What is Xata?
REST API
Command line interface
Dedicated clusters
Migrations
PR based workflow
beta
Usage metrics
beta
Installation & API keys
Getting records
Creating records
Updating records
Deleting records
Filtering records
Transactions
Searching records
Vector searching records
beta
Aggregations
beta
Summarize
Ask AI
File attachments
Image transformations
CSV
Airbyte
beta
Auth JS
Cloudflare Workers
GitHub
LangChain
Netlify
OAuth 2
alpha
Vercel
Zapier
Available regions
Pricing
Service level agreement
Limitations
Branch inactivity
Support
Docs contribution guide

REST API for Xata

Edit on GitHub

Xata uses HTTP-based APIs for data management and collaboration, ensuring standardization, security, and compatibility with various client apps. Adherence to RESTful principles ensures predictable and consistent API structures for evolvability without disrupting existing applications.

Note, Xata can support no-code or low-code data ingestion through integrations with tools like Zapier and Airbyte.

#

OpenAPI specifications

To provide an easy way to use your favorite tools for exploring the Xata API, you can use the OpenAPI specification:

#

Methods

The API methods define the actions that can be performed on resources. See our API reference docs for more information.

HTTP MethodDescriptionRead or WriteCRUD Equivalent
GETRetrieve data or information from a resource.ReadRead
POSTCreate a new resource or initiate specific actions.WriteCreate
PATCHMake partial modifications to an existing resource.WriteUpdate (partial)
PUTReplace an existing resource or create if not present.WriteUpdate (full)
DELETERemove a resource or data from a collection.WriteDelete

#

Responses

The responses listed below are standardized and can be applied to any API, including the Xata API. These response status codes adhere to the standards defined in RFC 2616 and RFC 6585 for web APIs.

Status codeMeaningDescription
200OKThe request was successful, and the server provides the requested data.
201CreatedThe request was successful, and a new resource was created as a result.
204No contentThe request was successful, but there is no additional data to return in the response body.
400Bad requestThe request contains invalid data or parameters. The client should modify and resend the request.
401UnauthorizedAuthentication is required, or the provided credentials are invalid or expired.
403ForbiddenThe client does not have permission to access the requested resource.
404Not foundThe requested resource could not be found on the server.
405Method not allowedThe HTTP method used in the request is not allowed for the requested resource.
409ConflictThere is a conflict with the current state of the resource or a resource version mismatch.
429Too many requestsThe user or client exceeded request rate limits.
5xxInternal server error/ service unavailableAn unexpected error occurred on the server, and the request could not be fulfilled. The server is temporarily unable to handle the request, typically due to maintenance or high load.

#

Authentication

The Xata API uses API keys to authenticate users, ensuring secure interactions with the database.

To access Xata via the API, authentication is required using an API key associated with the workspace. Client libraries like TypeScript or Python include this key in the "Authorization" header when emitting HTTPS requests to Xata. If you're using tools like cURL to make HTTPS requests directly, you'll need to include the API key in the "Authorization" HTTP request header.

#

Generate an API key

You can use a personal API key to log in to the Xata CLI client, granting you access to your workspaces and databases.

To create an API key, visit the Account Settings page and click + Add a key. You'll be prompted to enter a name for your key, then click Save. Upon regenerating a key, the previous key instance becomes invalid immediately. You need to update the API key value with the new value in every place where it is used.

#

Find your API key

All the API keys you generate are listed in the "Personal API Keys" section of your Account Settings.

#

Regenerate an API key

For security and access control reasons, it's important to regenerate your API key if you have any concerns about its security. Do not share or disclose your API key under any circumstances. If you suspect that your key's security has been compromised, take action by clicking Regenerate to update it.

#

Send an authenticated request

After you have an API key, you're ready to interact with any route on our API reference, passing the key in the request's Authorization header. For example, to get a list of your workspaces, you can make a request like the following:

import fetch from 'node-fetch';
fetch('https://api.xata.io/workspaces', {
  headers: {
    Authorization: 'Bearer YOUR_API_KEY', // <- the magic
    'Content-Type': 'application/json'
  }
})
  .then((response) => response.json())
  .then((workspaces) => console.log('Look ma! Workspaces!', workspaces));

Note that we import fetch from "node-fetch" because we recommend interacting with the Xata API from a backend that serves as a proxy to our API. This protects your API key by not exposing it to a browser environment. When fetch is called in a browser, all headers sent with the request are visible in a browser's developer tools, which has severe security implications. This visibility can have serious security consequences, as it may lead to the unintended exposure of your API key, potentially putting your database at risk of security threats.

#

Contexts

Most Xata API operations occur within the context of a workspace, which can be thought of as a "organization" in which all of your databases live. Some things though, are not part of a workspace, but adjacent to workspaces—like other workspaces. Because of this, Xata offers different API hosts depending on your usage contexts. We explain this more in the following sections.

#

Core API

The Core API is accessible at the origin https://api.xata.io and is responsible for operations on all Xata properties that are not bound to a specific workspace. These include:

  • /user: Since one user can belong to multiple workspaces, a user is not bound to a workspace.
  • /workspaces: A workspace is equivalent to an organization or team, and cannot be a child of another workspace. Workspaces are top-level entities, so workspaces are managed with the Core API.

Everything else that falls under the context of a workspace is operable with Xata's workspace-bound APIs.

#

Workspace API

Bound by the REST API limits, each workspace in Xata can contain a number of databases and each database can have a number of tables and branches . When interacting with Xata properties within the bounds of a workspace, we use the workspace-level API. This is accessible at a domain that is visible to you in your workspace's management section.

For example, the general form of the database API is:

https://{workspace-display-name}-{workspace-id}.{region}.xata.sh/db/{dbname}

An example of this is:

https://my-workspace-123456.us-east-1.xata.sh/db/yourdatabase

In the above:

  • {workspace-display-name} is the display name of the workspace and is used to make identifying the workspace easier. It is ignored by the API.
  • {workspace-id} is the unique ID of the workspace, currently consisting of 6 alphanumeric characters.
  • {region} is the region in which the database is hosted. Note that the region can be configured per database, and this value must match the database region configuration.
  • {dbname} is the name of the database you are interacting with.

You can find your workspace domain by navigating to the Configuration tab in the Xata Web UI, or in the Get Code Snippet under Set up Xata Project.

On this page

OpenAPI specificationsMethodsResponsesAuthenticationGenerate an API keyFind your API keyRegenerate an API keySend an authenticated requestContextsCore APIWorkspace API