Service tokens

Learn more about service tokens on your Knock account and how they are used to authenticate against the Knock management API.

A Knock account service token allows for secure access against the Knock Management API and CLI. It acts as an authentication mechanism for resources under your Knock account.

Service tokens always start with knock_st_ and are different from your Knock API keys as they authenticate requests to the Knock management API only.

Note: only account owners or admins have the privilege to generate (or revoke) service tokens. Service tokens will inherit the privilege of the owner or the admin that creates the service token, and therefore have full access to the management API.

Generating a new service token

To use the management API or CLI, you will first need to generate a service token and use it as a means of authentication when sending requests.

To generate a service token, go to the "Service tokens" tab in your account "Settings" page and click the β€œ+ New token” button.

Please note: once generated you cannot see a service token again from the Knock dashboard, so be sure to copy it to a secure location.

Revoking a service token

Service tokens can be revoked under the three-dot menu and by clicking on "Delete token". Deleting a token will immediately revoke its ability to be used against the Knock management API and CLI.

Frequently asked questions

Can I use a Knock service token against the Knock API?

No, a service token can only be used against the Knock Management API and not the Knock API.

How can I know which changes were made by a specific service token?

Changes made via the Management API will appear as audit logs, similar to changes made manually in the dashboard, but attributing the service token used to make the change as the author. In addition, internally we audit requests and tie them back to a corresponding service token. If you need further help understanding which request originated from a service token, please contact our support team.