Knogin
[Kuratorowany kontrakt publiczny]

API Integracji Zewnętrznych

Ta strona dokumentuje wyłącznie stabilny kontrakt integracji zewnętrznej. Jest celowo ograniczona do endpointów i gwarancji transportowych potrzebnych zatwierdzonym integratorom.

Dokumenty czytelne maszynowoPoproś o dostęp zaawansowany

Granica bezpieczeństwa

This documentation covers the stable external integration contract only. Platform internals, administrative routes, schema-level discovery, and partner-only capabilities are intentionally withheld from the public surface.

Nazwy tras, przykłady tokenów i szczegóły transportu pozostają w kanonicznym angielskim, aby dokładnie odpowiadały kontraktowi publicznemu.

Weryfikacja JWTOAuth i service tokensWebhookiTylko transport GraphQLBez zrzutu schematuBez tras wewnętrznych

Bazowe URL-e

Usługa auth
https://auth.knogin.com
Transport GraphQL
https://api.knogin.com/graphql
Dokumenty czytelne maszynowo
https://knogin.com/api/docs
Kontrakt publiczny

Tożsamość i rejestracja aplikacji

Zarejestruj integrację, sprawdź zatwierdzone scope’y i zarządzaj governance zewnętrznej aplikacji.

GET
/v1/platform/scopes

List available scopes

Returns the scope catalog that external apps can request during registration and token issuance.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Use this endpoint to build consent or admin approval workflows around approved scopes.
  • Do not assume unpublished scopes exist or are available to your tenant.
Przykład request i response

Request

curl https://auth.knogin.com/v1/platform/scopes \
  -H "Authorization: Bearer <admin-access-token>"

Response

{
  "scopes": [
    {
      "name": "webhooks:write",
      "description": "Create and update outbound webhook subscriptions"
    }
  ]
}
GET/POST
/v1/platform/apps

Create and list platform apps

Creates an external integration app record or enumerates the apps already registered for the tenant.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Register a named app before attempting OAuth authorization code or client credentials flows.
  • The response includes client metadata, approved grants, and tenancy context.
Przykład request i response

Request

curl -X POST https://auth.knogin.com/v1/platform/apps \
  -H "Authorization: Bearer <admin-access-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Case sync connector",
    "grant_types": ["client_credentials"],
    "redirect_uris": [],
    "requested_scopes": ["webhooks:write"]
  }'

Response

{
  "client_id": "app_123",
  "client_secret": "<write-once-secret>",
  "grant_types": ["client_credentials"],
  "requested_scopes": ["webhooks:write"]
}
GET
/v1/platform/apps/{client_id}

Inspect an integration app

Fetches the current metadata and governance state for a registered app by client identifier.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Use this endpoint to audit redirect URIs, grants, and scope posture before rotating secrets or enabling new workflows.
Przykład request i response

Request

curl https://auth.knogin.com/v1/platform/apps/app_123 \
  -H "Authorization: Bearer <admin-access-token>"

Response

{
  "client_id": "app_123",
  "name": "Case sync connector",
  "grant_types": ["client_credentials"],
  "governance": {
    "allow_service_tokens": true
  }
}
PATCH
/v1/platform/apps/{client_id}/governance

Update app governance

Adjusts governance flags for an existing app without exposing tenant-wide administrative controls.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Administratorzy klienta
Stabilność
Stabilne
  • Use governance updates to constrain redirects, service token usage, and other tenant-approved behaviors.
  • This surface is scoped to the app identified in the path.
Przykład request i response

Request

curl -X PATCH https://auth.knogin.com/v1/platform/apps/app_123/governance \
  -H "Authorization: Bearer <admin-access-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "allow_service_tokens": true,
    "enforce_pkce": true
  }'

Response

{
  "client_id": "app_123",
  "governance": {
    "allow_service_tokens": true,
    "enforce_pkce": true
  }
}
Kontrakt publiczny

OAuth i service tokens

Używaj zatwierdzonych przepływów tokenów dla integracji user-delegated i machine-to-machine.

GET
/v1/oauth/authorize

Start OAuth authorization code flow

Initiates the authorization flow for integrations that act on behalf of a signed-in user.

Host
https://auth.knogin.com
Auth
OAuth authorization code
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Authorization requests should use the redirect URIs and scopes already approved on the platform app.
  • PKCE should be used whenever a confidential client secret is not available.
Przykład request i response

Request

https://auth.knogin.com/v1/oauth/authorize?response_type=code&client_id=app_123&redirect_uri=https%3A%2F%2Fintegrator.example%2Fcallback&scope=webhooks%3Awrite&state=<opaque-state>&code_challenge=<pkce-challenge>&code_challenge_method=S256

Response

302 redirect to the registered redirect URI with either ?code=<authorization-code> or an OAuth error.
POST
/v1/oauth/token

Exchange or mint access tokens

Issues access tokens via authorization code or client credentials without documenting internal password or session flows.

Host
https://auth.knogin.com
Auth
OAuth auth code or client credentials
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Use authorization code for user-delegated access and client credentials for headless service integrations.
  • Only request scopes that were approved during app registration.
Przykład request i response

Request

curl -X POST https://auth.knogin.com/v1/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=app_123&client_secret=<client-secret>&scope=webhooks:write"

Response

{
  "access_token": "<jwt>",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "webhooks:write"
}
POST
/v1/platform/apps/{client_id}/service-token

Mint a service token

Issues a service token for automation that should not depend on an end-user session.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Administratorzy klienta
Stabilność
Stabilne
  • Service tokens are appropriate for webhook management, scheduled exports, and other machine-to-machine workflows.
  • Keep service-token issuance behind tenant admin approval.
Przykład request i response

Request

curl -X POST https://auth.knogin.com/v1/platform/apps/app_123/service-token \
  -H "Authorization: Bearer <admin-access-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "scopes": ["webhooks:write"]
  }'

Response

{
  "token": "<service-token>",
  "expires_at": "2026-03-24T10:00:00Z"
}
POST
/v1/platform/apps/{client_id}/rotate-secret

Rotate an app secret

Rotates a confidential client secret so an external integration can recover or rotate credentials safely.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Administratorzy klienta
Stabilność
Stabilne
  • Treat the rotated secret as write-once material and replace it in your secret store immediately.
  • Rotate secrets before revoking old credentials from automation.
Przykład request i response

Request

curl -X POST https://auth.knogin.com/v1/platform/apps/app_123/rotate-secret \
  -H "Authorization: Bearer <admin-access-token>"

Response

{
  "client_id": "app_123",
  "client_secret": "<new-write-once-secret>"
}
Kontrakt publiczny

JWKS i weryfikacja tokenów

Weryfikuj JWT wydane przez Knogin względem kluczy publicznych.

GET
/.well-known/jwks.json

OpenID-compatible JWKS discovery

Publishes public signing keys at the well-known JWKS path for standards-based token validation.

Host
https://auth.knogin.com
Auth
Public
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Use the key identifier in the JWT header to select the correct public key.
  • Cache JWKS responses according to your verifier policy and refresh on unknown key IDs.
Przykład request i response

Request

curl https://auth.knogin.com/.well-known/jwks.json

Response

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "2026-03-signing-key",
      "use": "sig"
    }
  ]
}
GET
/v1/auth/jwks.json

Versioned JWKS endpoint

Provides the same public signing material under the auth-service versioned API namespace.

Host
https://auth.knogin.com
Auth
Public
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Use this variant when your API client standardizes on versioned endpoints.
Przykład request i response

Request

curl https://auth.knogin.com/v1/auth/jwks.json

Response

{
  "keys": [
    {
      "kty": "RSA",
      "kid": "2026-03-signing-key",
      "use": "sig"
    }
  ]
}
Kontrakt publiczny

Dostarczanie zdarzeń i webhooki

Twórz, testuj i obserwuj wychodzące webhooki dla zatwierdzonych integracji.

GET/POST
/v1/webhooks

Create and list webhooks

Manages outbound webhook subscriptions used to deliver approved event notifications to an external system.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Create subscriptions only for events your integration has been approved to receive.
  • Outbound webhook secrets should be stored and rotated like any other integration credential.
Przykład request i response

Request

curl -X POST https://auth.knogin.com/v1/webhooks \
  -H "Authorization: Bearer <access-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://integrator.example/webhooks/argus",
    "events": ["incident.updated"],
    "secret": "<signing-secret>"
  }'

Response

{
  "id": "wh_123",
  "url": "https://integrator.example/webhooks/argus",
  "events": ["incident.updated"]
}
GET/PUT/DELETE
/v1/webhooks/{webhook_id}

Inspect, update, or delete a webhook

Manages an individual webhook subscription by identifier.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Use update operations to rotate secrets or adjust event selections without recreating the subscription.
Przykład request i response

Request

curl -X PUT https://auth.knogin.com/v1/webhooks/wh_123 \
  -H "Authorization: Bearer <access-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "events": ["incident.updated", "incident.closed"]
  }'

Response

{
  "id": "wh_123",
  "events": ["incident.updated", "incident.closed"]
}
GET
/v1/webhooks/{webhook_id}/deliveries

Review delivery attempts

Returns historical delivery attempts for a webhook so integrators can debug retries and downstream failures.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Use delivery history instead of internal logs to diagnose receiver behavior.
  • Delivery metadata is limited to the webhook in scope.
Przykład request i response

Request

curl https://auth.knogin.com/v1/webhooks/wh_123/deliveries \
  -H "Authorization: Bearer <access-token>"

Response

{
  "deliveries": [
    {
      "id": "dlv_123",
      "status": "succeeded",
      "attempted_at": "2026-03-23T12:00:00Z"
    }
  ]
}
POST
/v1/webhooks/{webhook_id}/test

Send a test webhook

Triggers a synthetic delivery to validate receiver configuration before enabling production traffic.

Host
https://auth.knogin.com
Auth
Bearer token
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Use test deliveries when rotating secrets or validating a new endpoint.
Przykład request i response

Request

curl -X POST https://auth.knogin.com/v1/webhooks/wh_123/test \
  -H "Authorization: Bearer <access-token>"

Response

{
  "delivery_id": "dlv_test_123",
  "status": "queued"
}
Kontrakt publiczny

Kontrakt transportu GraphQL

Łącz się ze współdzielonym transportem GraphQL bez publikowania schematu ani spisu operacji.

POST
/graphql

Use the shared GraphQL transport

Connect to the GraphQL endpoint with bearer tokens and tenant scoping, while operation bundles remain curated and access-controlled.

Host
https://api.knogin.com
Auth
Bearer token
Odbiorcy
Zewnętrzni integratorzy
Stabilność
Stabilne
  • Public documentation covers transport, headers, tenancy, and error handling only.
  • Schema dumps, playground access, introspection guidance, and unpublished operations are excluded from the public contract.
  • Approved partners receive curated operation bundles tied to explicit integration workflows.
Przykład request i response

Request

curl -X POST https://api.knogin.com/graphql \
  -H "Authorization: Bearer <access-token>" \
  -H "Content-Type: application/json" \
  -H "X-Tenant-ID: <tenant-id>" \
  -d '{
    "query": "<approved GraphQL document>",
    "variables": {}
  }'

Response

{
  "data": {
    "result": "Returned for your approved operation bundle"
  }
}
Dostępne na żądanie

Zaawansowane możliwości na żądanie

Rozszerzone API platformy, kuratorowane bundle GraphQL i federacja pozostają za zweryfikowanym dostępem.

/api/v1/platform/*

Platform control-plane APIs

Expanded control-plane workflows under /api/v1/platform are available only through approved partner or customer programs.

Host
https://api.knogin.com
Auth
Request access
Odbiorcy
Partnerzy strategiczni
Stabilność
Zatwierdzone na żądanie
  • Public docs intentionally stop at a high-level capability description.
  • Examples include deployment packages, automations, agents, marketplace flows, and release operations.
Szczegółowa dokumentacja tej funkcji jest dostępna wyłącznie przez zweryfikowany proces integracyjny.
Poproś o dostęp
Curated GraphQL operations by approved workflow

Curated GraphQL operation bundles

Approved integrations can receive a narrow set of GraphQL operations derived from vetted FE2 workflows instead of full schema discovery.

Host
https://api.knogin.com
Auth
Request access
Odbiorcy
Partnerzy strategiczni
Stabilność
Zatwierdzone na żądanie
  • Examples include incident webhook configuration flows and other explicitly approved bundles.
  • This is the mechanism for exposing integrations without publishing the full GraphQL schema.
Szczegółowa dokumentacja tej funkcji jest dostępna wyłącznie przez zweryfikowany proces integracyjny.
Poproś o dostęp
/v1/saml/*

Enterprise federation and SAML

Federation setup and SAML onboarding are handled through guided implementation rather than a self-serve public blueprint.

Host
https://auth.knogin.com
Auth
Request access
Odbiorcy
Administratorzy klienta
Stabilność
Zatwierdzone na żądanie
  • Enterprise identity integrations require tenant-specific coordination and are not documented as an open public API.
Szczegółowa dokumentacja tej funkcji jest dostępna wyłącznie przez zweryfikowany proces integracyjny.
Poproś o dostęp

Potrzebujesz dostępu do zaawansowanych integracji?

Użyj wniosku integracyjnego dla kuratorowanych bundle GraphQL, dostępu do platformy, federacji enterprise lub sandbox onboardingu.