Methods for Authentication
There are two ways to access our APIs: API keys or OAuth. API keys can be used by individual customers wanting to pull their own data from Zillow Group systems. If you are a partner company and require access to multiple Zillow Group customers, you will need to use OAuth.
API Key Access
Individual customers can find their API keys within the “Integrations” page in their ZRM App. Simply copy your API key and include in your calls to authenticate your account. Your API keys should be kept confidentially and never shared with 3rd party systems. Please email us at firstname.lastname@example.org if you have any issues.
If you are partner you will need to integrate with us via OAuth. Each of your customers will need to sign in to their Zillow Group accounts when they first try to access their Zillow Group data. Upon successful sign in we will pass you an access token that you can then use for subsequent calls for that specific client. You will also obtain a refresh token that you will be able to use to obtain new access tokens when they expire. You should store both token for further use. More information about our OAuth integration is noted below and detailed here.
All our public API calls support both API keys and OAuth. Below are examples of making the same request with different types of authentication. Besides differences in authentication, the actual requests would be the same
API Key vs. OAuth Authentication Example
The following endpoint is being called in each example:
Using an API key (added to the URL using the apikey= query parameter):
➜ ~ curl https://rentalsapi.zillowgroup.com/listings/v1/listingsForUser?apiKey=KJJoFrpvqa7Ic2DGlRVvrQ
Using OAuth 2.0, which uses the Authorization header:
➜ ~ curl https://rentalsapi.zillowgroup.com/listings/v1/listingsForUser?apiKey=KJJoFrpvqa7Ic2DGlRVvrQ&clientId=client-demo&accessToken=1180f62b9aaa22756601b08b4f41f12f