English
English
Appearance
English
English
Appearance
An API token is a Bearer (user session) token issued to a customer's user. Each user manages their own tokens — admins can revoke any user's tokens.
https://app.zorio.vnToken security
Every HTTP request to the API must include two headers:
Authorization: Bearer <YOUR_TOKEN>
Accept: application/jsoncurl -X GET 'https://app.zorio.vn/api/pbx/extensions' \
-H 'Authorization: Bearer 1|abcdefghijklmnopqrstuvwxyz0123456789' \
-H 'Accept: application/json'const response = await fetch('https://app.zorio.vn/api/pbx/extensions', {
headers: {
Authorization: 'Bearer ' + process.env.ZORIO_TOKEN,
Accept: 'application/json',
},
});
const json = await response.json();Rotate every 90 days — industry standard.
The API returns HTTP 401 with body:
{ "message": "Unauthenticated." }Your CRM should catch 401 → show a "Token expired" message and direct the user to the admin console to get a fresh token.