Comparing Gen2 and Gen1 Knox Deployment Program APIs
Last updated August 19th, 2025
The Knox Deployment Program API allows participating carriers and resellers to integrate Knox Deployment Program Portal features with their own systems — for example, to verify the ownership of devices purchased by their customers using Knox cloud services such as Knox Configure and Knox Mobile Enrollment.
In Gen2, the Knox Deployment Program API has been restructured to simplify your workflow and enhance API authentication security.
-
Participating carriers and resellers wishing to integrate features found on the Knox Deployment Program portal should use the Gen2 API.
-
The Gen1 API is ony supported for existing resellers who have a Gen1 static
apiKey.
If you are not using the static key or you are a new reseller, please use the Gen2 API. You can move from Gen1 to Gen2 using the Samsung Admin portal, but refrain from combining or interchanging these two generations.
Authentication
The Knox Deployment Program Gen2 API lets you authenticate calls using an OAuth 2.0 Authorization token. See the Knox OAuth 2.0 API reference for details on how to generate a token. After generating your new token, you can use include it as a header parameter in your calls.
In the Gen1 API, a static API license key called X-WSM-API-TOKEN is used.
REST API comparison across API generations
The following table shows how existing Gen1 API endpoints map to Gen2 ones:
| Feature | Gen1 | Gen2 |
|---|---|---|
| Upload/Save Devices | PUT /bulkenroll/v1/reseller/devices Or PUT /bulkenroll/v2/reseller/devices |
PUT /kcs/v1/rp/devices/upload |
| Delete Devices | PUT /bulkenroll/v1/reseller/devices/delete | PUT /kcs/v1/rp/devices/delete |
| Query Transaction Status | GET /bulkenroll/v1/reseller/devices/status Or GET /bulkenroll/v2/reseller/devices/status |
GET /kcs/v1/rp/devices/status |
| Retrieve Customer Details | POST /bulkenroll/v1/reseller/customers | GET /kcs/v1/rp/customers |
| Retrieve Resellers Details | POST /bulkenroll/v1/reseller/resellers | NA |
| Retrieve a List of Devices | GET /bulkenroll/v1/reseller/devices | GET /kcs/v1/rp/devices |
Device provisioning across API generations
In the Gen1 API, two systems of provisioning devices existed — single-tier and two-tier. Different request parameters were used for saving devices and querying transaction status.
Each system had a different use case:
- Single-tier — A single reseller provisions devices for a customer.
- Two-tier — A vendor provisions devices for a customer via a distributor. A vendorId must be specified in the request body.
In the Gen2 API, the workflow has been simplified so that there is no distinction between tiers. You use the same APIs for either system or either use case. Your request parameters for certain endpoints will vary accordingly.
On this page
Is this page helpful?