Authentication
The Zandovi API authenticates every request with an API key sent in the X-Api-Key header. Keys are scoped to a single workspace (organization) and inherit that workspace’s plan and quota.
Getting an API key
Section titled “Getting an API key”- Sign in to the app and open Settings → API Keys.
- Enter a Key name (e.g. Production, Newsletter Service) and click Create key.
- Copy the key from the “Key created — copy it now” banner. It is shown only once and never again.
See API Keys for the full in-app walkthrough, including the 5-key limit and per-key usage.
Sending the key
Section titled “Sending the key”Add the X-Api-Key header to every request:
X-Api-Key: your_api_keyExample with curl:
curl https://app.zandovi.com/api/v1/projects \ -H "X-Api-Key: $ZANDOVI_API_KEY"A missing or invalid key returns 401 Unauthorized with an application/problem+json body.
Scope & isolation
Section titled “Scope & isolation”- A key can only access templates and projects in its own workspace.
- Across a workspace, a key can read its owner’s private and shared templates, plus templates shared by other members. Private templates belonging to other members are not accessible.
- Keys do not carry per-endpoint permission scopes — any valid key for a workspace can call any public endpoint that workspace is entitled to.
Revoking a key
Section titled “Revoking a key”Open Settings → API Keys, click the delete (trash) icon next to a key, and confirm. Revoked keys stop working immediately. Rotate keys by creating a new one, updating your integration, then deleting the old key.
Each key shares its workspace’s monthly render quota. Generation responses include X-Quota-Limit, X-Quota-Remaining, and X-Quota-Reset headers so you can track consumption — see Errors, quotas & rate limits.