Skip to main content

Overview

All API requests require authentication via an API key. Every request must include your key in a header.

Creating an API key

  1. Log in to znift.com
  2. Navigate to Profile > API Keys
  3. Click Create API Key
  4. Enter a descriptive name (e.g., “Claude Agent”, “CLI Tool”)
  5. Copy the key immediately
The full API key is only shown once during creation. If you lose it, revoke the key and create a new one.

Using the API key

Include your key in one of these headers:

Key format

All Znift API keys are prefixed with znift_. This makes them easy to identify in logs, environment variables, and secret scanners. 
znift_abc123def456...

Rate limits

The API enforces a rate limit of 300 requests per minute per API key. Rate limiting is tracked per key, not per user. When you exceed the limit, requests are rejected until the window resets. Plan your agent workflows accordingly — a typical daily briefing flow (dashboard + a few toggles) uses under 10 requests.

Error responses

All errors follow the same format: 
{
  "error": {
    "code": "ERROR_CODE",
    "message": "Human-readable description"
  }
}

Error codes

StatusCodeWhen
401MISSING_API_KEYNo API key header provided
401INVALID_API_KEYKey is invalid, expired, or revoked
400VALIDATION_ERRORRequest body or query params failed validation
404NOT_FOUNDTask or resource doesn’t exist, or you don’t own it
400INVALID_OPERATIONInvalid action (e.g., deleting a non-archived task)
500INTERNAL_ERRORUnexpected server error

Security best practices

API keys should only be used in server-side code, CLI tools, or AI agent configurations. Never embed them in frontend JavaScript, mobile apps, or public repositories.
Store your API key in an environment variable rather than hardcoding it:
export ZNIFT_API_KEY="znift_YOUR_KEY"

curl -H "x-api-key: $ZNIFT_API_KEY" ...
Create a dedicated API key for each tool or agent. This way you can revoke access to one integration without affecting others.
If a key is accidentally exposed, immediately revoke it in Profile > API Keys and create a new one.

Troubleshooting

Check that you’re sending the key in the right header. The API checks x-api-key first, then Authorization: Bearer. Make sure there are no extra spaces or newlines in the key value.
This usually means the request body or query parameters are invalid, not the API key. Check that dates are in strict YYYY-MM-DD format (e.g., 2026-04-04, not 2026-4-4) and required fields like text are present.
The key may have been revoked by another team member, or it may have expired if an expiration was set during creation. Create a new key in Profile > API Keys.