Overview

The Contazen API uses Bearer token authentication. All API requests must include a valid API key in the Authorization header.

API Keys

Key Type

Live Keys

Format: sk_live_ + 24 charactersUse for production. All actions affect real data and can’t be undone.

Creating API Keys

1

Access API Settings

Log in to your Contazen account and navigate to Settings → API Keys
2

Create New Key

Click “Create New API Key” and configure:
  • Name: Identify your key (e.g., “Production Server”)
  • Permissions: Select required scopes
  • IP Restrictions: Optionally limit to specific IPs
3

Copy Your Key

Your secret key will only be shown once. Store it securely in your environment variables.

Testing in Documentation

To test API endpoints directly in this documentation:
  1. Navigate to any API endpoint page (e.g., List Clients)
  2. Look for the “Try it” section
  3. In the Authorization field, enter: Bearer sk_live_YOUR_API_KEY
  4. Fill in any required parameters
  5. Click “Send Request” to test with real data

Making Authenticated Requests

Include your API key in the Authorization header: 
Authorization: Bearer YOUR_API_KEY

curl https://api.contazen.ro/v1/clients \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY"

Security Best Practices

Never hardcode API keys in your source code. Use environment variables instead:
// Good
const apiKey = process.env.CONTAZEN_API_KEY;

// Bad
const apiKey = 'sk_live_abc123...'; // Never do this!
Limit API key usage to specific IP addresses:
  • Single IP: 192.168.1.1
  • CIDR range: 192.168.1.0/24
  • Multiple IPs: Add one per line
Create a rotation schedule:
  1. Create new API key
  2. Update your application
  3. Monitor for issues
  4. Revoke old key after confirming

Multi-Work-Point Access

API keys have access to all work points (branches) within the same parent company. This allows you to manage data across multiple locations with a single API key.
To specify a work point for an API request, include the work_point_id parameter: 
curl https://api.contazen.ro/v1/invoices \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY" \
  -d "work_point_id=WORK_POINT_ID"

Authentication Errors

When authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "success": false,
  "error": {
    "message": "Invalid API key",
    "type": "authentication_error",
    "code": "invalid_api_key",
    "status": 401
  },
  "meta": {
    "version": "v1",
    "response_time": "2.3ms"
  }
}

Common Error Codes

CodeDescriptionSolution
missing_api_keyNo Authorization headerInclude the header
invalid_api_keyKey doesn’t existCheck your key
expired_api_keyKey has expiredCreate a new key
ip_restrictedRequest from unauthorized IPUpdate IP whitelist
insufficient_permissionsKey lacks required scopeUpdate key permissions

Testing Authentication

Verify your setup with this simple test: 
# Test authentication
curl -I https://api.contazen.ro/v1/clients \
  -H "Authorization: Bearer YOUR_API_KEY"

# Success: HTTP 200
# Failed: HTTP 401

Troubleshooting

Some servers strip the Authorization header. Add to .htaccess:
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
For browser requests, the API includes CORS headers:
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Authorization, Content-Type

Need Help?

If you’re having authentication issues:
  1. Double-check your API key
  2. Verify you’re using a valid API key
  3. Check rate limits
  4. Review IP restrictions
  5. Contact support with your request ID