Back to top
Home / Knox Webhook Notification for Knox Device Management Service (preview) /

How Knox Webhook Notification works

Last updated September 25th, 2024

With Knox Webhook Notification, you can set up subscriptions to status events from various Knox cloud services operations. When these events are triggered, Knox Webhook Notification makes a request containing information about the operation that triggered the event, which is sent to the callback URL configured in the subscription.

Multiple subscriptions can be configured with the same callback URL, or each subscription can have a different URL. As long as different subscriptions aren’t made to the same events, all of your subscriptions can asynchronously receive events and trigger notifications.

Knox Webhook Notification API workflow

The following procedure summarizes the general Knox Webhook Notification workflow for any Knox cloud service:

knox-webhook-notification-workflow

  1. You set up OAuth 2.0 access tokens for your application client to call Knox Device Management Service.

  2. The client registers to an event with the Knox Webhook Notification Subscription API. For example, the KDMS_DEVICE_UPLOAD event can be registered, which triggers when a Knox Device Management Service upload operation is complete.

  3. The event is now subscribed. A database stores the event subscription and the associated event.

  4. The client calls the Upload devices operation on the Knox Device Management Service API.

  5. When the asynchronous upload operation is complete, Knox Device Management Service triggers an asynchronous event.

  6. Knox Webhook Notification receives the asynchronous event from Knox Device Management Service, then requests the configured callback URL with the operation result.

  7. The client receives the Knox Webhook Notification callback response along with the signature for validation.

  8. The client checks for available Samsung Knox validation certificate. If there’s no locally-stored Samsung Knox validation certificate or if it’s expired, then the client calls the GET /downloadCertificate operation to get a new certificate and stores it locally.

  9. The client validates the authenticity of the callback response by comparing the signature against the public key contained in the Samsung Knox certificate.

  10. Successful validation marks the completion of your request.

Steps 1, 2, and 3 need to be completed only once. However, if your Samsung Knox validation certificate expires, use Step 8 to get a new or updated certificate.

On this page

Is this page helpful?