to store your keys. Don't share your private key in publicly accessible sites such GitHub.

Use the Authorization header to authenticate your requests.

GET /v1/customers HTTP/1.1
Authorization: Bearer <your-private-key>
curl --request GET \
  --url '' \
  --header 'Authorization: Bearer <your-private-key>'

All requests must be performed over HTTPS. Calls performed over plain HTTP will fail. API requests without authentication will also fail.