# Enzo documentation > Enzo is a machine-authentication service for issuing, managing, and verifying API keys over HTTP. --- ## Core concepts Source: https://enzoguard.com/docs/concepts.md Enzo's configuration model has a small number of explicit resources. ## Realm A realm is a logical configuration namespace. Realm names are unique within an Enzo cluster. ## App An app belongs to a realm. Apps can carry tags and provide the resource boundary for customer API keys. ## Customer API key A customer API key belongs to an app. Enzo returns plaintext key material only when the key is created; stored API-key resources do not contain the plaintext value. The verification endpoint accepts a customer key and reports whether it is valid, together with the identifiers needed by the caller. ## System key A system key authenticates configuration API requests. Send it using the HTTP `Authorization` header: ```text Authorization: Bearer ``` System keys and customer API keys serve different purposes. A system key manages configuration; a customer key is verified by an application using Enzo. --- ## HTTP API reference Source: https://enzoguard.com/docs/api-reference.md The generated [OpenAPI 3.0 contract](/openapi.yaml) is the canonical reference for request bodies, response bodies, authentication, and status codes. ## Endpoint groups | Group | Paths | Purpose | | --- | --- | --- | | Metadata | `/meta/version`, `/meta/openapi.json` | Inspect the running server and its embedded contract. | | Realms | `/v1/realms`, `/v1/realms/{id}` | Create, list, inspect, and delete realms. | | Apps | `/v1/realms/{realm_id}/apps` | Manage apps within a realm. | | API keys | `/v1/realms/{realm_id}/apps/{app_id}/api-keys` | Create, list, inspect, and delete customer API keys. | | Verification | `/v1/verify-key` | Verify a customer API key. | ## Authentication Metadata endpoints are public. Other endpoints use the `systemKey` bearer security scheme unless the operation explicitly overrides it. ## Contract URLs - [`/openapi.yaml`](/openapi.yaml) is the static contract published with this site. - `/meta/openapi.json` is the contract embedded in a running Enzo server. Use the static YAML for code generation and documentation tooling. Use the runtime JSON endpoint when you need to inspect the exact server you are calling. --- ## Documentation for AI agents Source: https://enzoguard.com/docs/ai-access.md Every documentation and blog page is published in both HTML and Markdown. The HTML contains an alternate link to its Markdown representation. ## Discovery files - [`/llms.txt`](/llms.txt) is a compact index of available content. - [`/llms-full.txt`](/llms-full.txt) combines the documentation and blog into one file. - [`/sitemap.xml`](/sitemap.xml) provides the complete HTML URL inventory. - [`/openapi.yaml`](/openapi.yaml) describes the public HTTP interface. ## Page-level Markdown Append `.md` to a page's path. For example: ```text /docs/concepts/ HTML /docs/concepts.md Markdown ``` The page context menu also provides **Copy as Markdown** and **View as Markdown** actions. ## Content guarantees Documentation and blog sources use portable Markdown without Hugo or Hextra shortcodes. An automated site check rejects shortcodes in those sections so the published Markdown remains directly useful outside the website renderer.