Skip to content
Last updated

Welcome to the Kaito APIs. This portal provides OpenAPI specs, quickstarts, and security details so you can build, test, and launch on Kaito.

What is Kaito?

Kaito provides API-based connectivity as a payment rail to move value across regions and rails:

  • FIAT <-> FIAT — Cross-border fiat transfers
  • FIAT <-> CRYPTO — On-ramp to crypto
  • CRYPTO <-> FIAT — Off-ramp to fiat
  • CRYPTO <-> CRYPTO — On-chain transfers

You integrate once with the Kaito API, and Kaito handles routing, provider selection, fallbacks, and settlement orchestration.

Integration Options

OptionDescriptionUse Case
API DirectFull control via REST APIBackend integrations
JavaScript SDK@kaito/checkout-sdkWeb applications
Hosted CheckoutRedirect to KaitoQuick integration
iFrame EmbedWidget in your appCustom UI

Environments

EnvironmentBase URLPurpose
Productionhttps://api.kaito.ioLive transactions
Sandboxhttps://sandbox.api.kaito.ioTesting with mock data

API Catalog

Core API — Rail M2M

Machine-to-machine API for partners to discover corridors, manage destination accounts, and run quote/order flows.

FeatureDescription
RailsList enabled corridors for the authenticated client (GET /v1/rails)
AccountsManage destination bank accounts (/v1/accounts, includes validate)
QuotesCreate a quote against a destination account (POST /v1/quotes)
OrdersConvert a quote into an order and track its lifecycle (/v1/orders, /v1/orders/{orderId})
Deposit reportingBody-less client action: deposit sent (POST /v1/orders/{orderId}/deposit-reported)

Supported flow types (selected by request body shape, not by URL): kaito → kaito, kaito → soyfri, crypto → kaito, crypto → soyfri.

Spec: core.yaml


Users API

Identity verification and wallet management.

FeatureDescription
Identity (KYC)Individual identity verification
Identity (KYB)Business verification
WalletsCustodial wallet creation and management

Spec: users.yaml


Security

MechanismDescription
TransportAll API communication is over HTTPS (TLS). Plain HTTP is rejected.
API keyx-kaito-api-key — public Rail API key identifier (rk_test_… / rk_live_…). Identifies the calling client.
Per-request signaturex-kaito-signature — hex HMAC-SHA256 of the canonical request, signed with the per-key secret. The secret never leaves your side.
Replay windowx-kaito-timestamp — Unix timestamp; signatures older than ±300s are rejected.
Trace idx-kaito-trace-id — caller-generated id, echoed in the response header and in error envelopes.
Body hashx-kaito-content — hex SHA-256 of the raw body; required for POST/PATCH, optional for GET/DELETE.
Webhook signatureOutbound webhooks are signed by Kaito with Kaito-Timestamp + Kaito-Signature (HMAC-SHA256). Verify on your side.

See Kaito as a Payment Rail — Authentication for the canonical signature format and a runnable Node.js example.

Quick Start

// Sign one request to POST /v1/quotes
import crypto from 'node:crypto';

const apiKey = 'rk_test_...';
const secret = 'sk_...';
const baseUrl = 'https://api.kaito.io/v1';
const path = '/quotes';
const body = JSON.stringify({
  sourceCountry: 'GT',
  targetAccountId: '019e4c4b-...-ba-...',
  amount: 20,
});

const timestamp = Math.floor(Date.now() / 1000).toString();
const traceId = `trc_${Date.now().toString(36)}_${crypto.randomBytes(4).toString('hex')}`;
const contentSha256 = crypto.createHash('sha256').update(body).digest('hex');

const canonical = [timestamp, 'POST', path, '', traceId, contentSha256].join('.');
const signature = crypto.createHmac('sha256', secret).update(canonical).digest('hex');

await fetch(`${baseUrl}${path}`, {
  method: 'POST',
  headers: {
    'content-type': 'application/json',
    'x-kaito-api-key': apiKey,
    'x-kaito-timestamp': timestamp,
    'x-kaito-trace-id': traceId,
    'x-kaito-content': contentSha256,
    'x-kaito-signature': signature,
  },
  body,
});

For a ready-to-use cookbook, import the Kaito Rail API Postman collection — fill in apiKeyId, hmacSecret, and targetAccountId under the collection's Variables tab, and every request is signed automatically by the collection-level pre-request script.

Get in touch

ChannelDetails
📧 Emailsales@kaito.io — initial contact, credentials request
💬 SlackShared channel for technical integration support — request an invite at sales@kaito.io

SDKs & Tools

  • Auto-generate clients from OpenAPI specs (TypeScript, Python, Java, Go)
  • Import specs into Postman/Insomnia

Documentation


Last updated: 2026-05-19