API Reference
Authentication
Integrate with the Kantos REST API.
All API requests require authentication using an API key. Include your key in the X-Api-Key header with every request.
curl -X GET "https://kantos.ai/api/crm/records/query" \
-H "X-Api-Key: kantos_your_secret_key" \
-H "Content-Type: application/json"API Key Types
| Key Type | Prefix | Use Case | Permissions |
|---|---|---|---|
| Server Key | kantos_ | Server-side integrations | Full read/write access |
| Intake Key | kantos_ | Smart Intake form capture | Write-only to ingest endpoint |
Keep Server Keys Secure
Server keys (kantos_...) provide full access to your CRM data. Never expose them in client-side code, public repositories, or browser requests. Use intake keys for frontend integrations.
Creating API Keys
Go to Settings → API Keys
Navigate to the API Keys section in your Kantos dashboard.
Click "Create Key"
Choose the key type based on your use case.
Name Your Key
Give it a descriptive name like "Production Server" or "Marketing Website".
Copy and Store Securely
The full key is only shown once. Store it securely in environment variables.
Key Rotation
For security, rotate your API keys periodically and immediately after any suspected compromise:
- Create a new key with the same permissions
- Update your integration to use the new key
- Verify the integration works with the new key
- Revoke the old key from Settings → API Keys
Audit Trail
All API key operations (creation, usage, revocation) are logged in the audit trail. Review key activity under Settings → API Keys to monitor for unexpected usage.
Environment Variables
Store API keys as environment variables rather than hardcoding them:
KANTOS_API_KEY=kantos_your_secret_key
KANTOS_INTAKE_KEY=kantos_your_intake_keyNext Steps
- Records API — Start querying and creating records
- Rate Limits — Understand request quotas