Skip to main content
You need three things to call the API: an account, an access token, and the base URL. This page walks the shortest path; Authentication has the full detail.

1. Get an account

NKAMA is phone-first. A user signs up by proving a phone number with a one-time code, then setting a password — all pre-authentication:
1

Request a code

POST /api/v1/registration/otp with { "phoneNumber": "+241…" } returns a challengeId.
2

Verify the code

POST /api/v1/registration/otp/{challengeId}/verify with { "code": "123456" } returns a single-use ticket.
3

Complete sign-up

POST /api/v1/registration/complete with the ticket, a password and the accepted legal versions creates the account (role TENANT).
Fetch the current legal versions to accept from GET /api/v1/legal/versions (public).

2. Get an access token

Tokens come from Keycloak, not from NKAMA. Mobile/web clients use the Authorization Code flow with PKCE; see Authentication for the production flow and for how to get a token in scripts.

3. Call the API

Send the token as a bearer header: 
curl https://api.nkama.ga/api/v1/properties/mine \
  -H "Authorization: Bearer $ACCESS_TOKEN"
A 401 means the token is missing/expired; a 403 means the token is valid but lacks the required role (e.g. listing a property needs the OWNER role — see Owner onboarding). Browse every endpoint in the API reference — each operation has a “Try it” panel that sends the bearer token for you.