API Overview

The Kindo API provides programmatic access to all platform capabilities. The API is OpenAI-compatible for chat completions and includes additional endpoints for agents, integrations, and administration.

Authentication

All API requests require a Bearer token in the Authorization header:

curl -H "Authorization: Bearer YOUR_API_KEY" https://api.kindo.ai/v1/models

Getting Your API Key

Sign in to the Kindo Terminal.
Open Settings (gear icon) > API.
Copy your API key.

For self-hosted installations, replace api.kindo.ai with your API endpoint.

Core Endpoints

Chat Completions

POST /v1/chat/completions

Send a message to an AI model. This endpoint is OpenAI-compatible.

curl -X POST https://api.kindo.ai/v1/chat/completions \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{
    "model": "claude-sonnet-4-5-20250929",
    "messages": [
      { "role": "user", "content": "Explain Kubernetes pod security policies." }
    ]
  }'

Supports streaming via "stream": true.

List Models

GET /v1/models

Returns all models available to your organization.

curl https://api.kindo.ai/v1/models \
  -H "Authorization: Bearer YOUR_API_KEY"

Run Agent

POST /v1/agents/{agentId}/run

Trigger an agent execution programmatically.

curl -X POST https://api.kindo.ai/v1/agents/YOUR_AGENT_ID/run \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{ "input": "Run the daily security scan" }'

Request and Response Format

All requests and responses use JSON. The API follows REST conventions:

Method	Purpose
`GET`	Retrieve resources
`POST`	Create resources or trigger actions
`PUT`	Update resources
`DELETE`	Remove resources

Rate Limits

API requests are subject to your organization’s rate limits. If you exceed the limit, the API returns 429 Too Many Requests with a Retry-After header.

Security

DLP — The same Data Loss Prevention filters that protect the UI also apply to API requests.
Audit logging — All API calls are recorded in your organization’s audit trail.
RBAC — API keys inherit the permissions of the user who created them.

Error Handling

The API returns standard HTTP status codes:

Code	Meaning
`200`	Success
`400`	Bad request — check your request body
`401`	Unauthorized — check your API key
`403`	Forbidden — insufficient permissions
`404`	Resource not found
`429`	Rate limited — retry after the specified delay
`500`	Server error — contact support if persistent

Error responses include a JSON body with a message field describing the issue.

Next Steps

First API Call for a hands-on quickstart
Glossary for API-related terminology