Get started
Last updated February 10th, 2026
Knox OAuth 2.0 Authentication is a token‑based authentication mechanism that lets your applications securely access Knox Cloud Services APIs without exposing user credentials. It lets you specify scopes for granular permission control.
It also supports multiple client IDs under the same account, which makes it easier to manage multiple cloud apps through the Knox Developer Portal.
Supported Knox cloud services APIs
Knox OAuth 2.0 Authentication currently supports the following Knox cloud services APIs:
The Knox Guard API, Knox Manage API (for non-MSP audiences), and Knox Attestation API don’t support Knox OAuth 2.0 Authentication. See Authentication schemes for more information.
Integration scenarios
You must first obtain an access token to start using any Knox API. The two principal flows are:
| Role | Recommended OAuth flow | Typical use case |
|---|---|---|
| Customer, Reseller, or Managed Service Provider (MSP) | Client Credentials Flow | You’re a Knox customer, reseller, or MSP who needs to call Knox cloud services APIs directly |
| UEM partner | Authorization Code Flow (PKCE) | Your platform needs to act on behalf of a customer’s Knox tenant |
What to do next
Pre-integration: For all audiences
You must have the super admin role to be able to view, create, update, or delete cloud apps. For information about how to manage admins in Knox Admin Portal, see Manage admins.
-
Follow the Register a new cloud app guide to create a cloud app and generate a client ID and client secret for it.
-
Store the client ID and secret securely, for instance in a vault.
-
Determine the scopes your integration requires – see Scopes for Knox Cloud Services APIs.
Steps for customers and MSPs
See Integrating as a customer or MSP.
For UEM partners only
On this page
Is this page helpful?