Skip to main content

Overview

API keys are required to access the ZKScore API. This guide covers creating, managing, rotating, and securing your API keys.

Creating API Keys

curl -X POST https://api-mainnet.onzks.com/api/v1/developer/keys \
  -H "Authorization: Bearer YOUR_AUTH_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production API Key",
    "permissions": ["read", "write"],
    "rateLimit": 1000
  }'

Best Practices

  1. Never Commit Keys: Keep API keys out of version control
  2. Use Environment Variables: Store keys in .env files
  3. Rotate Regularly: Change keys periodically
  4. Monitor Usage: Track API key usage
  5. Revoke Unused: Remove unused keys

Key Security

Secure Storage

// .env file
ZKSCORE_API_KEY=zk_prod_abc123xyz789

// Usage
const apiKey = process.env.ZKSCORE_API_KEY;