Developer tools

Service tokens

Learn more about service tokens on your Knock account and how they are used to authenticate against the Knock management API.

A Knock account service token allows for secure access against the Knock Management API and CLI. It acts as an authentication mechanism for resources under your Knock account.

Service tokens always start with knock_st_ and are different from your Knock API keys as they authenticate requests to the Knock management API only.

Generating a new service token

#

To use the management API or CLI, you will first need to generate a service token and use it as a means of authentication when sending requests.

To generate a service token, from the dashboard go to "Settings," select the "Service tokens" tab, and click the "+ New token" button. Then, provide a name for the token and click "generate" to view and save your newly generated service token.

Revoking a service token

#

Service tokens can be revoked under the three-dot menu and by clicking on "Delete token." Deleting a token will immediately revoke its ability to be used against the Knock management API and CLI.

Frequently asked questions

#

No, a service token can only be used against the Knock Management API and not the Knock API.

Changes made via the Management API will appear as audit logs, similar to changes made manually in the dashboard, but attributing the service token used to make the change as the author. In addition, internally we audit requests and tie them back to a corresponding service token. If you need further help understanding which request originated from a service token, please contact our support team.