Home / Knox Cloud API Authentication / Knox OAuth 2.0 Authentication /

Register a new cloud app

Last updated February 12th, 2026

You need an access token to be able to make Knox cloud services API calls. To generate an access token, you must first obtain a client ID and a client secret from the Knox Developer portal for each of your apps.

Before you begin

  1. You must have the super admin role in Knox Admin Portal so that you can view, create, update, and delete cloud apps. For information about how to manage admins in Knox Admin Portal, see Manage admins.

  2. Ensure you can view the Cloud Apps menu on the navigation pane of Knox Developer portal. If the Cloud Apps menu doesn’t appear for you, create a support ticket with the following details to request access:

    • “Cloud Apps feature” as the subject

    • Customer ID

    • Company name

    • The country you reside in

    • The email address associated with your Samsung Knox account

    • The business size (number of devices)

    • A brief description of your primary use cases, including:

      • The list of API scopes

      • A list of API endpoints

      • Pain/gain points

      • How the APIs will fit into your system

      • Estimated API call frequency (daily, weekly, monthly)

Generate a client ID and client secret

  1. Sign in to the Knox Developer Portal.

  2. Go to WEB INTEGRATIONS > Cloud Apps from the landing page, or go to Cloud Apps on the navigation pane.

  3. Click REGISTER NEW APP.

  4. The first time you register a cloud app, the Knox Cloud API License Agreement appears. Review the agreement, confirm you’ve read it, and click ACCEPT to consent.

  5. Under BASIC INFORMATION:

    • Enter an App name for your app. If you choose the Authorization code grant type in the next step, then the App name you specify is included in the consent screen that is shown to your customer.

    • (Optional) Add a brief App description.

  6. Under GRANT TYPES:

    • Select Client credentials if your app needs access to your own Knox cloud services. This is a two-legged OAuth 2.0 flow.

    • Select Authorization code if you are a Unified Endpoint Management (UEM) partner, and your app requires access to Knox cloud services on behalf of a customer. This is a three-legged OAuth 2.0 flow. If you select this option, proceed to specify details that will be shown on the consent screen for the customer:

      • Company name — Enter the name of your company.

      • (Optional) Home page — Enter the home page link of your company or app.

      • (Optional) Terms of service link — Enter the link where your customers can go to view the terms of service of your company.

      • (Optional) Privacy policy link — Enter the link where your customers can go to view the privacy policy link of your company.

      • (Optional) Support email address — Enter the support email address of your company.

      • (Optional) Company logo — Upload your company logo in .jpg or .png format. Ensure that the file size is less than 200 MB.

      • REDIRECT URLs — Enter the URLs to redirect your customers to your app after they grant consent. If you enter multiple redirect URLs using the ADD URL option, make sure to specify a preferred URL in your API call to get the authorization code.

  7. Depending on the grant types you selected, relevant options will appear Under EXPIRATION TIMES. Proceed to:

    • Enter a value between 1-5 minutes for the Authorization code expiration period.

    • Enter a value between 1-60 minutes for the Access token expiration period.

    • Enter a value between 60 minutes to 90 days for the Refresh token expiration period.

  8. Click CONTINUE.

  9. Click ADD SCOPE to open a dialog with available scopes to choose from.

  10. In the ADD SCOPE dialog, proceed to select the scopes corresponding to the permissions you want your app to have.

    You must add at least one scope to your app. If you add scopes for a product that you don’t have permissions for, your app registration request will fail. To request permissions for additional services (assuming you have licenses for them), create a support ticket.

    1. Browse to your intended scopes.

      • You can update the Services filter to only see scopes for your selected services.

      • You can use the search bar to find specific scopes.

    2. Select the scopes and click ADD.

    3. Close the dialog box to return to the Register new app page. The scopes you added appear under SCOPES YOU’VE ADDED.

    4. To remove a scope you’ve added, select it and click REMOVE.

  11. Click CONTINUE. A summary of the new app appears, including the app information you’ve entered, the scopes you’ve added, and (if applicable) a preview of what your customer’s consent screen will look like.

  12. Click SUBMIT. A success message briefly appears and the App submitted! page loads, showing your app’s client ID and client secret.

    The client secret only displays until the current session is active. You can’t view client secrets created during previous sessions, because it isn’t stored for security reasons. Store your client secrets securely and never hardcode them in your applications. Use environment variables or secure vaults for storing client secrets and other sensitive credentials. If you forgot to store a client secret, or need to rotate a secret for security or testing purposes, see Rotate the client secret for your registered cloud app.

Registering cloud apps through client management

You can also register your cloud app through client management operations described in the API reference. Contact Support if you need more information.

On this page

Is this page helpful?