Authentication

Authentication via Client Credentials The API uses standard OAuth2/OpenID authentication. "Client Credentials Flow" is recommended for machine-to-machine access.

You will receive a "Client ID" and "Client Secret" as part of your API onboarding. Contact [email protected] to get access.

Execute a HTTP POST request to the OAuth2 Token endpoint:

curl -X POST https://api.kit.com/oauth2/token \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials&client_id=$MY_CLIENT_ID&client_secret=$MY_CLIENT_SECRET"

On success, the response will be a JSON object with the following properties:

{
  "token_type": "Bearer",
  "access_token": "...",
  "expires_in": 3600
}

The value of "access_token" can then be used in future requests for authentication.

For more details about OAuth2 Client Credentials Flow:

• https://datatracker.ietf.org/doc/html/rfc6749#section-4.4
• https://oauth.net/2/grant-types/client-credentials/
• https://auth0.com/docs/flows/client-credentials-flow