Account security token

Account Security Token
Enabling the feature
How it works
Behavior when token is missing
Benefits of token validation

Account Security Token

This Z-API security method uses token validation, providing an additional layer of protection for your instances, ensuring that only authorized requests have access to your resources.

Enabling the feature

To enable the token validation feature, follow these simple steps:

Access the Z-API panel with your credentials.

Navigate to the Security tab

Locate the “Account Security Token” module.

Click Set Up Now

This will generate a token, which will initially be disabled to avoid interruptions in your application’s operation.

How it works

The token security method works as follows:

After the token is generated, it must be included in the header of all your HTTP requests.
The token must be passed as follows:
- Attribute: Client-Token
- Value: [token]
After configuring your environment to send the token in requests, you can click “Activate Token”.
From this point on, all instances in your application will only accept requests that contain the token in the header.

Behavior when token is missing

If a request is made without the configured token, the API will respond with an error, as shown below:

{
  "error": "null not allowed"
}

Benefits of token validation

Enhanced Protection

Token validation ensures that only authorized requests access your instances, adding an extra barrier against unauthorized access.

Full Control

You decide when to activate the token, allowing you to configure your entire environment before enabling validation, avoiding interruptions.

Two-factor authentication Blocks and Bans

Quick Start

Security

Tips

Account security token