Authentication

You'll need to authenticate your requests to access any of the endpoints in the TimeZest API. In this guide, we'll look at how authentication works.

API Keys

To access the TimeZest API, you'll need to create an API key. Any TimeZest administrator can create an API key in the API Keys page in TimeZest. You can create any number of API keys, and each API key can be designated as either a read-only or a read/write API key.

Read-only API keys can only read data from the TimeZest API. Any request that attempts to modify data using a read-only API key will be rejected with an error message.
Read/write API keys have full access to the TimeZest API, and can both read and modify data.

You can create as many API keys you need, and we recommend generating a new API key for each individual use you make. This way, if an API key is compromised, you can delete the API key without affecting other systems.

Do not publish your API key, or commit it to source control. You can revoke an API key by deleting it in the API Keys page, and it will immediately become invalid.

Authentication with an API key

All requests to the API need to be authenticated using an API key. This is done by using it as a Bearer token in the Authorization HTTP header in each request.

Here's how to add the token to the request header using cURL:

Example request with API key

curl https://api.timezest.com/v1/scheduling_requests \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <API Key>"

Always keep your token safe and reset it if you suspect it has been compromised.