API keys overview
Manage your APIs
User-level API keys are tied to an individual user account. When verified, these keys return a trusted user context so you can authorize requests on a per-user basis. This is ideal for B2C apps, personal automations, and integrations where actions should be attributed to a specific user.
User-level API keys authenticate requests on behalf of a single user. The verification response includes that user’s identifier so you can enforce user-specific authorization rules in your API.
You can expose API key creation to users in the Kinde self-serve portal. See: Self-serve API keys.
When you verify a user-level API key, the response includes a non-null user_id
:
{ "code": "API_KEY_VERIFIED", "message": "API key verified", "is_valid": true, "key_id": "api_key_123", "status": "active", "scopes": ["read:profile"], "org_code": null, "user_id": "kp_1234567890", "last_verified_on": "2024-11-18T13:32:03+11", "verification_count": 42}
Rely on the user_id
for authorization and auditing within your API. If you need organization context, consider using organization-level API keys instead.
user_id
from verification before processing.user_id
for traceability.