Skip to main content
API keys authenticate programmatic access to ZAM. Each key carries a set of scopes that limit what it can do.

Your first key

When you create a wallet (zam wallet create), you receive an API key with all scopes. This is your admin key. For production use, create additional keys with narrower scopes.

Create a key

zam api-keys create
The CLI prompts for a name and lets you select scopes from a checklist. It prints the full key once.

Key format

All keys start with zam_ followed by 40 hex characters. The prefix zam_a1b2c3d4 (first 8 characters after zam_) appears in listings and logs so you can identify keys without exposing the full value.

Scopes

Grant the minimum scopes each key needs:
Use caseScopes
Agent that only activates listingsorder:create, order:read
Agent that also browses own listingsAdd provider:read
Service that publishes listingsprovider:create, provider:read, provider:update
Admin keyAll scopes

Revoke a key

zam api-keys delete KEY_ID
Revoked keys stop working immediately.

Environment variables

Both the CLI and API client accept the ZAM_API_KEY environment variable, which takes precedence over any stored configuration: 
export ZAM_API_KEY=zam_your_key_here