ZeyOS OAuth 2.0 API
Authentication and session management for all ZeyOS cloud services. Obtain bearer tokens for the REST API and manage user sessions programmatically.
Base URL
OpenAPI Specification
Get Started
Get a TokenExchange credentials for a bearer token to authenticate REST API requests.POST /token Browse EndpointsExplore all available auth endpoints — token, introspect, revoke, and more.View endpoints OpenAPI SpecificationDownload the machine-readable OAuth2 spec for Postman, Insomnia, or an AI agent.Download oauth2.json
Authentication Methods
Three ways to authenticate with ZeyOS — choose the one that fits your use case.
HTTP Basic AuthUse your username and password at POST /token to obtain a bearer token. Only needed once to bootstrap the session.
HTTP Bearer TokenInclude Authorization: Bearer {token} in every REST API request after obtaining a token via /token.
Session CookieBrowser-based sessions. The ZEYOSID cookie is set automatically after a successful /token call from a browser.
Token Lifecycle
ExpiryTokens expire after a configurable period (default: 24 hours).
IntrospectUse /token/introspect to check whether a token is still active.
RevokeUse /token/revoke to invalidate a token explicitly (e.g. on logout).