Authentication
Keito API v2 supports personal access tokens. API key requests need both:
Authorization: Bearer <kto_...>Keito-Account-Id: <company_id>
The Keito-Account-Id value is your Keito Company ID. It scopes the request to the correct company and is required for API key authentication.
Creating an API Key
- Log in to the Keito web app.
- Navigate to Settings -> API & Developers.
- Create a personal access token.
- Copy the
kto_...API key immediately. It will not be shown again. - Copy the Company ID shown on the same page.
Using Your API Key
Base URL:
https://app.keito.ai/api/v2Example request:
curl https://app.keito.ai/api/v2/users/me \
-H "Authorization: Bearer kto_xxxxx" \
-H "Keito-Account-Id: your_company_id"SDK Configuration
In the SDKs:
// Node SDK
const keito = new Keito({
apiKey: process.env.KEITO_API_KEY,
accountId: process.env.KEITO_ACCOUNT_ID,
});# Python SDK
client = Keito(
api_key=os.environ["KEITO_API_KEY"],
account_id=os.environ["KEITO_ACCOUNT_ID"],
)Environment Variables
| Variable | Description |
|---|---|
KEITO_API_KEY | Your kto_... API key |
KEITO_ACCOUNT_ID | Your Keito Company ID, sent as Keito-Account-Id |
KEITO_WORKSPACE_ID | Legacy CLI alias for KEITO_ACCOUNT_ID |
Find the Company ID in Keito under Settings -> API & Developers -> Company ID.
Security Best Practices
- Treat API keys like passwords.
- Never commit API keys to source control.
- Use environment variables or a secrets manager.
- Create separate keys for each agent, CI job, or integration.
- Revoke keys immediately if they are exposed.
OAuth Tokens
Some partner integrations use WorkOS Connect JWTs instead of kto_... API keys. JWT requests use the Authorization header only; the company is resolved from token claims.