Skip to content

Authentication

The Zandovi API authenticates every request with an API key sent in the X-Api-Key header. Keys are scoped to a single workspace (organization) and inherit that workspace’s plan and quota.

  1. Sign in to the app and open Settings → API Keys.
  2. Enter a Key name (e.g. Production, Newsletter Service) and click Create key.
  3. Copy the key from the “Key created — copy it now” banner. It is shown only once and never again.

See API Keys for the full in-app walkthrough, including the 5-key limit and per-key usage.

Add the X-Api-Key header to every request:

X-Api-Key: your_api_key

Example with curl:

Terminal window
curl https://app.zandovi.com/api/v1/projects \
-H "X-Api-Key: $ZANDOVI_API_KEY"

A missing or invalid key returns 401 Unauthorized with an application/problem+json body.

  • A key can only access templates and projects in its own workspace.
  • Across a workspace, a key can read its owner’s private and shared templates, plus templates shared by other members. Private templates belonging to other members are not accessible.
  • Keys do not carry per-endpoint permission scopes — any valid key for a workspace can call any public endpoint that workspace is entitled to.

Open Settings → API Keys, click the delete (trash) icon next to a key, and confirm. Revoked keys stop working immediately. Rotate keys by creating a new one, updating your integration, then deleting the old key.

Each key shares its workspace’s monthly render quota. Generation responses include X-Quota-Limit, X-Quota-Remaining, and X-Quota-Reset headers so you can track consumption — see Errors, quotas & rate limits.