Zephyr Squad Cloud REST API

Applies to Zephyr Squad Cloud, last modified on September 21, 2023

Zephyr Squad Cloud exposes its data via a REST API which allows you to access the data programmatically and build your own integrations. You can use the API to:

  • Integrate with test automation tools.

  • Integrate with continuous integration tools.

  • Create extensive custom reports for testing.

  • Integrate with business intelligence tools.

  • Use the testing data for other purposes.

For example, you could build an integration that would create a test in a separate tool/system and add it to Zephyr Squad or create an test execution cycle and update the status of a test execution run after its has been executed in an automation tool.

To create, run, and manage Test Automation jobs, use the Test Automation API instead.
Note: Previously, to access Zephyr Squad REST API you had to install an additional plugin (ZAPI). As of August 2020, the API is available out-of-the-box, and the ZAPI plugin is no longer needed.


Interactive API documentation is available at the following link, along with code examples for cURL, C#, JavaScript, Python, and other languages:


The API provides the following capabilities:

Base URL

The base URL for API calls is:


For example, POST /public/rest/api/1.0/attachment means a POST request to https://prod-api.zephyr4jiracloud.com/connect/public/rest/api/1.0/attachment.


The API uses JWT tokens for authentication. All requests must include the following headers:

zapiAccessKey: YOUR_ACCESS_KEY


  • YOUR_ACCESS_KEY is the access key found in the API Keys section of Zephyr Squad Cloud.

  • GENERATED_JWT_TOKEN is the JWT token generated for this specific request. To learn how to generate JWT tokens, see this page.


JWT tokens are generated using several pieces of information, including the API endpoint you want to call, and query parameters (if any). This means that to call multiple different endpoints or call the same endpoint but with different query parameters you must generate a new JWT token for each API call.

JSON requests

Most operations that accept a request body expect it in the JSON format.

POST and PUT request containing a JSON request body must include the Content-Type header:

Content-Type: application/json

Rate limits

  • 1,000 requests per hour.

  • 24,000 requests per day.


  • There are pagination limits.

  • Encoding affects status character counts.

Got questions?

Ask your questions in the Zephyr Squad Cloud community, or contact Support for assistance.

See Also

Test Automation API
BDD Content API

Watch the video
Highlight search results