ZAZettAgent
Sign inLaunch Console

Auth & Keys

ZettAgent supports password + magic-link logins and scoped API keys stored in D1 with hashed values. Operators can self-serve via the /register onboarding flow and manage keys from the /console dashboard.

Console Overview

  1. Create an account at /register (org name + email + password).
  2. Log in via /login or a magic link; sessions live in KV for 7 days.
  3. /console lets you mint scoped API keys, revoke existing tokens, review rolling usage, and download fresh secrets once.

User Registration

POST /api/register

{
  "email": "ops@acme.ai",
  "password": "Sup3rSecure!",
  "orgName": "Acme Robotics"
}

Magic Links

  1. Request a link: POST /api/login/magic
  2. Consume token: POST /api/login/magic/verify

Tokens live for 15 minutes inside KV and are removed once consumed.

API Keys

POST /api/keys

{
  "name": "prod-agents",
  "scopes": ["chat", "embeddings", "agents"]
}

The response returns a single-use key that your app should store securely. The platform persists the SHA-256 hash and a short prefix for lookups. Rotate or revoke keys via:

  • GET /api/keys
  • DELETE /api/keys/:id

Scopes

  • chat – access /v1/chat/completions
  • embeddings – access /v1/embeddings
  • files – R2 uploads & downloads
  • agents – A2A orchestration endpoints

Session Introspection

  • GET /api/session – returns the active session id, expiry, and owning workspace for authenticated requests.
  • DELETE /api/session – tears down the KV record and clears the cookie (used by the console logout button).

Usage Telemetry

Call GET /api/usage to return the last 30 days of aggregate usage grouped by endpoint. The console dashboard renders the same payload for the usage cards and ledger.