> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kontext.security/llms.txt
> Use this file to discover all available pages before exploring further.

# API Overview

> Control applications, integrations, policies, sessions, and traces in the Kontext identity control plane.

Kontext is the identity control plane for AI agents. The Management API gives you programmatic control over applications, integrations, policies, service accounts, sessions, and traces, so control-plane configuration can be automated in code.
Everything you can do in the dashboard is available through the API.

## Base URL

```
https://api.kontext.security/api/v1
```

All paths in this reference are relative to this base.

## Authentication

Every request requires a Bearer token in the `Authorization` header. You can use either:

* A **service account token** obtained via client credentials grant
* A **user token** obtained via the Authorization Code + PKCE flow

```bash theme={"system"}
curl https://api.kontext.security/api/v1/applications \
  -H "Authorization: Bearer ory_at_..."
```

To get a service account token, see [Service Accounts](/api/service-accounts). For user tokens, see [Authentication](/concepts/authentication).

## Response format

Successful responses return JSON.

* Single-resource endpoints usually return a named wrapper (for example `{ "application": { ... } }` or `{ "integration": { ... } }`).
* List endpoints return `{ "items": [...] }`.
* Cursor-paginated list endpoints also include `nextCursor`.

Example paginated list response:

```json theme={"system"}
{
  "items": [...],
  "nextCursor": "eyJpZCI6Ijk..."
}
```

## Pagination

Cursor-paginated list endpoints use two query parameters:

| Parameter | Type      | Default | Description                                                     |
| --------- | --------- | ------- | --------------------------------------------------------------- |
| `limit`   | `integer` | `50`    | Items per page (1--200)                                         |
| `cursor`  | `string`  | --      | Cursor from a previous response's `nextCursor` (when supported) |

Some list endpoints are not cursor-paginated and ignore `cursor`.

## Error format

Errors return a JSON object with a `message` field and an appropriate HTTP status code:

```json theme={"system"}
{
  "message": "Application not found",
  "statusCode": 404
}
```

Common status codes:

| Code  | Meaning                            |
| ----- | ---------------------------------- |
| `400` | Invalid request body or parameters |
| `401` | Missing or invalid token           |
| `403` | Insufficient permissions           |
| `404` | Resource not found                 |
| `409` | Conflict (duplicate name, etc.)    |
| `429` | Rate limit exceeded                |

## Management SDK

If you prefer a typed client over raw HTTP, the [Management SDK](/sdks/management) wraps every endpoint in this reference:

```typescript theme={"system"}
import { KontextManagementClient } from "@kontext-dev/js-sdk/management";

const client = new KontextManagementClient({
  baseUrl: "https://api.kontext.security",
  credentials: { clientId: "sa_xxx", clientSecret: "secret" },
});

const { items } = await client.applications.list();
```

Role and scope requirements vary by endpoint and token type. See each resource page for exact requirements.