Authentication
All DayZero API requests require a Bearer token in the Authorization header and a business context header.
Obtaining a Token
Generate an API token from your DayZero dashboard under Settings > API Tokens.
Tokens follow the format dz_... and can be scoped with optional expiration (1–365 days).
Making Authenticated Requests
Every request needs two headers:
bash
curl "https://api.ondayzero.com/api/v1/businesses" \
-H "Authorization: Bearer dz_your_token_here" \
-H "x-business-id: YOUR_BUSINESS_ID"| Header | Required | Description |
|---|---|---|
Authorization |
Yes | Bearer dz_... token |
x-business-id |
Yes | UUID of the business context |
x-user-email |
No | Email for audit trail |
Token Limits
- Maximum 10 active tokens per user
- Tokens can be revoked at any time from the dashboard
- Optional expiration between 1 and 365 days
OAuth 2.0
DayZero also supports OAuth 2.0 for third-party integrations:
bash
POST /api/v1/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=AUTH_CODE&redirect_uri=YOUR_REDIRECTSee the oauth section of the API Reference for full details.
AI Assistants (MCP)
The same API tokens work with the DayZero MCP server, which lets AI assistants like Claude and Cursor interact with your accounting data. See the MCP Server guide for setup instructions.