About scopes and Kinde API access
SDKs and APIs
Although we do not currently have a dedicated feature for it, there is a way to provide your users with programmatic access to your API and applications via Kinde.
You need to register your API with Kinde before you begin.
Here’s the process:
You will want to create a separate M2M application for each user, system, or business who needs to access your API. It is not secure to share access via the same tokens or app keys.
If you need to cut off access to your API for a user, select the three dots menu and select Revoke authorization.
Follow this guide to quickly generate a test token to test access to your API.
There are two ways you can provide access to your API: via token or app keys.
The third party can request a token using the relevant audience
in the claim, for example:
Granting access this way means you don’t have to share the Client ID and Secret with anyone.
Copy the app keys: Domain, Client ID, and Client secret from the M2M application and provide them to the third-party. This enables them access to the end point, e.g. http://api.example.com/api
. Providing app keys authorizes access unless the Client secret is rotated or revoked.