Skip to main content
This guide gets you from zero to your first authenticated API call. You’ll need an iZap account on the environment you’re targeting (production or staging).

Step 1: Get an access token

The API authenticates every request with a Bearer JWT. For a quick start, exchange your account credentials for a token at the login endpoint:
curl -X POST "https://api.izap.ai/api/v1/auth/jwt/login" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "username=$IZAP_EMAIL&password=$IZAP_PASSWORD"
# -> {"access_token":"<JWT>","token_type":"bearer"}
For third-party apps, use the OAuth 2.0 authorization-code + PKCE flow instead of storing credentials. See Authentication.

Step 2: Call the API

Send the token as a Bearer header on every request:
export IZAP_TOKEN="<JWT>"
curl "https://api.izap.ai/api/v1/businesses" \
     -H "Authorization: Bearer $IZAP_TOKEN"
Tokens expire — refresh them (re-login or the OAuth refresh grant) when a request returns 401.

Step 3: Connect the Analytics MCP (optional)

Prefer to drive iZap from an AI client or agent? Point it at the iZap Analytics MCP server and call its tools directly:
{
  "mcpServers": {
    "izap": {
      "type": "http",
      "url": "https://api.izap.ai/mcp",
      "headers": { "Authorization": "Bearer ${IZAP_TOKEN}" }
    }
  }
}
See Analytics MCP for the full tool catalog.
Want the scaffolding done for you? npx @izap/wizard writes a working REST, MCP, webhook, or SSE client into your project. See the setup wizard.

Next steps

Authentication

OAuth 2.0 flow, discovery, and JWT usage.

REST API

The resources iZap exposes and how to call them.