Authentication

Who this is for: every developer, on both the Demand and Supply side. When to use it: before your first request. What happens next: you'll be ready to run the Quickstart.

Zamplia uses different credentials for each side of the marketplace. This is by design — they are issued by different teams and scoped to different permissions. Use the one that matches your integration.

Demand API — Bearer token

Buyers authenticate with a bearer token sent in the Authorization header on every request.

Demand request
curl --location 'https://zampliabackend-staging.azurewebsites.net/api/suppliers/getAllQulifications?lang_id=4' \
  --header 'Accept: application/json' \
  --header 'Authorization: Bearer YOUR_TOKEN'

Use your staging token against the staging environment and your production token against production. They are not interchangeable.
Never embed tokens in client-side code or commit them to source control.

Supply API — `ZAMP-KEY` header

Providers authenticate with an API key sent in the ZAMP-KEY header.

Supply request
curl --location 'https://surveysupplysandbox.zamplia.com/api/v1/Surveys/GetAllocatedSurveys' \
  --header 'Accept: application/json' \
  --header 'ZAMP-KEY: YOUR_API_KEY'

The same key works across endpoints; keep it server-side.
A missing or invalid ZAMP-KEY returns 401 Unauthorized.

Keeping credentials safe

Store secrets in environment variables or a secrets manager, never in code.
Rotate keys/tokens if you suspect exposure and contact Support.
Scope access to the minimum needed; use sandbox credentials for development.

Head to the Quickstart to make your first authenticated call, or read about Environments.

Demand API — Bearer token​

Supply API — ZAMP-KEY header​

Keeping credentials safe​

Demand API — Bearer token

Supply API — `ZAMP-KEY` header

Keeping credentials safe