Self-serve API keys
You can allow your customers to create and manage their own API keys directly in the self-serve portal for users and organizations.
Switch on self-serve API keys in Kinde
Link to this section- Go to Settings > Environment > Self-serve portal.
- Enable the API Keys option for the audience you want:
- Users (B2C)
- Organizations (B2B)
- Select Save. An API keys navigation item will appear in the portal for your customers.
Self-serve portal details
Link to this sectionDeep link to API keys from your app
Link to this sectionMost SDKs provide a PortalLink helper that generates a one-time portal URL and redirects the user. Use the subNav parameter to open the API Keys section directly.
React
Link to this sectionimport {PortalLink} from "@kinde-oss/kinde-auth-react";
// Opens the organization level API Keys section in the self-serve portal<PortalLink subNav="organization_api_keys">Manage API keys</PortalLink>;Next.js
Link to this sectionimport {PortalLink} from "@kinde-oss/kinde-auth-nextjs/components";
// Opens the API Keys section in the self-serve portal<PortalLink subNav="user_api_keys">Manage API keys</PortalLink>;Without an SDK (Account API)
Link to this sectionIf you’re not using a Kinde SDK, call the Account API endpoint and pass subnav to deep link to API Keys. See Get self-serve portal link for supported values.
const response = await fetch("/account_api/v1/portal_link?subnav=api_keys", { headers: { Authorization: `Bearer ${userAccessToken}` }});const data = await response.json();window.location = data.url;Tips for setting up
Link to this section- Use
subNav(camelCase) in SDK helpers andsubnav(lowercase) in Account API requests. - For organization-level experiences, pass organization context according to your integration pattern.
Customer portal experience
Link to this sectionAfter enabling the API key function for customers, an API Keys item shows in the portal navigation where customers can create, view, rotate and revoke keys.
Access control for self-serve organization level API keys
Link to this sectionThere are system level permissions which Kinde provides which you can assign to your custom roles.
read:org:authentication- The user is able to view API keys created by the organizationwrite:org:authentication- The user is able to create, rotate and revoke API keys for the organization.
When assigning permissions to roles, our recommendation is to only give the minimum permissions required for someone to do their job. It is always better to be more granular in this area.