# API Authentication

## Overview

The Zimark REST API uses an API key authentication via the `X-AUTH-KEY` header.

To access the Zimark API, you must first create and securely store an API key. This guide explains how to generate a key, configure restrictions.

## Prerequisites

- ✅ Access to the Zimark Backoffice.
- ✅ Appropriate permissions to manage API keys within your organization.


## Create an API Key

1. Navigate to **Administration** → **API Keys**
2. Click **Add key**
3. Configure the key:
  - Enter a descriptive name and purpose
  - (Optional) Add IP restrictions
Note: After creation, only IP restrictions can be modified.
![API key form](/assets/api-key-form.eb162c4c41998cf42a2215a2fd3d38bc16b32f28d2f78946794c2caff4958ea3.706a0334.png)
![API key form with IP restrictions](/assets/api-key-form-with-ip-restrictions.5b8e3621b64048f5a60eda260357e40daabc73ace143c17ed1324f00c72f6afb.706a0334.png)
4. Click **Create**
5. Copy the key - it will not be shown again
![API key modal](/assets/api-key-modal.cd5c1fb57c17092808b4173df4831d5330b5cb7e98d3628e23b6e772b4950eec.706a0334.png)


**Security**: Store the key securely. After creation, only IP restrictions can be modified.

Include the API key in every request:

- **Header name**: `X-AUTH-KEY`
- **Value format**: `ZIM.***************`