/v1/* endpoint requires a bearer token in the Authorization header. The Zeam API supports three authentication methods. Once issued, all tokens work identically — the gateway accepts them via a single Authorization: Bearer <token> header.
Which method to use
Backend service or SDK
Ed25519 — your service controls an Ed25519 key pair and signs a cryptographic challenge. Best for server-to-server integrations.
End-user sign-in
OTP — the user receives a one-time code via WhatsApp. Best for user-facing flows where you manage the sign-in experience.
Mobile or web app
OAuth — pass a OAuth ID token directly. Best for apps already using OAuth.
How it works
Regardless of which method you use, the flow is the same:Token overview
| Field | Description |
|---|---|
idToken | Short-lived bearer token for API calls (typically 1 hour) |
refreshToken | Long-lived token for obtaining a new idToken without re-authenticating |
expiresIn | Seconds until the idToken expires |