K
Kinde4w ago
0x90

Obtaining a Users' Information from an API key

Is my understanding correct that there's no direct way to present a user-supplied API key and have the Kinde API return a JWT token? All I'm finding in the docs is an API Key validation endpoint, but that endpoint doesn't actually return any user info (Roles, Permissions, Info, etc). My usecase here is for enabling users to self-serve creating their own API keys and then being able to programatically hit API endpoints we expose. The idea being that their API key grants the same permissions as if they were themselves logged in to the frontend (fairly standard API Key usecase I think). Just am curious on the recommended approach to actually being able to construct a Users' object from the API Key (we use forward auth and have an JWT token injected for us on the UI side, but don't have seem to have this option available when using API keys presented by users)
2 Replies
Koosha-Kinde
Koosha-Kinde4w ago
Hi,
There's a couple of approaches you can take, the verify API key endpoint can return 'scopes' which you can use to define what privileges the API key has, alternatively it also returns the organization_id and user_id, which you could use to look up the user's roles/permissions etc via other endpoints.

You may find these useful:
https://docs.kinde.com/kinde-apis/management/#tag/organizations/get/api/v1/organizations/{org_code}/users/{user_id}/roles
https://docs.kinde.com/kinde-apis/management/#tag/organizations/get/api/v1/organizations/{org_code}/users/{user_id}/permissions
0x90
0x90OP3w ago
OK, that's where I arrived at as well - if I want the users' roles/permissions, I need to fetch the user info in three successive calls to the Kinde API based on the User ID that the api key verify endpoint returns

Did you find this page helpful?