Skip to main content
The Exante API uses API key authentication. Every request must include a valid API key in the Authorization header.

Quick Start

Pass your API key with a Bearer prefix: 
curl https://dev.exante.app/api/invoices \
  -H "Authorization: Bearer ex_live_xxxxxxxxxxxxxxxxx"

API Key Format

ComponentDescription
Prefixex_live_ identifies keys as live production keys
DisplayAfter creation, keys are shown as ex_live_...AbCd (last 4 characters visible)
StorageKeys are hashed and cannot be recovered—store your key securely after creation
You can only view the full key once at creation time. Store it immediately in a secure location.

Generate an API Key

1

Open API key settings

Sign in to your Exante account and go to SettingsAPI keys.
2

Create a key

Click Create API key, enter a descriptive name, and optionally set an expiration.
3

Copy the key

Copy the key and store it in your secret manager or environment variables.
Or use the API to create keys programmatically—see Create API Key.

Making Authenticated Requests

Include the Authorization header in every request: 
Authorization: Bearer YOUR_API_KEY

curl --request GET \
  --url https://dev.exante.app/api/invoices \
  --header 'Authorization: Bearer ex_live_xxxxxxxxxxxxxxxxx'

Expiration

API keys can be created with an optional expiration via expires_in_days. When a key expires:
  • Requests using the key receive a 401 Unauthorized response
  • The key cannot be renewed—create a new key instead
  • Expired keys remain visible in the dashboard for audit purposes
For long-running integrations, consider creating keys without expiration and rotating them periodically using the revoke/create flow.

Rate Limiting

API keys are rate-limited to protect the platform and ensure fair usage.
AspectDetails
ScopeLimits apply per API key
Response429 Too Many Requests when exceeded
RetryCheck the Retry-After header for seconds until reset
HTTP/1.1 429 Too Many Requests
Retry-After: 60

Error Responses

StatusCauseResolution
401 UnauthorizedMissing Authorization headerAdd Authorization: Bearer YOUR_API_KEY
401 UnauthorizedInvalid header formatEnsure header starts with Bearer (with space)
401 UnauthorizedKey is invalid, expired, or revokedGenerate a new key or verify the key value
403 ForbiddenKey lacks permission for the resourceUse a key with appropriate access
429 Too Many RequestsRate limit exceededWait and retry after Retry-After seconds

Security Best Practices

Use environment variables

Store keys in EXANTE_API_KEY environment variable, never in source code

Rotate regularly

Create new keys and revoke old ones periodically

Use minimal scope

Create separate keys for different integrations

Monitor usage

Review key activity in the dashboard

Managing API Keys

Use these endpoints to manage keys programmatically:

Create key

Generate a new API key

List keys

View all keys for your organization

Revoke key

Deactivate a key immediately