Security

Account & Security

Protect your account with API key management, two-factor authentication, IP whitelisting, and enterprise-grade security controls.

Security Checklist

✓

Enable two-factor authentication (2FA)

✓

Use labeled API keys with scoped permissions

✓

Set API key expiration (≤ 90 days)

✓

Configure IP whitelist for production

✓

Rotate API keys quarterly

✓

Never commit API keys to source control

✓

Set up bandwidth and login alerts

✓

Review access logs monthly

API Key Management

Your API key provides full access to your account’s API endpoints. Regenerate it from the Dashboard if you suspect it has been compromised.

Regenerate API Key

# Your API key is available in Dashboard → Settings
# Format: zlk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Regenerate your API key (invalidates the old one)
curl -X POST https://api.zentislabs.com/api/v1/user/regenerate-api-key \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

# Response
{
  "success": true,
  "apiKey": "zlk_live_new_key_here"
}

Check Account Info

# Check your current account info
curl https://api.zentislabs.com/api/v1/account \
  -H "X-API-Key: YOUR_API_KEY"

Two-Factor Authentication

Add an extra layer of security to your account with TOTP-based two-factor authentication.

Enable 2FA

Go to Dashboard → Settings → Security → Enable Two-Factor Authentication.

Scan QR Code

Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password).

Save Recovery Codes

Download and securely store your 8 recovery codes. Each can be used once if you lose your device.

Verify

Enter the 6-digit code from your authenticator app to complete setup.

IP Whitelisting

Restrict API access to specific IP addresses or CIDR ranges. When enabled, requests from non-whitelisted IPs are immediately rejected with 403 Forbidden.

IP Whitelisting

# IP whitelisting is configured via the Dashboard.
# Go to Dashboard → Settings → Security → IP Whitelist
# Add your server IPs or CIDR ranges to restrict API access.
#
# When enabled, requests from non-whitelisted IPs
# will receive 403 Forbidden.

Tip:Make sure to whitelist your current IP before enabling this feature, or you'll lock yourself out.

Audit Log

Track all security-relevant events in your account.

API key regeneration

Password changes

2FA enable/disable

Profile updates

Billing changes

Proxy generation activity

Bandwidth usage events

Authentication

API key and user:pass authentication.

Webhooks

Set up event notifications with HMAC verification.

Security

Account & Security

Protect your account with API key management, two-factor authentication, IP whitelisting, and enterprise-grade security controls.

Security Checklist

✓

Enable two-factor authentication (2FA)

✓

Use labeled API keys with scoped permissions

✓

Set API key expiration (≤ 90 days)

✓

Configure IP whitelist for production

✓

Rotate API keys quarterly

✓

Never commit API keys to source control

✓

Set up bandwidth and login alerts

✓

Review access logs monthly

API Key Management

Your API key provides full access to your account’s API endpoints. Regenerate it from the Dashboard if you suspect it has been compromised.

Regenerate API Key

# Your API key is available in Dashboard → Settings
# Format: zlk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Regenerate your API key (invalidates the old one)
curl -X POST https://api.zentislabs.com/api/v1/user/regenerate-api-key \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

# Response
{
  "success": true,
  "apiKey": "zlk_live_new_key_here"
}

Check Account Info

# Check your current account info
curl https://api.zentislabs.com/api/v1/account \
  -H "X-API-Key: YOUR_API_KEY"

Two-Factor Authentication

Add an extra layer of security to your account with TOTP-based two-factor authentication.

Enable 2FA

Go to Dashboard → Settings → Security → Enable Two-Factor Authentication.

Scan QR Code

Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password).

Save Recovery Codes

Download and securely store your 8 recovery codes. Each can be used once if you lose your device.

Verify

Enter the 6-digit code from your authenticator app to complete setup.

IP Whitelisting

Restrict API access to specific IP addresses or CIDR ranges. When enabled, requests from non-whitelisted IPs are immediately rejected with 403 Forbidden.

IP Whitelisting

# IP whitelisting is configured via the Dashboard.
# Go to Dashboard → Settings → Security → IP Whitelist
# Add your server IPs or CIDR ranges to restrict API access.
#
# When enabled, requests from non-whitelisted IPs
# will receive 403 Forbidden.

Tip:Make sure to whitelist your current IP before enabling this feature, or you'll lock yourself out.

Audit Log

Track all security-relevant events in your account.

API key regeneration

Password changes

2FA enable/disable

Profile updates

Billing changes

Proxy generation activity

Bandwidth usage events

Authentication

API key and user:pass authentication.

Webhooks

Set up event notifications with HMAC verification.