Documentation
Seller Guide
Set up Clawzam and start earning from your API subscriptions
Prerequisites
Before you begin, make sure you have the following installed on your machine:
- Node.js 20+ — runtime for the Clawzam daemon
- cloudflared — Cloudflare Tunnel client for exposing your local daemon to the internet (free, no account needed)
- A ZAM API key — sign up at zeroclick.quest to get your key (starts with
zam_) - An API key for a supported service — e.g. Brave Search (free tier, no phone required) or SerpAPI
Install prerequisites:
# Install cloudflared (macOS)
brew install cloudflared
# Install cloudflared (Linux)
curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 \
-o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflaredQuick Start
Get up and running in four commands. This example uses Brave Search (free tier, no phone verification).
# 1. Install the CLI
npm install -g @clawzam/cli
# 2. Initialize Clawzam with your ZAM API key
clawzam init --zam-key zam_YOUR_KEY_HERE
# 3. Store your Brave Search API key and enable the adapter
clawzam secret set brave-search BRAVE_API_KEY BSAxxxxxxxxxxxxxxxxxxxxxxxx
clawzam add brave-search --no-prompt
# 4. Start the daemon
clawzam start
# 5. When you're done, stop the daemon
clawzam stopWhat happens: clawzam start starts a local HTTP server on port 3847, opens a Cloudflare Tunnel to give it a public URL, and automatically registers your adapters as listings on the ZeroClick Marketplace. Your terminal will show the tunnel URL and listing status. Use clawzam stop to shut down the daemon and pause your marketplace listings.
Note: You must enable at least one adapter (steps 3–4) before running clawzam start. The daemon requires adapters to serve. After clawzam init, run clawzam list to see available adapters, then clawzam add <adapter> to enable one.
Available Adapters
Clawzam ships with the following adapters. Each wraps a third-party API and exposes it as a Zam on the marketplace.
| Adapter | API Key | Signup | Notes |
|---|---|---|---|
| brave-search | BRAVE_API_KEY | brave.com/search/api | Recommended. Free tier (2000 queries/month), no phone required. |
| serpapi | SERPAPI_KEY | serpapi.com | Google search results. Free tier requires phone verification. |
How It Works
Clawzam uses a local daemon model to keep your API keys secure while making your adapters available to buyers worldwide.
- 1Local HTTP Server — The Clawzam daemon starts a Hono-based HTTP server on port 3847. Each adapter registers three endpoints:
GET /<slug>,GET /<slug>/contract, andPOST /<slug>/run. - 2Cloudflare Tunnel — A free
cloudflaredtunnel exposes your local server to the internet with a public URL (e.g.https://random-words.trycloudflare.com). No port forwarding, no Cloudflare account needed. - 3ZeroClick Marketplace —
clawzam startautomatically registers your adapters as listings on the marketplace. When a buyer activates your Zam, the marketplace calls your tunnel URL, the daemon uses your stored API key to make the upstream call, and returns the result.
Pricing: Each adapter sets a per-call price in cents (e.g. Brave Search charges 2 cents/call). The built-in adapters use default prices that cover upstream API costs with a margin. You earn revenue on each successful call — the ZeroClick Marketplace handles billing, metering, and buyer authentication. See zeroclick.quest for details on revenue splits and payouts.
Managing Adapters
The CLI provides commands to manage your adapters and their secrets.
List available adapters
clawzam listShows all available adapters and whether they are enabled or disabled.
Add an adapter
# Interactive mode (prompts for API key)
clawzam add brave-search
# Non-interactive mode (set the secret first, then add)
clawzam secret set brave-search BRAVE_API_KEY your-key-here
clawzam add brave-search --no-promptRemove an adapter
clawzam remove brave-searchDisables the adapter and deletes its stored secrets.
Set a secret
clawzam secret set <adapter> <key-name> <value>
# Example:
clawzam secret set brave-search BRAVE_API_KEY BSAxxxxxxxxxxxxxxxxxxxxxxxxStores a secret for a specific adapter. The value is encrypted at rest.
Start and stop the daemon
# Start the daemon (server + tunnel + marketplace registration)
clawzam start
# Stop the daemon (pauses listings, closes tunnel, stops server)
clawzam stopThe daemon runs in the foreground. Use clawzam stop from another terminal, or press Ctrl+C in the daemon terminal. Stopping pauses your marketplace listings automatically.
Retry marketplace registration
# Re-register adapters and publish (while daemon is running)
clawzam register --publishIf registration failed during clawzam start (e.g. due to a 502), the daemon keeps running. Use clawzam register --publish to retry without restarting.
Check status
clawzam statusShows daemon status, enabled adapters, tunnel URL, and marketplace listings. Example output:
Clawzam Status
Daemon: running (PID: 12345)
Config file: /home/user/.clawzam/config.json
Port: 3847
Adapters: brave-search
Tunnel: https://random-words.trycloudflare.com
ZAM API key: zam_...b2d4
Listings:
brave-search: published (019cdf2e-433b-...)If the daemon is not running, you will see not running for the daemon and not active for the tunnel. If an adapter failed to register, its listing will not appear — run clawzam register --publish to retry.
View call metrics
# Show metrics for all adapters
clawzam logs
# Show metrics for a specific adapter
clawzam logs --adapter brave-search
# Reset all metrics
clawzam logs --resetShows per-adapter call metrics: total calls, errors, average latency, and daily breakdown. Example output:
Call Metrics
brave-search
Total calls: 47
Errors: 2 (4.3%)
Avg latency: 312ms
Last call: 2026-03-11T22:15:03.000Z
Recent days:
2026-03-11: 32 calls
2026-03-10: 15 callsMetrics are stored locally at ~/.clawzam/analytics.json and persist across daemon restarts.
Configuration
Clawzam stores its configuration at ~/.clawzam/config.json. Here is the structure:
{
"zam": {
"apiKey": "zam_your_key_here"
},
"port": 3847,
"enabledAdapters": ["brave-search"],
"listings": {
"brave-search": {
"zamListingId": "019cdf2e-...",
"state": "published"
}
},
"tunnel": {
"name": "clawzam-1234567890",
"url": "https://random-words.trycloudflare.com"
}
}| Field | Description |
|---|---|
| zam.apiKey | Your ZAM API key for marketplace registration |
| port | Local port the daemon listens on (default 3847) |
| enabledAdapters | Array of adapter slugs that are currently enabled |
| listings | Map of adapter slug to ZAM listing ID and state (managed automatically by clawzam start) |
| tunnel | Current tunnel name and public URL (set automatically when the daemon starts) |
Secrets are stored separately at ~/.clawzam/secrets.json in encrypted form (AES-256-GCM) and are never included in the main configuration file.
Security
Clawzam is designed with a secrets-never-leave architecture. Here is how your API keys are protected:
- Encrypted at rest — API keys are encrypted with AES-256-GCM before being written to
~/.clawzam/secrets.json. They are only decrypted in memory when making an outbound API call. - Never transmitted — Your keys never leave your machine. Buyer requests arrive via the tunnel, the daemon makes the upstream call locally, and only the result is sent back.
- Outbound only — API keys are used exclusively for outbound calls to upstream providers. They are never exposed in responses, logs, or error messages.
- Buyer authentication — Buyers authenticate with their ZAM API key against the marketplace, not directly with your daemon. The marketplace verifies buyer credentials and billing before forwarding requests to your tunnel URL.
- Rate limiting — The daemon enforces per-adapter rate limits (e.g. 15 requests/minute for Brave Search). Requests exceeding the limit receive a 429 response. This protects your upstream API quota from abuse.
Note on endpoint access: Your tunnel URL is publicly reachable and visible in your marketplace listing. The ZeroClick Marketplace does not currently support custom authentication headers on seller endpoints — this is consistent with how all ZAM sellers (including Cloudflare Workers-based ones) operate. The daemon enforces rate limits locally to protect your upstream API quota. The marketplace handles buyer billing and authentication on its side.
Creating Custom Adapters
You can create your own adapters to wrap any API and sell access on the marketplace. The CLI provides a scaffolding command:
clawzam generate my-weather-apiThis generates a new adapter package at packages/adapters/my-weather-api/. Your adapter extends BaseAdapter and must implement two methods:
getContract()— Returns aZamContractdescribing your adapter's name, input/output schemas, pricing, and metadata.execute(input, ctx)— Takes validated buyer input and anAdapterContext(containing your secrets), calls the upstream API, and returns the result.
import { BaseAdapter, type ZamContract, type AdapterContext } from "@clawzam/adapter-core";
export class MyWeatherApiAdapter extends BaseAdapter {
readonly slug = "my-weather-api";
readonly requiredSecrets = ["WEATHER_API_KEY"] as const;
getContract(): ZamContract {
return {
name: "My Weather API",
slug: "my-weather-api",
version: "1.0.0",
description: "Get current weather for a location",
category: "data",
tags: ["weather"],
provider: { name: "WeatherCo", url: "https://weather.example.com" },
pricing: { perCallCents: 1 },
input: {
schema: {
type: "object",
properties: {
city: { type: "string", description: "City name" },
},
required: ["city"],
},
examples: [{ city: "San Francisco" }],
},
output: {
schema: {
type: "object",
properties: {
temp: { type: "number" },
condition: { type: "string" },
},
},
},
};
}
async execute(
input: Record<string, unknown>,
ctx: AdapterContext,
): Promise<Record<string, unknown>> {
const city = input.city as string;
const res = await fetch(
`https://api.weather.example/v1?q=${encodeURIComponent(city)}&key=${ctx.secrets.WEATHER_API_KEY}`
);
return await res.json() as Record<string, unknown>;
}
}Once your adapter is ready, register it in packages/cli/src/adapters.ts and add it to the CLI package dependencies. Then build, and use clawzam add my-weather-api to enable it.
Troubleshooting
Port 3847 is already in use
Another process is using the default port. Find and stop it, or change the port in ~/.clawzam/config.json:
# Find what's using port 3847
lsof -i :3847
# Or change the port in config
# Edit ~/.clawzam/config.json and set "port": 3848Cloudflare Tunnel fails to start
Make sure cloudflared is installed and in your PATH. Run cloudflared --version to verify. Clawzam uses free quick tunnels which require no account or configuration — just the cloudflared binary. If you're behind a corporate firewall, tunnel connections to Cloudflare may be blocked.
Tunnel URL changes on restart
Free quick tunnels get a new random URL each time. This is expected — clawzam start automatically updates your marketplace listings with the new URL.
Registration failed during start (502 or similar)
When clawzam start fails to register an adapter on the marketplace, the daemon keeps running and the tunnel stays open. The CLI will automatically retry up to 3 times, but if it still fails:
# Retry registration while daemon is running
clawzam register --publishThis is typically caused by the tunnel not being fully reachable when the ZAM marketplace tries to fetch your contract. The retry usually succeeds. If it persists, check that clawzam status shows a tunnel URL and that visiting it in a browser returns a response.
"No enabled adapters" error
You need to add at least one adapter before starting. Run clawzam list to see available adapters, set up the required API key with clawzam secret set, then clawzam add <adapter>.
Upstream API returns errors
Verify your API key is correct with clawzam secret set <adapter> <KEY> <new-value> and check that your upstream account is active and has remaining quota.