Developer Settings

The developer settings page lets you set up access for API keys, manage access tokens, and configure webhooks.

You must have admin or master permissions to use the Developer Settings page on your account for API and Webhook management. If you do not have access to developer settings for your account, contact your account administrator to create an API key for you.

API Keys

The API lets you control nearly all aspects of your ExaVault account programmatically, from uploading and downloading files to creating and managing shares and notifications. In order to use the API, you'll need to obtain an API key and use it to authenticate to your ExaVault account.

API Keys: Adding, Editing, and Deleting

API Keys: Adding, editing, and deleting keys.

To add a new API key, follow these steps:

1. Click the My Account settings cog icon in the left navigation menu bar.

2. Click the DEVELOPER tab at the top of the screen.

3. To the right of the API keys heading, click the NEW API KEY button.

4. On the Generate API Key window, provide an Application name.

5. Enter a short description of your application.

6. Click the ADD API KEY button.

New and existing key values on your ExaVault account will be listed in the table under the heading API keys. You can use the Edit and Delete links in the table to quickly update your API keys.

Access Tokens: Adding, Regenerating, and Deleting

Access Tokens: adding, regenerating, and deleting tokens.

Once you have at least one API key generated on your account, you can create access tokens for your keys. Your tokens act as a password to validate who or what process is using the API key.

To create a new access token, follow these steps:

1. Click the My Account settings cog icon in the left navigation menu bar.

2. Click the DEVELOPER tab at the top of the screen.

3. To the right of the Access Tokens heading, click the NEW ACCESS TOKEN button.

4. On the Generate Access Token window, use the Application Name(API Key) dropdown menu to select which API key will be validated by the new access token.

5. Use the Username dropdown menu to select the user on your account that will be accessing the API key.

6. Click the GENERATE TOKEN button.

7. On the Access Token Created window, copy and save the values for your API key and access token.

After you close this window, you will no longer be able to access to the access token value. If you lose your API Key and/or access token, you will be able to use the Regenerate link to create a new key/token pair.

Once you have created new access tokens, they will be listed in the Access Tokens table for review. You can use the Regenerate link to create a new key/token pair or the Delete link to remove the access token.


Webhooks allow you to automatically send notifications back to a waiting application. ExaVault will POST a message to a URL when certain triggering events occur. The application can then take the webhook information and execute automatic processing internally or trigger our API to complete actions in your ExaVault account.

Here is an example of how a webhook setup could work:

  • A webhook is created to notify your application whenever a file is uploaded to ExaVault.
  • When the file is uploaded, the webhook triggers and sends a special message back to your app with some details about the uploaded file.
  • Your application then uses the API to log in to ExaVault and download the file.
  • The downloaded file can now be used in other automatic processes in your business such as importing into an order system.

Another benefit of using webhooks: the messages sent by ExaVault to your waiting application do not count against your daily transaction count. This can be a helpful tool for optimizing your account for automations without causing a spike in transactions.

Adding a New Webhook

Adding a new webhook.

1. Click the My Account settings cog icon in the left navigation menu bar.

2. Click the DEVELOPER tab at the top of the screen.

3. To the right of the heading Webhooks, click the NEW WEBHOOK button.

4. On the Create Webhook window that opens, first add your Endpoint URL in the top field.

  • This is the URL for your waiting application. Your ExaVault URL will not work for Webhooks; you must have a separate URL hosting your waiting application.
  • Once entered, ExaVault will validate the URL format; If you receive the error “Invalid URL”, check the format to confirm you are including a full URL (include the https… prefix).

5. Next, select What folder's activity should trigger this webhook? The folder you select (and all subfolders) will cause the webhook to fire whenever the appropriate event happens.

6. Use the Format drop down to select the webhook version. If you are new to webhooks, you should use v2 (recommended); it includes a more complete response. We have included our legacy v1 for anyone who has existing integrations created for the old webhook functionality.

7. Finally, use Activity Triggers to determine what event in the folder (and subfolders) selected in step 5 will cause a webhook to fire. Our developer documentation includes request examples for each trigger.

8. Click the CREATE WEBHOOK button.

Different account levels have restrictions on the number of webhooks you can use, whether or not you can assign a webhook to an individual folder, and what triggers can be used with the webhook. You may need to upgrade your account to use some of these advanced features.

Managing Existing Webhooks

Managing your existing webhooks.

As you create new webhooks, the Webhooks table on the Developer Settings page will populate new rows for your current webhooks. The following actions will be available for managing your webhooks:

  • Edit allows you to update any settings from the initial creation of the webhook selected. If you have a token that you suspect was compromised or you need to revoke access for any reason, you can use the Regenerate Token button from Edit window to create a new verification signature.
  • Delete completely removes the webhook and all the settings. You can use this to free up room for creating new webhooks. If you need more webhooks, review our upgrading options to allow for more webhooks.
  • Export to CSV will prompt a download for all data in the webhook table. In addition to the endpoint, path, and format, the CSV file will include the triggers assigned to each webhook on your account.
  • To review a detailed report of webhook activity, including success and failures, visit the Webhooks Log.
  • For more detail on using webhooks, please see our developer documentation.
© 2022 ExaVault LLC. All Rights Reserved. ExaVault is a registered trademark of ExaVault LLC.