API documentation

Authentication

Create account tokens, send bearer auth, and keep retries idempotent.

Send bearer auth

Create an account API token in the exdata app, then send it in the Authorization header on every request.

Authorization header 
Authorization: Bearer <your-exdata-token>

Full token values are shown only at creation. After that, exdata stores the token hash and displays only the prefix.

Test and live tokens

Tokens are scoped to the account where they were created. They can only access documents, previews, extraction fields, and webhook configuration for that account.

Token type Use for Credit behavior
Test mode Development, QA, webhook receiver testing, and sample files. Does not spend live credits.
Live mode Production document processing. Reserves live credits before extraction work is queued.

Safe retries

Send an Idempotency-Key header for uploads. If the network drops and you retry with the same key and payload, exdata returns the original response without uploading a duplicate document, reserving another credit, or queueing extraction twice.

Safe upload retry 
curl -sS -X POST "https://www.exdata.app/api/v1/documents" \
  -H "Authorization: Bearer $EXDATA_API_TOKEN" \
  -H "Idempotency-Key: invoice-2026-1048" \
  -F "file=@./invoice.pdf"
Different payload, same key

Reusing the same key with a different upload payload returns 409. Use one unique key per logical upload.