Zerokey

API keys made human

Comment

Inspiration

This started with frustration. While building civic projects, I realized that getting access to public APIs — like open city data or government dashboards — was way harder than it needed to be. You had to generate tokens, manage keys, and deal with security rules that made no sense to non-developers.

That’s when I thought: what if API access could be as easy as asking for it? That idea became ZeroKey — a tool where you can just say

“Give me a key for the city air-quality API, valid for one hour,” and it gives you a secure, temporary key automatically.

No passwords, no setup, no confusion.

What it does

Zerokey makes API access as simple as asking for it. In the prototype we demo a read-only token flow for GitHub — e.g., “Give me a read-only token for this github valid for 1 hour.” The app then issues an ephemeral JWT (demo token) and shows how it would be validated by a service.

We used GitHub, aws, openai, stripe in the prototype because it’s a familiar, reproducible example for judges — but the same flow applies to any API, including civic/open government APIs (air quality, budgets, transit, Open Data portals). The UI, token lifecycle, and audit features are identical; only the provider endpoint changes.

How we built it

Zerokey was built like a real SaaS product with the help of ai using modern, reliable tools:

Frontend: React 18, TailwindCSS, Radix UI, and Vite for a clean, responsive interface.

Backend: Supabase for Auth, Edge Functions, and PostgreSQL as the main database.

Runtime: Deno for secure, lightweight serverless functions.

Security: JWT (HS256) for token signing and validation, with hardened CORS rules.

Deployment: Surge.sh for static hosting and global CDN delivery.

We also built simulated billing and demo sessions to show how Zerokey could work in production — without the risk of real API costs.

Challenges we ran into

One of the hardest parts was designing something that felt real without actually exposing real API credentials. Since generating actual keys could cost money or risk misuse, we had to simulate key issuance and expiration safely. We also had to strike a balance between simplicity and security — keeping the interface minimal while ensuring it stayed technically sound.

Another challenge was thinking like both a developer and a citizen — creating something that feels powerful for tech users but welcoming for non-technical ones.

Accomplishments that we're proud of

Built a fully functional end-to-end prototype that can issue, validate, and revoke tokens.

Designed a natural-language interface for API key generation — something rarely seen in security tools.

Created a clean, minimal UI that makes security feel approachable, not intimidating.

Developed a realistic demo flow that feels live but stays 100% safe and cost-free.

Most importantly, we proved that API security doesn’t have to be complicated — it can be intuitive and even conversational.

What we learned

Simplicity is the ultimate security feature. People are more likely to use secure tools when they’re easy to understand.

Building for non-developers requires rethinking how we present technical concepts like tokens and scopes.

Modern cloud tools like Supabase and Deno make it possible to ship secure, scalable prototypes incredibly fast.

Thinking about real-world sustainability — billing, quotas, abuse prevention — early helps make the project more realistic and credible.

What's next for Zerokey

Next, we want to connect Zerokey with real civic data platforms — city dashboards, open government APIs, and NGO datasets — so citizens can generate their own temporary keys to explore public data safely.

We also plan to:

Add voice or chat-based interaction (“Hey Zerokey, give me access to air quality data”).

Integrate OAuth and BYO credentials so users can link their own accounts without sharing secrets.

Partner with civic tech initiatives to make public data APIs more accessible to everyone.

Ultimately, Zerokey’s vision is to make secure access as easy as conversation — bridging the gap between humans and the data meant to serve them.

Built With

Share this project:

Updates