Navigation

Konduit API

Konduit exposes a REST API for programmatic access to datatables, lists, tasks, comments, time entries, attachments, and forms. Authenticate with an API key created in your workspace settings.

  • Base URL: https://api.konduit.work/v1
  • Auth: Authorization: Bearer kdt_<your-key>
  • Format: JSON for requests + responses

Quick start

curl -H "Authorization: Bearer kdt_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
     https://api.konduit.work/v1/me

Response:

{
  "workspace": { "id": "...", "name": "Acme Marketing", "plan": "pro" },
  "members": [{ "id": "...", "name": "Alice" }, { "id": "...", "name": "Bob" }]
}

What's covered

Section Endpoints
Authentication & Limits API keys, plan limits, rate limit headers
Errors Status codes, error format, retry behavior
Workspace GET /me
DataTables Schemas, rows, bulk insert, attachments
Spaces & Lists Workspace structure (spaces, folders, lists)
Tasks Task CRUD, validation rules, custom data
Comments Task comments (rich text or plain text)
Time Entries Manual entries, running timers, billable flag
Attachments File uploads to tasks (private, authenticated storage)
Forms Read forms + submissions
Webhooks Event delivery via automations
Versioning Stability guarantees + what's not in v1

API versioning at a glance

/api/public/v1/ is a stable contract. Breaking changes only ship in a future /v2/. Non-breaking additions (new endpoints, new optional fields) ship to v1 directly. See Versioning for the full policy and what's intentionally not exposed.

CORS

The public API is CORS-enabled for any origin (Access-Control-Allow-Origin: *). You can call it directly from a browser-based integration without a server-side proxy. Authorization is enforced by the Bearer token, not the origin.

We never set Access-Control-Allow-Credentials, so cookies are not sent cross-origin — only the Authorization header you supply.

Pre-flight OPTIONS requests succeed without authentication (this is required by the browser CORS handshake; it doesn't expose any data).

Tools

Format Where
OpenAPI 3.1 spec /openapi.json — import into Postman, Insomnia, Hoppscotch, Bruno, or any OpenAPI-compatible client
Postman collection /postman.json — pre-configured with all common endpoints and variables
Try-it from the docs Click the ▶ Try it button next to any curl example. Requires an API key (set via the 🔑 icon in the topnav). The key is kept in sessionStorage (this tab only — not synced or persisted across sessions). All write operations (POST/PATCH/DELETE) require typing CONFIRM before they fire — they hit your real workspace data