Documentation
Everything you need to integrate kamu.co.id.
Reputation API
B2B endpoint untuk fetch reputation score, profile basics, verified platforms.
Authentication
API Key headers, rate limiting, scopes, & error codes.
UU PDP & Consent
How consent works, data fields, audit logs, retention.
Quick Start
-
1
Sign in ke developer portal dengan akun kamu.co.id.
-
2
Generate API key di /api-keys/create. Catat plaintext key — hanya ditampilkan sekali.
-
3
Test request:
curl https://api.kamu.co.id/v1/health \ -H "X-API-Key: kamu_live_..."
-
4
Integrate sesuai use case Anda. Free tier: 1,000 calls/bulan. Lihat endpoint catalog →
Authentication
Setiap request ke /v1/public/*
wajib menyertakan API key via header. Dua format diterima:
# Recommended: X-API-Key header curl ... -H "X-API-Key: kamu_live_abc123..." # Alternative: Authorization header curl ... -H "Authorization: ApiKey kamu_live_abc123..."
Server lookup dengan SHA-256 hash. Plaintext tidak pernah disimpan.
Jika key revoked / expired / disabled, response 401 atau 403.
Rate Limits & Quotas
| Plan | Per minute | Per day | Per month | Price/bulan |
|---|---|---|---|---|
| Free | 30 | 1,000 | 1,000 | Rp 0 |
| Developer | 120 | 10,000 | 10,000 | Rp 299rb |
| Business | 600 | 100,000 | 100,000 | Rp 1,9jt |
| Enterprise | 3,000+ | Custom | Unlimited | Custom |
Response headers: X-RateLimit-Limit,
X-RateLimit-Remaining,
X-RateLimit-Reset.
429 returned saat exceeded.
Error Format
Uniform JSON envelope:
{
"success": false,
"error": {
"code": "consent_revoked",
"message": "User has revoked consent for reputation lookup.",
"trace_id": "req_abc123"
},
"meta": { "timestamp": "2026-04-26T...", "version": "v1" }
}
| HTTP | Code | Cause |
|---|---|---|
| 401 | unauthorized | Missing/invalid API key. |
| 403 | consent_revoked | User revoked consent. |
| 403 | api_key_disabled | Key di-revoke. |
| 404 | profile_not_found | Username tidak ditemukan / private. |
| 429 | rate_limit_exceeded | Quota habis (minute/day/month). |
| 500 | internal_error | Server error — retry atau contact support. |
UU PDP Compliance
kamu.co.id Reputation API patuh terhadap UU 27/2022 (Pelindungan Data Pribadi).
Setiap call yang akses data user spesifik (mis. /v1/public/profiles/{username}):
- Validasi consent dari
user_consents. Tanpa consent active → 403. - Audit log ke
api_data_access_logs(api_key_id, subject_user_id, fields_accessed, accessed_at). - User revoke real-time via dashboard kamu.co.id → API call selanjutnya langsung 403.
- Field minimization: hanya field yang user grant yang di-return.
- Retention: usage_logs 12 bulan, data_access_logs 24 bulan (audit trail).
Consumer (Anda) wajib display purpose dan data fields di app sendiri sebelum invoke API. Sample DPA tersedia by request: [email protected].