Skip to content

API Reference

kendo provides an API for programmatic access and an MCP (Model Context Protocol) server for AI coding assistants.

Authentication

kendo has two kinds of token. Use a personal API token for your own programmatic access, and a project token when an external system needs to submit data to a single project.

Personal API Tokens

Personal tokens authenticate requests on your behalf and carry read + write scopes — they reach every endpoint your account can, subject to your role and team access. Create them from your profile settings and include the token in the Authorization header:

bash
curl https://{tenant}.kendo.dev/api/projects \
  -H "Authorization: Bearer your-api-token"

Tokens can be revoked at any time from your profile. See API Tokens for scopes and details.

Project Tokens

Project tokens are scoped to a single project and carry exactly one abilityreport:create (submit reports) or error-events:write (ingest error events). They exist for external systems — CI pipelines, feedback widgets, error reporters — that should submit to one project and reach nothing else. Mint them from the project's settings; see Project Tokens. The report and error-event submission endpoints accept only project tokens — a personal token cannot call them.

Personal API tokenProject token
ScopeYour whole accountOne project
AccessThe general API, per your role (except report / error-event submission)One ability: reports or error events
Created fromProfile settingsProject settings
ForYour own scripts and integrationsExternal systems submitting data in

Base URL

All API endpoints are relative to your tenant subdomain:

https://{tenant}.kendo.dev/api/

Resources

ResourceDescription
IssuesCreate, update, move, and search issues
ProjectsManage projects and their configuration
SprintsPlan, activate, and complete sprints
Time EntriesLog and manage time against issues
CommentsAdd and manage comments on issues
EpicsGroup issues on a timeline
RolesManage roles and permissions
UsersList and manage workspace members
NotificationsList and manage your notification inbox
Branch LinksLink GitHub branches to issues
ReportsSubmit, promote, and manage feedback reports
Error EventsIngest application errors, deduplicated into error groups
Project TokensScoped tokens for external systems — one project, one ability (reports or error events)
API TokensPersonal access tokens — full API access for your own account

Additional Endpoints

MethodEndpointDescription
GET/api/projects/{id}/lanesList board lanes
GET/api/teamsList teams
GET/api/github/statusCheck GitHub connection
GET/api/projects/{id}/github-reposList linked repositories

Response Format

All responses return JSON. Successful responses return the resource directly:

json
{
  "id": 1,
  "title": "...",
  "created_at": "2026-03-13T10:30:00.000000Z"
}

Collection endpoints return arrays:

json
[
  {"id": 1, "title": "..."},
  {"id": 2, "title": "..."}
]

Status Codes

CodeMeaning
200Success (retrieve, update, list)
201Created (store)
204No Content (delete)
422Validation Error (invalid input)

Validation Errors

When validation fails, the API returns a 422 response with field-level errors:

json
{
  "message": "The title field is required.",
  "errors": {
    "title": ["The title field is required."],
    "priority": ["The selected priority is invalid."]
  }
}

Authorization & Scoping

All API and MCP access is scoped to the authenticated user:

  • API tokens are user-specific — you only see projects, issues, and data for projects assigned to your teams
  • MCP tokens carry an mcp:use scope with the same access restrictions
  • This isn't just filtering — it's programmatic enforcement through Laravel Gates and Project::accessibleBy($user) checks
  • Role-based permissions apply per-resource, per-action: each role defines Create, Read, Update (None/Own/All), and Delete (None/Own/All) scopes for 16 resources
  • Project owners automatically get full access to all project-scoped resources in their own projects
  • Admins bypass all permission checks

MCP Server

kendo exposes a Model Context Protocol server with tools and resources for AI coding assistants.

For full documentation including setup guides, tool parameters, and workflow examples, see the MCP documentation.

SectionWhat's Covered
Overview & SetupOAuth flow, Claude Code and Cursor configuration
IssuesCreate, update, search, prepare context, pick up, daily snapshot (9 tools)
CommentsAdd, update, delete with permission model (3 tools)
Time EntriesLog, update, delete, query with grouping (4 tools)
EpicsCreate, update, delete, get with progress (4 tools)
LabelsList, create, update, delete labels, and set an issue's labels (5 tools)
SprintsList, create, update, complete, delete, bulk-assign issues (6 tools)
BranchesLink and unlink branches with multi-repo disambiguation (2 tools)
Resources10 read-only resources for projects, issues, lanes, sprints, epics, members, teams, repos
WorkflowsMulti-step flows: sprint planning, bug triage, time logging

Build Integrations

Use the API to connect any chat tool, CI pipeline, or internal system to your project board:

  • Create issues from Slack, Discord, or Microsoft Teams messages
  • Post board updates to a channel
  • Sync status with external dashboards
  • Trigger workflows based on issue events

See Also