extractr docs

Authentication

Authenticate every data request with an API key.

All data endpoints require an API key. Create and manage keys in the dashboard.

Sending your key

Two equivalent options — pick one:

curl "https://api.extractr.dev/spotify/search?q=daft+punk&type=track" \
  -H "X-API-Key: ext_live_YOUR_KEY"

Key format

Secret keys look like:

ext_live_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0
  • The ext_live_ prefix is followed by 40 hex characters.
  • The full secret is returned exactly once, when the key is created. Only a display prefix (e.g. ext_live_a1b2) is stored — if you lose the secret, create a new key.

Revoking and rotating

Revoke a key any time from the dashboard; it stops working immediately. To rotate without downtime:

  1. Create a new key.
  2. Deploy the new key to your services.
  3. Revoke the old key.

Keys carry no per-key limits — usage and billing are per account — so you can freely create one key per service or environment.

Keep keys server-side

Never ship an API key in client-side code. Anyone with the key can spend your credits. Proxy extractr calls through your backend.

Failure modes

SituationStatusCode
No key supplied401unauthorized
Key malformed, revoked or unknown401invalid_api_key

See Errors for the response shape.

On this page