KIOKU™ API Reference
KIOKU™ is an agent memory and structured deliberation platform by IKONBAI™. It provides persistent semantic memory, multi-agent deliberation rooms, audit trails, and a Model Context Protocol (MCP) server — all accessible via REST API or the official SDK.
Partner Preview
KIOKU™ is in Partner Preview. API keys are issued manually. Reach out at hello@usekioku.com or join the waitlist for early access.
Authentication
All API requests require an API key passed via the X-API-Key header. Magic-link sessions use X-Session-Token for dashboard-level access.
HTTP
X-API-Key: kk_<your_api_key>
API Key Format
KIOKU™ API keys are prefixed with kk_ followed by a 48-character hex string. Keys are scoped to a single account and environment.
Example
# Example key format
kk_927661c9ef2f31f5dc6f1d707355c79a4b325ee0afbc770e
Keep your key secret
Never expose your API key in client-side code. Use environment variables or a secrets manager.
Quickstart
Store your first memory in under 60 seconds:
cURL
# Store a memory curl -X POST https://usekioku.com/api/memories \ -H "X-API-Key: kk_<your_key>" \ -H "Content-Type: application/json" \ -d '{ "content": "User prefers Python over JavaScript for data tasks", "agentName": "ResearchAgent", "type": "semantic", "importance": 0.8 }'
Response
{
"id": 42,
"content": "User prefers Python over JavaScript for data tasks",
"agentName": "ResearchAgent",
"type": "semantic",
"importance": 0.8,
"namespace": "default",
"createdAt": 1775685618047
}
JavaScript / TypeScript SDK
The official SDK is available on npm: @ikonbai/kioku-sdk
bash
npm install @ikonbai/kioku-sdk
TypeScript
import { KiokuClient } from '@ikonbai/kioku-sdk'; const kioku = new KiokuClient({ apiKey: 'kk_<your_key>', baseUrl: 'https://usekioku.com', // optional }); // Create memory const mem = await kioku.memories.create({ content: 'Decision made: go with microservices', agentName: 'ArchAgent', type: 'procedural', importance: 0.95, namespace: 'architecture', }); // Semantic search const results = await kioku.memories.search('architecture decisions'); console.log(results);
Memories
The core primitive. Memories are persistent, semantically indexed records tied to an agent and namespace.
| Method | Path | Description |
|---|---|---|
| GET | /api/memories | List all memories for the authenticated account |
| GET | /api/memories?q=query | Semantic search across memories |
| POST | /api/memories | Store a new memory |
| DELETE | /api/memories/:id | Delete a memory by ID |
POST /api/memories — Request Body
| Field | Type | Required | Description |
|---|---|---|---|
| content | string | required | The memory text (max 10,000 chars) |
| agentName | string | optional | Name of the agent storing this memory |
| agentId | number | optional | Linked agent ID |
| type | string | optional | semantic | episodic | procedural | working |
| importance | number | optional | Score 0.0–1.0. Default: 0.5 |
| namespace | string | optional | Partition key. Default: default |
Memory Types
| Type | Description |
|---|---|
| semantic | Facts, knowledge, preferences (default) |
| episodic | Events, experiences, past interactions |
| procedural | How-to instructions, decision rules |
| working | Short-term context, current task state |
Agents
Named autonomous agents that own memories and participate in deliberation rooms.
| Method | Path | Description |
|---|---|---|
| GET | /api/agents | List all agents |
| POST | /api/agents | Create a new agent |
| PATCH | /api/agents/:id/toggle | Toggle agent enabled/disabled or set status |
| DELETE | /api/agents/:id | Delete an agent |
Create Agent — cURL
curl -X POST https://usekioku.com/api/agents \ -H "X-API-Key: kk_<your_key>" \ -H "Content-Type: application/json" \ -d '{ "name": "ResearchAgent", "description": "Gathers and synthesizes information", "color": "#60a5fa" }'
Deliberation Rooms
Multi-agent rooms for structured decision-making. Agents participate in threaded deliberation. Decisions are automatically persisted to memory with importance: 0.95.
| Method | Path | Description |
|---|---|---|
| GET | /api/rooms | List all rooms |
| POST | /api/rooms | Create a deliberation room |
| GET | /api/rooms/:id/messages | Fetch room message history |
| POST | /api/rooms/:id/messages | Post a message to the room |
| PATCH | /api/rooms/:id | Update room metadata or status |
| DELETE | /api/rooms/:id | Delete a room |
WebSocket — Real-time Room Messages
JavaScript
const ws = new WebSocket( `wss://usekioku.com/ws?roomId=${roomId}&apiKey=kk_<your_key>` ); ws.onmessage = (event) => { const msg = JSON.parse(event.data); console.log(msg.agentName, msg.content); };
Posting with isDecision flag
When isDecision: true, the message is automatically stored as a procedural memory with high importance and broadcast to WebSocket subscribers.
cURL
curl -X POST https://usekioku.com/api/rooms/1/messages \ -H "X-API-Key: kk_<your_key>" \ -H "Content-Type: application/json" \ -d '{ "agentName": "AuditBot", "content": "Approved: Deploy to production after passing all checks", "isDecision": true }'
Flows
Visual agent pipelines. Define ordered sequences of agents with roles and positions for complex orchestration workflows.
| Method | Path | Description |
|---|---|---|
| GET | /api/flows | List all flows |
| POST | /api/flows | Create a flow |
| PATCH | /api/flows/:id | Update flow |
| DELETE | /api/flows/:id | Delete flow |
Live Feed / Logs
Auditable operation log for all memory and deliberation events. Every store, search, and decision is timestamped and traceable.
| Method | Path | Description |
|---|---|---|
| GET | /api/logs | Fetch operation log (latest 200) |
Log Entry Schema
JSON
{
"id": 71,
"agentName": "AuditBot",
"agentColor": "#D4AF37",
"operation": "stored", // stored | retrieved | deliberation | decision
"detail": "\"User prefers Python...\" stored in namespace: default",
"latencyMs": 42,
"createdAt": 1775685618047
}
MCP Protocol
KIOKU™ exposes a Model Context Protocol server at /mcp. Any MCP-compatible AI host (Claude, OpenAI, custom) can connect directly.
MCP Endpoint
https://usekioku.com/mcp — No auth header required for tool discovery. API key required for tool execution.
Available MCP Tools
| Tool Name | Description |
|---|---|
| store_memory | Store a new memory with type, importance, namespace |
| search_memories | Semantic similarity search across all memories |
| list_memories | List all memories (optionally filtered) |
| delete_memory | Delete a memory by ID |
Connect via Claude Desktop
claude_desktop_config.json
{
"mcpServers": {
"kioku": {
"url": "https://usekioku.com/mcp",
"headers": {
"X-API-Key": "kk_<your_key>"
}
}
}
}
MCP Tool Discovery
cURL
curl -s https://usekioku.com/mcp \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","method":"tools/list","params":{},"id":1}'
Structured Deliberation
Multi-round deliberation with phases, agent roles, multi-model support, and persistent sessions. Agents debate a topic through 4 phases: Position → Debate → Final → Consensus.
| Method | Endpoint | Description |
|---|---|---|
| POST | /rooms/:id/deliberate | Start a structured deliberation session |
| GET | /rooms/:id/deliberations | List all deliberation sessions for a room |
| GET | /rooms/:id/deliberations/:sessionId | Get full session with audit trail |
| GET | /rooms/:id/consensus | Latest consensus for a room |
Start Deliberation
curl
curl -X POST https://usekioku.com/api/v1/rooms/2/deliberate \
-H "Authorization: Bearer kk_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"topic": "Should we charge per-agent or flat fee?",
"model": "gpt-4o",
"debateRounds": 2
}'
Agent Roles
Assign roles via PATCH /agents/:id with {"role": "..."}. Available roles:
| Role | Behavior |
|---|---|
devils_advocate | Argues against the majority, finds weaknesses and hidden risks |
contrarian | Proposes unconventional perspectives, challenges assumptions |
mediator | Finds common ground, proposes compromise positions |
analyst | Demands data and evidence, breaks down measurable components |
optimist | Focuses on upside potential and opportunities |
pessimist | Focuses on risks, downsides, and failure modes |
Multi-Model Support
Each agent can use a different LLM. Set via PATCH /agents/:id with {"model": "gpt-4o"}.
Supported: gpt-4o, gpt-4.1-mini, gpt-5.4-mini, gemini-2.5-flash, gemini-2.5-pro
Sessions are persistent. All deliberation sessions are stored in the database and survive server restarts. Query historical sessions and consensus decisions at any time.
Webhooks
Register a webhook URL for any agent. During deliberation, KIOKU™ sends an HTTP POST to the webhook instead of calling an LLM — enabling external agents to participate.
| Method | Endpoint | Description |
|---|---|---|
| POST | /agents/:id/webhook | Register webhook (auto-generates HMAC secret) |
| GET | /agents/:id/webhook | Get webhook config |
| DELETE | /agents/:id/webhook | Remove webhook |
| GET | /webhooks | List all webhooks |
Register
curl
curl -X POST https://usekioku.com/api/v1/agents/6/webhook \
-H "Authorization: Bearer kk_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://your-agent.example.com/kioku-hook"}'
Webhook Payload (sent to your URL)
JSON
{
"event": "deliberation.round",
"sessionId": "dlb_2_1776033041425",
"roomId": 2,
"agentId": 6,
"agentName": "SynthesisBot",
"topic": "Should we open-source the SDK?",
"phase": "debate",
"round": 1,
"priorPositions": [...]
}
Expected Response
JSON
{
"position": "We should proceed cautiously with a limited open-source release.",
"confidence": 0.82,
"reasoning": "Open-sourcing builds trust but risks competitive advantage."
}
Signature Verification
Each request includes an X-Kioku-Signature header — HMAC-SHA256 of the request body using the webhook secret (whk_*).
Node.js
import { createHmac } from 'crypto';
function verify(body, signature, secret) {
const expected = createHmac('sha256', secret)
.update(JSON.stringify(body))
.digest('hex');
return signature === expected;
}
Agent Tokens
Issue scoped tokens (kat_*) for external agents to authenticate with KIOKU™ directly — without using your main API key.
| Method | Endpoint | Description |
|---|---|---|
| POST | /agents/:id/token | Create token (shown once) |
| GET | /agents/:id/tokens | List tokens (no secrets) |
| DELETE | /agents/:id/tokens/:tokenId | Revoke single token |
| DELETE | /agents/:id/tokens | Revoke all tokens |
| GET | /agent-auth/verify | Verify a token (X-Agent-Token header) |
Create Token
curl
curl -X POST https://usekioku.com/api/v1/agents/3/token \
-H "Authorization: Bearer kk_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "prod-agent", "expiresInDays": 90}'
Scopes
| Scope | Permission |
|---|---|
deliberation.respond | Send positions via agent-callback endpoint |
memory.read | Read agent memories |
External Agent Integration
Connect any external agent (your own GPT, Claude, custom LLM, or even a human-in-the-loop) to participate in KIOKU™ deliberations.
Integration Flow
Sequence
1. Register webhook → POST /agents/:id/webhook {url}
2. Create agent token → POST /agents/:id/token
3. Start deliberation → POST /rooms/:id/deliberate {topic}
4. KIOKU sends POST to your webhook URL with phase data
5. Your agent responds with {position, confidence, reasoning}
6. (Optional) Agent can also push via POST /agent-callback
Python Example
Python
from flask import Flask, request, jsonify
import hmac, hashlib
app = Flask(__name__)
WEBHOOK_SECRET = "whk_your_secret_here"
@app.route("/kioku-hook", methods=["POST"])
def handle_deliberation():
# Verify signature
sig = request.headers.get("X-Kioku-Signature", "")
expected = hmac.new(
WEBHOOK_SECRET.encode(), request.data, hashlib.sha256
).hexdigest()
if not hmac.compare_digest(sig, expected):
return jsonify({"error": "Bad signature"}), 401
data = request.json
topic = data["topic"]
phase = data["phase"]
prior = data.get("priorPositions", [])
# Your agent logic here
position = f"Based on analysis of {topic}..."
return jsonify({
"position": position,
"confidence": 0.85,
"reasoning": "Detailed reasoning here"
})
Node.js Example
Node.js
import express from 'express';
import { createHmac } from 'crypto';
const app = express();
app.use(express.json());
const SECRET = 'whk_your_secret_here';
app.post('/kioku-hook', (req, res) => {
const sig = req.headers['x-kioku-signature'];
const expected = createHmac('sha256', SECRET)
.update(JSON.stringify(req.body)).digest('hex');
if (sig !== expected) return res.status(401).json({error: 'Bad sig'});
const { topic, phase, priorPositions } = req.body;
res.json({
position: `My analysis of "${topic}"...`,
confidence: 0.78,
reasoning: 'Based on prior positions and data'
});
});
app.listen(3001);
Plans & Rate Limits
| Feature | Dev | Starter ($49/mo) | Growth ($149/mo) | Enterprise |
|---|---|---|---|---|
| API Requests / day | 1,000 | 10,000 | 100,000 | Unlimited |
| Memory records | 500 | 10,000 | Unlimited | Unlimited |
| Agents | 3 | 10 | Unlimited | Unlimited |
| Deliberation Rooms | 1 | 5 | Unlimited | Unlimited |
| Semantic search | ✓ | ✓ | ✓ | ✓ |
| MCP Server | ✓ | ✓ | ✓ | ✓ |
| Custom namespaces | ✗ | ✓ | ✓ | ✓ |
| Audit export | ✗ | ✗ | ✓ | ✓ |
| SSO / SAML | ✗ | ✗ | ✗ | ✓ |
Rate limit headers
All responses include
X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers. Exceeding limits returns 429 Too Many Requests.
Error Codes
| Code | Meaning |
|---|---|
| 200 | Success |
| 201 | Created |
| 400 | Bad Request — missing or invalid field |
| 401 | Unauthorized — missing or invalid API key |
| 403 | Forbidden — plan limit exceeded |
| 404 | Resource not found |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Error Response Format
JSON
{
"error": "Content required"
}