Zorus API QuickStart

Overview of Setting Up and Accessing APIs: QuickStart Guide

Access & Authentication | API Key Management 

Access & Authentication


For detailed instructions and endpoint descriptions, please refer to the API Documentation provided here: https://developer.zorustech.com/api/docs

To utilize the API, it is essential to specify the root URL that encompasses all API endpoints, including the protocol, domain name, or IP address of the API server. The baseUrl parameter serves to define this root URL, enabling centralized configuration of the API server address:

  • baseUrl: https://developer.zorustech.com


To authenticate API requests, you must generate an API Token from the Zorus Portal. This token is essential for authorizing the APIs.

Note: Generating an API Token requires System Administrator permissions in the Zorus Portal.

  1. Token Generation: https://portal.zorustech.com/integrations/api-keys
  2. Once you have obtained the API Token, you need to include it in the Authorization header of your API requests. The API Key impersonates a specific user, so the header must follow this format:
    1. Header Key: Authorization
    2. Header Value: Impersonation apiKey
  3. Replace apiKey with the actual API Key you received from the Portal.

Here’s an example of what the Authorization header should look like:

Authorization: Impersonation abc123xyz456

This format ensures that the API recognizes and authenticates your requests properly, allowing you to perform actions on behalf of the impersonated user.

Including the API Key in a .json File

When working with tools like Postman, the API Key Header is already included in the .json configuration file. You just need to ensure that you prefix the key value with "Impersonation".

For example, your Postman configuration might look like this:

Alternatively, you could prefix "Impersonation" in an environment variable itself, and leave the default .json as it is

API Key Management


API keys are centrally managed in the Portal via the Integrations menu, accessible under Integrations > API Access.

From this page, a user with System Administrator permissions can create, view, and manage API Tokens.

Managing API Tokens

On the API Access page, the grid provides a comprehensive overview of existing tokens. It includes:

  • Token Name: Name of token, such as where it is used
  • Token Notes: Information about the token, such as any notes on their purpose.
  • API Template User: The user from the User Management system that the token impersonates.
  • Created By: The user who created the token.
  • Created Date: When the token was created.
  • Last Used: The last time the token was used.
  • Enabled/Disable Toggle: Options to temporarily disable or revoke tokens.

Additional actions available for managing tokens include:

  • Rotate Token: Regenerate the token's value, immediately revoking the existing token.
  • Edit Token: Modify the token's name or notes.
  • Delete Token: Revoke access by deleting the token.

There are also options to:

  • Export to CSV: Export the token details to a CSV file.
  • Refresh: Refresh the list to see the latest updates.

Generating a New API Token

Creating a new API Token is straightforward:

  1. Click "Generate API Token": Initiate the token creation process.
  2. Select User to Impersonate: Choose the user whose permissions will be applied to the token.
  3. Name the Token: Provide a meaningful name, indicating where it will be used.
  4. Add Notes: Include any relevant notes for future reference.
  5. Generate the Token: Complete the process to generate the new token.

Important Security Notes

  • Secure Handling: Treat your API token like a password. Once generated, it can't be retrieved. Keep it secure and don't share it with unauthorized individuals.
  • Token Regeneration: If you forget the token or need to enhance security, you can generate a new one. Regenerating this API Token immediately revokes access to the current one. Please ensure you update your connected tools with the new token after generating it.
  • Rate Limiting: API access is rate-limited to 100 requests per minute per account, applying across all users.

By following these best practices, you can ensure secure access management and maintain the integrity of your API interactions within the portal.