Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.kansato.com/llms.txt

Use this file to discover all available pages before exploring further.

API keys

Create keys in Settings → Developer → API Keys (workspace owners only).
Key kindPrefixUse
Secretwh_Server-side: full SDK and moderation API
Publishablewhpk_Browser-side hosted report UI, direct report creation, and report reasons (see React SDK)
The plaintext secret is shown once when you create a secret key. Store it in a secret manager and never expose it in client bundles. Publishable keys are safe to use in your frontend with the hosted Whistle iframe and React SDK. They are not a replacement for backend secret keys. 
Authorization: Bearer wh_xxxxxxxxxxxx
You can list, rotate, and revoke keys in the dashboard; some operations are also exposed in the API reference (organization routes).

API reference

The API reference tab is generated from openapi.json. Try it against a running API:
  • Server: your API origin (for example http://localhost:3001).
  • Authorization: Bearer + your secret key (wh_...).
For how secret vs publishable keys differ at the HTTP layer, see API overview.

SDK base URL

The Node SDK targets the Whistle SDK mount point by default: https://api.kansato.com/sdk/whistle/v1 Override with baseUrl for local development: 
import { Whistle } from "@kansato/whistle-sdk";

const whistle = new Whistle({
  apiKey: process.env.WHISTLE_API_KEY,
  projectId: process.env.WHISTLE_PROJECT_ID,
  baseUrl: "http://localhost:3001/sdk/whistle/v1",
});
Some features (for example Kuro AI content analysis) use organization-scoped REST paths under /api/v1/organizations/...; those are documented on the feature pages and in the running server’s OpenAPI/Swagger where exposed. For browser-side UI integrations, the hosted report form lives on the Whistle web origin and is opened through the React SDK or the plain iframe snippet shown in the dashboard’s developer settings.

Webhooks

In Settings → Developer → Webhooks, register HTTPS endpoints, pick event types, and set a signing secret. Verify deliveries with the Node SDK or manually—see Outbound webhooks.

Local OpenAPI UI

With the Whistle server running locally, Swagger UI is typically at http://localhost:3001/docs (exact path matches your server config).