Authentication

All requests to the Zenode API require a bearer token. This guide covers how to get one, how to use it, and how to keep it safe.

Create an account

Accounts are managed at zenode.ai. Sign up there to get access to both the web tool and the API — the same account covers both.

Once you're signed in, head to the Dashboard → API Keys page to create your first key.

Create an API key

From the API Keys page:

1. Click New key
2. Give it a name (e.g. dev, production)
3. Copy the key — it is shown only once

API keys are prefixed with zn_. Zenode stores only a hash of your key, so if you lose it you'll need to create a new one.

Using your key

Pass your API key as a Bearer token in the Authorization header on every request:

curl "https://api.zenode.ai/v1/parts/search?mpn=LM358" \
  -H "Authorization: Bearer zn_your_api_key"

This applies to both the REST API and GraphQL:

curl -X POST https://api.zenode.ai/graphql \
  -H "Authorization: Bearer zn_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"query": "{ supSearchMpn(mpn: \"LM358\", limit: 3) { hits } }"}'

Missing or invalid keys return 401 Unauthorized.

Usage and billing

The API uses a dollar-based usage system — the same one that powers the zenode.ai web tool. Your balance is shared across both. You can monitor consumption and top up your balance from the Dashboard.

Pricing is usage-based and intentionally opaque at the per-call level. Think of it as a credit balance that depletes as you make requests. When your balance reaches $0, requests will return 402 Payment Required until you add more credits.

Security best practices

• Use a separate key per environment (local, staging, production)
• Rotate keys periodically
• Revoke any key you suspect has been compromised immediately

Revoking a key

Keys can be revoked instantly from the API Keys page. A revoked key returns 401 Unauthorized on the next request.