Authentication

The Extend API authenticates every request with a Bearer token. Create an API key from your Developer settings, then send it with each request — directly in the Authorization header, or by passing it once to an SDK client.

Authenticate a request

Send your key as a Bearer token. With an SDK, pass it once when you create the client; with the raw API, set the Authorization header on every request. Direct API calls must also include the x-extend-api-version header — the SDKs pin the version for you.

$curl https://api.extend.ai/extractors \
>  -H "Authorization: Bearer YOUR_API_KEY" \
>  -H "x-extend-api-version: 2026-02-09"

Load your key from an environment variable (for example EXTEND_API_KEY) rather than hardcoding it in source.

API key scopes

Every key is scoped to either a single workspace or your whole organization:

  • Workspace keys — Work only for the workspace they belong to. Nothing else is required.
  • Organization keys — Work across every workspace in your organization. Each request must set the X-Extend-Workspace-Id header to name the target workspace, and only organization admins can create them.

For an organization key, send the workspace header alongside your token:

$curl https://api.extend.ai/extractors \
>  -H "Authorization: Bearer YOUR_API_KEY" \
>  -H "x-extend-api-version: 2026-02-09" \
>  -H "X-Extend-Workspace-Id: ws_xxx"