Authentication
All DayZero API requests require a Bearer token in the Authorization header and a business context header.
Obtaining a Token
Generate an API token from your DayZero dashboard under Settings > API Tokens.
Tokens follow the format dz_... and can be scoped with optional expiration (1–365 days).
Making Authenticated Requests
Every request needs two headers:
bash
curl "https://api.ondayzero.com/api/v1/businesses" \
-H "Authorization: Bearer dz_your_token_here" \
-H "x-business-id: YOUR_BUSINESS_ID"| Header | Required | Description |
|---|---|---|
Authorization |
Yes | Bearer dz_... token |
x-business-id |
Yes | UUID of the business context |
x-user-email |
No | Email for audit trail |
Token Limits
- Maximum 10 active tokens per user
- Tokens can be revoked at any time from the dashboard
- Optional expiration between 1 and 365 days
OAuth 2.0
DayZero also supports OAuth 2.0 for third-party integrations:
bash
POST /api/v1/oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=AUTH_CODE&redirect_uri=YOUR_REDIRECTSee the oauth section of the API Reference for full details.
AI Assistants (MCP)
The DayZero MCP server lets AI assistants like Claude and Cursor interact with your accounting data. It supports two ways to authenticate:
- OAuth 2.1 — the assistant opens a browser for you to sign in to DayZero and approve access (dynamic client registration + PKCE, no token to copy).
- API token — the same API tokens described above work as a Bearer credential.
See the MCP Server guide for setup instructions.