Developer API

A real API for codes, secrets, and inboxes.

Scoped keys. REST endpoints. Webhooks. Wire Kaito into your CI, your bots, your incident tooling.

Scoped keys

Most APIs give you one key with full access. We don't.

Every Kaito key carries a scope — a set of permissions plus optional restrictions.

Scope	What it allows
tokens:read	List tokens (metadata only — no seeds, no codes)
tokens:code	Generate the current TOTP code for a token
tokens:write	Create / update / delete tokens
tokens:seed	Read or rotate the encrypted seed (rare, flagged in audit)
sms:read	List inbound SMS messages
sms:send	Send SMS (Business+)
audit:read	Read the audit log
org:admin	Manage org / users / billing

IP allow-lists (CIDRs)Expiry datesSingle-use bindRate-limit override (Enterprise)

Quickstart

Three lines to your first code.

bash

# 1. Create a key in the dashboard with scope tokens:code
$ export KAITO_KEY=kto_live_…

# 2. Get the current code
$ curl https://api.kaito.io/v1/tokens/aws-prod/code \
    -H "Authorization: Bearer $KAITO_KEY"

# → { "code": "583021", "expires_in": 14, "period": 30 }

Webhooks

Push, don't poll.

Kaito sends signed webhooks for inbound SMS, audit events, and billing changes.

Topics

sms.inbound
sms.delivery_status
audit.event (filtered by action)
billing.subscription.*
token.permission.changed

Security

HMAC-SHA256 signature header
Replay protection via timestamp
Automatic retry with backoff
Per-endpoint signing secret

Rate limits

Sane defaults during private beta.

No formal uptime SLA today — we publish status incidents and you have our active attention. Tiered SLAs come with GA.

Endpoint group	Default limit
Code-fetch (tokens:code)	60 req/min/key
Read (tokens:read, sms:read)	300 req/min/key
Write (tokens:write, *:write)	60 req/min/key
Webhook delivery	continuous, no cap

Limits are per API key. 429 responses include a Retry-After header. Email support@kaito.io to discuss higher limits for a real workload.

Wire Kaito into the rest of your stack.

Start free trial Read the API changelog →