API Keys

Learn more about API keys in Knock and what they're used for.

In Knock, all requests to the Knock API are issued using a API key. Your API keys are environment specific and allow Knock to tie a request on the API back to an isolated Knock environment.

Finding your API keys

You can find your environment-specific API keys under "Developers > API keys" in the left-hand side bar. Remember: each environment has its own unique set of API keys.

Secret vs public API keys

Each Knock environment will be generated with two API keys: a secret key and a public key. You can uniquely identify these keys as they start with sk_ for a secret key, vs pk_ for a public key.

  • Public keys are only meant to identify your account with Knock. They aren't secret, and can safely be made public in any of your client-side code.

  • Secret keys can perform any API request to Knock, they should be kept secure and private! Be sure to prevent secret keys from being made publicly accessible, such as in client-side code, GitHub, unsecured S3 buckets, and so forth.

Frequently asked questions

Can I revoke an API key once generated?

If you need to revoke and regenerate a set of API keys, please get in touch with our support team.

Can I further scope API key access?

Currently, it's not possible to reduce the scope of an API key and limit it to a particular set of resources. Please contact our support team if you need this feature.