Skip to main content

API Quickstart

Status: PUBLIC_CONTRACT_DRAFT. This guide demonstrates read and write operations that are WIRED_SANDBOX unless otherwise noted. Write examples are not production-live availability claims.

Choose a control surface

Before making API calls, decide which surface fits your workflow:

SurfaceBest forAuthReadWrite
Customer API / runtime APIsProgrammatic integration, CI/CDAPI keyYesPermissioned
MCPAI agents, operatorsMCP keyYes (default-on)Disabled by default
DashboardInteractive managementSessionYesYes (UI)
CLIScripting, automationAPI key or sessionYesYes

This quickstart uses the Customer API / runtime APIs surface.

1. Get an API key

Generate an API key from the dashboard: Settings → API Keys.

export ZEN_API_KEY="<api_key>"
export ZEN_TENANT_ID="<tenant_id>"
export ZEN_API_BASE="https://api.zen-mesh.io/v1"

See Authentication for details on API key formats and scopes.

2. Verify connectivity

curl -sS -H "Authorization: Bearer $ZEN_API_KEY" \
"$ZEN_API_BASE/health"

Expected response:

{ "status": "ok" }

A. Read path (safe operations)

These operations inspect resources and require only read scopes.

List targets

curl -sS -H "Authorization: Bearer $ZEN_API_KEY" \
"$ZEN_API_BASE/tenants/$ZEN_TENANT_ID/destinations"

Expected response:

{
"destinations": [
{ "id": "dest_abc123", "name": "prod-app-server", "url": "https://app.example.com/webhooks", "status": "active" }
]
}

See Targets API for full reference.

List flows

curl -sS -H "Authorization: Bearer $ZEN_API_KEY" \
"$ZEN_API_BASE/tenants/$ZEN_TENANT_ID/delivery-flows"

Expected response:

{
"delivery_flows": [
{ "id": "flow_abc123", "name": "stripe-to-app", "source_id": "ing_abc123", "destination_id": "dest_abc123", "status": "active" }
]
}

See Flows API for full reference.

Inspect delivery attempts

curl -sS -H "Authorization: Bearer $ZEN_API_KEY" \
"$ZEN_API_BASE/tenants/$ZEN_TENANT_ID/deliveries?limit=5"

See Delivery Attempts API for filtering options.

Check DLQ

curl -sS -H "Authorization: Bearer $ZEN_API_KEY" \
"$ZEN_API_BASE/tenants/$ZEN_TENANT_ID/deliveries?status=failed&limit=5"

See DLQ API for retry relationship.

Read evidence

curl -sS -H "Authorization: Bearer $ZEN_API_KEY" \
"$ZEN_API_BASE/tenants/$ZEN_TENANT_ID/evidence/<delivery_id>"

See Evidence API for integrity proof verification.

B. Write-capable path (requires permissions)

Write operations require appropriate scopes. See Authentication for scope requirements and Write Safety Model for the safety model.

Create a target

Status: WIRED_SANDBOX. Create target is validated in sandbox/local runtime.

curl -X POST \
-H "Authorization: Bearer $ZEN_API_KEY" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: $(uuidgen)" \
-d '{"name": "my-target", "url": "https://example.com/webhooks"}' \
"$ZEN_API_BASE/tenants/$ZEN_TENANT_ID/destinations"

Expected response:

{
"id": "dest_abc123",
"name": "my-target",
"url": "https://example.com/webhooks",
"status": "active",
"created_at": "2026-07-03T12:00:00Z"
}

Create a saved payload template

Status: WIRED_SANDBOX. Test/template payloads only — not production retained payloads.

curl -X POST \
-H "Authorization: Bearer $ZEN_API_KEY" \
-H "Content-Type: application/json" \
-H "Idempotency-Key: $(uuidgen)" \
-d '{"name": "test-payload", "payload": {"event": "test", "data": {"key": "value"}}}' \
"$ZEN_API_BASE/tenants/$ZEN_TENANT_ID/saved-payloads"

See Saved Payloads API for details.

Retry a failed delivery

Status: WIRED_SANDBOX. Retry requires event-level authorization and is idempotent.

curl -X POST \
-H "Authorization: Bearer $ZEN_API_KEY" \
-H "Idempotency-Key: $(uuidgen)" \
"$ZEN_API_BASE/tenants/$ZEN_TENANT_ID/events/<event_id>/retry"

See Retry API for single and batch retry.

Next steps

ResourcePurpose
API OverviewComplete API taxonomy and maturity legend
API Status MatrixPer-group maturity, auth, read/write status
AuthenticationAPI keys, scopes, MCP auth
Write Safety ModelAuthorization, idempotency, audit
Errors and Problem DetailsError format and handling
OpenAPI Spec IndexSpec files and validation