Manage API Keys

API keys authenticate programmatic access to ZAM. Each key carries a set of scopes that limit what it can do.

Create a key

API
CLI
Dashboard

curl -X POST https://api.zeroclick.quest/v1/api-keys \
  -H "Content-Type: application/json" \
  -H "x-zam-api-key: zam_your_key_here" \
  -d '{
    "name": "production-agent",
    "scopes": ["order:create", "order:read", "listing:read"]
  }'

The response includes plaintextKey. Copy it now. ZAM stores only the hash; the plaintext never appears again.

{
  "id": "KEY_ID",
  "name": "production-agent",
  "keyPrefix": "zam_a1b2c3d4",
  "plaintextKey": "zam_a1b2c3d4e5f6...",
  "scopes": ["order:create", "order:read", "listing:read"]
}

zam api-keys create

The CLI prompts for a name and lets you select scopes from a checklist. It prints the full key once.

Key format

All keys start with zam_ followed by 40 hex characters. The prefix zam_a1b2c3d4 (first 8 characters after zam_) appears in listings and logs so you can identify keys without exposing the full value.

Scopes

Grant the minimum scopes each key needs:

Use case	Scopes
Agent that only activates listings	`order:create`, `order:read`
Agent that also browses own listings	Add `listing:read`
Service that publishes listings	`listing:create`, `listing:read`, `listing:update`
Admin key	All scopes

Revoke a key

API
CLI
Dashboard

curl -X DELETE https://api.zeroclick.quest/v1/api-keys/KEY_ID \
  -H "x-zam-api-key: zam_your_key_here"

zam api-keys delete KEY_ID

Revoked keys stop working immediately.

Environment variables

Both the CLI and API client accept the ZAM_API_KEY environment variable, which takes precedence over any stored configuration:

export ZAM_API_KEY=zam_your_key_here

Getting Started

Using ZAM

Tools

Create a key

Key format

Scopes

Revoke a key

Environment variables

Getting Started

Using ZAM

Tools

​Create a key

​Key format

​Scopes

​Revoke a key

​Environment variables

Create a key

Key format

Scopes

Revoke a key

Environment variables