Authentication¶
Every Kendis API endpoint uses HTTP Basic Authentication. Your username is your Kendis login email; your password is a personal API key — never your account password.
1. Generate an API key¶
- Open Kendis and click your avatar (top-right).
- Go to Profile → API Keys.
- Enter a label, choose an expiry, and click Create.
- Copy the key immediately — it is shown once.
Keep your API key secret
An API key grants the same read access as your account. Store it in a secret manager, never commit it to source control, and rotate it if it may have leaked. Use a short expiry where possible.
2. Build the Basic auth header¶
Basic auth sends email:apiKey, Base64-encoded, in the Authorization header.
| Step | Value |
|---|---|
user@acme.com |
|
| API key | your-api-key-here |
| Combine | user@acme.com:your-api-key-here |
| Base64-encode | dXNlckBhY21lLmNvbTp5b3VyLWFwaS1rZXktaGVyZQ== |
| Header | Authorization: Basic dXNlckBhY21lLmNvbTp5b3VyLWFwaS1rZXktaGVyZQ== |
Use the scheme keyword Basic, not Bearer
The header must read Authorization: Basic <token>. A common 401 cause is sending Bearer
or pasting the raw key without Base64-encoding email:apiKey first.
3. Common auth errors¶
| Symptom | Likely cause | Fix |
|---|---|---|
401 Unauthorized |
Missing/invalid header, revoked or expired key, or you sent your password instead of the API key | Regenerate the key in Profile → API Keys; re-encode email:apiKey; confirm the header says Basic |
| Works in browser, fails via API | You're authenticating with a session cookie in the browser, not the key | Always send the Authorization header explicitly |
See the full list on the Errors page.