Skip to main content
Authenticate requests to the Kernel API using API keys passed in the x-api-key header.

Authentication

Every request must include an API key:
curl
curl https://api.kernel.ai/rest/v1/entity-resolution \
  -H "x-api-key: $KERNEL_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"legal_name": "Stripe"}'
Requests without a valid key receive a 401 Unauthorized response.

Creating an API key

  1. Go to Settings > API keys in the Kernel app
  2. Click Create key and optionally give it a name
  3. Copy the key value and signing secret — both are shown only once
Store your API key in an environment variable and never commit it to source control.
export KERNEL_API_KEY="ker_your_api_key_here"

Key value

The key value is a string you pass in the x-api-key header. After creation, the full key is displayed once — it cannot be retrieved later. If you lose a key, delete it and create a new one.

Webhook signing secret

Each API key comes with a webhook signing secret (prefixed with whsec_). Use this secret to verify that webhook payloads were sent by Kernel. See Webhooks for the verification process. The signing secret is shown once when you create an API key. If you need a new secret, delete the key and create a new one.

Deleting a key

Deleting an API key immediately revokes it. Any requests using that key will receive a 401 Unauthorized response. To delete a key, go to Settings > API keys, open the key’s menu, and select Delete key.

Security best practices

  • Store API keys in environment variables, never in source code
  • Use separate keys for development and production
  • Rotate keys if you suspect they have been leaked
  • Delete keys you no longer need