Documentation

How to use Open API
Create an API Key

Create an API Key for Open API

This page explains how to create an API Key.

The API Key is necessary when creating an Avatar image, and it must be sent as the value of the Authorization key in the request header when calling the REST API. API Key can be created in the Workspace and ZEPETO Render-it provides various functions related for user convenience.

When using an API Key, charges are incurred according to usage, and are billed the following month. More information about pricing can be found in Pricing.

How to create API Key

  1. Go to the Open API page in your Workspace.
  2. Enter the information below and click Create.
    • Name: It is generally used as a representative name for the service. It’s an essential value so can’t be emptied.
    • Description: The optional value for brief description of the API Key. Can be used as a value to distinguish API Keys with similar names or to know the creator.
    • Security Group: Specify a Security Group that limits where and for whom the API Key can be used. It’s an essential value.

How to use API Key

The API Key is used when calling the REST API to create an Avatar image. It is used as the value of Authorization in HTTP Header and is used as a Bearer authentication method.

An example would be:

Authoriztion: Bearer ZR-XXXXXXXXXX

For more details, check out the guide on Create an Avatar Image with Open API.

Limitations on API Key

When using Open API, the limit is set to TPS. The TPS is counted based on the workspace to which the API Key belongs. If TPS exceeds, 429 is returned as status code when calling the image creation REST API. Even if one API Key reaches the TPS limit, the use of other API Keys will not be affected. The TPS limit cannot be changed, so please contact our support team ([email protected]) if you have any questions or need assistance.

Detailed settings of API Key

The name, description and security group entered when creating the API Key can be changed at any time. You can turn on or off the log function of the API Key. Changes are reflected immediately, so please be careful not to cause any disruption to your service when making changes.

Using API Key safely

When you use API key in your applications, ensure that they are kept secure. Publicly exposing your API key can lead to unexpected charges on your account.

To help keep your API keys secure, follow these best practices:

  • Set Security Group with appropriate security rules to your API Key.
    By adding restrictions, you can limit the ways an API Key can be used, reducing the impact of a compromised API Key.
  • Delete unneeded API key to minimize exposure to attacks.
  • Recreate your API key periodically.
    Periodically create new API key, delete the old keys, and update your applications to use the new API key.

Log and Metric

Log and metric are functions that collect and visualize REST API information used when creating an Avatar image. Log function can be individually activated on each API Key detail page and provides HTTP request and response information of REST API. In metric, you can check statistics such as API call response time, error rate, and usage.

Alarm

You can set to receive an alarm based on API Key usage. Alarms can be received via e-mail or webhook, and alarm triggering rules can be set. For a detailed guide, please check Setting Alarms.

Delete API Key

You can’t delete the key if an alarm is set for the corresponding API Key, so please delete the alarm first. When the API Key is deleted, you can no longer view the alarms, logs, and metrics.