Skip to main content

Authentication

Overview

The Kontakto API uses JWT (JSON Web Token) authentication for secure access to all endpoints. All API requests must include a valid JWT token in the Authorization header.

Getting Your API Key

1. Create an Account

Visit Kontakto.fi and create an account to access the Kontakto UI.

2. Generate API Key

Once logged in, you can generate API keys (JWT tokens) through the Kontakto dashboard. Each API key:

  • The token is visible only once when it is created.
  • Is associated with your organization
  • Has a configurable expiration time (also supports infinite expiration)
  • Can be named for easy identification
info

The token is visible only once when it is created, please save it somehwere safe.

3. API Key Management

API keys are managed through the portal. You can:

  • Generate new API keys
  • Disable API keys
  • Monitor key usage and expiration

Using Your API Key

Authentication Header

Include your JWT token in the Authorization header of every API request:

Authorization: Bearer <your-jwt-token>

Security Features

JWT Token Security

  • Bearer Format: Tokens use the standard Bearer token format
  • Secure Transmission: All API communication is over HTTPS
  • Organization Scoping: Keys are scoped to specific organizations and permissions

Rate Limiting

The API implements rate limiting to ensure fair usage.

Token Validation

  • Tokens are validated on every request
  • Expired tokens return 401 Unauthorized
  • Invalid tokens return 401 Unauthorized
  • Insufficient permissions return 403 Forbidden

Error Responses

401 Unauthorized

  • Missing or invalid Authorization header
  • Expired JWT token
  • Malformed JWT token

403 Forbidden

  • Valid token but insufficient permissions
  • Organization access restrictions
  • API key scope limitations

Best Practices

Token Management

  • Store Securely: Never commit API keys to version control
  • Rotate Regularly: Generate new keys periodically
  • Monitor Usage: Track API key usage and expiration
  • Scope Appropriately: Use organization-specific keys when possible
  • Access Control: Limit API key access to necessary team members
  • Audit Logs: Monitor API usage for unusual patterns

Getting Help

If you encounter authentication issues:

  1. Verify your JWT token is valid and not expired
  2. Check that you have the necessary permissions
  3. Ensure your organization has active API access
  4. Contact support at [email protected]