exa-enterprise-rbac
SKILL.md
Exa Enterprise RBAC
Overview
Manage access to Exa AI search API through API key scoping and team-level controls. Exa is an API-first product with per-search pricing, so access control centers on API key management, rate limiting, and domain restrictions rather than traditional user roles.
Prerequisites
- Exa API account with team plan
- Dashboard access at dashboard.exa.ai
- At least one API key with management permissions
Instructions
Step 1: Create Scoped API Keys per Use Case
set -euo pipefail
# Create a key for the RAG pipeline (high volume, neural search only)
curl -X POST https://api.exa.ai/v1/api-keys \
-H "Authorization: Bearer $EXA_ADMIN_KEY" \
-d '{
"name": "rag-pipeline-prod",
"allowed_endpoints": ["search", "get-contents"],
"rate_limit_rpm": 300, # 300: timeout: 5 minutes
"monthly_search_limit": 50000 # 50000ms = 50 seconds
}'
# Create a restricted key for the internal tool (low volume)
curl -X POST https://api.exa.ai/v1/api-keys \
-H "Authorization: Bearer $EXA_ADMIN_KEY" \
-d '{
"name": "internal-research-tool",
"rate_limit_rpm": 30,
"monthly_search_limit": 5000 # 5000: 5 seconds in ms
}'
Step 2: Implement Key-Based Access in Your Gateway
// exa-proxy.ts - Route requests through your gateway
const KEY_PERMISSIONS: Record<string, { maxResults: number; allowedTypes: string[] }> = {
'rag-pipeline': { maxResults: 10, allowedTypes: ['neural', 'auto'] },
'research-tool': { maxResults: 25, allowedTypes: ['neural', 'keyword', 'auto'] },
'marketing-team': { maxResults: 5, allowedTypes: ['keyword'] },
};
function validateRequest(keyName: string, searchType: string, numResults: number): boolean {
const perms = KEY_PERMISSIONS[keyName];
if (!perms) return false;
return perms.allowedTypes.includes(searchType) && numResults <= perms.maxResults;
}
Step 3: Set Domain Restrictions
Restrict search results to approved domains for compliance-sensitive teams:
set -euo pipefail
# Only allow searches from vetted sources
curl -X POST https://api.exa.ai/search \
-H "x-api-key: $EXA_API_KEY" \
-d '{
"query": "enterprise security best practices",
"includeDomains": ["nist.gov", "owasp.org", "sans.org"],
"numResults": 10
}'
Step 4: Monitor Usage and Rotate Keys
set -euo pipefail
# Check usage per API key
curl https://api.exa.ai/v1/usage \
-H "Authorization: Bearer $EXA_ADMIN_KEY" | \
jq '.keys[] | {name, searches_this_month, cost_usd}'
# Rotate a key (create new, then delete old)
NEW_KEY=$(curl -s -X POST https://api.exa.ai/v1/api-keys \
-H "Authorization: Bearer $EXA_ADMIN_KEY" \
-d '{"name": "rag-pipeline-prod-v2"}' | jq -r '.key')
echo "Update services with new key, then delete old key"
Error Handling
| Issue | Cause | Solution |
|---|---|---|
401 on search |
Invalid or revoked API key | Regenerate key in dashboard |
429 rate limited |
Exceeded RPM on key | Increase rate limit or add request queue |
| Monthly limit hit | Search budget exhausted | Upgrade plan or wait for billing cycle reset |
| Empty results | Domain filter too restrictive | Widen includeDomains or remove filter |
Examples
Basic usage: Apply exa enterprise rbac to a standard project setup with default configuration options.
Advanced scenario: Customize exa enterprise rbac for production environments with multiple constraints and team-specific requirements.
Output
- Configuration files or code changes applied to the project
- Validation report confirming correct implementation
- Summary of changes made and their rationale
Resources
- Official Exa Enterprise Rbac documentation
- Community best practices and patterns
- Related skills in this plugin pack
Weekly Installs
15
Repository
jeremylongshore…s-skillsGitHub Stars
1.6K
First Seen
Feb 18, 2026
Security Audits
Installed on
codex15
mcpjam14
claude-code14
junie14
windsurf14
zencoder14