Kyndreddocs
DashboardGitHub

Authentication

Two ways to access Kyndred endpoints: public embed tokens for client-side widgets, and private API keys for server-side management.

Embed tokens (public)

Generated per companion. Safe to embed in HTML/JS on your website. Limited to the public embed endpoints (/api/embed/{token}/*).

Origin-restrictable. See Embed Options.

API keys (private)

For programmatic access to management endpoints (creating companions, reading usage, etc.). Never expose these in client-side code.

Format

kyn_live_{random_32_chars}
txt

Create a key

From the dashboard: kyndred.dev/app/api-keys. Click + New Key, pick a name and scopes, and copy the key immediately — it's only shown once.

Using a key

curl https://kyndred.dev/api/companions \
  -H "Authorization: Bearer kyn_live_YOUR_KEY"
bash

Building a platform on Kyndred

If you're building a platform where your users create companions through your UI, use a single API key and tag each companion with metadata — arbitrary JSON you attach to companions to organize them by your own identifiers.

curl -X POST https://kyndred.dev/api/companions \
  -H "Authorization: Bearer kyn_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Customer Support Bot",
    "system_prompt": "You are a helpful support agent...",
    "voice_id": "rachel",
    "metadata": {
      "user_id": "alice_123",
      "workspace": "acme-corp"
    }
  }'
bash

Query companions by any metadata field:

curl 'https://kyndred.dev/api/companions?metadata.user_id=alice_123' \
  -H "Authorization: Bearer kyn_live_YOUR_KEY"
bash

See the Platform integrations guide for the full flow.

Security

  • Keys are SHA-256 hashed at rest — we can't recover them if lost
  • Revocation is instant — no TTL or cache to wait out
  • Rotate regularly — create a new key, update your code, revoke the old one
  • Usage is tracked per key for audit trails and billing