Configuring API Keys

using an api key and endpoint requests, you can integrate zen master's streaming features into your applications zen master administrators can create api keys that control access to specific objects using zen master tags and roles starting with the 18 nov 2025 release, all zen master api keys will have an expiration date existing api keys will expire on 18 nov 2026 all new api keys will be set by default to expire one year after the creation date you can set the expiration to an earlier date when needed on the api keys screen, you will see the following a list of existing api keys a documentation link where you can download the latest zen master openapi file admin users will see an add key button to create new api keys the api keys screen shows a list of api keys available in the system click show next to a key to show the string of characters for that key click copy next to a key to copy the string of characters for that key click delete next to a key to delete that key to generate a new api key in the main navigation, click configuration > api keys the api keys screen is displayed click + add key the create new api key screen appears in the name field, enter a name for the new key using any alphanumeric characters if you wish to set the expiration date to less than one year, change the expiration date check read only to limit the use of the api key to get methods check read only to limit users to get (only) all objects do not check read only if you want to control user permissions by role and tag check account administrator to allow api key users to read and write all objects, including account management objects (users, user groups, roles) do not check account administrator if you want to control user permissions by role and tag account administrator permissions override role permissions check administrator to allow api key users to read and write all objects, except for account management objects (users, user groups, roles) do not check administrator if you want to control user permissions by role and tag administrator permissions override role permissions select a role the role will work the same way as roles in the zen master ui, giving the user to get and/or create/edit sources, channels, targets, etc see adding roles docid 268rk tt vjbiwfuyl71s click save the new api key is added to the list of api keys you can view the new api key by clicking show next to the relevant key control user permissions by role and tag learn how to configure roles and tags to control user permissions for an api key for details, see example api keys with roles and tags docid\ cyc8w6acvnpbbl7z lmtn notes for using roles with api keys setting a role for the api key gives you granular control over which api requests the user will be able to make successfully if the role allows viewing a particular type of object (like sources ), the user will be able to make get requests for that type of object if the role allows editing a particular type of object, then the user will be able to make post , put , patch , and delete requests on objects of that type when the role does not allow viewing objects of a certain type, get requests on that type of object will return a success true message, but with no results { "success" true, "result" \[] } when the role does not allow editing objects of a certain type, requests that attempt to create, update, or delete an object of that type will return a success false message { "success" false, "error" "unauthorized post /api/v2/tags" } additional notes here are some additional notes to keep in mind live events are only available to administrator level users so, permissions on roles will not give access to live events settings for account administrator, administrator, and read only take precedence over roles permissions roles are cumulative so, permissions apply for all roles associated with an object known issues there are a few known issues around roles live events are only available to administrator level users even though you can select role permissions for live events in the zen master ui, they will be ignored when a role permission is set to read for an object, you will not be able to create, update, or delete the object for create and delete, you will receive a forbidden response for update, you will get a 200 response, but no fields will be updated