Using Access Keys to authenticate API calls

All Kissflow APIs require an API Key for header authentication. You can follow these instructions to create an API Access Key ID and Secret (and get your Account ID) in your Kissflow account.

Notes to remember:

  • API Access Key ID and Secret are created at the individual user level and not for the entire account.
  • Users can create multiple API Access Keys from a single account.
  • All API Access Keys must be manually deleted by the user if they are no longer in service.
  • API Access Keys should be kept private as they carry important information about your identity.
  • If you're already using API keys, we recommend you create their equivalent access keys as necessary before we roll back API keys completely.
  • We've deprecated the current API keys across all Kissflow accounts. It'll be completely retired on or after 15th July 2022.


Security note:

  • Since credentials are passed as plain text in HTTP basic authentication, SSL/TLS is recommended when used over the internet.
  • We do not recommend invoking the APIs directly from your browser using JavaScript because this would require the "API Access Key ID and Secret" to be available on the browser side. Instead, invoke the API from the web application server.