Konduit API
Konduit exposes a REST API for programmatic access to datatables, lists, tasks, comments, time entries, attachments, and forms. Authenticate with an API key created in your workspace settings.
- Base URL:
https://api.konduit.work/v1 - Auth:
Authorization: Bearer kdt_<your-key> - Format: JSON for requests + responses
Quick start
curl -H "Authorization: Bearer kdt_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
https://api.konduit.work/v1/me
Response:
{
"workspace": { "id": "...", "name": "Acme Marketing", "plan": "pro" },
"members": [{ "id": "...", "name": "Alice" }, { "id": "...", "name": "Bob" }]
}
What's covered
| Section | Endpoints |
|---|---|
| Authentication & Limits | API keys, plan limits, rate limit headers |
| Errors | Status codes, error format, retry behavior |
| Workspace | GET /me |
| DataTables | Schemas, rows, bulk insert, attachments |
| Spaces & Lists | Workspace structure (spaces, folders, lists) |
| Tasks | Task CRUD, validation rules, custom data |
| Comments | Task comments (rich text or plain text) |
| Time Entries | Manual entries, running timers, billable flag |
| Attachments | File uploads to tasks (private, authenticated storage) |
| Forms | Read forms + submissions |
| Webhooks | Event delivery via automations |
| Versioning | Stability guarantees + what's not in v1 |
API versioning at a glance
/api/public/v1/ is a stable contract. Breaking changes only ship in a future /v2/. Non-breaking additions (new endpoints, new optional fields) ship to v1 directly. See Versioning for the full policy and what's intentionally not exposed.
CORS
The public API is CORS-enabled for any origin (Access-Control-Allow-Origin: *). You can call it directly from a browser-based integration without a server-side proxy. Authorization is enforced by the Bearer token, not the origin.
We never set Access-Control-Allow-Credentials, so cookies are not sent cross-origin — only the Authorization header you supply.
Pre-flight OPTIONS requests succeed without authentication (this is required by the browser CORS handshake; it doesn't expose any data).
Tools
| Format | Where |
|---|---|
| OpenAPI 3.1 spec | /openapi.json — import into Postman, Insomnia, Hoppscotch, Bruno, or any OpenAPI-compatible client |
| Postman collection | /postman.json — pre-configured with all common endpoints and variables |
| Try-it from the docs | Click the ▶ Try it button next to any curl example. Requires an API key (set via the 🔑 icon in the topnav). The key is kept in sessionStorage (this tab only — not synced or persisted across sessions). All write operations (POST/PATCH/DELETE) require typing CONFIRM before they fire — they hit your real workspace data |