Appearance
API Reference
kendo provides an API for programmatic access and an MCP (Model Context Protocol) server for AI coding assistants.
Authentication
kendo has two kinds of token. Use a personal API token for your own programmatic access, and a project token when an external system needs to submit data to a single project.
Personal API Tokens
Personal tokens authenticate requests on your behalf and carry read + write scopes — they reach every endpoint your account can, subject to your role and team access. Create them from your profile settings and include the token in the Authorization header:
bash
curl https://{tenant}.kendo.dev/api/projects \
-H "Authorization: Bearer your-api-token"Tokens can be revoked at any time from your profile. See API Tokens for scopes and details.
Project Tokens
Project tokens are scoped to a single project and carry exactly one ability — report:create (submit reports) or error-events:write (ingest error events). They exist for external systems — CI pipelines, feedback widgets, error reporters — that should submit to one project and reach nothing else. Mint them from the project's settings; see Project Tokens. The report and error-event submission endpoints accept only project tokens — a personal token cannot call them.
| Personal API token | Project token | |
|---|---|---|
| Scope | Your whole account | One project |
| Access | The general API, per your role (except report / error-event submission) | One ability: reports or error events |
| Created from | Profile settings | Project settings |
| For | Your own scripts and integrations | External systems submitting data in |
Base URL
All API endpoints are relative to your tenant subdomain:
https://{tenant}.kendo.dev/api/Resources
| Resource | Description |
|---|---|
| Issues | Create, update, move, and search issues |
| Projects | Manage projects and their configuration |
| Sprints | Plan, activate, and complete sprints |
| Time Entries | Log and manage time against issues |
| Comments | Add and manage comments on issues |
| Epics | Group issues on a timeline |
| Roles | Manage roles and permissions |
| Users | List and manage workspace members |
| Notifications | List and manage your notification inbox |
| Branch Links | Link GitHub branches to issues |
| Reports | Submit, promote, and manage feedback reports |
| Error Events | Ingest application errors, deduplicated into error groups |
| Project Tokens | Scoped tokens for external systems — one project, one ability (reports or error events) |
| API Tokens | Personal access tokens — full API access for your own account |
Additional Endpoints
| Method | Endpoint | Description |
|---|---|---|
GET | /api/projects/{id}/lanes | List board lanes |
GET | /api/teams | List teams |
GET | /api/github/status | Check GitHub connection |
GET | /api/projects/{id}/github-repos | List linked repositories |
Response Format
All responses return JSON. Successful responses return the resource directly:
json
{
"id": 1,
"title": "...",
"created_at": "2026-03-13T10:30:00.000000Z"
}Collection endpoints return arrays:
json
[
{"id": 1, "title": "..."},
{"id": 2, "title": "..."}
]Status Codes
| Code | Meaning |
|---|---|
200 | Success (retrieve, update, list) |
201 | Created (store) |
204 | No Content (delete) |
422 | Validation Error (invalid input) |
Validation Errors
When validation fails, the API returns a 422 response with field-level errors:
json
{
"message": "The title field is required.",
"errors": {
"title": ["The title field is required."],
"priority": ["The selected priority is invalid."]
}
}Authorization & Scoping
All API and MCP access is scoped to the authenticated user:
- API tokens are user-specific — you only see projects, issues, and data for projects assigned to your teams
- MCP tokens carry an
mcp:usescope with the same access restrictions - This isn't just filtering — it's programmatic enforcement through Laravel Gates and
Project::accessibleBy($user)checks - Role-based permissions apply per-resource, per-action: each role defines Create, Read, Update (None/Own/All), and Delete (None/Own/All) scopes for 16 resources
- Project owners automatically get full access to all project-scoped resources in their own projects
- Admins bypass all permission checks
MCP Server
kendo exposes a Model Context Protocol server with tools and resources for AI coding assistants.
For full documentation including setup guides, tool parameters, and workflow examples, see the MCP documentation.
| Section | What's Covered |
|---|---|
| Overview & Setup | OAuth flow, Claude Code and Cursor configuration |
| Issues | Create, update, search, prepare context, pick up, daily snapshot (9 tools) |
| Comments | Add, update, delete with permission model (3 tools) |
| Time Entries | Log, update, delete, query with grouping (4 tools) |
| Epics | Create, update, delete, get with progress (4 tools) |
| Labels | List, create, update, delete labels, and set an issue's labels (5 tools) |
| Sprints | List, create, update, complete, delete, bulk-assign issues (6 tools) |
| Branches | Link and unlink branches with multi-repo disambiguation (2 tools) |
| Resources | 10 read-only resources for projects, issues, lanes, sprints, epics, members, teams, repos |
| Workflows | Multi-step flows: sprint planning, bug triage, time logging |
Build Integrations
Use the API to connect any chat tool, CI pipeline, or internal system to your project board:
- Create issues from Slack, Discord, or Microsoft Teams messages
- Post board updates to a channel
- Sync status with external dashboards
- Trigger workflows based on issue events
See Also
- MCP Overview & Setup — Connect your AI assistant to kendo
- Quick Start — Using MCP tools with your AI assistant
- Issues API — Full issue endpoint documentation
- GitHub Integration — GitHub-specific API operations