Skip to main content

How to Authenticate Kuda Business API Requests

Generate an API key, request an access token, and send authenticated Kuda Business API calls securely.

Written by Nosa O

To call the Kuda Business API, you need:

  • a Kuda Business API key

  • your Kuda Business email address

  • an access token generated from the API key

Keep all credentials on your server. Never expose your API key or access token in frontend code.

Generate your API key

  1. Sign in to your Kuda Business dashboard.

  2. Open the Business API section.

  3. Go to API Keys.

  4. Generate an API key.

  5. Copy the API key immediately and store it securely.

You may only be able to view the API key once. If you lose it, generate a new key.

Generate an access token

Use your business email and API key to request an access token.

UAT example:

curl -X POST "https://kuda-openapi-uat.kudabank.com/v2.1/Account/GetToken" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "apiKey": "YOUR_API_KEY"
  }'

Production example:

curl -X POST "https://kuda-openapi.kuda.com/v2.1/Account/GetToken" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "apiKey": "YOUR_API_KEY"
  }'

The token response is a raw JWT string, not a JSON object.

Example response:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Use the token

Send the token in the Authorization header:

curl -X POST "https://kuda-openapi-uat.kudabank.com/v2.1" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -d '{
    "serviceType": "BANK_LIST",
    "requestRef": "BANK001",
    "data": {}
  }'

Server-side token helper

const BASE_URL =
  process.env.KUDA_ENV === "production"
    ? "https://kuda-openapi.kuda.com/v2.1"
    : "https://kuda-openapi-uat.kudabank.com/v2.1";export async function getKudaAccessToken() {
  if (process.env.KUDA_ACCESS_TOKEN) {
    return process.env.KUDA_ACCESS_TOKEN;
  }  const email = process.env.KUDA_BUSINESS_EMAIL;
  const apiKey = process.env.KUDA_API_KEY;  if (!email || !apiKey) {
    throw new Error("Kuda API credentials are not configured.");
  }  const response = await fetch(`${BASE_URL}/Account/GetToken`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ email, apiKey })
  });  if (!response.ok) {
    throw new Error(`Kuda token request failed with HTTP ${response.status}`);
  }  return response.text();
}

Security checklist

  • Store API keys in a secure secret manager or server environment variables.

  • Do not prefix Kuda secrets with frontend-public environment variable names.

  • Do not send API keys to the browser.

  • Do not log full tokens.

  • Rotate keys if they are exposed.

  • Use UAT credentials in UAT and production credentials in production.

  • Make sure only authorized backend routes can trigger money movement.

Common authentication issues

Issue

What to check

401 Unauthorized

Token is missing, expired, malformed, or from the wrong environment.

Token response is not JSON

This is expected. The token endpoint returns a raw JWT string.

UAT works but production fails

Confirm production API access, production API key, and production base URL.

Browser requests fail

Move Kuda API calls to your backend.

Related Articles
Authenticating Your API Requests
Kuda Business API Pricing
How to Generate an Access Token
Integrating the Kuda Business API
Kuda Business API Request Format and Environments
Did this answer your question?