API Reference
Complete endpoint reference for the Kakunin v1 REST API. Includes query parameters, request schemas, Zod validation details, and exact JSON response payloads.
Base URL
All REST API requests must target the v1 gateway. Direct client integration calls must utilize the authenticated endpoint, while public verification targets the non-auth endpoint.
# Authenticated endpoints (Requires API Key)
https://www.kakunin.ai/api/v1
# Public verification endpoint (No auth required)
https://api.kakunin.ai/v1Authentication Header
Provide your API key (kak_live_... or kak_test_...) in the standard HTTP header for all requests:
Authorization: Bearer <your_api_key>
Content-Type: application/jsonResponse Shapes
All responses return standard structured JSON payloads.
Success Response
{
"data": {
"id": "agt_01h2e4r...",
"object": "agent",
"created_at": "2026-06-13T08:00:00.000Z"
}
}Error Response
{
"error": "Error details explaining the validation or state failure."
}1. Agents API
Manage agent definitions, specifications, and issue compliance certificates.
Register an Agent
POST /agents
Register a new Non-Human Identity (NHI) under your tenant.
Request Payload:
{
"name": "Mastra-Compliance-Trader",
"model": "gpt-4o",
"version": "1.0.0",
"model_hash": "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"metadata": {
"permitted_actions": ["market.read", "trade.execute"]
}
}Success Response (201 Created):
{
"data": {
"id": "agt-6f7a8b",
"name": "Mastra-Compliance-Trader",
"model": "gpt-4o",
"version": "1.0.0",
"status": "pending",
"metadata": {
"permitted_actions": ["market.read", "trade.execute"]
},
"tenant_id": "ten-99a2c1",
"created_at": "2026-06-13T08:30:00Z"
}
}Issue Certificate
POST /agents/{id}/certify
Issue a cryptographic X.509 certificate for an agent.
Success Response (200 OK):
{
"data": {
"agent_id": "agt-6f7a8b",
"serial_number": "88492019472019472019",
"certificate_pem": "-----BEGIN CERTIFICATE-----\nMIIB...",
"not_before": "2026-06-13T08:31:00Z",
"not_after": "2027-06-13T08:31:00Z",
"status": "active"
}
}2. Certificates API
Manage X.509 certificate lifetimes and CRL revocations.
Verify Certificate (Public Endpoint)
GET /verify/{agentId_or_serial} (Path parameter can be the Kakunin agent ID or certificate serial number)
No authentication required. Returns current certificate status, active scopes, and validity.
Success Response (200 OK):
{
"data": {
"agent_id": "agt-6f7a8b",
"serial_number": "88492019472019472019",
"status": "active",
"permitted_actions": ["market.read", "trade.execute"],
"issued_at": "2026-06-13T08:31:00Z",
"expires_at": "2027-06-13T08:31:00Z",
"revoked": false
}
}Revoke Certificate
POST /certificates/{id}/revoke
Revoke the certificate and immediately add the serial to the Certificate Revocation List (CRL).
Success Response (200 OK):
{
"data": {
"serial_number": "88492019472019472019",
"revoked": true,
"revoked_at": "2026-06-13T09:00:00Z",
"reason": "key_compromise"
}
}3. Events API
Ingest behavior events to build the agent's audit trail and feed the real-time risk engine.
Ingest Event
POST /events
Stream a new agent operation to the risk scoring pipeline.
Request Payload:
{
"agent_id": "agt-6f7a8b",
"action_type": "transaction_initiated",
"details": {
"symbol": "AAPL",
"quantity": 5,
"amount": 875.50
}
}Success Response (201 Created):
{
"data": {
"id": "evt-77a8b9",
"agent_id": "agt-6f7a8b",
"action_type": "transaction_initiated",
"risk_score": 0.12,
"details": {
"symbol": "AAPL",
"quantity": 5,
"amount": 875.50
},
"created_at": "2026-06-13T09:05:00Z"
}
}4. Content Risk API
Analyze agent generated output text for safety, alignment, and information leakage.
Score Content Risk
POST /agents/{id}/content-risk
Analyzes agent-generated outputs asynchronously.
Request Payload:
{
"content": "Execute immediate sell order for Apple stock options without user confirmation."
}Success Response (202 Accepted):
{
"data": {
"task_id": "tsk-01h2e4r...",
"status": "processing",
"eta_seconds": 2
}
}5. Delegation API
Create cryptographic delegation chains allowing one agent to delegate scoped execution authority to another agent.
Issue Delegation Token
POST /agents/{id}/delegation
Request Payload:
{
"delegate_agent_id": "agt-subordinate-bot",
"permitted_actions": ["market.read"]
}Success Response (201 Created):
{
"data": {
"delegation_token": "eyJhbGciOiJ...",
"chain_length": 1,
"expires_at": "2026-06-14T09:00:00Z"
}
}6. Integrations API
Configure outbound webhooks, OpenTelemetry (OTLP) exporters, or continuous integration gates.
Update OTLP Exporter
POST /integrations/otlp
Request Payload:
{
"endpoint": "https://otlp.datadoghq.com:443",
"protocol": "http/protobuf",
"headers": {
"DD-API-KEY": "dd_secret_key_123"
}
}Success Response (200 OK):
{
"data": {
"endpoint": "https://otlp.datadoghq.com:443",
"protocol": "http/protobuf",
"status": "connected"
}
}7. Reports API
Generate audit-ready compliance reports summarizing agent identities, certificate statuses, and behavioral risk distributions.
Request Compliance Report
POST /reports/compliance
Request Payload:
{
"format": "pdf",
"start_date": "2026-05-01T00:00:00Z",
"end_date": "2026-06-13T00:00:00Z"
}Success Response (202 Accepted):
{
"data": {
"report_id": "rep-445a6c",
"status": "generating"
}
}Download PDF Report
GET /reports/{id}/pdf
Returns the generated PDF file directly as a binary download (application/pdf).
EU AI Act Agent Compliance & Audit Readiness Checklist
A C-suite and engineering guide to achieving EU AI Act agent compliance, MiCA alignments, and DORA audit readiness.
Error Handling & Troubleshooting
Complete Kakunin troubleshooting guide. Step-by-step resolution steps for common integration mistakes, empty scopes, rate limits, and KMS errors.