# Data API

## About Exto Data API

**Exto REST API** enables seamless interaction between external applications and Exto’s platform. Through the API, external systems can securely access, retrieve, and update data stored within Exto.&#x20;

The API follows RESTful principles and uses token-based authentication for secure access, ensuring data integrity and protection. Whether you're integrating with third-party services or building custom solutions, Exto’s API provides the flexibility to manage your data programmatically

## Security

Exto takes security seriously, employing industry-standard protocols to safeguard your data. API access requires token-based authentication, ensuring that only authorised users can interact with your data.&#x20;

Tokens are **encrypted** and **expire** after **180 days**, reducing the risk of unauthorised access.&#x20;

Additionally, all API requests are transmitted over HTTPS, ensuring **data is encrypted in transit**. To prevent abuse, the API enforces a **rate limit** of 3 requests per second, maintaining optimal performance and security for all users.

* Token based authentication
* [*ID/Access token API*](https://docs.exto360.com/integration/data-api/id-access-token) *is being revamped internally (Will be released in future)*

### Token generation

Admins have the ability to create new tokens by logging in as a site admin and generating tokens from the Customer Details page within the Exto Platform. This allows for easy token management, ensuring continued secure access when needed

{% hint style="warning" %}
All Personal Access Token are invalid when Access Token Private Key is changed in the API Server. Please recreate new token with new token
{% endhint %}

### Connecting Exto API through API Management (Azure Specific)

This [azure-api-gateway](https://docs.exto360.com/integration/data-api/azure-api-gateway "mention") page discusses how Exto REST APIs can be made available through Azure APIM

## Sample Code

Below is an example of how to make an HTTP GET request to the Exto API using `curl` with a Bearer token for authentication.

1\. `curl` Example

```bash
curl -X GET "https://platform.exto360.com/data/api/v1/health/readiness" \
     -H "Authorization: Bearer your_token_here" \
     -H "Content-Type: application/json"
```

2\. Node.js Example (using `axios`)

{% code lineNumbers="true" fullWidth="false" %}

```javascript
const axios = require("axios");
const config = {
  method: "get",
  url: "https://api.exto.com/v1/your-endpoint",
  headers: {
    Authorization: "Bearer your_token_here",
    "Content-Type": "application/json",
  },
};
axios(config)
  .then((response) => {
    console.log(JSON.stringify(response.data));
  })
  .catch((error) => {
    console.error(error);
  });
```

{% endcode %}

In this example:

* Replace `https://platform.exto360.com/data/api/v1/health/readiness` with the actual API endpoint you're targeting.
* Replace `your_token_here` with the token generated from the Exto Platform.

This request retrieves data from the specified endpoint using the Bearer token for secure access.

## Swagger

<figure><img src="https://exto.slite.com/api/files/WWO0IPbeawDUNY/image.png" alt="image.png"><figcaption></figcaption></figure>