Using the API
Authentication
All API requests require authentication via an org-scoped API key. Each
key grants access to a single organization's robots, runs, and captures.
Requests without a valid key receive a 401 Unauthorized response.
Getting your API key
- Sign in to the Extralt dashboard
- Select your organization
- Navigate to API key settings
- Create a new API key
API keys are org-scoped. Each key is tied to a specific organization. If you have multiple organizations, generate a separate key for each.
Using your API key
Include your API key in the Authorization header as a Bearer token:
Authorization: Bearer your-api-keyExample request
curl "https://api.extralt.com/robots" \
-H "Authorization: Bearer your-api-key"Base URL
All API requests use:
https://api.extralt.comSecurity
Treat your API key like a password. Do not commit it to version control or expose it in client-side code.
- Store keys in environment variables or a secrets manager
- Rotate keys periodically
- Revoke compromised keys immediately from the dashboard
- Each key is scoped to one organization and cannot access other orgs' data
Error responses
If authentication fails, the API returns a 401 Unauthorized response:
{
"error": "Unauthorized",
"message": "Invalid or missing API key"
}See Error Codes for the full error catalog.
Next steps
- Making Requests — request and response conventions
- Common Patterns — pagination, filtering, and polling