SDK Reference

Node.js / TypeScript: Authentication

Overview

Pass API keys via environment variables or secret managers, never hard-code in source.

The SDK sends Authorization: Bearer headers on every request and validates 401 responses with actionable error types.

Who should read this

  • QA engineers, SREs, platform teams, and developers operating Zof Console and APIs.

Prerequisites

  • Node.js / TypeScript runtime installed
  • Organization API key

When to use this workflow

  • Onboarding new team members to Zof terminology and workflows
  • Authoring internal runbooks aligned with Console labels
  • Designing CI/CD or webhook integrations against documented behavior

Step-by-step procedure

Confirm access

Verify organization membership and role permissions in Admin Center.

Confirm API key or SSO session is scoped to the correct tenant.

Apply this guidance

Follow Console navigation paths and API examples in this document.

Use staging project and environment IDs for first-time integration tests.

Verify outcomes

Check Operate → Runs, Quality areas, or API responses for expected results.

Update team runbooks when your stack requires environment-specific variations.

Key concepts

Organization scope
All Zof Console and API operations are isolated to your authenticated tenant.
Governed execution
Agent output and remediation follow policy packs with human approval when configured.

Best practices

  • Rotate keys quarterly
  • Use separate keys per microservice
  • Never log Authorization headers

Example

const client = new ZofClient({ apiKey: process.env.ZOF_API_KEY });

Was this page helpful?

Node.js / TypeScript: Authentication | Zof AI Documentation