Documentation

How to use Enterprise
Create a Token

Create a Token

This page explains how to create a Token.

The Token is necessary when creating an Avatar image, and it must be sent as the value of the Authorization key in the request header when calling the REST API. Token can be created in the Branch and ZEPETO Render-it provides various functions related for user convenience. When using a Token, charges are incurred according to usage, and are billed the following month. More information on pricing can be found in Pricing.

How to create Token

  1. Go to the Enterprise page.
  2. Click Branch where you want to create.
  3. Click Create.
  4. Enter the information below and click Create.
    • Name: It is generally used as a representative name for the service. It’s an essential value so can’t be emptied.
    • Description: The optional value for brief description of the Token. Can be used as a value to distinguish Tokens with similar names or to know the creator.
    • Log: By activating the Log function, you can collect and check REST API information called when creating an Avatar Image. Fees will be charged once activated, so please be careful about charges.
    • Security Group: Specify a Security Group that limits where and with whom the Token can be used. It’s an essential value.

How to use Token

The Token is used when calling the REST API to create an Avatar image. It is used as the value of Authorization in HTTP Header and is used as a Bearer authentication method.

An example would be:

Authoriztion: Bearer ZB-XXXXXXXXXX

For more details, check out the guide on Create an Avatar Image with Open API.

Limitations on Token

When using Open API with Token, the limit is set based on TPS. The TPS is counted based on the workspace to which the Token belongs. If TPS exceeds, 429 is returned as status code when calling the image creation REST API. Even if one Token reaches the TPS limit, the use of other Tokens will not be affected. The TPS limit cannot be changed, so please contact our support team ([email protected]) if you have any questions or need assistance.

Detailed settings of Token

The name, description and security group entered when creating the Token can be changed at any time. You can turn on or off the log function of the Token. Changes are reflected immediately, so please be careful not to cause any disruption to your service when making changes.

Using Token safely

When you use Token in your applications, ensure that they are kept secure. Publicly exposing your Token can lead to unexpected charges on your account.

To help keep your Tokens secure, follow these best practices:

  • Set Security Group with appropriate security rules to your Token.
    By adding restrictions, you can limit the ways a Token can be used, reducing the impact of a compromised Token.
  • Delete unneeded Token to minimize exposure to attacks.
  • Recreate your Token periodically.
    Periodically create new Token, delete the old keys, and update your applications to use the new Token.

Log and Monitor

Log and Monitor are functions that collect and visualize REST API information used when creating an Avatar image. Log function can be individually activated on each Token and provides HTTP request and response information of REST API. In Monitor, you can check statistics such as API call latency, status, and usage.

Delete Token

You can’t delete the key if an ZEPETO ID is connected for the corresponding Token, so please disconnect the ZEPETO ID first. When the Token is deleted, you can no longer view the logs, and monitor.

Create a BranchConnect ZEPETO account through API