Quick Start Guide

Get up and running with the ZenFlip API in under five minutes. Create your first API key, authenticate, and list your publications.

On this page

Base URL
Step 1 --- Get Your API Key
Step 2 --- Authenticate
Option A: API Key (Server-to-Server)
Option B: JWT Token (User Sessions)
Step 3 --- Make Your First API Call
Response Format
Error Responses
Rate Limits
Next Steps

Quick Start Guide

This guide walks you through obtaining credentials, authenticating against the ZenFlip API, and making your first successful request. By the end, you will have listed all publications in your organization.

Base URL

All API requests are made to the versioned base URL:

Every endpoint documented in this guide is relative to that base URL. For example, the login endpoint resolves to https://api.zenflip.io/v1/auth/login.

Step 1 --- Get Your API Key

ZenFlip supports two authentication methods: JWT tokens (for user-facing applications) and API keys (for server-to-server integrations).

To create an API key:

Sign in to the ZenFlip dashboard at https://app.zenflip.io.
Navigate to Settings > API Keys.
Click Generate New Key, give it a descriptive label (e.g., "Production Backend"), and copy the key immediately. It will not be shown again.

API keys are scoped to your organization. Requests made with an API key inherit the permissions of the organization owner.

Step 2 --- Authenticate

Option A: API Key (Server-to-Server)

Pass your API key in the Authorization header with the Bearer prefix:

Option B: JWT Token (User Sessions)

Obtain a short-lived JWT access token by calling the login endpoint:

A successful response returns an access token and a refresh token:

Use the accessToken in subsequent requests:

Step 3 --- Make Your First API Call

List all publications in your organization with a simple GET request:

The response follows the standard paginated format:

Response Format

All successful responses wrap data in a data key. Paginated endpoints include a meta object with pagination details.

Error Responses

When a request fails, the API returns a consistent error structure:

Status Code	Meaning
`400`	Bad Request --- invalid input
`401`	Unauthorized --- missing or bad token
`403`	Forbidden --- insufficient permissions
`404`	Not Found --- resource does not exist
`429`	Too Many Requests --- rate limit hit
`500`	Internal Server Error

Rate Limits

The API enforces per-minute rate limits based on your plan:

Plan	Rate Limit
Explorer	100 req/min
Creator	100 req/min
Business	100 req/min
Enterprise	1,000 req/min

When you exceed the limit, the API returns a 429 status with a Retry-After header indicating how many seconds to wait.

Next Steps

Authentication --- Deep dive into JWT tokens, refresh flows, and Google OAuth.
Publications API --- Create, update, and manage your flipbooks.
Embed Widget --- Add interactive flipbooks to any website.

Authentication