Exa Enterprise RBAC

Overview

Manage access to Exa AI search API through API key scoping and team-level controls. Exa is an API-first product with per-search pricing, so access control centers on API key management, rate limiting, and domain restrictions rather than traditional user roles.

Prerequisites

• Exa API account with team plan
• Dashboard access at dashboard.exa.ai
• At least one API key with management permissions

Instructions

Step 1: Create Scoped API Keys per Use Case

set -euo pipefail
# Create a key for the RAG pipeline (high volume, neural search only)
curl -X POST https://api.exa.ai/v1/api-keys \
  -H "Authorization: Bearer $EXA_ADMIN_KEY" \
  -d '{
    "name": "rag-pipeline-prod",
    "allowed_endpoints": ["search", "get-contents"],
    "rate_limit_rpm": 300,  # 300: timeout: 5 minutes
    "monthly_search_limit": 50000  # 50000ms = 50 seconds
  }'

# Create a restricted key for the internal tool (low volume)
curl -X POST https://api.exa.ai/v1/api-keys \
  -H "Authorization: Bearer $EXA_ADMIN_KEY" \
  -d '{
    "name": "internal-research-tool",
    "rate_limit_rpm": 30,
    "monthly_search_limit": 5000  # 5000: 5 seconds in ms
  }'

Step 2: Implement Key-Based Access in Your Gateway

// exa-proxy.ts - Route requests through your gateway
const KEY_PERMISSIONS: Record<string, { maxResults: number; allowedTypes: string[] }> = {
  'rag-pipeline':    { maxResults: 10, allowedTypes: ['neural', 'auto'] },
  'research-tool':   { maxResults: 25, allowedTypes: ['neural', 'keyword', 'auto'] },
  'marketing-team':  { maxResults: 5,  allowedTypes: ['keyword'] },
};

function validateRequest(keyName: string, searchType: string, numResults: number): boolean {
  const perms = KEY_PERMISSIONS[keyName];
  if (!perms) return false;
  return perms.allowedTypes.includes(searchType) && numResults <= perms.maxResults;
}

Step 3: Set Domain Restrictions

Restrict search results to approved domains for compliance-sensitive teams:

set -euo pipefail
# Only allow searches from vetted sources
curl -X POST https://api.exa.ai/search \
  -H "x-api-key: $EXA_API_KEY" \
  -d '{
    "query": "enterprise security best practices",
    "includeDomains": ["nist.gov", "owasp.org", "sans.org"],
    "numResults": 10
  }'

Step 4: Monitor Usage and Rotate Keys

set -euo pipefail
# Check usage per API key
curl https://api.exa.ai/v1/usage \
  -H "Authorization: Bearer $EXA_ADMIN_KEY" | \
  jq '.keys[] | {name, searches_this_month, cost_usd}'

# Rotate a key (create new, then delete old)
NEW_KEY=$(curl -s -X POST https://api.exa.ai/v1/api-keys \
  -H "Authorization: Bearer $EXA_ADMIN_KEY" \
  -d '{"name": "rag-pipeline-prod-v2"}' | jq -r '.key')
echo "Update services with new key, then delete old key"

Error Handling

Examples

Basic usage: Apply exa enterprise rbac to a standard project setup with default configuration options.

Advanced scenario: Customize exa enterprise rbac for production environments with multiple constraints and team-specific requirements.

Output

• Configuration files or code changes applied to the project
• Validation report confirming correct implementation
• Summary of changes made and their rationale

Resources

• Official Exa Enterprise Rbac documentation
• Community best practices and patterns
• Related skills in this plugin pack