Kandji API

By Emalee Firestein

Learn how to enable and configure API access for your instance

API Documentation 

Complete API endpoint documentation is available at api.kandji.io. This article walks through generating an API token within your Kandji instance.

API Availability

The Kandji API is automatically available to customers Plan 500 or higher, but it is not enabled on new or existing instances by default. Contact support to enable API access for your instance. 

API access is available as an add-on for customers below Plan 500. See our pricing page for plan details. 


API Rate Limit

The Kandji API currently has an API rate limit of 10,000 requests per hour per tenant. 


Generate an API Token

Kandji uses instance-level bearer tokens to control access to the API To generate one:

  1. Log in and click on Settings.

  2. Click the Access tab.

  3. Click the Add API Token button to create a new API key.
  4. After clicking Add API Token, provide a Name and a Description for your API token.

  5. Click Create. 



  6. Kandji will display a modal with the API token. Click the visibility symbol to expose it or use the Copy Token button to copy the API token to your clipboard, storing it in a safe place. Note: You will not be able to see the token details again.

  7. Click Next.



  8. Click Configure to manage the API permissions for this specific token or Skip to change them later.

  9. After making your modifications, click Save.

  10. Once you create your first token, you will see your instance-specific API URL.

Modify, Inspect, or Revoke an API Token

After you create an API token for your instance, you can modify its name and permissions or revoke it to prevent further access. 

  1. Click the vertical ellipsis next to the token. 
  2. Click View to display information about the token, including the permissions associated with the token. From this page you can use the following options:
  3. Click the Permissions tab to edit the permissions associated with the token
    1. Click the Activity tab to view the activity of the API token, including:
    2. Token created
    3. Token name changed
    4. Token permissions edited
  4. In the lower-right corner, click Edit to edit the name of the token
  5. Click Revoke to invalidate the API token and prevent its further use. If you revoke a token, you will no longer see it in the list of API tokens for your instance.