Keys
The Keys page within Settings provides you with a centralized and secure environment to manage your encryption and API access credentials.
This feature allows users to:
Upload and manage PGP/GPG keys: Upload and store cryptographic keys used for file encryption and decryption.
Access and manage API credentials: Retrieve API keys for both the JavaScript API and REST API, and generate refresh tokens for seamless authentication with ZMP REST APIs.
Each capability is designed with flexibility and security in mind, helping users integrate encryption and authentication features into their workflows with ease.
Navigate to Settings > Integrations > Keys from the menu on the left.
File Encryption
Click on Create New Key and fill in the details within the side panel that opens up on the right.
Field | Description |
|---|---|
Key name | A unique identifier for the key. The platform ensures that each key name is unique. |
Key description | An optional field where you can add a description to help identify the purpose or scope of the key. |
Key type | The encryption standard of the key. Currently supports GPG/PGP formats. |
Key contents | The actual key data (public or private) to be uploaded. |
Private key toggle | A switch to indicate that the uploaded key is a private key. This informs ZMP of the nature of the key. |
Passphrase | When the private key toggle is enabled, the user may optionally upload a passphrase. An information icon is shown next to this input for guidance. |
API/FTP
This section includes keys that enable integration with ZMP APIs & FTP services.
Note: users with the “Manage API Keys” permission for their role can create/edit/delete as well as change scopes and deactivate REST API Keys.
Field | Behavior |
JavaScript API key | Provides access to the Zeta JavaScript used for website integrations |
Default REST API key | Provides access to ZMP REST APIs. The default REST API is fully scoped; users with sufficient permissions can edit or even remove this key entirely |
Zeta FTP | Provides access to the ZMP FTP for your site. The FTP username will be your site ID, which can be found in the “Accounts” tab in settings |
Manage Tokens | Token generation and revocation options, if enabled for your site. You can create a refresh token for ZMP REST API auth. Tokens must be securely stored; they will not be visible in ZMP once created. |
Key Management and Scoping
Users with sufficient access can manage their own REST API Keys. Keys can be scoped, created, activated/deactivated, cloned, and deleted.
Creating and Cloning Keys
You can create a key by clicking the “Create New Key” button, adding a name and optionally any required scopes, then clicking Generate, and a new key will be created. Scopes map to the REST APIs in the API Reference documentation. Full Access provides complete access to all current and future paths. Keys with specific scopes will only be accessible in the corresponding path; all others will be rejected for an invalid scope.
You can also clone an existing key by clicking the ellipses and selecting Clone and confirming when prompted
Note: Zeta recommends cloning keys when rotating. After updating your integrations with the new key, you can deactivate the old key to validate that there are no issues before fully deleting it
Editing and Deleting Keys
You can edit a REST API Key by clicking the ellipses, then Edit, or clicking the Key Name in the row. You can edit the name, description, or scopes for this key and save. To delete a Key, you must first deactivate it. This is done by clicking the ellipses and Deactivate, then confirming. Once a Key is inactive, it will be shown in the list as such and can then be deleted. An inactive key will be rejected, regardless of the scopes assigned.
To permanently delete a key, navigate to an inactive key, click the ellipses, and select Delete to remove the key entirely. Note that you can also clone or reactivate an inactive key.
Integrations
This section allows you to connect Zeta with external platforms and services you already use. These integrations expand Zeta's functionality by enabling automated campaign triggers, mobile app messaging, and push/SMS notifications.
