Skip to main content

Authentication

Zentake authenticates every API request with a pair of API Keys sent as headers. That's it. There is no OAuth flow, no bearer token, and no session cookie. If something you're integrating with expects an OAuth client ID/secret exchange or a token endpoint, it doesn't apply here.

The two headers

HeaderValue
X-API-KEYYour team's unique identifier (a UUID)
X-API-SECRETYour team's API secret key

Both headers are required on every request. Missing either one returns 401 Unauthorized; sending a key/secret pair that doesn't match returns 403 Forbidden. See Errors for the exact response bodies.

Keep your secret out of client-side code

X-API-SECRET is a bearer credential for your whole team's data, including PHI. Call the Zentake API from your backend, not from a browser or mobile app where the secret would be exposed.

Example request

curl --request GET \
--url https://api.app.zentake.com/v2/patients \
--header 'Content-Type: application/json' \
--header 'X-API-KEY: <your_api_key>' \
--header 'X-API-SECRET: <your_api_secret>'

Every endpoint lives under https://api.app.zentake.com/v2, see the API Reference for the full path list.

Sandbox vs. production credentials

Sandbox and Production credentials are different key pairs, a sandbox X-API-KEY will not authenticate against production, and vice versa. Get both from Settings > API Credentials in the Zentake dashboard, toggling the environment switch to pick which pair you're viewing. Full details, including sandbox's limits and data isolation, are on the Sandbox page.

Where to get credentials

  1. Log in to the Zentake dashboard.
  2. Go to Settings > API Credentials.
  3. Toggle the Sandbox / Production switch to the environment you want keys for.
  4. Copy the X-API-KEY and X-API-SECRET shown there.

Next steps

  • Sandbox. Test without touching production data.
  • Environments. The full sandbox vs. production comparison and the X-Zentake-Environment response header.
  • Rate limits. Sandbox and production request limits.