Zelta/Documentation
GitHub

API Keys

Create and manage API keys for device authentication.

Creating an API Key

  1. Go to API Keys in the sidebar
  2. Click Create API Key
  3. Enter a name (e.g., "Production Devices")
  4. Click Create
  5. Copy the key immediately - it won't be shown again!

Key Format

API keys follow this format:

zk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • zk_ - Zelta key prefix
  • live_ - Environment indicator
  • xxxxx... - Random 32-character string

Using API Keys

Include the key in your device requests:

Header (Recommended)

X-API-Key: zk_live_xxxxxxxxxxxx

Bearer Token

Authorization: Bearer zk_live_xxxxxxxxxxxx

Key Security

  • Key Prefix: First 8 characters are stored for identification
  • Hash Storage: Only SHA-256 hash is stored (key can't be recovered)
  • Last Used: Track when key was last used
  • Revocation: Deactivate keys that may be compromised

Revoking Keys

To revoke an API key:

  1. Find the key in the list
  2. Click Revoke
  3. Confirm revocation

Revoked keys immediately stop working. Devices using that key will receive 401 errors.

Best Practices

  1. Use separate keys for development, staging, and production
  2. Rotate keys periodically especially after staff changes
  3. Name keys descriptively so you know what they're for
  4. Monitor usage for suspicious activity
  5. Don't embed in source code - use environment variables or secure storage

Rate Limits

API requests are counted per organization:

| Plan | Monthly Limit | |------|---------------| | Free | 10,000 | | Pro | 100,000 | | Enterprise | Unlimited |

Multiple Keys

You can create multiple API keys:

  • Different keys for different environments
  • Separate keys for different teams
  • Easy revocation without affecting others