Skip to Content
Quickstart

Your first call in 5 minutes

By the end of this guide you will have made a real authenticated call against the development environment with a test key, without touching production data.

Development base URL: https://api.dev.kinmu.app/v1 · Production: https://api.kinmu.app/v1. Test keys (kinmu_sk_test_…) operate against a sandbox company with synthetic data.

Enable the Public API addon

In my.kinmu.appExtensions, enable the Public API addon. When enabled, a sandbox company is provisioned automatically (5 demo employees with sample check-ins and absences) for your test keys.

Only a global_admin or company_manager can enable it.

Create an API key

Go to Developers → API keys → Create key. Choose:

  • A descriptive name (e.g. quickstart).
  • The scopes you need. For this quickstart it’s enough for the key to be able to read the organization (the organization scope is implicit).
  • Mark it as a test key to work against the sandbox.

The key is shown only once. Copy it and store it somewhere safe:

kinmu_sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

You won’t be able to see the full key again. If you lose it, revoke it and create another.

Export the key in your terminal

export KINMU_API_KEY="kinmu_sk_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" export KINMU_BASE_URL="https://api.dev.kinmu.app/v1"

Make your first call: GET /v1/organization

This endpoint returns the company resolved from your credential, the key’s data and your current limits. It’s the canonical way to check that everything works.

curl -s "$KINMU_BASE_URL/organization" \ -H "Authorization: Bearer $KINMU_API_KEY" \ -H "Accept: application/json"

Read the response

{ "id": "a1b2c3d4-0000-0000-0000-000000000000", "name": "Sandbox Company", "country": "ES", "active_employees": 5, "key": { "name": "quickstart", "scopes": ["org:empleados:read"], "expires_at": null }, "limits": { "rate_per_minute": 30, "monthly_quota": 5000, "monthly_used": 1 }, "sandbox": true }

"sandbox": true confirms the call ran against the test company. First call done.

What now?

A 401? Check the Authorization: Bearer … header and that the key is not revoked or expired. A 403 invalid_scope? The key is missing a scope. A 429? You exceeded the per-minute limit; wait the number of seconds indicated by Retry-After.

Last updated on