Skip to content
Exlogare
Exlogare / Documentation

API reference

Programmatic access to Exlogare — endpoints, authentication, and examples.

Exlogare exposes a JSON API at https://api.exlogare.net. State-changing service-to-service calls use an API token; browser calls use the session cookie plus double-submit CSRF.

Authentication

API tokens are created from the dashboard at Settings → API tokens (admin role required). Tokens look like exl_… and are shown only once when created — copy the raw secret into your secret manager immediately.

API tokens are available on all plans, including Free (up to 3 active tokens on Free, unlimited on paid). On Free, ingested analyses appear in the dashboard but the Slack/Telegram/Matrix fan-out remains a paid feature.

For service-to-service calls, send the token as a bearer credential:

curl -H "Authorization: Bearer $EXLOGARE_TOKEN" \
     https://api.exlogare.net/api/v1/analyses?severity=high

If you do not want to hand-roll curl scripts, use the Exlogare CLI: exl auth login stores the token in your keychain, exl ingest submits CI logs, and exl analyses list/show reads RCAs through the same API.

For browser flows, Exlogare issues a HttpOnly; Secure; SameSite=Lax session cookie and a readable csrf_token cookie. Mutating calls must echo the CSRF token in the X-CSRF-Token header (a fresh token is always available via GET /api/auth/csrf).

Scopes

Every token is created with an explicit list of scopes:

  • ingest — allow posting build logs to /api/ingest/*.
  • read — allow reading via /api/v1/*.

A token rejected for scope returns 403.

Universal CI ingest

Any CI/CD platform can POST a failed-build log to Exlogare via an API token — no OAuth, no webhooks. We provide native shapes for the most common engines and a generic catch-all:

EndpointUse it for
POST /api/ingest/jenkinsJenkins (declarative or freestyle) — see Jenkins ingest
POST /api/ingest/circleciCircleCI Cloud or Server — see CircleCI ingest
POST /api/ingest/teamcityJetBrains TeamCity — see TeamCity ingest
POST /api/ingest/droneDrone CI / Woodpecker CI — see Drone ingest
POST /api/ingest/logBuildkite, AppVeyor, custom in-house CI — see Generic ingest

Each endpoint:

  • requires a token with the ingest scope;
  • accepts up to 10 MiB of log body (413 past that);
  • returns 202 Accepted with { "status": "accepted", "analysis_id": "..." };
  • is rate-limited per tenant (60 req/min by default — 429 past that).

The same catch-all flow can be done through the CLI without hand-written JSON:

exl ingest --provider generic --project myorg/web --status failed --log-file build.log

The raw log text is processed in memory and never persisted: only the generated RCA and a small set of routing fields (provider, project, run id, branch, commit) are stored.

Read API (v1)

For reading RCA history and stats, use the versioned /api/v1 — a stable contract for dashboards, scripts, and bots. Full reference with parameters and recipes: Read API (v1).

curl -H "Authorization: Bearer $EXLOGARE_TOKEN" \
     "https://api.exlogare.net/api/v1/analyses?since=2026-04-01&severity=high"

CLI equivalent:

exl analyses list --since 2026-04-01T00:00:00Z --severity high

Supported:

  • GET /api/v1/analyses — cursor pagination, filters by since / until / severity / project / source.
  • GET /api/v1/analyses/{id} — single RCA.
  • GET /api/v1/stats/overview, /timeseries, /top-projects, /top-root-causes — same fields as the dashboard, via token.

Submitting a Jenkins build log (quick example)

Send the full console log in the request body as log. Exlogare processes the log in memory to produce an RCA and discards it — we do not store logs, only the generated RCA and minimal routing metadata.

curl -X POST https://api.exlogare.net/api/ingest/jenkins \
     -H "Authorization: Bearer $EXLOGARE_TOKEN" \
     -H "Content-Type: application/json" \
     --data-binary @- <<'JSON'
{
  "job": "backend-tests",
  "build_number": 482,
  "status": "FAILURE",
  "project": "platform/backend",
  "build_url": "https://jenkins.internal/job/backend-tests/482/",
  "log": "Started by user admin\n[...full console log here...]"
}
JSON

Response (202 Accepted):

{ "status": "accepted", "analysis_id": "39af2c01-..." }

Listing analyses (legacy / dashboard surface)

The old GET /api/analyses endpoint stays around for the dashboard (cookie session + offset/limit). For integrations prefer /api/v1/analyses instead.

curl -H "Authorization: Bearer $EXLOGARE_TOKEN" \
     "https://api.exlogare.net/api/analyses?severity=high&limit=25"