Developer API
Getting started

Authentication

Every request carries a single header — your API key. There are no unauthenticated endpoints, and no OAuth dance to run.

The API key header

Send your key on every request as X-API-Key:

Header
X-API-Key: at_live_xxxxxxxxxxxxxxxxxxxxxxxx

Keys are issued by Antero Trail — there is no self-serve key-creation endpoint. Request access and we'll issue you a key.

Test and live keys

You get two keys. A at_test_ key runs the identical pipeline as a live key — same parsing, same ESX output — but its jobs are flagged environment: "test" and excluded from usage and invoice reporting. Build and integrate against the test key; switch the prefix to go live.

PrefixEnvironmentBilled
at_test_Test — identical pipelineNo
at_live_LiveYes
Keep secret

Treat both keys like passwords. Never ship one in client-side code or a public repo — every call runs server-to-server. If a key leaks, tell us and we'll revoke and reissue it.

Auth failures

A missing or bad key is rejected before any work happens, with a 401 and a machine-readable error.code:

SituationStatuserror.code
X-API-Key header missing401missing_api_key
Key unknown, revoked, or partner suspended401invalid_api_key

Every error body — auth or otherwise — follows one shape, so you can handle them uniformly. See Errors & limits for the full envelope and code list.