Skip to Content
Kismet's Organization API is officially released 🎉
APIAuthentication

Authentication

The Kismet Organization API uses authentication that ties directly to your organization’s account.

Authentication Method

All API requests must include both authentication headers:

  • X-Client-ID: Your unique client identifier
  • X-Client-Secret: Your secret key

Obtaining Credentials

To obtain your API credentials:

  1. Create your Client ID and Secret in the Kismet Dashboard
  2. You’ll receive your Client ID and Client Secret
  3. Store these credentials securely as we will not share your Client Secret again

Security Best Practices

Keep Credentials Secure

  • Never expose your Client Secret in client-side code
  • Store credentials in environment variables
  • Use secure configuration management

Setting Up Authentication

cURL Example

curl -X GET "https://api.kismethealth.com/api/external/organization_users" \
  -H "X-Client-ID: your-client-id" \
  -H "X-Client-Secret: your-client-secret" \
  -H "Content-Type: application/json"

JavaScript Example

const apiRequest = async () => {
  const response = await fetch('https://api.kismethealth.com/api/external/organization_users', {
    method: 'GET',
    headers: {
      'X-Client-ID': 'your-client-id',
      'X-Client-Secret': 'your-client-secret',
      'Content-Type': 'application/json'
    }
  });
  
  if (!response.ok) {
    throw new Error(`HTTP error! status: ${response.status}`);
  }
  
  return await response.json();
};

Python Example

import requests
 
response = requests.get(
    'https://api.kismethealth.com/api/external/organization_users',
    headers={
      'X-Client-ID': 'your-client-id',
      'X-Client-Secret': 'your-client-secret',
      'Content-Type': 'application/json'
    }
)
 
if response.status_code == 200:
    data = response.json()
    print(data)
else:
    print(f"Error: {response.status_code}")

Environment Variables

Set up your credentials using environment variables:

# .env file
KISMET_CLIENT_ID=your-client-id
KISMET_CLIENT_SECRET=your-client-secret
// Using environment variables in Node.js
const headers = {
  'X-Client-ID': process.env.KISMET_CLIENT_ID,
  'X-Client-Secret': process.env.KISMET_CLIENT_SECRET,
  'Content-Type': 'application/json'
};

Production Considerations

  • Implement proper error handling for common failures
  • Monitor API usage and credentials
  • Rotate credentials periodically

Authentication Errors

If authentication fails, you’ll receive a 401 Unauthorized response:

{
  "error": "Unauthorized",
}

Common authentication issues:

  • Missing or incorrect Client ID
  • Missing or incorrect Client Secret
  • Expired credentials
  • Malformed headers
Last updated on
Getting StartedCalls