Tutorial — Knox Deployment Program (KDP) integration

This tutorial covers how to integrate with KDP to upload customer devices that are sold through distributors, resellers, and carriers with their customer-side Samsung Knox services, such as Knox Mobile Enrollment and Knox Configure.

Step 1: Sign up and get approved

You must apply and be approved for both Knox Partner Program and KDP. To learn more, see Get access to the Reseller Portal. Once you have been approved, you will be notified via email.

Step 2: Request access to the Cloud Apps feature

You will need to request access to the Cloud Apps feature in Knox Developer Portal.

1. From the Knox Partner Program dashboard, click Knox Developers to get approved for Knox Developer Portal access.

2. Click the link again to open Knox Developer Portal, then click Support.

3. On the Support page, under Technical Support click SUBMIT SUPPORT TICKET.

4. Review and accept the options on the Request access to the support ticketing system page and click Submit.

5. Click Create a Case to open the Case Creation dialog. In Step 1, the Account Name and Contact Name fields will be automatically populated using your account details.

6. In Step 1:

   a. Select Web Service API as the Product value.

   b. Enter your current country as the Issue Location value.

   c. Leave the Severity level at default unless required.

7. In Step 2:

   a. Enter “Cloud Apps feature” (without quotes) as the Subject.

   b. Enter a description of your use cases, and your intent to access the KDP API in the Description field.

   c. Upload or drop any supporting files as required.

   d. Click Submit.

Alternatively, send an email to knoxapi@samsungknox.com with the subject “Cloud Apps feature” (without quotes). Include the following details in your email:

• Email address associated with your Samsung Knox account
• Company name
• Country
• Your intention to access KDP API for cloud apps
• Description of your use cases

Once you have been granted access, you will be notified via email. When you subsequently log into the Developer Portal, you will see the Cloud Apps menu in the navigation pane.

Step 3: Generate and test your access token

After you get access to the Cloud Apps feature:

1. Register your app to get its client ID and client secret.

   Add the necessary KDP scopes while registering your app.

2. Generate an access token using the client ID and client secret from step 1. You will need to add the access token as an Authorization header value in KDP API calls.

3. Ensure that your access token is configured correctly by making a test call to any KDP API endpoint.

Step 4: Integrate with the KDP API

This section covers common KDP API use cases using client credentials authorization flow (2-legged OAuth 2.0) to access your own Knox cloud services.

Some KDP operations involve performing actions against customer accounts. To test these scenarios, you’ll need a separate Samsung Knox customer account. For details, see Create a Samsung Knox account.

Upload devices

Upload devices to your customer’s account with PUT /kcs/v1/rp/devices/upload.

In the header, include your signed access token from the previous step. Then, make sure you include the following required body parameters:

• customerId – ID of the customer to upload devices for.
• resellerId – Your reseller ID.
• transactionId – Unique transaction ID for this operation. You can later use this transaction ID to check the status of this operation.
• devices - An array of device IMEIs, MEIDs, or Serial Numbers.
• type - Device type. IMEI, MEID, or SN.

There are also optional parameters you can set for this request. To learn more, see the KDP API reference.

Here’s a cURL request example that uploads a device specified by its IMEI.

        curl --request PUT \
          --url https://api.samsungknox.com/kcs/v1/rp/devices/upload \
          --header 'Authorization: Bearer kz06....L09Wc' \
          --header 'content-type: application/json' \
          --data '{
          "customerId": "114....454",
          "resellerId": "393....849",
          "transactionId": "123000",
          "devices": [
            "35163899....236"
          ],
          "type": "IMEI"
        }'

Assuming the request was processed correctly, you should receive a response resembling the following:

        {
            "transactionId": "123000",
            "state": "Progress",
            "code": 2000000,
            "message": "SUCCESS",
            "operationType": "UPLOAD"
        }

List device transaction status

Get a list of device transaction statuses with GET /kcs/v1/rp/devices/status.

In the header, include your signed access token from the previous step. Then, make sure you include the resellerId as a query parameter in your request. There are also optional query parameters you can set for filtering. To learn more, see the KDP API reference.

Here’s a cURL request example that calls this operation.

        curl --request GET \
          --url https://api.samsungknox.com/kcs/v1/rp/devices/status?resellerId="393....849" \
          --header 'Authorization: Bearer kz06....L09Wc'

The response will indicate the current status of device transations for the specified reseller. For example, assuming the upload has completed:

        {
          "devices": {
            "totalCount": 1,
            "totalPage": 1,
            "pageNum": 0,
            "transactions": [
              {
                "transactionId": "123000",
                "state": "Complete",
                "type": "Put",
                "operationType": "UPLOAD"
              }
            ]
          }
        }

Delete devices

Delete devices with PUT /kcs/v1/rp/devices/delete.

In the header, include your signed access token from the previous step. Then, make sure you include the following required body parameters:

• customerId – ID of the customer to delete devices for.
• resellerId – Your reseller ID.
• transactionId – Unique transaction ID for the current operation. You can later use this transaction ID to check the status of this operation.
• removeTransactionId - Transaction ID of a device upload operation. Allows you to delete devices from that specific upload. Required if devices is not provided.
• devices - An array of device IMEIs or Serial Numbers to be deleted. Required if removeTransactionId is not provided.
• type - Device type. IMEI, MEID, or SN. Required if devices is provided and removeTransactionId is not provided.

There are also optional parameters you can set for this request. To learn more, see the Knox Deployment Program API reference.

        curl --request PUT \
          --url https://api.samsungknox.com/kcs/v1/rp/devices/delete \ 
          --header 'Authorization: Bearer kz06....L09Wc' \ 
          --header 'content-type: application/json' \ 
          --data '{ 
          "customerId": "114....454",
          "resellerId": "393....849", 
          "transactionId": "345000", 
          "devices": [
            "35163899....236"
          ],
          "type": "IMEI"
          }'

Assuming the request was processed correctly, you should receive a response resembling the following:

        {
            "transactionId": "345000",
            "state": "Progress",
            "code": 2000000,
            "message": "SUCCESS",
            "operationType": "DELETE"
        }

List devices

Get a list of devices uploaded with GET /kcs/v1/rp/devices.

In the header, include your signed access token from the previous step. Then, make sure you include the resellerId as a query parameter in your request. There are also optional query parameters you can set for filtering. To learn more, see the KDP API reference.

Here’s a cURL request example that calls this operation:

        curl --request GET \
          --url https://api.samsungknox.com/kcs/v1/rp/devices?resellerId="393....849" \
          --header 'Authorization: Bearer kz06....L09Wc'

You should see a response resembling the following:

        {
            "code": "2000000",
            "message": "SUCCESS",
            "pageNum": 0,
            "pageSize": 100,
            "totalCount": 1,
            "totalPages": 1,
            "size": 1,
            "devices": [
                {
                    "id": "68c21875cca00dfa936d4e49",
                    "createTime": 1757550709832,
                    "mei": "35163899....236",
                    "customerName": "Demo-Customer",
                    "customerId": "114....454",
                    "meid": "0890648729....1715",
                    "model": "Engineering Model",
                    "state": "Verified",
                    "uploadId": "8ff9a094-feeb-4705-bf2e-53d1f66eada3"
                }
            ]
        }

List reseller’s customers

Get a list of customers with GET /kcs/v1/rp/customers/list.

In the header, include your signed access token from the previous step. Then, make sure you include the resellerId as a query parameter in your request. There are also optional query parameters you can set for filtering. To learn more, see the KDP API reference.

For example:

        curl --request GET \
          --url https://api.samsungknox.com/kcs/v1/rp/customers/list?resellerId="393....849" \
          --header 'Authorization: Bearer kz06....L09Wc'

Assuming there were no errors, your response will resemble the following:

        {
          "totalCount": 1,
          "pageNum": 0,
          "customers": [
            {
              "name": "Demo-Customer",
              "customerId": "114....454"
            }
          ]
        }

Other API operations

Evaluate any other endpoints that you want to integrate against. For more information, see the KDP API reference.

As a participating Knox reseller, you are responsible for uploading devices purchased by your customers for access to Knox Mobile Enrollment, Knox Configure, and other Knox cloud services. The association between the reseller and the customer is automatically created during a device’s first upload based on their customerId.