There are 2 ways to authenticate:

  • Using an API key: NEVER share your API key. Use it for personnal use cases
  • Using OAuth 2: when you are creating third party integrations and you need to act as the user


Visit your account settings to get your API key.

Two methods are available to authenticate:

  • HTTP Basic Authentication
  • HTTP custom header X-Api-Key

For HTTP Basic Authorization, the api key should be used as the username, leaving the password blank:

$ curl -u "my-api-key:"

Using the header:

$ curl -H "X-Api-Key: my-api-key"

OAuth 2.0

Learn more about OAuth 2.0 at

Register your OAuth 2.0 application from your developer page in your user account.

You will obtain a client id and client secret needed to perform the OAuth flow.

Only the Authorization Code grant is allowed.

The following endpoints are used to perform the flow:

  • redirect the user to to obtain an authorization code
  • to exchange your authorization code for an access token

Note: Kantree Enterprise customers need to replace with their own domain

The following scopes are available:

  • read_user: Only read user information (/api/1.0/me)
  • read_workspace: Read-only access to workspaces
  • write_workspace: Read/Write access to workspaces