Get started
Last updated April 30th, 2026
Before you can start using the Knox Guard API, you’ll need to complete a few steps.
Step 1: Sign up for Knox Guard
First, you’ll need a Samsung Knox account with access to Knox Guard.
- Create a Samsung Knox account.
- Once your Samsung Knox application is approved, you’ll also need approval for a Knox Guard account. We recommend you work with your Samsung contact to get access.
For more information on how to get started with Knox Guard, see the admin guide.
Step 2: Register devices
While some endpoints, such as Check Authorization, don’t require any devices, most Knox Guard endpoints requires you to identify a registered device using one of the following three attributes.
| Attribute | Description |
|---|---|
objectId |
A unique ID generated by Knox Guard once a device is registered. |
deviceUid |
The device's IMEI or serial number. |
approveId |
The billing approval ID used by a financial institution's unique billing system to approve a loan payment. Also used to identify customers. You can specify an |
These attributes are created when a device is registered or approved, and may be used to identify the device when performing an operation.
There are two main ways to add devices to your account:
- Upload from reseller: Devices purchased through a Samsung-approved reseller are directly uploaded to your account. You can find a reseller near you on the Resellers and MSPs page of the Samsung Knox website — select your country or region and filter the results for Samsung device reseller (KDP).
- Upload directly to Knox Guard: You can directly upload your own devices to Knox Guard using the Upload Devices endpoint, or through the Knox Guard console.
Step 3: Request access to the Knox API service
Once your Knox Guard application is approved, you can apply for access to the cloud REST service by emailing knoxapi@samsungknox.com.
This will allow you to access Knox API Portal, where you can generate the authentication token sent in the header of a request. For more information, see the Knox Cloud Authentication guide.
Currently, the Knox Guard API only supports Knox Cloud Authentication, our legacy authentication scheme.
Step 4: Generate your client identifier and key pair from the Knox API Portal
Download your unique key pair and client identifier from the Knox API Portal.
For security purposes, you can restrict your client identifier to certain IP addresses. The client identifier can be re-generated through the console, but must be bound to the downloaded certificate, as described in the Knox Cloud Authentication guide.
Step 5: Create your access token
Call the access token endpoint to generate your x-knox-apitoken.
For security reasons, the access token has an expiry of 30 minutes. Once expired, you can regenerate the token as specified in the Knox Cloud Authentication API guide.
When completing this step, ensure you’ve signed your access token with your private key.
Step 6: Call a Knox Guard REST API
Finally, call the Check Authorization endpoint to ensure your access token is correctly configured.
curl -X GET --header 'Accept: application/json' --header 'x-knox-apitoken: ' 'https://us-kcs-api.samsungknox.com/kcs/v1.1/kg/authorization'
The Knox Guard API servers provide both an EU and US connection. Besides host location, they support the same REST API functionalities.
| Region | Production | Development |
|---|---|---|
| EU | https://eu-kcs-api.samsungknox.com/kcs/v1.1/kg |
https://eu-kcs-api.samsungknox.com/kcs/v1.1/kg-integration |
| US | https://us-kcs-api.samsungknox.com/kcs/v1.1/kg |
https://us-kcs-api.samsungknox.com/kcs/v1.1/kg-integration |
In addition, Knox Guard provides both a production and development URL to create and manage your cloud service. When first building your cloud interface, you can use the development server for a lightweight Knox Guard experience with all REST APIs enabled. Once you’re ready to deploy your solution, use the production server to create a scalable product.
View API referenceOn this page
Is this page helpful?