Installation & API keys
Branching workflow
CLI
Available regions
Serverless data platform
How Xata works
Data model
User model
Schema
Data copying
Migration files
File attachments
Pricing
Getting records
Creating records
Updating records
Deleting records
Searching records
Vector searching records
Filtering records
Aggregations
Summarize
Transactions
SQL
Ask AI
File attachments
Image transformations
Authentication
API contexts
REST API limits
Airbyte
Auth JS
Drizzle
GitHub
Kysley
LangChain
Netlify
Vercel
Visual Studio Code
Zapier
Create schema from code
Xata examples
Gallery app
XMDb

REST API authentication

Edit on GitHub

The Xata API authenticates users using API keys that provide identity while interacting with a database in a secure manner. Below, we'll explore creating a key and then using it to fetch data from the Xata web API.

To create an API key, visit the account settings page.

#

Sending an Authenticated Request

Once you've got an API key, you're ready to interact with any route on our API Reference, passing the key in the request's Authorization header. For example, to get a list of your workspaces, you'd do a request like this in TypeScript:

import fetch from 'node-fetch'
fetch('https://api.xata.io/workspaces', {
  headers: {
    Authorization: 'Bearer YOUR_API_KEY', // <- the magic
    'Content-Type': 'application/json',
  },
})
.then((response) => response.json())
.then((workspaces) => console.log('Look ma! Workspaces!', workspaces))

Note that we import fetch from "node-fetch" because we recommend interacting with the Xata API from a backend that serves as a proxy to our API. This protects your API key by not exposing it to a browser environment. When fetch is called in a browser, all headers sent along with the request are visible in a browser's developer tools, which raises some security concerns.

Armed with this knowledge, feel free to search these docs and API Reference by pressing ⌘K on macOS or Ctrl+K on Windows for your next steps.