Introduction
Base URL, authentication, response shape, and scope of the public REST API.
The Zerokit API is HTTP + JSON. Every endpoint accepts and returns
application/json; there's no GraphQL, gRPC, or batching surface
to learn.
Beta scope. The public REST surface covers sending email today. Domain verification, templates, API keys, and webhook subscription management are dashboard-only — see your workspace settings. REST coverage for those will land once the patterns stabilise.
Base URL
https://api.zerokit.coAll paths in this reference are relative to that base.
Authentication
Bearer-token auth on every request:
Authorization: Bearer zk_live_2bV4dXyZ8AfQpkw7Lp4mGr8wD3kCnXfRsT6vBpA9LxKeys are issued via the dashboard — see
Authentication for key format, scopes, and
rotation. A missing or invalid token returns 401.
Response shape
Successful responses return the resource directly:
{
"id": "email_2bV4dXyZ8AfQpkw7Lp",
"status": "queued"
}Errors carry a single error string today (Beta — a richer
{ code, message } shape is coming alongside expanded coverage):
{
"error": "The from domain is not verified for this organization."
}See Errors for status code semantics across endpoints.
Rate limits
Workspace plan defines the daily + monthly send caps (see your
billing tab). Hitting either cap returns 429 with the
limit + plan name surfaced in the body so your client knows which
threshold was crossed.
Polling? Subscribe to a webhook instead — you'll
get push notifications on delivery events (delivered, bounced,
complained, opened, clicked) without burning read-rate.
Conventions
- IDs are prefixed by resource type:
email_*for emails,dom_*for domains,tpl_*for templates,wh_*for webhook subscriptions,wd_*for webhook deliveries,evt_*for events. - Timestamps are ISO 8601 with millisecond precision, always UTC.
- Enums are
snake_case(delivered,delivery_delayed). - Boolean field names are predicates (
isActive, notactive).