ExoGraph API

Appearance

Authentication

ExoGraph API uses API keys for authentication. All requests must include a valid API key.

Getting Your API Key

  1. Sign in to ExoGraph
  2. Navigate to Settings → API Keys
  3. Click "Generate Key"
  4. Copy and store your key securely

Security

Your API key is shown only once during generation. Store it securely and never expose it in client-side code or public repositories.

Using API Keys

REST API

bash
curl https://exograph.ai/agent/interactions \
  -H "Authorization: Bearer exo_key_live_..." \
  -H "Content-Type: application/json" \
  -d '{...}'

X-API-Key Header (Alternative)

bash
curl https://exograph.ai/agent/interactions \
  -H "X-API-Key: exo_key_live_..." \
  -H "Content-Type: application/json" \
  -d '{...}'

MCP Integration

The same API keys work with MCP for Claude Desktop and Cursor:

json
{
  "mcpServers": {
    "exograph": {
      "url": "https://exograph.ai/api/mcp",
      "headers": {
        "Authorization": "Bearer exo_key_live_..."
      }
    }
  }
}

Learn more about MCP →

Key Format

API keys follow this format:

exo_key_live_<32_random_characters>

Example:

exo_key_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Key Management

List Your Keys

bash
curl https://exograph.ai/api-keys \
  -H "Authorization: Bearer YOUR_API_KEY"

Revoke a Key

bash
curl -X DELETE https://exograph.ai/api-keys/{key_id} \
  -H "Authorization: Bearer YOUR_API_KEY"

Multiple Keys

You can create multiple API keys for different applications or environments. This allows you to rotate keys without downtime.

Key States

StateDescription
activeKey is valid and can be used
revokedKey has been manually revoked
expiredKey has passed its expiration date

Best Practices

✅ Do

  • Store keys in environment variables
  • Use different keys for development and production
  • Rotate keys periodically
  • Revoke keys immediately if compromised
  • Monitor key usage in the dashboard

❌ Don't

  • Hardcode keys in source code
  • Commit keys to version control
  • Share keys between team members
  • Use the same key for all environments
  • Expose keys in client-side applications

Example: Secure Key Storage

Environment Variables

bash
# .env file
EXOGRAPH_API_KEY=exo_key_live_...
python
# Python
import os
api_key = os.getenv('EXOGRAPH_API_KEY')
javascript
// Node.js
const apiKey = process.env.EXOGRAPH_API_KEY;

Secrets Management

For production, use a secrets manager:

  • AWS: AWS Secrets Manager
  • GCP: Secret Manager
  • Azure: Key Vault
  • HashiCorp: Vault

Authentication Errors

401 Unauthorized

json
{
  "error": {
    "code": "invalid_api_key",
    "message": "Invalid or expired API key"
  }
}

Causes:

  • Key is invalid
  • Key has been revoked
  • Key has expired
  • Key format is incorrect

Solution:

  • Verify your API key
  • Generate a new key if needed
  • Check key status in dashboard

Next: Rate Limits →

Released under the MIT License.

Copyright © 2025 ExoGraph