Introduction to Zefort API

  1. Introduction
  2. Authentication
  3. Versioning


The Zefort API is organized around REST. Our API uses predictable resource-oriented URLs, accepts JSON-encoded as well as form-encoded requests, returns JSON-encoded results, and uses standard HTTP verbs and error codes.

The Zefort API provides a comprehensive set of resources and operations to access all your content. The Zefort user interface is itself built on this API.

You can safely develop your integrations and experiment with the Zefort API on the sandbox server.

This documentation is published as an OpenAPI specification. There is a rich and growing ecosystem of tools available to work with OpenAPI descriptions. In fact, the official API reference manual is generated directly from the OpenAPI specification.

API base URLs

Instance API base URL Description
Sandbox Sandbox for development and testing
EU production Multitenant production, EU
US production Multitenant production, US
Dedicated https://your-instance-url/api/ Enterprise customer dedicated instance

The API for a particular Zefort instance is available under the same domain name as the user interface, under the /api/ prefix.


All API requests must be authenticated with an API key. You can manage your API keys in your account settings; this requires both the “Can manage account settings” and “Can manage users” permissions.

Each API key is tied to a user on your account. We suggest that you create separate users for your programs, instead of reusing user accounts of people who would normally use via the user interface. Using separate API users allows you to more easily control and monitor access for your program.

Obviously, an API key may give wide access to your account, so keep your API keys secure!

Authentication is performed with HTTP Basic Auth. Provide your API key as the username, and do not provide a password or leave it empty.

All API requests must be made over HTTPS.


While we expect the main structure of our API to be quite stable, we occasionally need to make backwards incompatible changes. API versions are distinguished with a dated version number string.

To ensure your code keeps working, we don't change your version until you are ready to upgrade.

When you make your first API request, the default API version in your account settings is automatically set. After this, the API version stays the same until you update it in your account settings. To call a particular API version, pass the version number string in a Zefort-Version header.

We guarantee that all actively used API versions will remain available for at least three years from when they were introduced, as indicated by the API version. If a version you are using is scheduled for deprecation, you will receive advance warnings to the technical contact email addresses configured in your account settings.

Backwards compatibility

The following changes are considered to be backwards compatible and do not cause a new version:

  • Adding new resources and endpoints
  • Adding optional request parameters to existing API methods
  • Adding new properties to existing API responses or webhook payloads
  • Reordering fields in API responses or webhook payloads

Objects IDs are opaque ASCII strings, and we guarantee that they will never be longer than 255 characters.