For customers — Generate access token
Last updated October 4th, 2024
If you’re a third party portal provider and you’d like to make calls to Knox cloud service on behalf of your customers, see the integration guide for UEMs.
Use the following procedure to generate your access token using APIs:
-
Apply for Knox Cloud API access by contacting your local Samsung representative or creating a support ticket.
-
Generate your key pair on the Knox Cloud API portal. Ensure that you’re on the correct region in the Knox Cloud API portal.
Region Portal US https://us-api-portal.samsungknox.com EU https://eu-api-portal.samsungknox.com -
On the portal, click Download to generate and download the
keys.json
file that contains the public and private key pair. This JSON file needs to be generated only once and contains the following information:Key Description Public key Key that’s sent in the body of the access token REST API and stored by Samsung Knox to validate signed requests. Private key Key that should be stored and never revealed. This key is used for signing the Client Identifier and the Access Token returned by the REST API call. This key isn’t stored by Samsung Knox and we’ll never request it from you. Access to Knox Cloud API portal is supported by the following browsers — Chrome, Firefox, Safari, and Microsoft Edge. In order to get the best possible Knox Cloud API experience, upgrade your preferred browser to the latest version.
-
Generate your unique Client Identifier from the Knox Cloud API portal. This unique identifier only needs to be generated once, unless either:
- The privileges need to be changed.
- The Client Identifier is lost or stolen.
In both cases, re-generating the Client identifier invalidates the previous one.
-
Get the support files.
-
Sign your Client Identifier with the token utility supplied above. See the source code below on how to sign your Client Identifier. For more information on using this utility jar, refer to the included README file in the JAR file download package.
-
Generate your access token by calling the accesstoken REST API with your signed
clientId
andpublic key
. The signed Client Identifier should be set as the value toclientIdentifierJwt
in the request body of the accesstoken REST API. You can also set the token valid time between 1 — 30 minutes. The valid time is set to 30 minutes by default.For example:
-
Sign your
accesstoken
with your private key.The signed
accesstoken
expires after its valid time runs out. Once that happens it returns the403225
error code. -
Enter your signed access token in the
x-knox-apitoken
header parameter of your Knox cloud service API request. See the API reference for your Knox cloud service for details.Here is an example of how to detect when the access token expires, get a fresh access token, and call a Knox Cloud Service API again.
Is this page helpful?