Kinde Business API
Read and update business-level settings and environment configuration (logos, feature flags, environment variables, passkey policy), plus reference data endpoints for industries and timezones.
Read and update business-level settings and environment configuration (logos, feature flags, environment variables, passkey policy), plus reference data endpoints for industries and timezones.
openapi: 3.0.0
info:
title: Kinde Management API
version: '1'
description: The Kinde Management API programmatically manages a Kinde business - users, organizations,
roles, permissions, feature flags, applications, connections, APIs and scopes, subscribers, properties,
webhooks, and billing. Base URL is subdomain-scoped to your business (https://{subdomain}.kinde.com/api/v1).
Authenticated with a Bearer JWT access token obtained via the OAuth2 client_credentials flow from
a machine-to-machine (M2M) application. This document is grounded in the official Kinde Management
API specification (https://api-spec.kinde.com/kinde-management-api-spec.yaml).
contact:
name: Kinde Support Team
email: support@kinde.com
url: https://docs.kinde.com
termsOfService: https://docs.kinde.com/trust-center/agreements/terms-of-service/
servers:
- url: https://{subdomain}.kinde.com
variables:
subdomain:
default: your_kinde_subdomain
description: The subdomain generated for your business on Kinde.
tags:
- name: API Keys
- name: APIs
- name: Applications
- name: Billing Entitlements
- name: Billing Agreements
- name: Billing Meter Usage
- name: Business
- name: Industries
- name: Timezones
- name: Callbacks
- name: Connected Apps
- name: Connections
- name: Directories
- name: Environments
- name: Environment variables
- name: Feature Flags
- name: Identities
- name: Organizations
- name: MFA
- name: Permissions
- name: Properties
- name: Property Categories
- name: Roles
- name: Search
- name: Subscribers
- name: Users
- name: Webhooks
components:
securitySchemes:
kindeBearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: Requires an access token obtained using the OAuth2 client_credentials flow from an
authorized M2M application.
security:
- kindeBearerAuth: []
paths:
/api/v1/api_keys:
get:
tags:
- API Keys
summary: Get API keys
operationId: getApiKeys
description: "Returns a list of API keys.\n\n<div>\n <code>read:api_keys</code>\n</div>"
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 50 if parameter not sent.
schema:
type: integer
- name: starting_after
in: query
description: The ID of the API key to start after.
schema:
type: string
- name: key_type
in: query
description: Filter by API key type (organization or user).
schema:
type: string
- name: status
in: query
description: Filter by API key status (active, inactive, revoked).
schema:
type: string
- name: user_id
in: query
description: Filter by user ID to get API keys associated with a specific user.
schema:
type: string
- name: org_code
in: query
description: Filter by organization code to get API keys associated with a specific organization.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
post:
tags:
- API Keys
summary: Create API key
operationId: createApiKey
description: "Create a new API key.\n\n<div>\n <code>create:api_keys</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/api_keys/{key_id}:
get:
tags:
- API Keys
summary: Get API key
operationId: getApiKey
description: "Retrieve API key details by ID.\n\n<div>\n <code>read:api_keys</code>\n</div>"
parameters:
- name: key_id
in: path
required: true
description: The ID of the API key.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
put:
tags:
- API Keys
summary: Rotate API key
operationId: rotateApiKey
description: "Rotate an API key to generate a new key while maintaining the same permissions and\
\ associations.\n\n<div>\n <code>update:api_keys</code>\n</div>"
parameters:
- name: key_id
in: path
required: true
description: The ID of the API key to rotate.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
delete:
tags:
- API Keys
summary: Delete API key
operationId: deleteApiKey
description: "Delete an API key.\n\n<div>\n <code>delete:api_keys</code>\n</div>"
parameters:
- name: key_id
in: path
required: true
description: The ID of the API key.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/api_keys/verify:
post:
tags:
- API Keys
summary: Verify API key
operationId: verifyApiKey
description: Verify an API key (public endpoint, no authentication required).
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/apis:
get:
tags:
- APIs
summary: Get APIs
operationId: getAPIs
description: "Returns a list of your APIs. The APIs are returned sorted by name.\n\n<div>\n <code>read:apis</code>\n\
</div>"
parameters:
- name: expand
in: query
description: 'Additional data to include in the response. Allowed value: "scopes".'
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
post:
tags:
- APIs
summary: Create API
operationId: addAPIs
description: "Register a new API. For more information read [Register and manage APIs](https://docs.kinde.com/developer-tools/your-apis/register-manage-apis/).\n\
\n<div>\n <code>create:apis</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}:
get:
tags:
- APIs
summary: Get API
operationId: getAPI
description: "Retrieve API details by ID.\n\n<div>\n <code>read:apis</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
delete:
tags:
- APIs
summary: Delete API
operationId: deleteAPI
description: "Delete an API you previously created.\n\n<div>\n <code>delete:apis</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}/scopes:
get:
tags:
- APIs
summary: Get API scopes
operationId: getAPIScopes
description: "Retrieve API scopes by API ID.\n\n<div>\n <code>read:api_scopes</code>\n</div>"
parameters:
- name: api_id
in: path
required: true
description: API ID
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
post:
tags:
- APIs
summary: Create API scope
operationId: addAPIScope
description: "Create a new API scope.\n\n<div>\n <code>create:api_scopes</code>\n</div>"
parameters:
- name: api_id
in: path
required: true
description: API ID
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}/scopes/{scope_id}:
get:
tags:
- APIs
summary: Get API scope
operationId: getAPIScope
description: "Retrieve API scope by API ID.\n\n<div>\n <code>read:api_scopes</code>\n</div>"
parameters:
- name: api_id
in: path
required: true
description: API ID
schema:
type: string
- name: scope_id
in: path
required: true
description: Scope ID
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
patch:
tags:
- APIs
summary: Update API scope
operationId: updateAPIScope
description: "Update an API scope.\n\n<div>\n <code>update:api_scopes</code>\n</div>"
parameters:
- name: api_id
in: path
required: true
description: API ID
schema:
type: string
- name: scope_id
in: path
required: true
description: Scope ID
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
delete:
tags:
- APIs
summary: Delete API scope
operationId: deleteAPIScope
description: "Delete an API scope you previously created.\n\n<div>\n <code>delete:apis_scopes</code>\n\
</div>"
parameters:
- name: api_id
in: path
required: true
description: API ID
schema:
type: string
- name: scope_id
in: path
required: true
description: Scope ID
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}/applications:
patch:
tags:
- APIs
summary: Authorize API applications
operationId: updateAPIApplications
description: "Authorize applications to be allowed to request access tokens for an API\n\n<div>\n\
\ <code>update:apis</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/apis/{api_id}/applications/{application_id}/scopes/{scope_id}:
post:
tags:
- APIs
summary: Add scope to API application
operationId: addAPIApplicationScope
description: "Add a scope to an API application.\n\n<div>\n <code>create:api_application_scopes</code>\n\
</div>"
parameters:
- name: api_id
in: path
required: true
description: API ID
schema:
type: string
- name: application_id
in: path
required: true
description: Application ID
schema:
type: string
- name: scope_id
in: path
required: true
description: Scope ID
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
delete:
tags:
- APIs
summary: Delete API application scope
operationId: deleteAPIApplicationScope
description: "Delete an API application scope you previously created.\n\n<div>\n <code>delete:apis_application_scopes</code>\n\
</div>"
parameters:
- name: api_id
in: path
required: true
description: API ID
schema:
type: string
- name: application_id
in: path
required: true
description: Application ID
schema:
type: string
- name: scope_id
in: path
required: true
description: Scope ID
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications:
get:
tags:
- Applications
summary: Get applications
operationId: getApplications
description: "Get a list of applications / clients.\n\n<div>\n <code>read:applications</code>\n\
</div>"
parameters:
- name: sort
in: query
description: Field and order to sort the result by.
schema:
type: string
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
- name: next_token
in: query
description: A string to get the next page of results if there are more results.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
post:
tags:
- Applications
summary: Create application
operationId: createApplication
description: "Create a new client.\n\n<div>\n <code>create:applications</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}:
get:
tags:
- Applications
summary: Get application
operationId: getApplication
description: "Gets an application given the application's ID.\n\n<div>\n <code>read:applications</code>\n\
</div>"
parameters:
- name: application_id
in: path
required: true
description: The identifier for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
patch:
tags:
- Applications
summary: Update Application
operationId: updateApplication
description: "Updates a client's settings. For more information, read [Applications in Kinde](https://docs.kinde.com/build/applications/about-applications)\n\
\n<div>\n <code>update:applications</code>\n</div>"
parameters:
- name: application_id
in: path
required: true
description: The identifier for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
delete:
tags:
- Applications
summary: Delete application
operationId: deleteApplication
description: "Delete a client / application.\n\n<div>\n <code>delete:applications</code>\n</div>"
parameters:
- name: application_id
in: path
required: true
description: The identifier for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/connections:
get:
tags:
- Applications
summary: Get connections
operationId: GetApplicationConnections
description: "Gets all connections for an application.\n\n<div>\n <code>read:application_connections</code>\n\
</div>"
parameters:
- name: application_id
in: path
required: true
description: The identifier/client ID for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/connections/{connection_id}:
post:
tags:
- Applications
summary: Enable connection
operationId: EnableConnection
description: "Enable an auth connection for an application.\n\n<div>\n <code>create:application_connections</code>\n\
</div>"
parameters:
- name: application_id
in: path
required: true
description: The identifier/client ID for the application.
schema:
type: string
- name: connection_id
in: path
required: true
description: The identifier for the connection.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
delete:
tags:
- Applications
summary: Remove connection
operationId: RemoveConnection
description: "Turn off an auth connection for an application\n\n<div>\n <code>delete:application_connections</code>\n\
</div>"
parameters:
- name: application_id
in: path
required: true
description: The identifier/client ID for the application.
schema:
type: string
- name: connection_id
in: path
required: true
description: The identifier for the connection.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/properties:
get:
tags:
- Applications
summary: Get property values
operationId: getApplicationPropertyValues
description: "Gets properties for an application by client ID.\n\n<div>\n <code>read:application_properties</code>\n\
</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/properties/{property_key}:
put:
tags:
- Applications
summary: Update property
operationId: updateApplicationsProperty
description: "Update application property value.\n\n<div>\n <code>update:application_properties</code>\n\
</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications/{application_id}/tokens:
patch:
tags:
- Applications
summary: Update application tokens
operationId: updateApplicationTokens
description: "Configure tokens for an application.\n <div>\n <code>update:application_tokens</code>\n\
\ </div>"
parameters:
- name: application_id
in: path
required: true
description: The identifier/client ID for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/billing/entitlements:
get:
tags:
- Billing Entitlements
summary: Get billing entitlements
operationId: getBillingEntitlements
description: "Returns all the entitlements a billing customer currently has access to\n\n<div>\n\
\ <code>read:billing_entitlements</code>\n</div>"
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
- name: starting_after
in: query
description: The ID of the billing entitlement to start after.
schema:
type: string
- name: ending_before
in: query
description: The ID of the billing entitlement to end before.
schema:
type: string
- name: customer_id
in: query
required: true
description: The ID of the billing customer to retrieve entitlements for
schema:
type: string
- name: max_value
in: query
description: When the maximum limit of an entitlement is null, this value is returned as the maximum
limit
schema:
type: string
- name: expand
in: query
description: 'Additional plan data to include in the response. Allowed value: "plans".'
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/billing/agreements:
get:
tags:
- Billing Agreements
summary: Get billing agreements
operationId: getBillingAgreements
description: "Returns all the agreements a billing customer currently has access to\n\n<div>\n \
\ <code>read:billing_agreements</code>\n</div>"
parameters:
- name: page_size
in: query
description: Number of results per page. Defaults to 10 if parameter not sent.
schema:
type: integer
- name: starting_after
in: query
description: The ID of the billing agreement to start after.
schema:
type: string
- name: ending_before
in: query
description: The ID of the billing agreement to end before.
schema:
type: string
- name: customer_id
in: query
required: true
description: The ID of the billing customer to retrieve agreements for
schema:
type: string
- name: feature_code
in: query
description: The feature code to filter by agreements only containing that feature
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
post:
tags:
- Billing Agreements
summary: Create billing agreement
operationId: createBillingAgreement
description: "Creates a new billing agreement based on the plan code passed, and cancels the customer's\
\ existing agreements\n\n<div>\n <code>create:billing_agreements</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/billing/meter_usage:
post:
tags:
- Billing Meter Usage
summary: Create meter usage record
operationId: createMeterUsageRecord
description: "Create a new meter usage record\n\n<div>\n <code>create:meter_usage</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/business:
get:
tags:
- Business
summary: Get business
operationId: getBusiness
description: "Get your business details.\n\n<div>\n <code>read:businesses</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
patch:
tags:
- Business
summary: Update business
operationId: updateBusiness
description: "Update your business details.\n\n<div>\n <code>update:businesses</code>\n</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/industries:
get:
tags:
- Industries
summary: Get industries
operationId: getIndustries
description: "Get a list of industries and associated industry keys.\n\n<div>\n <code>read:industries</code>\n\
</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/timezones:
get:
tags:
- Timezones
summary: Get timezones
operationId: getTimezones
description: "Get a list of timezones and associated timezone keys.\n\n<div>\n <code>read:timezones</code>\n\
</div>"
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications/{app_id}/auth_redirect_urls:
get:
tags:
- Callbacks
summary: List Callback URLs
operationId: getCallbackURLs
description: "Returns an application's redirect callback URLs.\n\n<div>\n <code>read:applications_redirect_uris</code>\n\
</div>"
parameters:
- name: app_id
in: path
required: true
description: The identifier for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
post:
tags:
- Callbacks
summary: Add Redirect Callback URLs
operationId: addRedirectCallbackURLs
description: "Add additional redirect callback URLs.\n\n<div>\n <code>create:applications_redirect_uris</code>\n\
</div>"
parameters:
- name: app_id
in: path
required: true
description: The identifier for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
put:
tags:
- Callbacks
summary: Replace Redirect Callback URLs
operationId: replaceRedirectCallbackURLs
description: "Replace all redirect callback URLs.\n\n<div>\n <code>update:applications_redirect_uris</code>\n\
</div>"
parameters:
- name: app_id
in: path
required: true
description: The identifier for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
delete:
tags:
- Callbacks
summary: Delete Callback URLs
operationId: deleteCallbackURLs
description: "Delete callback URLs.\n\n<div>\n <code>delete:applications_redirect_uris</code>\n\
</div>"
parameters:
- name: app_id
in: path
required: true
description: The identifier for the application.
schema:
type: string
- name: urls
in: query
required: true
description: Urls to delete, comma separated and url encoded.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
'403':
description: Forbidden
'429':
description: Too many requests - rate limited
security:
- kindeBearerAuth: []
/api/v1/applications/{app_id}/auth_logout_urls:
get:
tags:
- Callbacks
summary: List logout URLs
operationId: getLogoutURLs
description: "Returns an application's logout redirect URLs.\n\n<div>\n <code>read:application_logout_uris</code>\n\
</div>"
parameters:
- name: app_id
in: path
required: true
description: The identifier for the application.
schema:
type: string
responses:
'200':
description: OK
'400':
description: Bad request
# --- truncated at 32 KB (137 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/kinde-so/refs/heads/main/openapi/kinde-so-openapi.yml