Back to top

Get started

Follow this process to use the Knox Guard REST APIs:

Sign up for Knox Guard

  1. Register for a Samsung Knox account.
  2. Log in to your account and apply for the Knox Guard service from the overview page. For additional help, see the Knox Guard Admin Guide.

Register devices

To call some APIs like check the authorization key, a registered device is not required. However, for a majority of the other APIs, you must identify a registered device using one of the following three attributes.

Attribute Description
objectId Unique ID generated by the Knox Guard system once a device is registered.
deviceUid Device IMEI or Serial number
approveId Billing approval ID used with a financial institution's unique billing system to approve a loan payment. An approval ID is also used to identify customers. The ID is specified after a device is uploaded by reseller or user and accepted through Knox Guard. There's no specified format for the approval ID, but the value must be unique. You can find it in the Devices section of the Knox Guard consoleunder APPROVAL ID. See Access the Knox Guard console for details.

These attributes are created when a device is registered or approved, and may be used to identify the device to lock, unlock, blink, message, and cancel a request.

Upload from reseller — Purchase or register bulk devices directly from a reseller and have them automatically uploaded to your account based on customer ID. See supported resellers, select country or region and filter for “KDP device reseller”.

Upload using the Knox Deployment App (KDA) — Upload a single purchased Samsung device using the Knox Deployment App (KDA). This is intended for testing or small to medium scale implementation of the Knox Guard service.

Request access to the Knox API service

Apply for Knox Cloud API access to the cloud REST service by emailing This provides portal access to the Knox Cloud APIs to generate the authentication token sent in the header of a request. For more information, see the Knox Cloud APIs integration guide.

Generate your Client Identifier and key pair from the Knox Cloud APIs

Download your unique key pair and Client Identifier from the Knox Cloud APIs. For security purposes, you can restrict your Client Identifier to certain IP addresses. The Client Identifier can be re-generated through the console, but must be bound to the downloaded certificate, as described in the Knox Cloud APIs integration guide.

Create your access token

Call the access token REST API to generate your x-knox-apitoken.

For security reasons, the access token has an expiry of 30 minutes. Regenerate as specified in the Knox Cloud APIs integration guide.

Call a Knox Guard REST API

Final step! Call a Knox Guard REST API, such as Authentication, to ensure that your access token has been correctly configured.

curl -X GET --header 'Accept: application/json' --header 'x-knox-apitoken: ' ''

The Knox Guard API servers provide both an EU and US connection. Besides host location they support the same REST API functionalities.

Region Production Development

Knox Guard provides both a test and development URL to create and manage your cloud service. When first building your cloud interface, use the development server for a light weight Knox Guard experience with all the REST APIs enabled. Ensure that you have followed all the steps mentioned in authenticating your key, before you begin development. Once you are ready to deploy your solution, use the production server to create a scalable product.

Is this page helpful?