Private Beta — Free

Actions that happen
exactly once.

An API for one-time actions with atomic guarantees. No race conditions. No duplicate fires. No "we'll handle edge cases later."

Request Access → Learn How it Works

Try it instantly (no signup)

Create an action: 

curl --request POST https://api.exactonce.com/v1/demo
It returns a revealUrl (5-minute TTL). Open it once — the action is consumed. Open it again — already_used.
∞ → 1
Concurrent requests handled
<150ms
Median latency
6
Clear failure states
0
Infrastructure to manage
Core Guarantees

Opinionated by design

ExactOnce does one thing and refuses to compromise on it. These aren't features — they're the contract.

⚛️
01
Exactly-once semantics
An action is consumed once and only once. Concurrent requests are resolved atomically. One wins. The rest get a clear error. No duplicates, no race conditions.
02
Time-bounded by default
Every action expires. Set an active_at window and expires_at deadline. No janitor cron jobs required.
🔑
03
Optional PIN protection
Add a PIN code to any action for an extra factor of identity. The consumer must provide the correct PIN — after 3 failed attempts, the action is invalidated.
📋
04
Full audit trail
Creation timestamp, consumption timestamp, consumer metadata. Immutable state. Always know exactly what happened and when — compliance-ready out of the box.
🚦
05
Unambiguous failure states
already_used, expired, action_not_found, not_active. You always know exactly why something failed.
📦
06
Batch creation via CSV
Create thousands of actions in a single request by uploading a CSV. Perfect for invite campaigns, bulk one-time codes, or mass distribution flows.
Failure States

You always know why

Ambiguous errors break products. ExactOnce returns a specific HTTP status and error code for every failure scenario.

409 Conflict
already_used
Action was already consumed. Includes consumedAt timestamp.
410 Gone
expired
TTL elapsed. The action window has closed and is unrecoverable by design.
404 Not Found
action_not_found
Action ID doesn't exist or was never created. Nothing to consume.
409 Conflict
not_active
Before the active_at window opens. Schedule-aware actions only.
REST API

Clean, predictable endpoints

Authenticate with a client-id and client-secret header pair. Every response is JSON. Every error is typed.

POST /v1/actions Create action
POST /v1/actions/:id/consume Consume
GET /v1/actions/:id Verify state
GET /v1/actions List + filter
GET /v1/stats Usage stats
DEL /v1/actions/:id Cancel action
Create an Action 
POST /v1/actions
client-id: your-client-id
client-secret: your-client-secret

{
  "payload": {
    "action": "invite_accept",
    "team_id": "team_xyz"
  },
  "active_at":  "2026-02-19T00:00:00Z",
  "expires_at": "2026-02-26T00:00:00Z"
}

─── 201 Created ────────────────────
{
  "actionId": "act_7f3k9mZn4pQ",
  "activeAt":  "2026-02-19T00:00:00Z",
  "expiresAt": "2026-02-26T00:00:00Z"
}
Use Cases

Replace your ad-hoc code

If you've ever built these with Redis + TTL, signed JWTs, or "we'll fix the race condition later" — this is for you.

🔐
Magic Links
Passwordless sign-in links that expire and can't be replayed. No more "why was I signed in twice?"
📧
Email Invitations
Team invites that expire after 7 days. One click joins the team — the second click gets a clean rejection.
🔄
Password Reset
Reset links that are cryptographically single-use. No more "I used the old link" support tickets.
📥
Secure Downloads
Time-limited download links that expire after first use. PDFs, invoices, private files — served once.
Approval Flows
"Click to approve" links for workflows. Guaranteed idempotent — clicking approve twice doesn't double-fire.
🎟
One-Time Codes
Promo codes, gift codes, beta keys — each redeemable exactly once, with PIN protection if needed.
🔒 Private Beta — Free

Get early access

We're onboarding a small group of developers during private beta. Free to use. We just want your feedback.

Request Access

No credit card. No commitment. Just a working API and your feedback.