Kasimir Docs DEEN To the app →

Access & API keys

Control domain-based auto-join and manage OpenAI-compatible API keys for external integrations.

The Access page in the administration area bundles two things: first, you control who can join your company without an explicit invitation (domain-based auto-join). Second, you create and manage API keys that let external tools call your company's models programmatically — through an OpenAI-API-compatible interface. You'll find both under AdministrationAccess.

ℹ️

Who has access? The page and every action on it are restricted to the Owner and Admin roles. Regular members don't see the menu entry.

Auto-join by domain Users with a matching email domain join this workspace automatically. Primary company domain firma.de Domains with automatic join firma.de tochter.de Add Save API keys Programmatic access to the Kasimir API. New key Base URL: https://kasimir.ai/api/v1 Copy API documentation → Authenticate with a Bearer token. 1,284 requests this month · rate limit 60/min. curl https://kasimir.ai/api/v1/chat/completions \ -H "Authorization: Bearer kasi_••••" -d '{ "model": "kasimir-1" }' Production server kasi_7f3a…9c2e Scopes: read, write · Created 12 May 2026 · Last used 2 hours ago Revoke CI pipeline kasi_b81d…44af Scopes: read · Created 3 Mar 2026 · Last used 6 days ago Revoke
The Access page: domain join at the top, API keys and developer panel below.

Auto-join by domain

By default, new people only join your company through an explicit invitation. With the domain settings you can skip that step for your own staff: anyone signing in with a company email address lands in the right tenant automatically.

Primary company domain

The Primary company domain field (e.g. firma.de) claims your domain for your tenant. The effect:

  • It prevents anyone with this domain from accidentally creating a second company.

  • When someone signs in with this domain for the first time, they land on a "contact your admin" page — unless the domain is also in the auto-join list (see below).

💡

The primary domain alone does not grant access. It only protects against parallel company accounts. If you want staff to enroll themselves, add the same domain to the Domains with automatic join list as well.

Domains with automatic join

Every domain in this list enables self-service joining: staff who sign in with one of these domains via SSO or magic link are added as a member immediately — no invitation required.

  • Type a domain into the input and confirm with Add or the Enter key.

  • Added domains appear as removable chips; click the × to remove one.

  • You can store several domains (handy for subsidiaries or multiple brand domains).

⚠️

Free mail providers (e.g. gmail.com, gmx.de, web.de, outlook.com) are not allowed and will be rejected. Otherwise anyone with a free-mail address could gain access. Only real domains owned by your company are permitted.

Invalid entries are rejected with an error (Invalid domain: …). Changes only take effect once you press Save — the button is active only while there are unsaved changes, and a brief Saved confirms success.

API keys

API keys let you call Kasimir from external systems — for instance a Slack integration, a Power BI connector, or your own scripts. Each key belongs to the company (not an individual person) and can be revoked at any time.

Create a key

  1. Click New key in the top right.

  2. Give it a descriptive name (e.g. Slack integration or Power BI connector) so you can later recognize what it's used for.

  3. Confirm with Create.

The key is now shown in plaintext exactly once. Copy it immediately with Copy key and store it securely in your target system.

⚠️

The full key is shown only this one time. Once you close the dialog it can no longer be retrieved — Kasimir stores only a hash (SHA-256), never the plaintext. If a key is lost, you must revoke it and create a new one.

New key Please copy the key now — you'll only see it this one time. SECRET KEY kasi_ab3fk9x2m7qwzv4t8r1ynd6ph-c0sjul Copy key Closing this dialog will hide the key. We only store a hash. Done
The created key is shown in plaintext exactly once — copy it right away.

Key format

A key has the form kasi_ followed by 32 random characters (roughly 160 bits of entropy). For security, the list shows only the prefix, e.g. kasi_ab3f…. This prefix helps you recognize the key in logs but reveals nothing about the full secret.

Manage keys

In the list, each entry shows its name, prefix, and a status line:

Field

Meaning

Scopes

the key's permissions (default: chat:read, chat:write)

created

creation date

last used / never used

timestamp of the most recent use

Revoked

badge if the key has been deactivated

Revoke deactivates a key immediately and irreversibly. External tools using it lose access at once. The key stays in the list for traceability but is marked Revoked.

💡

Use a separate key per integration. That way you can revoke a single one without disrupting the others, and last used tells you which integrations are still active.

The public API (developer panel)

Above the key list you'll find the developer panel. The interface is OpenAI-API compatible — you just set the base_url and an API key, and existing OpenAI SDKs work out of the box.

  • Base URL: https://kasimir.ai/api/v1 (copyable via Copy)

  • Authentication: HTTP header Authorization: Bearer <YOUR_API_KEY>

  • Usage this month: shows requests, tokens consumed, and the estimated cost in euros for the current calendar month

  • API documentation: link to the full reference at docs.kasimir.ai/api

Available endpoints:

Endpoint

Purpose

POST /chat/completions

chat responses (with streaming, tools, response_format, etc.)

POST /embeddings

text embeddings

GET /models

list of models enabled for your company

POST /assistants/{id}/run

run a preconfigured assistant programmatically

The panel shows a ready-to-copy curl example:

curl https://kasimir.ai/api/v1/chat/completions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"model":"mistral-small-3.2-24b","messages":[{"role":"user","content":"Hello"}]}'
ℹ️

The API respects the same rules as the web interface: only the models enabled for your company are available, non-EU models only when that option is turned on, and the company budget is counted. Every API call feeds into your monthly usage.