Authentication
Every request to /api/check requires a Bearer token in the Authorization header. Your key is issued instantly when you subscribe — no approval queue, no KYC.
Your API key
API keys follow the format kc_live_[48 hex chars]. They are hashed with SHA-256 before storage — we never store your key in plaintext.
# Every authenticated request uses this header:
Authorization: Bearer kc_live_your_key_hereKeep it secret. Treat your API key like a password. Do not commit it to version control. Use environment variables: KC_API_KEY=kc_live_...
Making your first authenticated request
curl -X POST https://kairoscheck.net/api/check \
-H "Authorization: Bearer kc_live_your_key_here" \
-H "Content-Type: application/json" \
-d '{"domain":"test.io"}'Key security
| Property | Value |
|---|---|
| Storage | SHA-256 hash only — never plaintext |
| Transport | TLS 1.2+ required (enforced by Cloudflare) |
| Rotation | Rotate anytime from your dashboard — old key valid 24h |
| Revocation | Immediate — revoked key returns 401 within seconds |
| Audit trail | Every check is logged with SHA-256 key hash, never raw key |
Environment variables (recommended)
# .env (never commit this file)
KC_API_KEY=kc_live_your_key_here
# Node.js
const key = process.env.KC_API_KEY;
# Python
import os; key = os.environ['KC_API_KEY']
# PHP
$key = $_ENV['KC_API_KEY'];
# GitHub Actions / Railway
# Add KC_API_KEY as a secret in your environment settingsError responses
| Status | Error | Meaning |
|---|---|---|
401 | Invalid API key | Key not found, revoked, or malformed |
429 | Monthly quota exceeded | Upgrade your plan or wait for reset |
Next: read the /api/check reference to see all entity types and response fields.