OAuth authentication

If your app uses an OAuth provider (email, phone, Google, Apple, etc.), you can pass the OAuth ID token directly to the Zeam API. No additional authentication step is needed — the gateway validates the token and grants access to /v1/business/*, /v1/application/*, and /v1/stellar/* endpoints.

Flow

What the gateway checks

Token signature (against the provider’s public keys, auto-rotated).
aud, iss, and exp match the configured project.
uid (or sub) is present — it becomes the principal identifier for authenticated API calls.

Using it in practice

// iOS
let token = try await getOAuthToken()
var request = URLRequest(url: URL(string: "https://api.zeam.money/gw/v1/business/association/all")!)
request.setValue("Bearer \(token)", forHTTPHeaderField: "Authorization")

Token refresh is handled by your OAuth provider on the client. The Zeam API does not issue its own refresh token for OAuth-authenticated users — use your provider’s built-in refresh mechanism.

OTP user authentication

Token lifecycle

⌘I

​Flow

​What the gateway checks

​Using it in practice

Flow

What the gateway checks

Using it in practice