Authentication & API Keys

Authentication & API Keys


All ZipZign API requests must be authenticated with an API key.


Getting your API key


  1. Log in to your ZipZign dashboard
  2. Navigate to Settings → API Keys
  3. Click Create new key
  4. Copy the key — it is only shown once


Using your API key


Pass the key in the Authorization header on every request:


curl https://zipzign.com/api/documents \
  -H "Authorization: Bearer YOUR_API_KEY"


In JavaScript:


const response = await fetch('https://zipzign.com/api/documents', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ /* ... */ })
});


Key security best practices


  • Never commit API keys to source control. Use environment variables.
  • Store keys in .env files locally, and in your hosting provider's secret management in production.
  • Rotate keys immediately if compromised — delete the old key in the dashboard.
  • Each key is tied to your account and plan limits.


Environment variable pattern


# .env
ZIPZIGN_API_KEY=zz_live_abc123...


// usage
const apiKey = process.env.ZIPZIGN_API_KEY;


Key types


Key prefix

Environment

zz_live_

Production — sends real emails, counts against plan quota

zz_test_

Sandbox — free, no emails, docs auto-deleted after 24 hours


See Sandbox Mode for details on developing with test keys.


Error responses


Status

Meaning

401 Unauthorized

Missing or invalid API key

403 Forbidden

Key valid but lacks permission (e.g., wrong account) 


{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

Updated on: 16/04/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!