Creates a new application for a given configuration and returns a unique link for the primary contact to complete their submission.
POST /api/external/applications
Authentication Requires an API key with applications:create scope.
Authorization: Bearer klara_{client_id}.{secret}
Request body Application config ID. Must belong to the organization associated with the API key.
The main contact who will complete the application. Show primary_contact properties
Email address of the primary contact.
Full name of the primary contact.
Name of the company being onboarded.
Company registration number.
ISO 3166-1 alpha-2 country code (e.g., GB for United Kingdom, IE for Ireland).
When true, generates a pre-authentication code that allows the participant to bypass email verification. The code expires after 72 hours.
Response Returns 201 Created on success.
Unique identifier (UUID) for the created application.
URL where the participant should be redirected to complete their application.
List of participants associated with this application. Show participant properties
Identifier used in the application URL.
Email address of the participant.
Participant role (primary).
Pre-authentication code (only present when pre_auth: true). Expires 72 hours after creation.
Warning message (only present if the invite email failed to send). The application is still created successfully — the email can be resent.
Examples Basic request curl -X POST https://app.klara-ai.com/api/external/applications \ -H "Authorization: Bearer klara_abc123def456.your-secret-here" \ -H "Content-Type: application/json" \ -d '{ "config_id": "kyc-standard", "primary_contact": { "email": "sophie@acme.com", "name": "Sophie Mitchell" }, "company_name": "Acme Financial Ltd", "company_number": "12345678", "country": "GB" }'
Response: { "application_id" : "550e8400-e29b-41d4-a716-446655440000" , "link" : "https://app.klara-ai.com/external/acme-corp/application/ABC123" , "participants" : [ { "id" : "660e8400-e29b-41d4-a716-446655440001" , "link_slug" : "7f3k9m2p4q8r1s5t" , "email" : "sophie@acme.com" , "role" : "primary" } ] }
With pre-authentication Include pre_auth: true to generate a code that bypasses email verification:
curl -X POST https://app.klara-ai.com/api/external/applications \ -H "Authorization: Bearer klara_abc123def456.your-secret-here" \ -H "Content-Type: application/json" \ -d '{ "config_id": "kyc-standard", "primary_contact": { "email": "sophie@acme.com", "name": "Sophie Mitchell" }, "company_name": "Acme Financial Ltd", "pre_auth": true }'
Response: { "application_id" : "550e8400-e29b-41d4-a716-446655440000" , "link" : "https://app.klara-ai.com/external/acme-corp/application/ABC123" , "participants" : [ { "id" : "660e8400-e29b-41d4-a716-446655440001" , "link_slug" : "7f3k9m2p4q8r1s5t" , "email" : "sophie@acme.com" , "role" : "primary" } ], "pre_auth_code" : "X7K9M2P4Q8R1S5T3" }
When using pre-authentication, redirect the user to the link within the 72-hour window. If the code expires, the user will be prompted to verify their email instead — no error occurs, they just go through the standard verification flow.
Need to re-issue a pre-auth code after it expires or gets consumed? Use the Refresh Pre-Auth endpoint instead of creating a new application. Errors 400 Bad Request - Missing fields
400 Bad Request - Invalid email
400 Bad Request - Invalid config
401 Unauthorized
401 Unauthorized - Missing key
403 Forbidden
500 Internal Server Error
{ "error" : "config_id and primary_contact.email are required" }
Error Cause config_id and primary_contact.email are requiredOne or both required fields are missing Invalid email address for primary_contact.emailThe provided email address is not valid Invalid config_idThe config ID does not exist Invalid API keyAPI key is invalid, expired, or inactive API key missing required scopesAPI key doesn’t have the applications:create scope Config not available for this organizationThe config belongs to a different organization Internal server errorAn unexpected error occurred on the server
