Skip to main content
The Zerops REST API uses Bearer token authentication to secure all API requests. You’ll need to generate a Personal Access Token from the Zerops GUI and include it in your API requests.

Personal Access Tokens

Personal Access Tokens allow you to securely access Zerops programmatically. You can create and manage multiple tokens for different applications or purposes.

Creating a Token

  1. Log in to the Zerops GUI
  2. Navigate to Access Token management
  3. Click “Generate a new access token”
  4. Copy and securely store your token (it will only be shown once)
Keep your access tokens secure and never commit them to version control. Treat them like passwords.

Managing Tokens

You can view and delete your access tokens at any time from the Access Token management page. Deleting a token will immediately revoke its access.

Using Access Tokens

Include your Personal Access Token in the Authorization header of your API requests using the Bearer authentication scheme: 
Authorization: Bearer <your-token>

Example Request

Here’s a complete example using cURL to authenticate and make a request: 
curl -X GET \
  https://api.app-prg1.zerops.io/api/rest/public/project \
  -H "Authorization: Bearer YOUR_PERSONAL_ACCESS_TOKEN" \
  -H "Content-Type: application/json"

Example with Different Languages

const axios = require('axios');

const token = 'YOUR_PERSONAL_ACCESS_TOKEN';
const baseURL = 'https://api.app-prg1.zerops.io/api/rest/public';

const client = axios.create({
  baseURL,
  headers: {
    'Authorization': `Bearer ${token}`,
    'Content-Type': 'application/json'
  }
});

// Make a request
client.get('/project')
  .then(response => console.log(response.data))
  .catch(error => console.error(error));

Authentication Errors

If authentication fails, you’ll receive one of the following error responses:
401 Unauthorized
error
The token is missing, invalid, or has been revoked. Check that you’re including the correct token in the Authorization header.
403 Forbidden
error
The token is valid but doesn’t have permission to access the requested resource.

Best Practices

  • Use environment variables or secure vault services
  • Never hardcode tokens in your source code
  • Don’t commit tokens to version control
  • Create new tokens periodically
  • Delete old or unused tokens
  • Use different tokens for different applications
  • Track which applications use which tokens
  • Immediately revoke tokens if compromised
  • Review active tokens regularly

Next Steps

Explore API Endpoints

Now that you know how to authenticate, explore the available API endpoints

Build docs developers (and LLMs) love

Get started for freeTalk to us