kendo.dev

Appearance

API Reference

kendo provides an API for programmatic access and an MCP (Model Context Protocol) server for AI coding assistants.

Authentication

API Tokens

Create API tokens from your profile settings. Include the token in the Authorization header:

bash
curl https://{tenant}.kendo.dev/api/projects \
  -H "Authorization: Bearer your-api-token"

Tokens can be revoked at any time from your profile.

Base URL

All API endpoints are relative to your tenant subdomain:

https://{tenant}.kendo.dev/api/

Resources

ResourceDescription
IssuesCreate, update, move, and search issues
ProjectsManage projects and their configuration
SprintsPlan, activate, and complete sprints
Time EntriesLog and manage time against issues
CommentsAdd and manage comments on issues
EpicsGroup issues on a timeline
RolesManage roles and permissions
UsersList and manage workspace members
NotificationsList and manage your notification inbox
Branch LinksLink GitHub branches to issues
ReportsSubmit, promote, and manage feedback reports
Project TokensUse scoped tokens for external report submission
API TokensAuthenticate API requests with personal tokens

Additional Endpoints

MethodEndpointDescription
GET/api/projects/{id}/lanesList board lanes
GET/api/teamsList teams
GET/api/github/statusCheck GitHub connection
GET/api/projects/{id}/github-reposList linked repositories

Response Format

All responses return JSON. Successful responses return the resource directly:

json
{
  "id": 1,
  "title": "...",
  "created_at": "2026-03-13T10:30:00.000000Z"
}

Collection endpoints return arrays:

json
[
  {"id": 1, "title": "..."},
  {"id": 2, "title": "..."}
]

Status Codes

CodeMeaning
200Success (retrieve, update, list)
201Created (store)
204No Content (delete)
422Validation Error (invalid input)

Validation Errors

When validation fails, the API returns a 422 response with field-level errors:

json
{
  "message": "The title field is required.",
  "errors": {
    "title": ["The title field is required."],
    "priority": ["The selected priority is invalid."]
  }
}

Authorization & Scoping

All API and MCP access is scoped to the authenticated user:

  • API tokens are user-specific — you only see projects, issues, and data for projects assigned to your teams
  • MCP tokens carry an mcp:use scope with the same access restrictions
  • This isn't just filtering — it's programmatic enforcement through Laravel Gates and Project::accessibleBy($user) checks
  • Role-based permissions apply per-resource, per-action: each role defines Create, Read, Update (None/Own/All), and Delete (None/Own/All) scopes for 16 resources
  • Project owners automatically get full access to all project-scoped resources in their own projects
  • Admins bypass all permission checks

MCP Server

kendo exposes a Model Context Protocol server with tools and resources for AI coding assistants.

For full documentation including setup guides, tool parameters, and workflow examples, see the MCP documentation.

SectionWhat's Covered
Overview & SetupOAuth flow, Claude Code and Cursor configuration
IssuesCreate, update, move, delete, search (5 tools)
CommentsAdd, update, delete with permission model (3 tools)
Time EntriesLog, update, delete, query with grouping (4 tools)
EpicsCreate, update, delete, get with progress (4 tools)
SprintsCreate, update, complete with lifecycle (3 tools)
BranchesLink branches with auto-repo resolution (1 tool)
Resources10 read-only resources for projects, issues, lanes, sprints, epics, members, teams, repos
WorkflowsMulti-step flows: sprint planning, bug triage, time logging

Build Integrations

Use the API to connect any chat tool, CI pipeline, or internal system to your project board:

  • Create issues from Slack, Discord, or Microsoft Teams messages
  • Post board updates to a channel
  • Sync status with external dashboards
  • Trigger workflows based on issue events

See Also