> ## Documentation Index
> Fetch the complete documentation index at: https://docs.streamnative.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Kafka Rest API Quickstart

The StreamNative Kafka REST API provides a comprehensive HTTP-based interface for interacting with your Kafka clusters. Apache Kafka itself does not come with a native REST API. This feature allows you to manage critical resources and produce/consume messages without needing native Kafka clients or complex library setups.

StreamNative's Kafka REST API implementation provides:

* **HTTP-based Kafka Operations**: Manage topics, produce/consume messages, and administer your cluster using any language and standard tools like curl, without needing native Kafka client libraries.
* **Full Protocol Compatibility**: Faithfully supports the Kafka protocol, ensuring seamless integration and expected behavior for all standard operations.
* **Built-in Security**: Integrated with StreamNative's authentication and authorization systems
* **Multi-tenancy Support**: Native support for StreamNative's tenant/namespace isolation model

## Prerequisites

Before using the Kafka REST API, ensure you have:

* A StreamNative Cloud account with an active Kafka-enabled cluster
* Appropriate permissions to create service accounts and manage Kafka resources
* Basic familiarity with REST APIs and HTTP tools like `curl`

### Step 1: Create a service account

<Note title="Note">
  Currently, you can't edit a service account. If you need a service account to have Super Admin access, make sure to enable it when creating the service account. By default, service accounts do not have Super Admin enabled.
</Note>

To create a service account, follow these steps.

1. On the left navigation pane, click **Service Accounts**.

2. Click **Create Service Account**.

3. (Optional) Select **Super Admin** to grant the service account with Super admin access to a namespace or tenant.

4. Enter a name for the service account, and then click **Confirm**.

### Step 2: Create an API key for your service account

<Note title="Note">
  Before using an API key, verify that the service account is authorized to access the resources, such as tenants, namespaces, and topics.
</Note>

You can follow the instructions to [create an API key](/cloud/security/authentication/service-accounts/use-api-keys/api-keys-overview#using-api-keys-to-connect-to-your-cluster) for the service account you choose to use.

### Step 3: Grant service account permissions

<Note title="Note">
  If you use a Super Admin service account, you can skip this step because a Super Admin service account already has the required permissions.
</Note>

You can grant permissions to the service account using RBAC. For a description of the available permissions, see the [predefined roles](/cloud/security/access/rbac/manage-rbac-roles#quick-reference). Granting permissions via the UI will be supported soon.

### Step 4: Get the HTTP Service URL of your StreamNative cluster

To get the service URL(s) of a StreamNative cluster, follow these steps.

<Tabs>
  <Tab title="StreamNative Console">
    1. Navigate to the **Cluster Dashboard** page by [switching to the cluster workspace](/cloud/get-started/cloud-console#switch-a-cluster).

    2. On the **Cluster Dashboard** page, click **Details** tab.

    3. You will see the available service URLs in the **Access Points** area.

    4. You can click **Copy** at the end of the row of the service URL that you want to use.
  </Tab>
</Tabs>

<Note>
  For the Kafka REST API, you need to use the **HTTP Service URL (TLS)** endpoint.
</Note>

### Step 5: Get topic list

The following example shows how to list topics using the Kafka REST API. For a complete list of all available API, see the full [Kafka REST API Reference](/api-references/kafka-rest-api).

```shell theme={null}
curl --location --request GET 'https://<your-http-service-url-tls>/rest-kafka/admin/v1/topics' \
--header 'Authorization: Bearer <your-token>'
```

<Note title="Security Best Practices">
  **Never hardcode authentication tokens in your applications.** Instead:

  * Store tokens in secure environment variables or secret management systems
  * Implement token rotation policies to regularly refresh credentials
  * Use service accounts with minimal required permissions following the principle of least privilege
  * Always use HTTPS (TLS) endpoints to encrypt data in transit
</Note>

Response
200 - A successful request returns a list of topic objects.

```json theme={null}
{
    "kind": "KafkaTopicList",
    "data": [
        {
            "kind": "KafkaTopic",
            "topic_name": "test-tenant.test-ns.topic-1",
            "is_internal": false,
            "partitions_count": 3
        },
        {
            "kind": "KafkaTopic",
            "topic_name": "topic-2",
            "is_internal": true,
            "partitions_count": 2
        },
        {
            "kind": "KafkaTopic",
            "topic_name": "topic-3",
            "is_internal": false,
            "partitions_count": 1
        }
    ]
}
```