Authentication
All API requests require authentication via an org-scoped API key. Each
key grants access to a single organization's robots, runs, and captures.
Requests without a valid key receive a 401 Unauthorized response.
Getting your API key
- Sign in to the Extralt dashboard
- Select your organization
- Navigate to API key settings
- Create a new API key
API keys are org-scoped. Each key is tied to a specific organization. If you have multiple organizations, generate a separate key for each.
Using your API key
Include your API key in the Authorization header as a Bearer token:
Authorization: Bearer your-api-keyExample request
curl "https://api.extralt.com/v0/extract/robots" \
-H "Authorization: Bearer your-api-key"Base URL
All API requests use the host https://api.extralt.com with a versioned, pipeline-scoped prefix:
https://api.extralt.com/v0/extract/... # Extract pipeline (robots, runs, captures, schedules)
https://api.extralt.com/v0/enrich/... # Enrich pipeline (enrichments, items)Security
Treat your API key like a password. Do not commit it to version control or expose it in client-side code.
- Store keys in environment variables or a secrets manager
- Rotate keys periodically
- Revoke compromised keys immediately from the dashboard
- Each key is scoped to one organization and cannot access other orgs' data
Error responses
If authentication fails, the API returns a 401 Unauthorized response:
{
"error": "Unauthorized",
"message": "Invalid or missing API key"
}See Error Codes for the full error catalog.
Next steps
- Making Requests — request and response conventions
- Common Patterns — pagination, filtering, and polling
Credits & Billing
Understand how Extralt credits work, manage your subscription, track usage, and optimize costs for ecommerce extraction, enrichment, and AI assistant usage.
Making Requests
Learn Extralt API request patterns with authentication headers, JSON payloads, pagination, filtering, and response examples for core resources.