Access & API keys
Control domain-based auto-join and manage OpenAI-compatible API keys for external integrations.
The Access page in the administration area bundles two things: first, you control who can join your company without an explicit invitation (domain-based auto-join). Second, you create and manage API keys that let external tools call your company's models programmatically — through an OpenAI-API-compatible interface. You'll find both under Administration → Access.
Who has access? The page and every action on it are restricted to the Owner and Admin roles. Regular members don't see the menu entry.
Auto-join by domain
By default, new people only join your company through an explicit invitation. With the domain settings you can skip that step for your own staff: anyone signing in with a company email address lands in the right tenant automatically.
Primary company domain
The Primary company domain field (e.g. firma.de) claims your domain for your tenant. The effect:
It prevents anyone with this domain from accidentally creating a second company.
When someone signs in with this domain for the first time, they land on a "contact your admin" page — unless the domain is also in the auto-join list (see below).
The primary domain alone does not grant access. It only protects against parallel company accounts. If you want staff to enroll themselves, add the same domain to the Domains with automatic join list as well.
Domains with automatic join
Every domain in this list enables self-service joining: staff who sign in with one of these domains via SSO or magic link are added as a member immediately — no invitation required.
Type a domain into the input and confirm with
Addor the Enter key.Added domains appear as removable chips; click the
×to remove one.You can store several domains (handy for subsidiaries or multiple brand domains).
Free mail providers (e.g. gmail.com, gmx.de, web.de, outlook.com) are not allowed and will be rejected. Otherwise anyone with a free-mail address could gain access. Only real domains owned by your company are permitted.
Invalid entries are rejected with an error (Invalid domain: …). Changes only take effect once you press Save — the button is active only while there are unsaved changes, and a brief Saved confirms success.
API keys
API keys let you call Kasimir from external systems — for instance a Slack integration, a Power BI connector, or your own scripts. Each key belongs to the company (not an individual person) and can be revoked at any time.
Create a key
Click
New keyin the top right.Give it a descriptive name (e.g.
Slack integrationorPower BI connector) so you can later recognize what it's used for.Confirm with
Create.
The key is now shown in plaintext exactly once. Copy it immediately with Copy key and store it securely in your target system.
The full key is shown only this one time. Once you close the dialog it can no longer be retrieved — Kasimir stores only a hash (SHA-256), never the plaintext. If a key is lost, you must revoke it and create a new one.
Key format
A key has the form kasi_ followed by 32 random characters (roughly 160 bits of entropy). For security, the list shows only the prefix, e.g. kasi_ab3f…. This prefix helps you recognize the key in logs but reveals nothing about the full secret.
Manage keys
In the list, each entry shows its name, prefix, and a status line:
Field | Meaning |
|---|---|
| the key's permissions (default: |
| creation date |
| timestamp of the most recent use |
| badge if the key has been deactivated |
Revoke deactivates a key immediately and irreversibly. External tools using it lose access at once. The key stays in the list for traceability but is marked Revoked.
Use a separate key per integration. That way you can revoke a single one without disrupting the others, and last used tells you which integrations are still active.
The public API (developer panel)
Above the key list you'll find the developer panel. The interface is OpenAI-API compatible — you just set the base_url and an API key, and existing OpenAI SDKs work out of the box.
Base URL:
https://kasimir.ai/api/v1(copyable viaCopy)Authentication: HTTP header
Authorization: Bearer <YOUR_API_KEY>Usage this month: shows requests, tokens consumed, and the estimated cost in euros for the current calendar month
API documentation: link to the full reference at
docs.kasimir.ai/api
Available endpoints:
Endpoint | Purpose |
|---|---|
| chat responses (with streaming, tools, |
| text embeddings |
| list of models enabled for your company |
| run a preconfigured assistant programmatically |
The panel shows a ready-to-copy curl example:
curl https://kasimir.ai/api/v1/chat/completions \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"model":"mistral-small-3.2-24b","messages":[{"role":"user","content":"Hello"}]}'The API respects the same rules as the web interface: only the models enabled for your company are available, non-EU models only when that option is turned on, and the company budget is counted. Every API call feeds into your monthly usage.