Start Here
Authentication
ZennoHosting API requests are authorized with a bearer token sent in the Authorization header. The practical bootstrap flow starts outside this API surface: first issue or obtain a token in the ZennoHosting account experience, then pass that token on every API request.
Current contract
- Obtain an access token before calling any project, VM, network, backup, or public IP endpoint.
Every request should include the
Authorizationheader.The header value must follow the format
Bearer <token>.Keep the token out of source control and inject it into your client or runtime environment.
Where /tokens fits
The generated API surface includes /v1/tokens, but that endpoint should be treated as token management
inside an already reachable API context, not as the initial bootstrap login flow for a new integration. If you are
starting from zero access, obtain the first working token in the ZennoHosting account first.
First authenticated request
After token issuance, validate the integration with a non-destructive request. Listing projects is the clearest smoke test because it confirms the base URL, bearer header, and token value in one call without changing state.
curl --request GET \
--url 'https://api.zennohosting.com/projects' \
--header 'Authorization: Bearer <token>' \
--header 'Accept: application/json'Operational notes
- Plan for token expiration, renewal, or replacement in the client integration flow.
- Reuse one base URL per environment and centralize header construction in your API client.
- Use scoped tokens where appropriate if your automation does not need full administrative access.
- Document who or what system owns token rotation in long-running automation pipelines.
Common issues
A missing Bearer prefix, an expired token, or a malformed Authorization header can look
identical to a wrong base URL during first integration. Validate header shape and token freshness before debugging
payloads.