Authentication

Every request must be authenticated with an API key sent in the Authorization header.

Base URL

All requests go to the versioned base URL:

text
https://api.zyron.pro/api/v1

API keys

Keys are prefixed with zyr_ so they are easy to recognize in logs and secret stores, for example zyr_xxxxxxxxxxxxxxxxxxxxxxxx.

Keys are issued by the Zyron team

Authorization header

Send your key as a Bearer token on the Authorization header:

http
Authorization: Bearer zyr_xxxxxxxxxxxxxxxxxxxxxxxx

Alternatively, you may send the key on the X-API-Key header. Use one or the other — the Bearer header is recommended.

http
X-API-Key: zyr_xxxxxxxxxxxxxxxxxxxxxxxx

Authenticated request

bash
curl https://api.zyron.pro/api/v1/key \
  -H "Authorization: Bearer zyr_xxxxxxxxxxxxxxxxxxxxxxxx"

Keep your key secret

  • Treat keys like passwords. Anyone with your key can consume your rate limit.
  • Use keys from a trusted server environment. Do not embed a key in client-side JavaScript, a mobile app bundle, or a public repository.
  • Store keys in environment variables or a secrets manager, never in source control.

Unauthorized requests are rejected