Skip to main content
At least two API users must be added to your company’s account. Note:
  • If the company has already been set up as explained above in the document, then Zodia customer service cannot create any API accounts on the created company.
  • Only your company user maker will be able to create these two required API accounts.\
  • However, if the company has not already been set up on Zodia UI, then Zodia onboarding team can create the company with the two required API accounts.
  • Other user accounts can also be created by Zodia team at the time of the new company creation.
By convention, the API users should have an id starting with api-. Examples: api-maker@zodia.io and api-checker@zodia.io To onboard these users, you must generate a key pair for each API user. We will refer to these keys as:
  • api_user_pri_key for the private key
  • api_user_pub_key for the public key
Each API user is composed of three pieces of information:
  • an api user email (just an identifier)
  • an Elliptic Curve public key (encoded in base 64)
  • Roles to be assigned (Viewer, Maker, Checker)
Share these 3 pieces of information with customerservice@zodia.io Applying the two “How-to” steps below results in the following example:
  • api user email: api-maker@zodia.io
  • public key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeo/e0vtlHo44xeAOvDxZtlmnyK gkQrvoq/M2kpawqGOO+7FrUPktZm+wxqzE/Etta5F8sewpqYK5RgCbXtplSA==
  • Role: Viewer, Maker
WARNING: You must never share the private key api_user_pri_key with anyone including Zodia staff. This private key must be stored securely

How To Generate Keys For An API User

Please note that the Elliptic Curve that must be used to generate those keys is SECP256R1 Below is an example of how to generate a key pair for the user whose email is api-maker@zodia.io: 
import os
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec

def generate_ec_keypair(user):
    ec_private_key = ec.generate_private_key(ec.SECP256R1(), default_backend())
    private_key_pem = ec_private_key.private_bytes(serialization.Encoding.PEM,
                                                serialization.PrivateFormat.PKCS8,
                                                serialization.NoEncryption())
    with open(os.path.join("keys", user + ".private.pem"), "wb") as private_key_out:
        private_key_out.write(private_key_pem)
        
    ec_public_key = ec_private_key.public_key()
    public_key_pem = ec_public_key.public_bytes(serialization.Encoding.PEM,
                                              serialization.PublicFormat.SubjectPublicKeyInfo)
    with open(os.path.join("keys", user + ".public.pem"), "wb") as public_key_out:
        public_key_out.write(public_key_pem)

if __name__ == "__main__":
    generate_ec_keypair("api-maker@zodia.io")
    # Private key "api_user_pri_key" can be found in the file "api-maker@zodia.io.private.pem"
    # Private key "api_user_pub_key" can be found in the file "api-maker@zodia.io.public.pem"
Alternatively, you can also generate the user keys using below shell commands, 
$ openssl ecparam -name prime256v1 -genkey -noout -out ./private-key.pem
$ openssl ec -in ./private-key.pem -pubout -out ./public-key.pem