The Kirality API.

Pull your workspace data into Zapier, Make, custom scripts, or any HTTP client. Bearer-key auth, scoped access, JSON everywhere.

Authentication

Every request requires an Authorization header containing an API key generated inside Kirality.

Authorization: Bearer kir_<your-key>

Generate keys under System → API Keys. The full key is shown once at creation — copy it immediately.

Scopes

Scope	Description
`read:kanban`	Read kanban items
`read:crm`	Read CRM deals and contacts
`read:okr`	Read objectives and key results
`read:hiring`	Read hiring candidates
`read:activity`	Read activity events
`write:activity`	Push activity events into Kirality
`admin`	Grants all scopes; required for webhook test fire

Endpoints

GET /api/v1/kanban scope read:kanban

Example response

{ "data": [{ "id": "...", "title": "Ship v2", "status": "todo", ... }] }

GET /api/v1/crm/deals scope read:crm

Params ?stage=qualified

Example response

{ "data": [{ "id": "...", "name": "Acme Co", "stage": "qualified", "amount": 5000 }] }

GET /api/v1/crm/contacts scope read:crm

Example response

{ "data": [{ "id": "...", "name": "Jane Doe", "email": "jane@acme.co" }] }

GET /api/v1/okr scope read:okr

Example response

{ "data": [{ "id": "...", "objective": "Grow ARR", "key_results": [...] }] }

GET /api/v1/candidates scope read:hiring

Params ?stage=interview

Example response

{ "data": [{ "id": "...", "name": "Pat Smith", "stage": "interview" }] }

GET /api/v1/activity scope read:activity

Params ?limit=50

Example response

{ "data": [{ "id": "...", "event_type": "deal.won", "created_at": "..." }] }

POST /api/v1/activity scope write:activity

Params body: { event_type, description?, metadata? }

Example response

{ "data": { "id": "...", "event_type": "external.sync_done" } }

POST /api/v1/webhooks/test scope admin

Params body: { webhook_id?, event?, payload? }

Example response

{ "data": { "event": "test.fired", "deliveries": [{ "status": 200 }] } }

Quick example

curl -H "Authorization: Bearer kir_xxx" https://kirality.com/api/v1/kanban

Rate limits

100 requests per minute per API key, enforced across all /api/v1/* endpoints. The limit follows the key, not your IP — every key gets its own budget.

Every response carries X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (Unix seconds when the window resets) so clients can self-throttle.

Exceeding the limit returns 429 with error code RATE_LIMITED and a Retry-After header (seconds). Handle it by pausing until Retry-After elapses, then retrying — ideally with exponential backoff rather than tight retry loops.

Errors

Status	Meaning
`401`	Invalid, revoked, or expired API key
`403`	Key is valid but missing the required scope
`400`	Malformed request (missing fields, bad input)
`429`	Rate limit exceeded — wait for the Retry-After header, then retry
`500`	Server error