ZPLJetdocs

Authentication

Every request is authenticated with an API key.

Pass your key in the X-API-Key header on every request:

X-API-Key: zpl_your_key

Managing keys

Create, name, and revoke keys in the dashboard. The full key is shown only at creation — store it securely. Revoking a key takes effect immediately.

Keep keys secret

Treat keys like passwords. Use them only server-side, never in client-side code or public repositories. If a key leaks, revoke it and create a new one.

Rate limits

Each key has a rate limit. Exceeding it returns 429 with a Retry-After header telling you how many seconds to wait. See Errors & Limits.