Developers

Extend & integrate with Kantree

Authentication

There are 2 ways to authenticate:

  • Using an API key: NEVER share your API key. Use it for personnal use cases
  • Using OAuth 2: when you are creating third party integrations and you need to act as the user

API Key

Visit your account settings to get your API key.

Two methods are available to authenticate:

  • HTTP Basic Authentication
  • HTTP custom header X-Api-Key

For HTTP Basic Authorization, the api key should be used as the username, leaving the password blank:

$ curl -u "my-api-key:" https://kantree.io/api/1.0/me

Using the header:

$ curl -H "X-Api-Key: my-api-key" https://kantree.io/api/1.0/me

OAuth 2.0

Learn more about OAuth 2.0 at https://oauth.net/2/.

Register your OAuth 2.0 application from your developer page in your user account.

You will obtain a client id and client secret needed to perform the OAuth flow.

Only the Authorization Code grant is allowed.

The following endpoints are used to perform the flow:

  • redirect the user to https://kantree.io/oauth/authorize to obtain an authorization code
  • https://kantree.io/oauth/token to exchange your authorization code for an access token

Note: Kantree Enterprise customers need to replace kantree.io with their own domain

The following scopes are available:

  • read_user: Only read user information (/api/1.0/me)
  • read_workspace: Read-only access to workspaces
  • write_workspace: Read/Write access to workspaces