Quickstart¶
Get a 200 from the Konto Agent API in about five minutes. We'll use the
development environment — a safe sandbox — throughout.
Zero-code alternative
If you just want an AI assistant to use Konto, skip the API entirely and connect the MCP connector — no tokens, no code.
1. Get development credentials¶
Ask Konto for a development agent client (client_id + client_secret) and a
dev/test Konto account. Agent clients are per-environment — a dev client
does not work on production.
You'll also need the dev maintenance-bypass code (dev.konto.is runs in
maintenance mode; every call must carry it). We'll call it DEV_MAINT below.
export CLIENT_ID="…" # from Konto
export CLIENT_SECRET="…" # from Konto (keep it secret)
export DEV_MAINT="…" # dev bypass code, from Konto
export BASE="https://dev.konto.is"
2. Authorize (sign in & consent)¶
Open this URL in a browser, sign in with your dev account, and approve the
requested scopes. You'll be redirected to redirect_uri with a ?code=….
https://dev.konto.is/strax/agent/authorize
?client_id=$CLIENT_ID
&scope=dashboard_data,manage_customers,create_invoice
&redirect_uri=https://your-app.example/callback
&state=xyz
&en4_maint_code=$DEV_MAINT
Copy the code value from the redirect (it's valid for 10 minutes).
Public clients need PKCE
If your client has no secret, add code_challenge (S256) here and
code_verifier at the token step.
3. Exchange the code for a token¶
export CODE="…" # the code from step 2
curl -s -X POST "$BASE/strax/agent/token?en4_maint_code=$DEV_MAINT" \
-H "Content-Type: application/json" \
-d '{
"grant_type": "authorization_code",
"client_id": "'"$CLIENT_ID"'",
"client_secret": "'"$CLIENT_SECRET"'",
"code": "'"$CODE"'",
"redirect_uri": "https://your-app.example/callback"
}'
{ "access_token": "…", "refresh_token": "…", "expires_in": 3600, "scope": "dashboard_data,manage_customers,create_invoice" }
Save the access_token. The refresh_token rotates — persist the new one from
every refresh (see Authentication).
4. Your first call¶
export TOKEN="…" # access_token from step 3
curl -s "$BASE/api/v1/agent/status?en4_maint_code=$DEV_MAINT" \
-H "Authorization: Bearer $TOKEN"
{ "status": true, "result": { "company_name": "KG-NEW-TEST", "registration_no": "1806756129", "username": "…" } }
🎉 You're talking to Konto. Every resource endpoint returns this
{ status, message, result } envelope — always check status.
5. Create something¶
List your customers, then create an invoice for one:
# find a customer guid
curl -s "$BASE/api/v1/agent/customers?limit=1&en4_maint_code=$DEV_MAINT" \
-H "Authorization: Bearer $TOKEN"
# create an invoice (see the write contract for the field rules)
curl -s -X POST "$BASE/api/v1/agent/invoices?en4_maint_code=$DEV_MAINT" \
-H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
-d '{ "data": "{\"amount\":2480,\"currency\":\"ISK\",\"customer\":{\"guid\":\"<CUSTOMER_GUID>\"},\"issue_date\":\"2026-01-15\",\"due_date\":\"2026-01-29\",\"settlement_date\":\"2026-02-12\",\"items\":[{\"add_new\":1,\"description\":\"Consulting\",\"qty\":1,\"unit_price\":2000,\"uom\":\"HUR\",\"tax\":\"S\",\"item_number\":\"10000001\"}]}" }'
Read this before creating anything
amount must equal Σ(line items) + VAT, dates must chain
issue ≤ due ≤ settlement, and new inline lines need an item_number.
The write contract has every rule — the server
rejects payloads that break them.
Where next¶
- Authentication & scopes — the full OAuth flow and refresh.
- The write contract — codes and rules for writes.
- API reference — every endpoint.
- Recipes — CRM sync, ERP plugin, time-billing, subscriptions.