Kinabase Logo
Developer Documentation
Kinabase API

Creating an App

Learn how to register your app, set up your API key and authenticate with the Kinabase API

Getting Started

After you've been granted API access, follow these steps to begin using the Kinabase API:

  1. Access API Settings
    Navigate to Settings, and select API in the left-hand menu. If you cannot see the API tab, you may need to request access from our support team at support@kinabase.com.

  2. Create App Registration
    Click + Add in the top-right corner to create a new App Registration, which is required to use the Kinabase API.

  3. Enter App Details
    Enter a Name and Description for the app. Both fields are required.

  4. Get Credentials
    An App ID (UUID) and an App Secret (64-byte base64 encoded key) will be generated. These are needed to obtain an authentication token to make API requests.

Security Note Keep your App Secret secure and never expose it in client-side code. It should only be used in secure server-side applications. The secret is only displayed once when the app is created.

Authentication

Before making any requests to the Kinabase API, you need to authenticate by generating a JWT token. The token is used to authorise all subsequent API requests.

1. Copy Credentials

Copy the App ID and App Secret from the API settings after registering your app.

2. Request Authentication Token

Send a POST request to https://app.kinabase.com/api/v1/token with the following JSON body: 

{
  "appId": "{your-app-id}",
  "appSecret": "{your-app-secret}"
}

Both appId and appSecret (also known as secret) are required fields.

3. Handle the Response

If successful, you'll receive a 200 OK response with a JSON body containing your token: 

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

4. Use the Token

Include the token in the Authorization header of all subsequent API requests: 

Authorization: Bearer {your-token}

The token is valid for 1 hour from generation.

5. Token Renewal

If your token expires or becomes invalid, generate a new one by repeating the authentication process. Tokens expire after 1 hour, and you can request a new token at any time using your App ID and Secret.

Best Practice Implement token caching and automatic renewal in your application. Check the token expiry before making requests and refresh proactively to maintain a seamless connection to the API.

Error Handling

If authentication fails, you'll receive an error response. Common causes include:

  • Invalid App ID or Secret – Double-check your credentials are correct
  • API not enabled for this tenant – Contact support to enable API access
  • Expired or revoked app – Create a new app registration

Next Steps

Once you have a valid token, you're ready to start making API requests. See Fetching Data to learn how to retrieve and manipulate records, or explore the API Reference for the full list of available endpoints.