API Authentication

The Zenovay API uses API keys for authentication. All API requests must include a valid API key.

Getting Your API Key

1. Log in to your Zenovay dashboard
2. Navigate to Settings > API Keys
3. Click Create New API Key
4. Give your key a descriptive name
5. Copy the generated key (it will only be shown once)

Using API Keys

Include your API key in the X-API-Key header of every request:

curl -X GET "https://api.zenovay.com/api/external/v1/websites" \
-H "X-API-Key: YOUR_API_KEY" \
-H "Content-Type: application/json"

Bearer Token Authentication

As an alternative to the X-API-Key header, you can authenticate using the standard Authorization: Bearer header:

curl -X GET "https://api.zenovay.com/api/external/v1/websites" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"

Both methods use the same API key. Choose whichever fits your application or HTTP client best.

JavaScript Example

const apiKey = process.env.ZENOVAY_API_KEY;

const response = await fetch('https://api.zenovay.com/api/external/v1/websites', {
headers: {
  'X-API-Key': apiKey,
  'Content-Type': 'application/json'
}
});

const data = await response.json();

API Key Scopes

API keys can have different permission levels:

Read - View analytics data and website configuration
Write - Modify website settings and configuration
Admin - Full access including user management

Rate Limiting

Security Best Practices

• Never commit API keys to version control
• Use environment variables to store keys
• Rotate keys regularly
• Create separate keys for different environments (dev, staging, prod)
• Delete unused keys immediately

Common Errors