Authenticating with the API

The ZAPI requires authentication credentials to be provided with every HTTP request. Applications can authenticate with the API using basic HTTP authentication over SSL. To obtain the required credentials, please visit the 'settings' page in the ZAP APP under 'API Consumers'.

To authenticate, use basic HTTP authorization, where the API key of the application is the API Key and the API password is the API password in the UI. Some HTTP clients allow for basic authentication by including the key:password in the URL hostname. For example:

POST 45634643FGDFGFDG:hfcdethuzzjhg54@''

If your HTTP client does not support basic authentication using this method, you can provide the credentials in the Authorization header field. To do so, join the API key and API password with a single colon (:). Then, encode the resulting string in base64 representation and prepend the base64-encoded string with "Basic" and a space. The resulting string should be included in the Authorization header field, as shown below:

Authorization: Basic NDQ3OGViN2FjMTM4YTEzNjg1MmJhYmQ4NjE5NTZ...=

It's important to keep the authentication credentials secure and not share them with unauthorized users. Make sure to store the credentials securely and not hardcode them in your application code or config files.

Last updated