Skip to main content

ZSC Admin API — /api/zsc/*

The ZSC admin API is the operator surface for the framework's encrypted secret store. Every endpoint is admin-gated (requireAdmin middleware — admin JWT cookie required), every call produces a row in audit_log, and plaintext values are NEVER returned in any response. Operators read plaintext only via the internal ZeqContext.read() path (which writes its own audit row); the HTTP surface deals only in metadata + lifecycle operations.

Source: shared/api-core/src/routes/zscAdmin.ts. Background: ZSC Secure Context, ZSC Audit Trail.

Endpoints

MethodPathNotes
GET/api/zsc/listAll secrets, metadata only.
GET/api/zsc/info/:nameSingle secret metadata.
POST/api/zsc/setUpsert (create or replace).
POST/api/zsc/rotate/:nameRe-encrypt with fresh IV.
POST/api/zsc/grant/:nameAdd ZID to permissions.
POST/api/zsc/revoke/:nameRemove ZID from permissions.
GET/api/zsc/audit/:nameRecent audit rows for this name.
POST/api/zsc/probe-permissionTest whether a ZID can read, without exposing plaintext.
DELETE/api/zsc/:namePermanent removal.

Auth

All endpoints require the zeq_admin HMAC-signed JWT cookie. The middleware is requireAdmin (shared/api-core/src/middlewares/requireAdmin.ts). Sign in at /admin/ to obtain the cookie.

Reads from the public Pulse/orb surface do not use these routes — they call ZeqContext.read() directly with the caller's ZID. The admin API exists for operator lifecycle ops only.

Common error shape

All endpoints share the same error envelope:

{ "ok": false, "error": "ERROR_CODE", "detail": "optional human string" }

Common codes:

StatuserrorMeaning
400name required, value must be a string, value too large (>64KB), zid requiredInput validation.
401unauthorizedAdmin cookie missing or invalid.
404NOT_FOUNDSecret doesn't exist.
500INTERNAL_ERRORBackend failure — DB unreachable, encryption error, etc. Check api-core logs.

Companion surfaces