Authentication

JWT tokens are used by the Zaki-Pass dashboard and web applications. They are obtained by logging in with email and password, and expire after a set period. Use the refresh token to get a new access token without re-authenticating.

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

# Login to get tokens
curl -X POST https://api.zakipass.com/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "admin@example.com",
    "password": "your_password"
  }'

# Use the access token
curl https://api.zakipass.com/api/v1/templates \
  -H "Authorization: Bearer eyJhbGciOi..."

API keys are designed for server-to-server integration. They are created from the Zaki-Pass dashboard Settings page and provide scoped access to specific API endpoints. API keys use the X-API-Key header.

• • Prefix: zk_ followed by a 32-character unique identifier
• • Scoped: Each key can be restricted to specific permissions
• • Expirable: Optionally set an expiration date
• • Trackable: All API key usage is logged with request details

X-API-Key: zk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

curl https://api.zakipass.com/api/v1/passes \
  -H "X-API-Key: zk_your_key_here"