Authentication
Authentication
Section titled “Authentication”The Xplorr REST API uses bearer token authentication. All requests must include your API token in the Authorization header.
Getting an API token
Section titled “Getting an API token”- Log in to xplorr.io
- Go to Settings → API Tokens
- Click Create Token and give it a name
- Copy the token — it starts with
xplorr_
Making authenticated requests
Section titled “Making authenticated requests”Include your token in the Authorization header:
curl https://api.xplorr.io/api/v1/accounts \ -H "Authorization: Bearer xplorr_your_token_here"Token exchange
Section titled “Token exchange”Xplorr API tokens are long-lived credentials. When used with the MCP server or SDKs, they are automatically exchanged for short-lived JWTs behind the scenes:
POST https://api.xplorr.io/api/v1/tokens/exchangeAuthorization: Bearer xplorr_your_token_here{ "token": "eyJ...", "expires_in": 900}The JWT is cached for ~14 minutes and refreshed automatically.
Token scopes
Section titled “Token scopes”By default, API tokens have full access to read and write all Xplorr resources for your account. Scoped tokens (read-only, account-specific) are planned for a future release.
Base URL
Section titled “Base URL”https://api.xplorr.io/api/v1Error responses
Section titled “Error responses”| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid token |
403 Forbidden | Token lacks permission for this resource |
429 Too Many Requests | Rate limit exceeded |