Page cover image

Authentication

The API endpoints require a subdomain in the path. The subdomain is last part of a community url.

For example in https://zealy.io/cw/join the subdomain is join

The Zealy API uses API keys to authenticate requests. You can view and manage your API keys in the settings of your community.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

During the API key creation process, you need to define the scope of access for each key: either 'read-only', which can only access GET endpoints or 'read/write' that have full access to all available endpoints. Choose the level that best suits the needs of your application or integration, bearing in mind the principle of least privilege to minimize potential security risks.

The API key needs to be forwarded in the x-api-key header. Here is an example with axios in NodeJs.

await axios.get(
 "https://api-v2.zealy.io/api/communities/join/users/d353db69-137f-41df-b5f3-7b1d1e3d52bb",
  {
   headers: {
    "x-api-key": "c9b27evEJqYf1lvvU7ADFHHwiso"
   }
  })

Last updated

Was this helpful?