Authentication
How to authenticate to the Zenode API with a Bearer token, what scopes mean, and how live vs. test keys behave.
Every request must include your API key as a Bearer token:
HTTP
1Authorization: Bearer zk_live_xxxxxxxxxxxxxxxxxxxxxxxxKeys are issued per project. The prefix encodes the environment:
zk_live_…— production data and billing.zk_test_…— for development and CI.
Treat keys as secrets. Send them only from server-side code, never from a browser or mobile client, and never commit them to source control.
Scopes
Each key carries one or more scopes. An endpoint lists the scope it needs in its reference page.
| Scope | Grants |
|---|---|
parts:read | Part matching, catalog search, part/manufacturer lookups, pricing data |
ai:run | AI discovery and AI deep-dive endpoints (and their jobs) |
ai:run is separate so AI access can be granted and metered independently of data access.
Errors
| Status | Meaning |
|---|---|
401 | Missing or invalid key (authentication_error) |
403 | Valid key, but it lacks the scope the endpoint needs (permission_error) |
See Errors for the full error envelope.
Next
- Make your first call
- Rate limits & usage — tiers, metering, and quotas