Account

API Keys

Generate and manage API keys to integrate Kling with your applications and automation workflows.

Kling TeamNovember 22, 20244 min read
API Keys
Connect Kling to your applications via our REST API

Kling's API lets you programmatically manage campaigns, customers, and more. API keys authenticate your requests and control access. This guide covers creating, managing, and securing your API keys.

Why Use the API?

The Kling API enables powerful integrations:

  • Custom dashboards: Build analytics views tailored to your needs
  • Data sync: Import customers from other systems
  • Automation: Trigger campaigns based on external events
  • Webhooks: Send Kling events to other applications
  • CI/CD: Deploy campaigns programmatically

Our API uses REST with JSON payloads. Full documentation is available at docs.kling.to/api.

Creating API Keys

1

Access API Settings

Navigate to Settings > API Keys in your Kling dashboard.

2

Create New Key

Click Create API Key and configure: - Name: Descriptive label (e.g., "CRM Integration") - Permissions: What the key can access - Expiration: Optional expiry date

3

Copy Your Key

The full key is shown once. Copy it immediately and store securely:

klg_live_abc123xyz789...
API key management dashboard
Create and manage API keys from your settings

Key Security

API keys are sensitive credentials. Never share them publicly, commit them to version control, or expose them in client-side code.

Key Permissions

Configure granular permissions for each key:

Read Permissions

  • read:customers - View customer data
  • read:campaigns - View campaigns
  • read:flows - View flow configurations
  • read:analytics - Access analytics data

Write Permissions

  • write:customers - Create/update customers
  • write:campaigns - Create/modify campaigns
  • write:flows - Manage flows
  • write:forms - Configure forms

Full Access

  • * - All permissions (use sparingly)

Example minimal key for analytics:

Permissions: read:customers, read:analytics

Using API Keys

Include your key in the Authorization header:

curl https://your-kling-instance.com/v1/customers \
  -H "Authorization: Bearer klg_live_abc123..."

Or in your code:

const response = await fetch('https://your-kling-instance.com/v1/customers', {
  headers: {
    Authorization: 'Bearer klg_live_abc123...',
    'Content-Type': 'application/json',
  },
});
Code editor showing API integration
Integrate Kling into your applications with simple API calls

Key Types

Kling supports two key types:

Live Keys

  • Prefix: klg_live_
  • Access production data
  • Real operations (sends emails, etc.)
  • Use in production environments

Test Keys

  • Prefix: klg_test_
  • Access sandbox environment
  • Operations don't affect real data
  • Perfect for development

Development Workflow

Always use test keys during development. Switch to live keys only when deploying to production.

Rotating Keys

Regularly rotate API keys for security:

  1. Create a new key with same permissions
  2. Update your applications to use the new key
  3. Verify everything works correctly
  4. Delete the old key

Recommended rotation schedule: Every 90 days

Managing Existing Keys

From Settings > API Keys, you can:

View Keys

  • See all keys with creation date
  • Last used timestamp
  • Permission summary

Edit Keys

  • Update name/description
  • Modify permissions
  • Cannot view the full key (create new if lost)

Revoke Keys

  • Immediately disables the key
  • All requests using it will fail
  • Cannot be undone (create new instead)

Rate Limits

API requests are rate limited to ensure fair usage:

| Endpoint Type | Limit | | ---------------- | ------------ | | Read operations | 1,000/minute | | Write operations | 100/minute | | Bulk operations | 10/minute |

Exceeding limits returns 429 Too Many Requests. Implement exponential backoff in your code.

Error Handling

Common API errors and solutions:

| Error Code | Meaning | Solution | | ---------- | ------------------------ | ------------------------------- | | 401 | Invalid key | Check key is correct and active | | 403 | Insufficient permissions | Add required permissions to key | | 429 | Rate limited | Slow down requests | | 500 | Server error | Retry with backoff |

Best Practices

Secure Storage

  • Use environment variables: process.env.KLING_API_KEY
  • Use secrets managers (AWS Secrets, HashiCorp Vault)
  • Never hardcode keys

Least Privilege

  • Only grant permissions the key needs
  • Create separate keys for different applications
  • Review and prune unused keys

Monitoring

  • Track key usage in audit logs
  • Set up alerts for unusual activity
  • Monitor for failed authentication attempts

Webhook Signatures

When receiving webhooks from Kling, verify the signature:

const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expected = crypto.createHmac('sha256', secret).update(payload).digest('hex');
  return signature === `sha256=${expected}`;
}

Your webhook secret is separate from API keys—find it in Settings > Webhooks.

Next Steps

The API opens up limitless possibilities for automation and integration. Build something amazing!

apiintegrationdevelopers

Related Articles

Security Settings
Account
Security Settings
5 min read
Managing Team Members
Account
Managing Team Members
5 min read
Campaign Not Running
Troubleshooting
Campaign Not Running
6 min read

Need More Help?

Can't find what you're looking for? Our support team is here to help.