Developers

Plug verified care events into your stack.

Sandbox keys instantly, runnable in-browser playground, signed webhooks, MCP + A2A interop. Build production integrations in hours, not weeks.

Get a sandbox key Read the docs

Sandbox in your browser

Run real cURL / Node / Python samples against the sandbox API from /network/sandbox. Streamed responses, status badges.

Signed webhooks

HMAC-SHA-256 over raw body; rotatable signing keys with a 24-hour grace window.

MCP + A2A interop

Three read-only MCP tools (integration status, usage, verification status) for Cursor / Claude Desktop / ChatGPT and A2A peers.

OpenAPI 3.1

Versioned, idempotency-key supported, machine-readable. Lives at /api/public/openapi.json.

Live observability

Per-partner usage tile, dashboard error rate, replayable webhook DLQ — all in /network/home.

AI-grounded docs

Quickstart, endpoints, webhooks, error codes — typed catalog so the in-app reference can never drift.

Trust signals

Idempotent
POST /verify supports Idempotency-Key — retries are safe by design.
Tenant-scoped
Every API key is tenant-scoped; cross-tenant reads return collapsed 404s.
Sentry-tagged
Persona mismatch + AI route failures are tagged for one-click triage.
Cost-aware
Hard cap + projected-monthly view; never get surprised by a bill.

Frequently asked

How fast can I make my first verified call?

Link to this answer

Under five minutes. Create a sandbox API key from the Network console, run the cURL / Node / Python sample on /network/sandbox, and watch the OTP webhook fire on requestbin.com. Live keys are unlocked after a short compliance review.

Does ZenoXCare support MCP and agent-to-agent (A2A) protocols?

Link to this answer

Yes. Three read-only Verification Network MCP tools are registered (read_integration_status, read_usage_summary, read_verification_status). They are tenant-scoped, require auth + network eligibility, and return redacted snapshots so AI agents (Cursor, Claude Desktop, ChatGPT) can answer questions without holding session cookies.

How are webhooks secured?

Link to this answer

Every webhook is signed with HMAC-SHA-256 over the raw body. The X-ZenoXCare-Signature header carries the signature; verify with timingSafeEqual. Signing keys are rotatable from the Network console with a 24-hour grace window.

What's the rate limit, and how do I handle it?

Link to this answer

60 requests / minute on sandbox keys. 429 responses include Retry-After. Build with idempotency-key on POST /verify so retries are safe. Live limits are negotiated per partner.

Where's the OpenAPI / SDK?

Link to this answer

OpenAPI 3.1 lives at /api/public/openapi.json. The TypeScript SDK ships as @zenoxcare/sdk on npm. Other languages are generated from the same OpenAPI; raise an issue if your language is missing.

Q: How fast can I make my first verified call?
A: Under five minutes. Create a sandbox API key from the Network console, run the cURL / Node / Python sample on /network/sandbox, and watch the OTP webhook fire on requestbin.com. Live keys are unlocked after a short compliance review.

Q: Does ZenoXCare support MCP and agent-to-agent (A2A) protocols?
A: Yes. Three read-only Verification Network MCP tools are registered (read_integration_status, read_usage_summary, read_verification_status). They are tenant-scoped, require auth + network eligibility, and return redacted snapshots so AI agents (Cursor, Claude Desktop, ChatGPT) can answer questions without holding session cookies.

Q: How are webhooks secured?
A: Every webhook is signed with HMAC-SHA-256 over the raw body. The X-ZenoXCare-Signature header carries the signature; verify with timingSafeEqual. Signing keys are rotatable from the Network console with a 24-hour grace window.

Q: What's the rate limit, and how do I handle it?
A: 60 requests / minute on sandbox keys. 429 responses include Retry-After. Build with idempotency-key on POST /verify so retries are safe. Live limits are negotiated per partner.

Q: Where's the OpenAPI / SDK?
A: OpenAPI 3.1 lives at /api/public/openapi.json. The TypeScript SDK ships as @zenoxcare/sdk on npm. Other languages are generated from the same OpenAPI; raise an issue if your language is missing.

Get a sandbox key

Sandbox keys instantly, runnable in-browser playground, signed webhooks, MCP + A2A interop. Build production integrations in hours, not weeks.

Get a sandbox key

Trust signals

Idempotent

POST /verify supports Idempotency-Key — retries are safe by design.

Tenant-scoped

Every API key is tenant-scoped; cross-tenant reads return collapsed 404s.

Sentry-tagged

Persona mismatch + AI route failures are tagged for one-click triage.

Cost-aware

Hard cap + projected-monthly view; never get surprised by a bill.

Frequently asked

How fast can I make my first verified call?

Link to this answer

Does ZenoXCare support MCP and agent-to-agent (A2A) protocols?

Link to this answer

How are webhooks secured?

Link to this answer

What's the rate limit, and how do I handle it?

Link to this answer

60 requests / minute on sandbox keys. 429 responses include Retry-After. Build with idempotency-key on POST /verify so retries are safe. Live limits are negotiated per partner.

Where's the OpenAPI / SDK?

Link to this answer

OpenAPI 3.1 lives at /api/public/openapi.json. The TypeScript SDK ships as @zenoxcare/sdk on npm. Other languages are generated from the same OpenAPI; raise an issue if your language is missing.

ZenoXCare — marketing

Plug verified care events into your stack.

Key capabilities

Trust signals

Frequently asked

Get a sandbox key

Plug verified care events into your stack.

Key capabilities

Trust signals

Frequently asked

Get a sandbox key