Authentication

Learn how to authenticate with Zellify's API and securely send/receive requests using API keys.

Overview

Zellify uses API key-based authentication to secure all API requests. Here's what you need to know:

Why API Key Authentication

API keys provide a simple yet secure way to authenticate your requests while offering:

Revocability: Instantly revoke compromised keys
Auditability: Track usage per key
Isolation: Use different keys for different environments
Control: Set specific permissions per key

What is Authentication?

Authentication in Zellify is implemented using industry-standard Bearer token authentication. This secure method ensures that:

API Security: Every request to our API is verified and protected
Identity Verification: We can accurately identify and authorize your application
Access Control: Different API keys can have different permission levels
Audit Trail: All API requests are logged and traceable to specific keys

Why is it required?

Authentication is crucial to protect sensitive data and ensure that only legitimate requests are processed. It helps prevent unauthorized access and potential security breaches.

Importance of Authentication

Authentication is crucial to protect sensitive data and ensure that only legitimate requests are processed. It helps prevent unauthorized access and potential security breaches.

API Keys

Each API key is a unique identifier that authenticates your requests to Zellify's API. Keys start with sk_ and should be kept secure.

Getting Started

Navigate to Dashboard → Settings → API Keys
Click "Generate New Key"
Save your key immediately (it won't be shown again)

Never expose API keys in client-side code or commit them to version control.

Using Your Key

Add your API key to request headers:

{
  'Authorization': 'Bearer YOUR_API_KEY'
}

Rate Limits:

100 requests per 60-second window
Blocked for 60 seconds when exceeded
Monitor via headers:

X-RateLimit-Limit-Api_Key    // Max requests
X-RateLimit-Remaining-Api_Key // Remaining requests
X-RateLimit-Reset-Api_Key    // Reset time (seconds)

Sending Authenticated Requests

Sending authenticated requests is straightforward. Follow these steps:

Get your API key from the dashboard

Navigate to the API keys section in the Zellify dashboard and generate a new key.

Add it to your request headers

Add the API key to the request headers.

Make your API request

Make your API request.

Below are examples of how to authenticate with our API in different programming languages. Each example shows the proper way to include your API key in the request headers:

// Initialize the request with proper headers
fetch("https://api.zellify.com/auth", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    // Include your API key in the Authorization header
    Authorization: "Bearer YOUR_API_KEY",
  },
});

# Set up the request headers with authentication
headers = {
    'Content-Type': 'application/json',

    // Include your API key in the Authorization header
    'Authorization': 'Bearer YOUR_API_KEY'
}

response = requests.post('https://api.zellify.com/auth', headers=headers)

import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;

// Create a new HTTP client instance
HttpClient client = HttpClient.newHttpClient();

// Build the request with authentication headers
HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.zellify.com/auth"))
    .header("Content-Type", "application/json")
    .header("Authorization", "Bearer YOUR_API_KEY")
    .POST(HttpRequest.BodyPublishers.noBody())
    .build();

// Send the request and get response
HttpResponse<String> response = client.send(request,
    HttpResponse.BodyHandlers.ofString());

import (
    "net/http"
)

func main() {
    // Create a new HTTP client
    client := &http.Client{}

    // Create a new request to the auth endpoint
    req, err := http.NewRequest("POST", "https://api.zellify.com/auth", nil)
    if err != nil {
        panic(err)
    }

    req.Header.Add("Content-Type", "application/json")
    req.Header.Add("Authorization", "Bearer YOUR_API_KEY")

    // Send the request
    resp, err := client.Do(req)
    if err != nil {
        panic(err)
    }
    defer resp.Body.Close()
}

Using cURL

For quick testing, you can use cURL to make authenticated requests:

curl -X POST https://api.zellify.com/auth \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer YOUR_API_KEY"

Securing your API Key

Do not expose keys in frontend

Never include API keys in client-side code or public repositories. Frontend code is accessible to anyone, making your keys vulnerable to exposure.

Rotate keys periodically

Regularly update your API keys as a security best practice. This minimizes the impact of potential key compromises and helps maintain security.

Use env variables for server-side storage

Store your API keys in environment variables on your server. This keeps them secure and separate from your application code.

Revoke compromised keys immediately

If you suspect a key has been compromised, revoke it immediately through the dashboard. This prevents unauthorized access to your account.

Error Handling

Error

Cause

Solution

401

Invalid or missing API key

Check key format and Bearer prefix

403

Insufficient permissions

Verify key has required access

429

Rate limit exceeded

Implement backoff & retry logic

For rate-limited requests, implement exponential backoff using the X-RateLimit-Reset-Api_Key header.

PreviousGetting Started with Zellify NextStripe

Last updated 14 days ago