API keys

In Knock, all requests to the Knock API are issued using an API key. Your API keys are environment specific and allow Knock to tie a request on the API back to an isolated Knock environment.

You can find your environment-specific API keys under Platform > API keys in the left-hand side bar. Remember: each environment has its own unique set of API keys.

Each Knock environment can have any number of API keys. There are two types of keys you can create: public keys and secret keys. You can uniquely identify these keys as they start with pk_ for a public key, vs sk_ for a secret key.

• Public keys. Public keys are only meant to identify your account with Knock. They aren't secret, and can safely be made public in any of your client-side code.

• Secret keys. Secret keys can perform any API request to Knock and should be kept secure and private. Be sure to prevent secret keys from being made publicly accessible, such as in client-side code, GitHub, unsecured S3 buckets, and so forth.

You can create any number of API keys per environment in the Knock dashboard. To create a new API key:

1. Navigate to Platform > API keys in your dashboard sidebar.
2. Click "Create API key."
3. Choose the key type (secret or public).
4. Optionally, provide a description to help identify the key's purpose.
5. Click "Create" to generate the key.

Creating multiple API keys is useful when you need to:

• Provide different keys to different services or applications.
• Rotate keys without downtime by creating a new key before revoking the old one.
• Track usage across different parts of your infrastructure.

You can revoke any API key at any time. To revoke an API key:

1. Navigate to Platform > API keys in your dashboard sidebar.
2. Find the key you want to revoke.
3. Select the "..." menu next to the key.
4. Click "Revoke API key."

Revoking a key immediately invalidates it. Any requests made with a revoked key will return a 401 error. This action cannot be undone.