Skip to content

Quickstart

Get a 200 from the Konto Agent API in about five minutes. We'll use the development environment — a safe sandbox — throughout.

Zero-code alternative

If you just want an AI assistant to use Konto, skip the API entirely and connect the MCP connector — no tokens, no code.

1. Get development credentials

Ask Konto for a development agent client (client_id + client_secret) and a dev/test Konto account. Agent clients are per-environment — a dev client does not work on production.

You'll also need the dev maintenance-bypass code (dev.konto.is runs in maintenance mode; every call must carry it). We'll call it DEV_MAINT below.

export CLIENT_ID="…"        # from Konto
export CLIENT_SECRET="…"    # from Konto (keep it secret)
export DEV_MAINT="…"        # dev bypass code, from Konto
export BASE="https://dev.konto.is"

Open this URL in a browser, sign in with your dev account, and approve the requested scopes. You'll be redirected to redirect_uri with a ?code=….

https://dev.konto.is/strax/agent/authorize
  ?client_id=$CLIENT_ID
  &scope=dashboard_data,manage_customers,create_invoice
  &redirect_uri=https://your-app.example/callback
  &state=xyz
  &en4_maint_code=$DEV_MAINT

Copy the code value from the redirect (it's valid for 10 minutes).

Public clients need PKCE

If your client has no secret, add code_challenge (S256) here and code_verifier at the token step.

3. Exchange the code for a token

export CODE="…"   # the code from step 2

curl -s -X POST "$BASE/strax/agent/token?en4_maint_code=$DEV_MAINT" \
  -H "Content-Type: application/json" \
  -d '{
    "grant_type": "authorization_code",
    "client_id": "'"$CLIENT_ID"'",
    "client_secret": "'"$CLIENT_SECRET"'",
    "code": "'"$CODE"'",
    "redirect_uri": "https://your-app.example/callback"
  }'
{ "access_token": "…", "refresh_token": "…", "expires_in": 3600, "scope": "dashboard_data,manage_customers,create_invoice" }

Save the access_token. The refresh_token rotates — persist the new one from every refresh (see Authentication).

4. Your first call

export TOKEN="…"   # access_token from step 3

curl -s "$BASE/api/v1/agent/status?en4_maint_code=$DEV_MAINT" \
  -H "Authorization: Bearer $TOKEN"
{ "status": true, "result": { "company_name": "KG-NEW-TEST", "registration_no": "1806756129", "username": "…" } }

🎉 You're talking to Konto. Every resource endpoint returns this { status, message, result } envelope — always check status.

5. Create something

List your customers, then create an invoice for one:

# find a customer guid
curl -s "$BASE/api/v1/agent/customers?limit=1&en4_maint_code=$DEV_MAINT" \
  -H "Authorization: Bearer $TOKEN"

# create an invoice (see the write contract for the field rules)
curl -s -X POST "$BASE/api/v1/agent/invoices?en4_maint_code=$DEV_MAINT" \
  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{ "data": "{\"amount\":2480,\"currency\":\"ISK\",\"customer\":{\"guid\":\"<CUSTOMER_GUID>\"},\"issue_date\":\"2026-01-15\",\"due_date\":\"2026-01-29\",\"settlement_date\":\"2026-02-12\",\"items\":[{\"add_new\":1,\"description\":\"Consulting\",\"qty\":1,\"unit_price\":2000,\"uom\":\"HUR\",\"tax\":\"S\",\"item_number\":\"10000001\"}]}" }'

Read this before creating anything

amount must equal Σ(line items) + VAT, dates must chain issue ≤ due ≤ settlement, and new inline lines need an item_number. The write contract has every rule — the server rejects payloads that break them.

Where next