Docs navigation

Authentication

Send `X-API-Key` on every data request

Every `/v1/*` data endpoint requires an API key. The only exception is `GET /v1/health`.

Auth model

  • All `/v1/*` data endpoints require the `X-API-Key` request header.
  • `GET /v1/health` is public and does not require auth.
  • Keys use the `exlib_` prefix plus 32 alphanumeric characters, for a total length of 38.
  • New keys are shown once after generation. The dashboard can regenerate a replacement key later.
  • Missing, malformed, and unknown keys all return `401 INVALID_API_KEY`.

Lifecycle

  • Keys are created after sign-up in the dashboard.
  • The full key is shown once after generation.
  • Regenerating a key invalidates the previous one.
  • Missing, malformed, or unknown keys return `401 INVALID_API_KEY`.

Header format

Header
X-API-Key: exlib_your32characterapikeygoeshere

Example request

curl
curl -H "X-API-Key: YOUR_API_KEY" \
  "https://api.exerciseapi.dev/v1/exercises?q=bench%20press&limit=10"