Skip to content
Visit Kinde’s marketing website Kinde Docs
  • Manage your APIs
  • Register and manage your APIs

Give others access to your API

There are a number of ways to provide your users with programmatic access to your API and applications via Kinde.

You need to register your API with Kinde before you begin.

API access via an M2M application

Link to this section

Here’s the process:

  • Create a machine to machine (M2M) application
  • Connect the application to your API
  • Provide access to the user via token or app keys

Create a M2M application

Link to this section

You will want to create a separate M2M application for each user, system, or business who needs to access your API. It is not secure to share access via the same tokens or app keys.

  1. Go to Settings > Applications.
  2. Select Add Application.
  3. In the dialog that opens, give the application a name, and select Machine to Machine as the Application type.
  4. Select Save. App keys - including Domain details, Client ID and Client Secret - are issued for the application.

Authorize the API to access the application

Link to this section
  1. In the application list, find the M2M app you created and select View details.
  2. Select APIs in the menu. A list of all available APIs shows.
  3. Select the three dots next to the API you want the application to access, and select Authorize.
  4. Select Save.

If you need to cut off access to your API for a user, select the three dots menu and select Revoke authorization.

API access via API keys

Link to this section

Allow users to manage their own API keys to access your API, including initializing the request, rotating, and deleting keys. Follow this quickstart guide. This is much more secure and preferable than manually copying the app keys from the M2M application and providing them to the third-party.

Provide access via a token

Link to this section

A third party can request a token using the relevant audience in the claim, for example:

POST https://yourbusiness.kinde.com/oauth2/token
{
  "client_id": "XXX",
  "client_secret": "XXX",
  "grant_type": "client_credentials",
  "audience": "http://api.example.com/api"
}

Granting access this way means you don’t have to share the Client ID and Secret with anyone.

Get a test token to test API access

Link to this section

Follow this guide to quickly generate a test token to test access to your API.

Related articles

Useful links

  • Join the community

    Get support from the Kinde team and expert users in the Kinde community

    Join via Slack or Discord

  • Contact support

    Chat to support through the Kinde help widget, or send a question via email

    Send an email