API
OAuth Integration
Authorization code flow and Clerk bootstrap notes for ZAST.AI integrations.
Use this page when you need delegated authorization against the ZAST.AI identity layer or when your frontend must bootstrap Clerk before calling protected APIs.
Guide
Business API guide
Context for the module that exposes the Clerk bootstrap endpoint.
Read guideReference
Business API reference
Inspect the exact schema for the Clerk publishable-key endpoint.
Open referencePreparation
- Contact
support@zast.aito provision your application and register the expectedredirect_uri. - Confirm your client receives the required
client_idandclient_secretbefore wiring the authorization flow.
OAuth Endpoints
- Authorization URL:
https://clerk.zast.ai/oauth/authorize - Token URL:
https://clerk.zast.ai/oauth/token - User Info URL:
https://clerk.zast.ai/oauth/userinfo
Authorization Code Flow
- Redirect the user to the authorization URL with
response_type=code,client_id,redirect_uri,scope, andstate. - Receive the authorization code on your callback URL.
- Exchange the code for tokens by posting
application/x-www-form-urlencodeddata to the token endpoint. - Refresh access when needed through the same token endpoint with
grant_type=refresh_token. - Send the resulting bearer token to the APIs that require authenticated context.
Frontend Bootstrap Endpoint
- Endpoint:
GET /biz/api/v1/auth/clerk/publishable-key - Purpose: return the Clerk publishable key used to initialize the frontend SDK.
- Typical sequence:
- Fetch the publishable key from the Business API.
- Initialize Clerk in the frontend.
- Continue the authorization flow or authenticated API calls with the resulting session context.
Example Request
curl -X GET 'https://zast.ai/biz/api/v1/auth/clerk/publishable-key'
Example Response
{
"publishableKey": "pk_live_xxx"
}