API Reference

The Partner API uses API keys to authenticate requests. You can get keys to our Sandbox and Production APIs by following the Onboarding and Go Live steps here

About keys

Security

Authentication to the API is performed via HTTP Bearer Auth. Provide your API key as the token value:

Authorization: Bearer YOUR_API_KEY

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Safeguarding

Your API keys carry many privileges - keep them secure! Do not share your API keys in publicly accessible places such as GitHub, client-side code etc.

If you suspect your key has been leaked outside of your organisation please notify us immediately and we will assist in key rotation.

Prefixes

Sandbox API Keys have the prefix CZSB01 and live mode API keys have the prefix CZ01.

This allows for easy identification of keys within codebases. For the security reasons discussed above you may wish to perform automated repository scanning for strings beginning with key prefixes.