Authentication
Zentake authenticates every API request with a pair of API Keys sent as headers. That's it. There is no OAuth flow, no bearer token, and no session cookie. If something you're integrating with expects an OAuth client ID/secret exchange or a token endpoint, it doesn't apply here.
The two headers
| Header | Value |
|---|---|
X-API-KEY | Your team's unique identifier (a UUID) |
X-API-SECRET | Your team's API secret key |
Both headers are required on every request. Missing either one returns
401 Unauthorized; sending a key/secret pair that doesn't match returns
403 Forbidden. See Errors for the
exact response bodies.
X-API-SECRET is a bearer credential for your whole team's data, including
PHI. Call the Zentake API from your backend, not from a browser or mobile app
where the secret would be exposed.
Example request
curl --request GET \
--url https://api.app.zentake.com/v2/patients \
--header 'Content-Type: application/json' \
--header 'X-API-KEY: <your_api_key>' \
--header 'X-API-SECRET: <your_api_secret>'
Every endpoint lives under https://api.app.zentake.com/v2, see the
API Reference for the full path list.
Sandbox vs. production credentials
Sandbox and Production credentials
are different key pairs, a sandbox X-API-KEY will not authenticate
against production, and vice versa. Get both from Settings > API
Credentials in the Zentake dashboard, toggling the environment switch to
pick which pair you're viewing. Full details, including sandbox's limits and
data isolation, are on the Sandbox page.
Where to get credentials
- Log in to the Zentake dashboard.
- Go to Settings > API Credentials.
- Toggle the Sandbox / Production switch to the environment you want keys for.
- Copy the
X-API-KEYandX-API-SECRETshown there.
Next steps
- Sandbox. Test without touching production data.
- Environments. The full
sandbox vs. production comparison and the
X-Zentake-Environmentresponse header. - Rate limits. Sandbox and production request limits.