Overview

Direct use of the Kape Client API Interface is generally not recommended. Instead, we advise integrating through the Kape Client API SDK, which provides a higher-level abstraction and handles many aspects of communication automatically.

At this time, the API Interface does not support CORS, which means it cannot be called directly from a browser environment. A CORS-enabled version of the API is under development and will be made available in the future.

In addition, the API is subject to rate limiting. Clients should ensure that their integration respects these limits to avoid interruptions or throttling of requests.

Implement Caching

The tokens described in Authentication & Authorization should be cached on the client side and should only be refreshed, if they expired. You can leverage any JWT library to decode the Subscription Receipt and Connection Authorization token. Not caching the tokens and fetching them again for every connection request will lead to rate limitations be applied.

Base Domains

The base domains used for API requests depend on whether you are integrating directly with the ExpressVPN infrastructure or deploying through the White-Label Integration model. In a standard integration the SDK communicates with the default ExpressVPN domains. In a white-label deployment, however, certain domains differ from these defaults. For such cases we will provision dedicated partner-specific domains for you and provide the exact details as part of the onboarding process.

If not stated otherwise in the API endpoint documentation, the following base domains should be used:

Production Environment: https://cp.expressapisv2.net

Staging Environment: https://xv-cp.apis-staging.xvtest.net