Skip to main content
POST
/
api
/
v1
/
login
Mint device key
curl --request POST \
  --url https://staging.zerolatencylabs.com/api/v1/login \
  --header 'Content-Type: application/json' \
  --header 'X-PUBLIC-KEY: <api-key>' \
  --header 'X-REQUEST-ID: <api-key>' \
  --header 'X-SIGNATURE: <api-key>' \
  --data '
{
  "account_id": 12345,
  "device_label": "laptop",
  "subaccount_index": 0
}
'
{
  "created_at": "2024-06-23T16:00:00.000Z",
  "device_key_id": "0190b6c2-7e4a-7c3b-9f21-2b6a1c4e5d8f",
  "secret": "k8Jq...redacted",
  "subaccount_index": 0
}

Authorizations

X-PUBLIC-KEY
string
header
required

Base64 ed25519 session public key. Part of the SessionSig triple; not an API key.

X-REQUEST-ID
string
header
required

UUIDv7 replay nonce; its embedded timestamp must fall inside the skew window [now-15s, now+5s]. Part of the SessionSig triple.

X-SIGNATURE
string
header
required

Base64 ed25519 signature over the canonical request message. Part of the SessionSig triple.

Body

application/json
account_id
integer<int64>
required

Account that owns the new device key.

Required range: x >= 0
Example:

12345

device_label
string | null

Optional human-readable label for the device (max 64 chars).

Example:

"laptop"

subaccount_index
integer<int32> | null

Optional subaccount to pin the device key to. Omit for an account-wide key.

Required range: x >= 0
Example:

0

Response

Device key minted

created_at
string<date-time>
required

Creation timestamp.

Example:

"2024-06-23T16:00:00.000Z"

device_key_id
string<uuid>
required

Identifier of the newly minted device key.

Example:

"0190b6c2-7e4a-7c3b-9f21-2b6a1c4e5d8f"

secret
string
required

The raw device-key secret, returned once. The client stores it and sends it back in the X-DEVICE-KEY header on subsequent requests.

Example:

"k8Jq...redacted"

subaccount_index
integer<int32> | null

Subaccount the key is pinned to, if any.

Required range: x >= 0
Example:

0