Skip to main content
ezyshield uses bearer API keys. Every API request must include an API key in the Authorization header:
Authorization: Bearer <your_api_key>
API keys are organization-scoped. The key identifies the organization and the abilities available to the request.

Create a key

Create your first key in the Dashboard: app.ezyshield.com.au. After you have a key, you can manage additional keys through the API:

Abilities

Keys should have only the abilities your integration needs. Abilities are granted when the key is created; updating an API key only changes its name. If an integration needs a different ability set, create a new key and rotate to it. Available abilities include:
AbilityUse
api_key:readRetrieve API keys.
api_key:writeCreate, rename, or delete API keys.
verification:readRetrieve verifications.
verification:writeCreate or cancel verifications.
check:readRetrieve checks.
check:writeRun checks against verifications.
webhook_subscription:readRetrieve webhook subscriptions.
webhook_subscription:writeCreate, update, enable, or delete webhook subscriptions through the API.
aba_check:readRetrieve ABA checks or download regenerated files.
aba_check:writeUpload ABA files.

First authentication test

Call Get the current organization after creating a key. It confirms the token is valid and attached to the organization you expect.