Step 3 — Call Knox cloud services APIs with access token
Last updated February 10th, 2026
The access token you obtained in Step 2 – Get access and refresh tokens can be used to call Knox cloud services APIs on behalf of an end user who has provided consent. If you are a Knox MSP partner, you can also use this token to call Knox cloud services APIs on behalf of your managed customers.
For UEM calling on behalf of Knox customers
This scenario applies if the end user is not a Managed Service Provider (MSP). The following example shows a sample cURL request for Knox Asset Intelligence:
curl --location 'https://api.samsungknox.com/kai/v1/settings' \
--header 'Authorization: Bearer aB1c....D2fgh'
A sample response is shown below:
{
"battery":
{ "batteryLevelThresholds": [] },
"enrollment":
{ "allowEnrolledToKnoxConfigure": false }
}
For UEM calling on behalf of Knox MSP customers
This scenario only applies if the end user is a Managed Service Provider (MSP).
As a UEM partner who is calling the APIs on behalf of the Knox MSP account holder, when you make Knox cloud service API requests, include your managed customer ID in x-wsm-managed-tenantid header. Your managed customer ID is available on the Customers page of the Knox MSP Portal (see Navigate the Knox MSP Portal). You can also retrieve it using Get customer information endpoint.
This approach will fail for non-managed customers.
For example, a cURL request for Knox Asset Intelligence:
curl --location 'https://api.samsungknox.com/kai/v1/settings' \
--header 'Authorization: Bearer aB1c....D2fgh' \
--header 'x-wsm-managed-tenantid: 1123123123'
A sample response is shown below:
{
"battery":
{ "batteryLevelThresholds": [] },
"enrollment":
{ "allowEnrolledToKnoxConfigure": false }
}
Next steps
To refresh the access token or revoke it, see Step 4 — Refresh or revoke access token.
On this page
Is this page helpful?