Skip to content
  • Manage your APIs
  • Add and manage API keys

Self-serve API keys

You can allow your customers to create and manage their own API keys directly in the self-serve portal for users and organizations.

Switch on self-serve API keys in Kinde

Link to this section
  1. Go to Settings > Environment > Self-serve portal.
  2. Enable the API Keys option for the audience you want:
    • Users (B2C)
    • Organizations (B2B)
  3. Select Save. An API keys navigation item will appear in the portal for your customers.

Self-serve portal details

Link to this section
Link to this section

Most SDKs provide a PortalLink helper that generates a one-time portal URL and redirects the user. Use the subNav parameter to open the API Keys section directly.

import {PortalLink} from "@kinde-oss/kinde-auth-react";
// Opens the organization level API Keys section in the self-serve portal
<PortalLink subNav="organization_api_keys">Manage API keys</PortalLink>;
import {PortalLink} from "@kinde-oss/kinde-auth-nextjs/components";
// Opens the API Keys section in the self-serve portal
<PortalLink subNav="user_api_keys">Manage API keys</PortalLink>;

Without an SDK (Account API)

Link to this section

If you’re not using a Kinde SDK, call the Account API endpoint and pass subnav to deep link to API Keys. See Get self-serve portal link for supported values.

const response = await fetch("/account_api/v1/portal_link?subnav=api_keys", {
headers: {
Authorization: `Bearer ${userAccessToken}`
}
});
const data = await response.json();
window.location = data.url;

Tips for setting up

Link to this section
  • Use subNav (camelCase) in SDK helpers and subnav (lowercase) in Account API requests.
  • For organization-level experiences, pass organization context according to your integration pattern.

Customer portal experience

Link to this section

After enabling the API key function for customers, an API Keys item shows in the portal navigation where customers can create, view, rotate and revoke keys.

Access control for self-serve organization level API keys

Link to this section

There are system level permissions which Kinde provides which you can assign to your custom roles.

  • read:org:authentication - The user is able to view API keys created by the organization
  • write:org:authentication - The user is able to create, rotate and revoke API keys for the organization.

When assigning permissions to roles, our recommendation is to only give the minimum permissions required for someone to do their job. It is always better to be more granular in this area.