The Zefort API is organized around REST. Our API uses predictable resource-oriented URLs, accepts JSON-encoded as well as form-encoded requests, returns JSON-encoded results, and uses standard HTTP verbs and error codes.
The Zefort API provides a comprehensive set of resources and operations to access all your content. The Zefort user interface is itself built on this API.
You can safely develop your integrations and experiment with the Zefort API on the sandbox server.
This documentation is published as an OpenAPI specification. There is a rich and growing ecosystem of tools available to work with OpenAPI descriptions. In fact, the official API reference manual is generated directly from the OpenAPI specification.
| Instance | API base URL | Description |
|---|---|---|
| Sandbox | https://sandbox.zefort.com/api/ | Sandbox for development and testing |
| EU production | https://my.zefort.com/api/ | Multitenant production, EU |
| US production | https://us.zefort.com/api/ | Multitenant production, US |
| Dedicated | https://your-instance-url/api/ | Enterprise customer dedicated instance |
The API for a particular Zefort instance is
available under the same domain name as the user interface, under the
/api/ prefix.
All API requests must be authenticated with an API key. You can manage your API keys in your account settings; this requires both the “Can manage account settings” and “Can manage users” permissions.
Each API key is tied to a user on your account. We suggest that you create separate users for your programs, instead of reusing user accounts of people who would normally use via the user interface. Using separate API users allows you to more easily control and monitor access for your program.
Obviously, an API key may give wide access to your account, so keep your API keys secure!
Authentication is performed with HTTP Basic Auth. Provide your API key as the username, and do not provide a password or leave it empty.
All API requests must be made over HTTPS.
While we expect the main structure of our API to be quite stable, we occasionally need to make backwards incompatible changes. API versions are distinguished with a dated version number string.
To ensure your code keeps working, we don't change your version until you are ready to upgrade.
When you make your first API request, the default API version in your
account settings is automatically set. After this, the API version
stays the same until you update it in your account settings. To call
a particular API version, pass the version number string in a
Zefort-Version header.
We guarantee that all actively used API versions will remain available for at least three years from when they were introduced, as indicated by the API version. If a version you are using is scheduled for deprecation, you will receive advance warnings to the technical contact email addresses configured in your account settings.
The following changes are considered to be backwards compatible and do not cause a new version:
Objects IDs are opaque ASCII strings, and we guarantee that they will never be longer than 255 characters.