API
API Authentication
SK server requests and integrated application OAuth/Clerk examples for ZAST.AI APIs.
Use this page to choose the right authentication pattern for your ZAST.AI integration.
- Use an SK when your backend service calls ZAST.AI APIs directly.
- Use the integrated application flow when your product needs delegated user authorization through Clerk/OAuth.
Guide
ZAST.AI API guide
Workflow context for task creation, diagnostics, reports, and results lookup.
Read guideReference
ZAST.AI API reference
Inspect the exact schemas for endpoints you call with an SK or OAuth bearer token.
Open referenceGet An SK
Create and copy an SK from the app service's System -> SK Key Management page.
Store SK values only in trusted backend or server-side environments. Do not embed an SK in browser code, mobile apps, public repositories, client logs, or customer-visible configuration.
SK Request Example
Use the SK as a bearer token when your backend calls ZAST.AI APIs.
curl --request GET \
--url 'https://zast.ai/oxpecker/api/v1/tasks/task_123' \
--header 'Authorization: Bearer sk-xx'
Integrated Application Example
Use the integrated application flow when your product needs delegated user authorization against the ZAST.AI identity layer or when your frontend must bootstrap Clerk before calling protected APIs.
Preparation
- Contact
support@zast.aito provision your application and register the expectedredirect_uri. - Confirm your client receives the required
client_idandclient_secretbefore wiring the authorization flow.
OAuth Endpoints
- Authorization URL:
https://clerk.zast.ai/oauth/authorize - Token URL:
https://clerk.zast.ai/oauth/token - User Info URL:
https://clerk.zast.ai/oauth/userinfo
Authorization Code Flow
- Redirect the user to the authorization URL with
response_type=code,client_id,redirect_uri,scope, andstate. - Receive the authorization code on your callback URL.
- Exchange the code for tokens by posting
application/x-www-form-urlencodeddata to the token endpoint. - Refresh access when needed through the same token endpoint with
grant_type=refresh_token. - Send the resulting bearer token to the APIs that require authenticated user context.
Frontend Bootstrap Endpoint
- Endpoint:
GET /biz/api/v1/auth/clerk/publishable-key - Purpose: return the Clerk publishable key used to initialize the frontend SDK.
- Typical sequence:
- Fetch the publishable key from the Business API.
- Initialize Clerk in the frontend.
- Continue the authorization flow or authenticated API calls with the resulting session context.
Example Request
curl -X GET 'https://zast.ai/biz/api/v1/auth/clerk/publishable-key'
Example Response
{
"publishableKey": "pk_live_xxx"
}