Skip to content
Visit Kinde’s marketing website Kinde Docs
  • Manage your APIs
  • Add and manage API keys

Self-serve API keys

You can allow your customers to create and manage their own API keys directly in the self-serve portal for users and organizations.

Switch on self-serve API keys in Kinde

Link to this section
  1. Go to Settings > Environment > Self-serve portal.
  2. Enable the API Keys option for the audience you want:
    • Users (B2C)
    • Organizations (B2B)
  3. Select Save. An API keys navigation item will appear in the portal for your customers.

Self-serve portal details

Link to this section
Link to this section

Most SDKs provide a PortalLink helper that generates a one-time portal URL and redirects the user. Use the subNav parameter to open the API Keys section directly.

React

Link to this section
import {PortalLink} from "@kinde-oss/kinde-auth-react";


// Opens the organization level API Keys section in the self-serve portal
<PortalLink subNav="organization_api_keys">Manage API keys</PortalLink>;

Next.js

Link to this section
import {PortalLink} from "@kinde-oss/kinde-auth-nextjs/components";


// Opens the API Keys section in the self-serve portal
<PortalLink subNav="user_api_keys">Manage API keys</PortalLink>;

Without an SDK (server-side)

Link to this section

If you generate portal links using an API on your server, include a sub_nav field to deep link to API Keys.

{
  "user_id": "kp_abc123", // or organization_code for org-level links
  "return_url": "https://yourapp.com/account",
  "sub_nav": "api_keys"
}

Tips for setting up

Link to this section
  • Use subNav (camelCase) in SDK helpers and sub_nav (snake_case) in API payloads.
  • For organization-level experiences, pass organization context according to your integration pattern.

Customer portal experience

Link to this section

After enabling the API key function for customers, an API Keys item shows in the portal navigation where customers can create, view, rotate and revoke keys.

Access control for self-serve organization level API keys

Link to this section

There are system level permissions which Kinde provides which you can assign to your custom roles.

  • read:org:authentication - The user is able to view API keys created by the organization
  • write:org:authentication - The user is able to create, rotate and revoke API keys for the organization.

When assigning permissions to roles, our recommendation is to only give the minimum permissions required for someone to do their job. It is always better to be more granular in this area.

Useful links

  • Join the community

    Get support from the Kinde team and expert users in the Kinde community

    Join via Slack or Discord

  • Contact support

    Chat to support through the Kinde help widget, or send a question via email

    Send an email