Skip to main content

Overview

The Contazen API uses Bearer token authentication. All API requests must include a valid API key in the Authorization header.

API Keys

Key Type

Live Keys

Format: sk_live_ + 24 charactersUse for production. All actions affect real data and can’t be undone.

Creating API Keys

1

Access API Settings

Log in to your Contazen account and navigate to Settings → API Keys
2

Create New Key

Click “Create New API Key” and configure:
  • Name: Identify your key (e.g., “Production Server”)
  • Permissions: Select required scopes
  • IP Restrictions: Optionally limit to specific IPs
3

Copy Your Key

Your secret key will only be shown once. Store it securely in your environment variables.

Testing in Documentation

To test API endpoints directly in this documentation:
  1. Navigate to any API endpoint page (e.g., List Clients)
  2. Look for the “Try it” section
  3. In the Authorization field, enter: Bearer sk_live_YOUR_API_KEY
  4. Fill in any required parameters
  5. Click “Send Request” to test with real data

Making Authenticated Requests

Include your API key in the Authorization header:

Security Best Practices

Never hardcode API keys in your source code. Use environment variables instead:
Limit API key usage to specific IP addresses:
  • Single IP: 192.168.1.1
  • CIDR range: 192.168.1.0/24
  • Multiple IPs: Add one per line
Create a rotation schedule:
  1. Create new API key
  2. Update your application
  3. Monitor for issues
  4. Revoke old key after confirming

Multi-Work-Point Access

API keys have access to all work points (branches) within the same parent company. This allows you to manage data across multiple locations with a single API key.
To specify a work point for an API request, include the work_point_id parameter:

Authentication Errors

When authentication fails, you’ll receive a 401 Unauthorized response:

Common Error Codes

Testing Authentication

Verify your setup with this simple test:

Troubleshooting

Some servers strip the Authorization header. Add to .htaccess:
For browser requests, the API includes CORS headers:

Need Help?

If you’re having authentication issues:
  1. Double-check your API key
  2. Verify you’re using a valid API key
  3. Check rate limits
  4. Review IP restrictions
  5. Contact support with your request ID