The Developer Center is where you connect Exayard to your own code and tools. Open it from Settings then Developer. From here you create API keys, register webhook endpoints, and review a live log of every API request. Only organization admins can reach this page.
API keys
An API key authenticates requests to the Exayard API. Keys belong to your organization, so the right account is selected automatically and there is no organization ID to pass.
Open the API keys tab in the Credentials card and click the + button. Give the key a Name, then choose its Scopes. Select All to grant every scope, or Specific to pick individual permissions. Scopes follow a read and write split per resource, like read:projects and write:estimates. The admin:org scope is a full-access grant. Choose the minimum scopes your integration needs.
Exayard shows the full key once, right after you create it. Copy it then, because it is never shown again. After that, each key appears with its name, a masked preview like ak_••••1234, and the date it was last used.
Use the pencil icon to rename a key or change its scopes. Use the trash icon to Revoke it. Revoking is permanent and any integration using that key stops working immediately.
The same key authenticates the no-code integrations. See Connecting Exayard to Zapier, Connecting Exayard to Make, and Connecting Exayard to n8n. For agent and AI-editor access, see Connecting to Claude and other AI tools.
Webhooks
A webhook tells Exayard to notify your server when something happens. Open the Webhooks tab and click + to add an endpoint. Enter the URL that should receive deliveries and an optional Description.
Choose which Events to subscribe to. Select All to receive every event, or Specific to pick from the list:
Event | Fires when |
| A project is created |
| A project is changed |
| A project is archived |
| A takeoff assessment begins |
| An assessment finishes |
| An assessment is approved |
| An assessment is cancelled |
| An estimate is generated |
| A bid is generated |
| An uploaded file finishes processing |
When you create an endpoint, Exayard shows a signing secret once. Copy it then, because it is not shown again.
Securing webhook deliveries
Every delivery carries an Exayard-Signature header in the form t=<unix>,v1=<digest>. Exayard builds the signature by joining the timestamp and the request body, then signing them with HMAC-SHA256 using your endpoint secret.
To verify a delivery, recompute the signature with your secret, confirm the timestamp is within five minutes of now, and compare the digests. Failed deliveries retry with exponential backoff over roughly three days.
To edit an endpoint, click the pencil icon. You can change the URL, description, and events, and set its Status to Active or Paused. Paused endpoints stop receiving deliveries. The same dialog has a Rotate secret button. Rotating issues a new secret and the old one stops working immediately, so update your server before you rotate. The trash icon deletes an endpoint and ends all deliveries to it.
Quick start
The Quick start card holds a ready-made prompt for an AI editor like Claude or Cursor. Click Copy prompt and paste it into your editor. The prompt includes the API base URL, the authentication format, the scope vocabulary, and the webhook signing scheme, so the AI can scaffold a working integration and ask you for the details it needs.
Documentation
The Documentation card links to the full developer docs and the OpenAPI spec, which describes every route and schema. Connect MCP opens the setup for connecting AI agents directly to Exayard.
Logs
The Logs section records your most recent API requests across both the REST API and MCP. Each row shows the method, path, response status, and latency. Select a row to see its full detail, including the request ID and the request and response bodies. Use the logs to confirm a call worked or to debug a failing integration.
