{ "info": { "name": "KnoxCall", "description": "Official KnoxCall API collection. Covers all Client Management API endpoints across Routes, Secrets, Clients, OAuth Clients, Environments, API Keys, Webhooks, Account, Audit Logs, Agents, Crypto Keys, PKI, Vaults, and Dynamic DB Credentials.\n\n## Authentication\nSet KC_CLIENT_ID and KC_CLIENT_SECRET in your environment, then use the Authorization tab at the collection level to fetch an OAuth 2.0 token. Every request inherits the Bearer token automatically.\n\n## Live vs Sandbox\nThe `kc_base` variable controls which environment requests hit:\n- Live: `https://api.knoxcall.com` (default) — requires a standard (`tk_live_…`) API key.\n- Sandbox: `https://sandbox.knoxcall.com` — requires a test (`tk_test_…`) API key, returns isolated test data.\n\nUse the Postman environment files (`KnoxCall-Live.postman_environment.json` / `KnoxCall-Sandbox.postman_environment.json`) to switch between modes — or override `kc_base` directly. Using the wrong key type returns 403 `wrong_key_type`.", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_postman_id": "knoxcall-v1" }, "auth": { "type": "oauth2", "oauth2": [ { "key": "tokenName", "value": "KnoxCall", "type": "string" }, { "key": "grant_type", "value": "client_credentials", "type": "string" }, { "key": "accessTokenUrl", "value": "{{kc_base}}/oauth/token", "type": "string" }, { "key": "clientId", "value": "{{KC_CLIENT_ID}}", "type": "string" }, { "key": "clientSecret", "value": "{{KC_CLIENT_SECRET}}", "type": "string" }, { "key": "scope", "value": "", "type": "string" }, { "key": "client_authentication", "value": "header", "type": "string" }, { "key": "addTokenTo", "value": "header", "type": "string" } ] }, "variable": [ { "key": "kc_base", "value": "https://api.knoxcall.com", "type": "string" }, { "key": "route_id", "value": "", "type": "string" }, { "key": "env", "value": "staging", "type": "string" }, { "key": "secret_id", "value": "", "type": "string" }, { "key": "client_id", "value": "", "type": "string" }, { "key": "cred_id", "value": "", "type": "string" }, { "key": "oauth_client_id", "value": "", "type": "string" }, { "key": "environment_id", "value": "", "type": "string" }, { "key": "api_key_id", "value": "", "type": "string" }, { "key": "webhook_id", "value": "", "type": "string" }, { "key": "agent_id", "value": "", "type": "string" }, { "key": "key_name", "value": "", "type": "string" }, { "key": "key_version", "value": "1", "type": "string" }, { "key": "root_name", "value": "", "type": "string" }, { "key": "role_name", "value": "", "type": "string" }, { "key": "vault_name", "value": "", "type": "string" }, { "key": "token_id", "value": "", "type": "string" }, { "key": "connection_name", "value": "", "type": "string" }, { "key": "kc_access_token", "value": "", "type": "string" } ], "item": [ { "name": "Auth & OAuth", "description": "OAuth 2.0 discovery, token issuance, introspection, and revocation. All requests in this folder use no auth — they are the auth flow itself.", "item": [ { "name": "Discovery", "request": { "auth": { "type": "noauth" }, "method": "GET", "url": { "raw": "{{kc_base}}/.well-known/oauth-authorization-server", "host": ["{{kc_base}}"], "path": [".well-known", "oauth-authorization-server"] }, "description": "Returns the OAuth 2.0 Authorization Server Metadata document. Consumed automatically by Postman, openid-client, MSAL, and similar libraries." } }, { "name": "Token — client_credentials", "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "client_credentials" }, { "key": "client_id", "value": "{{KC_CLIENT_ID}}" }, { "key": "client_secret", "value": "{{KC_CLIENT_SECRET}}" } ] }, "url": { "raw": "{{kc_base}}/oauth/token", "host": ["{{kc_base}}"], "path": ["oauth", "token"] }, "description": "Exchange client credentials for a Bearer access token. The collection-level Authorization tab does this automatically — use this request only if you need the raw token." } }, { "name": "Introspect token", "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [{ "key": "Content-Type", "value": "application/x-www-form-urlencoded" }], "body": { "mode": "urlencoded", "urlencoded": [{ "key": "token", "value": "{{kc_access_token}}" }] }, "url": { "raw": "{{kc_base}}/oauth/introspect", "host": ["{{kc_base}}"], "path": ["oauth", "introspect"] } } }, { "name": "Revoke token", "request": { "auth": { "type": "noauth" }, "method": "POST", "header": [{ "key": "Content-Type", "value": "application/x-www-form-urlencoded" }], "body": { "mode": "urlencoded", "urlencoded": [{ "key": "token", "value": "{{kc_access_token}}" }] }, "url": { "raw": "{{kc_base}}/oauth/revoke", "host": ["{{kc_base}}"], "path": ["oauth", "revoke"] } } } ] }, { "name": "Routes", "description": "Create and manage proxy routes that forward API requests to upstream targets.", "item": [ { "name": "List routes", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/routes?page=1&per_page=20&sort=created_at&order=desc", "host": ["{{kc_base}}"], "path": ["v1", "routes"], "query": [ { "key": "page", "value": "1" }, { "key": "per_page", "value": "20" }, { "key": "sort", "value": "created_at", "description": "created_at | name | enabled" }, { "key": "order", "value": "desc", "description": "asc | desc" }, { "key": "enabled", "value": "", "disabled": true, "description": "true | false" } ] } } }, { "name": "Get route", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/routes/{{route_id}}", "host": ["{{kc_base}}"], "path": ["v1", "routes", "{{route_id}}"] } } }, { "name": "Create route", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"stripe-payments\",\n \"target_base_url\": \"https://api.stripe.com\",\n \"base_environment\": \"production\",\n \"inject_headers_json\": {\n \"Authorization\": \"Bearer {{STRIPE_SECRET_KEY}}\"\n }\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/routes", "host": ["{{kc_base}}"], "path": ["v1", "routes"] } } }, { "name": "Update route", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"enabled\": true,\n \"rate_limit_enabled\": true,\n \"rate_limit_requests\": 100,\n \"rate_limit_window_sec\": 60\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/routes/{{route_id}}", "host": ["{{kc_base}}"], "path": ["v1", "routes", "{{route_id}}"] } } }, { "name": "Delete route", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/routes/{{route_id}}", "host": ["{{kc_base}}"], "path": ["v1", "routes", "{{route_id}}"] } } }, { "name": "Get route logs", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/routes/{{route_id}}/logs?page=1&per_page=20", "host": ["{{kc_base}}"], "path": ["v1", "routes", "{{route_id}}", "logs"], "query": [ { "key": "page", "value": "1" }, { "key": "per_page", "value": "20" } ] } } }, { "name": "List route environments", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/routes/{{route_id}}/environments", "host": ["{{kc_base}}"], "path": ["v1", "routes", "{{route_id}}", "environments"] } } }, { "name": "Set environment override", "request": { "method": "PUT", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"target_base_url\": \"https://api-staging.stripe.com\",\n \"inject_headers_json\": {\n \"Authorization\": \"Bearer {{STRIPE_TEST_KEY}}\"\n }\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/routes/{{route_id}}/environments/{{env}}", "host": ["{{kc_base}}"], "path": ["v1", "routes", "{{route_id}}", "environments", "{{env}}"] } } }, { "name": "Remove environment override", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/routes/{{route_id}}/environments/{{env}}", "host": ["{{kc_base}}"], "path": ["v1", "routes", "{{route_id}}", "environments", "{{env}}"] } } } ] }, { "name": "Secrets", "description": "Manage encrypted secrets (API keys, OAuth2 tokens, certificates) that can be injected into route headers and bodies. Secret values are never returned by the API.", "item": [ { "name": "List secrets", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/secrets?page=1&per_page=20&sort=name&order=asc", "host": ["{{kc_base}}"], "path": ["v1", "secrets"], "query": [ { "key": "page", "value": "1" }, { "key": "per_page", "value": "20" }, { "key": "sort", "value": "name", "description": "created_at | name | base_environment" }, { "key": "order", "value": "asc" } ] } } }, { "name": "Get secret", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/secrets/{{secret_id}}", "host": ["{{kc_base}}"], "path": ["v1", "secrets", "{{secret_id}}"] } } }, { "name": "Create string secret", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"STRIPE_SECRET_KEY\",\n \"value\": \"sk_live_abc123\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/secrets", "host": ["{{kc_base}}"], "path": ["v1", "secrets"] } } }, { "name": "Create OAuth2 secret", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"secret_type\": \"oauth2\",\n \"name\": \"GOOGLE_OAUTH\",\n \"provider\": \"google\",\n \"client_id\": \"1234567890.apps.googleusercontent.com\",\n \"client_secret\": \"GOCSPX-abc123\",\n \"scopes\": [\"openid\", \"email\", \"profile\"]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/secrets", "host": ["{{kc_base}}"], "path": ["v1", "secrets"] } } }, { "name": "Create certificate secret", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"secret_type\": \"certificate\",\n \"name\": \"MY_TLS_CERT\",\n \"certificate_type\": \"pem\",\n \"certificate_content\": \"-----BEGIN CERTIFICATE-----\\n...\",\n \"private_key\": \"-----BEGIN PRIVATE KEY-----\\n...\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/secrets", "host": ["{{kc_base}}"], "path": ["v1", "secrets"] } } }, { "name": "Update secret value", "request": { "method": "PUT", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"value\": \"sk_live_new_value\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/secrets/{{secret_id}}/value", "host": ["{{kc_base}}"], "path": ["v1", "secrets", "{{secret_id}}", "value"] } } }, { "name": "Get OAuth2 token", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/secrets/{{secret_id}}/oauth2/token", "host": ["{{kc_base}}"], "path": ["v1", "secrets", "{{secret_id}}", "oauth2", "token"] }, "description": "Returns the current access token for an OAuth2 secret. KnoxCall handles refresh automatically." } }, { "name": "Delete secret", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/secrets/{{secret_id}}", "host": ["{{kc_base}}"], "path": ["v1", "secrets", "{{secret_id}}"] } } } ] }, { "name": "Clients", "description": "Manage authorized clients (users or servers) with access control. Clients can hold credentials (API keys, mTLS certificates) that authenticate requests through a route.", "item": [ { "name": "List clients", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/clients?page=1&per_page=20", "host": ["{{kc_base}}"], "path": ["v1", "clients"], "query": [ { "key": "page", "value": "1" }, { "key": "per_page", "value": "20" } ] } } }, { "name": "Get client", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/clients/{{client_id}}", "host": ["{{kc_base}}"], "path": ["v1", "clients", "{{client_id}}"] } } }, { "name": "Create client", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"my-service\",\n \"description\": \"Backend microservice\",\n \"allowed_ips\": [\"10.0.0.0/8\"]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/clients", "host": ["{{kc_base}}"], "path": ["v1", "clients"] } } }, { "name": "Update client", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"description\": \"Updated description\",\n \"enabled\": true\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/clients/{{client_id}}", "host": ["{{kc_base}}"], "path": ["v1", "clients", "{{client_id}}"] } } }, { "name": "Delete client", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/clients/{{client_id}}", "host": ["{{kc_base}}"], "path": ["v1", "clients", "{{client_id}}"] } } }, { "name": "List credentials", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/clients/{{client_id}}/credentials", "host": ["{{kc_base}}"], "path": ["v1", "clients", "{{client_id}}", "credentials"] } } }, { "name": "Create credential", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"kind\": \"api_key\",\n \"label\": \"production-key\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/clients/{{client_id}}/credentials", "host": ["{{kc_base}}"], "path": ["v1", "clients", "{{client_id}}", "credentials"] }, "description": "kind: api_key | mtls_certificate" } }, { "name": "Update credential", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"enabled\": true,\n \"label\": \"updated-label\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/clients/{{client_id}}/credentials/{{cred_id}}", "host": ["{{kc_base}}"], "path": ["v1", "clients", "{{client_id}}", "credentials", "{{cred_id}}"] } } }, { "name": "Delete credential", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/clients/{{client_id}}/credentials/{{cred_id}}", "host": ["{{kc_base}}"], "path": ["v1", "clients", "{{client_id}}", "credentials", "{{cred_id}}"] } } } ] }, { "name": "OAuth Clients", "description": "Manage OAuth 2.0 client applications that can request tokens from KnoxCall's authorization server.", "item": [ { "name": "List OAuth clients", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/oauth-clients", "host": ["{{kc_base}}"], "path": ["v1", "oauth-clients"] } } }, { "name": "Get OAuth client", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/oauth-clients/{{oauth_client_id}}", "host": ["{{kc_base}}"], "path": ["v1", "oauth-clients", "{{oauth_client_id}}"] } } }, { "name": "Create OAuth client", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"client_name\": \"My App\",\n \"grant_types\": [\"client_credentials\"],\n \"redirect_uris\": [],\n \"scope\": \"routes:read secrets:read\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/oauth-clients", "host": ["{{kc_base}}"], "path": ["v1", "oauth-clients"] } } }, { "name": "Update OAuth client", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"client_name\": \"My App v2\",\n \"redirect_uris\": [\"https://myapp.com/callback\"]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/oauth-clients/{{oauth_client_id}}", "host": ["{{kc_base}}"], "path": ["v1", "oauth-clients", "{{oauth_client_id}}"] } } }, { "name": "Rotate client secret", "request": { "method": "POST", "url": { "raw": "{{kc_base}}/v1/oauth-clients/{{oauth_client_id}}/rotate-secret", "host": ["{{kc_base}}"], "path": ["v1", "oauth-clients", "{{oauth_client_id}}", "rotate-secret"] } } }, { "name": "Revoke OAuth client", "request": { "method": "POST", "url": { "raw": "{{kc_base}}/v1/oauth-clients/{{oauth_client_id}}/revoke", "host": ["{{kc_base}}"], "path": ["v1", "oauth-clients", "{{oauth_client_id}}", "revoke"] } } } ] }, { "name": "Environments", "description": "Manage deployment environments (e.g. production, staging) that provide per-environment route and secret overrides.", "item": [ { "name": "List environments", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/environments", "host": ["{{kc_base}}"], "path": ["v1", "environments"] } } }, { "name": "Create environment", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"staging\",\n \"display_name\": \"Staging\",\n \"description\": \"Pre-production environment\",\n \"color\": \"#F59E0B\",\n \"is_default\": false\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/environments", "host": ["{{kc_base}}"], "path": ["v1", "environments"] } } }, { "name": "Update environment", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"display_name\": \"Staging\",\n \"color\": \"#10B981\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/environments/{{environment_id}}", "host": ["{{kc_base}}"], "path": ["v1", "environments", "{{environment_id}}"] } } }, { "name": "Delete environment", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/environments/{{environment_id}}", "host": ["{{kc_base}}"], "path": ["v1", "environments", "{{environment_id}}"] } } } ] }, { "name": "API Keys", "description": "Create and revoke API keys for programmatic access to the KnoxCall Client Management API.", "item": [ { "name": "List API keys", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/api-keys?page=1&per_page=20", "host": ["{{kc_base}}"], "path": ["v1", "api-keys"], "query": [ { "key": "page", "value": "1" }, { "key": "per_page", "value": "20" } ] } } }, { "name": "Create API key", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"ci-pipeline\",\n \"rate_limit_requests\": 500,\n \"rate_limit_window_sec\": 60\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/api-keys", "host": ["{{kc_base}}"], "path": ["v1", "api-keys"] }, "description": "The raw API key value is returned only on creation and is never retrievable again." } }, { "name": "Revoke API key", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/api-keys/{{api_key_id}}", "host": ["{{kc_base}}"], "path": ["v1", "api-keys", "{{api_key_id}}"] } } } ] }, { "name": "Webhooks", "description": "Manage webhook subscriptions. KnoxCall signs every delivery with HMAC-SHA256 — verify using the secret_key returned on creation.", "item": [ { "name": "List webhooks", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/webhooks?page=1&per_page=20", "host": ["{{kc_base}}"], "path": ["v1", "webhooks"], "query": [ { "key": "page", "value": "1" }, { "key": "per_page", "value": "20" } ] } } }, { "name": "Get webhook", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/webhooks/{{webhook_id}}", "host": ["{{kc_base}}"], "path": ["v1", "webhooks", "{{webhook_id}}"] } } }, { "name": "Create webhook", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"url\": \"https://my-server.example.com/webhook\",\n \"events\": [\"route.created\", \"route.updated\", \"secret.rotated\"],\n \"enabled\": true\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/webhooks", "host": ["{{kc_base}}"], "path": ["v1", "webhooks"] }, "description": "The secret_key for signature verification is returned only on creation." } }, { "name": "Update webhook", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"enabled\": false,\n \"events\": [\"route.created\"]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/webhooks/{{webhook_id}}", "host": ["{{kc_base}}"], "path": ["v1", "webhooks", "{{webhook_id}}"] } } }, { "name": "Delete webhook", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/webhooks/{{webhook_id}}", "host": ["{{kc_base}}"], "path": ["v1", "webhooks", "{{webhook_id}}"] } } }, { "name": "Get webhook logs", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/webhooks/{{webhook_id}}/logs?page=1&per_page=20", "host": ["{{kc_base}}"], "path": ["v1", "webhooks", "{{webhook_id}}", "logs"], "query": [ { "key": "page", "value": "1" }, { "key": "per_page", "value": "20" } ] } } } ] }, { "name": "Account", "description": "Retrieve account information and usage metrics.", "item": [ { "name": "Get account", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/account", "host": ["{{kc_base}}"], "path": ["v1", "account"] } } }, { "name": "Get usage", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/account/usage", "host": ["{{kc_base}}"], "path": ["v1", "account", "usage"] } } } ] }, { "name": "Audit Logs", "description": "Query the immutable audit trail of all API actions taken within your account.", "item": [ { "name": "List audit logs", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/audit-logs?limit=50", "host": ["{{kc_base}}"], "path": ["v1", "audit-logs"], "query": [ { "key": "limit", "value": "50" }, { "key": "cursor", "value": "", "disabled": true }, { "key": "action", "value": "", "disabled": true, "description": "e.g. route.created" }, { "key": "resource_type", "value": "", "disabled": true, "description": "e.g. route | secret | webhook" } ] } } } ] }, { "name": "Agents", "description": "Manage KnoxCall Agents — lightweight daemons that run inside your network to proxy database credentials and capture secrets.", "item": [ { "name": "List agents", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/agents", "host": ["{{kc_base}}"], "path": ["v1", "agents"] } } }, { "name": "Create agent", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"prod-db-agent\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/agents", "host": ["{{kc_base}}"], "path": ["v1", "agents"] } } }, { "name": "Revoke agent", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/agents/{{agent_id}}", "host": ["{{kc_base}}"], "path": ["v1", "agents", "{{agent_id}}"] } } }, { "name": "Get tamper events", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/agents/{{agent_id}}/tamper-events", "host": ["{{kc_base}}"], "path": ["v1", "agents", "{{agent_id}}", "tamper-events"] } } } ] }, { "name": "Crypto Keys", "description": "Envelope encryption, digital signatures, JWT signing, and webhook signing via named versioned keys. Keys never leave KnoxCall — only ciphertext and signatures are returned.", "item": [ { "name": "List keys", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/crypto/keys", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys"] } } }, { "name": "Get key", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}"] } } }, { "name": "Create key", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"my-signing-key\",\n \"mode\": \"sign\",\n \"key_type\": \"ed25519\",\n \"description\": \"Signs webhook payloads\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys"] }, "description": "mode: encrypt | sign | hmac | jwt" } }, { "name": "Rotate key", "request": { "method": "POST", "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/rotate", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "rotate"] }, "description": "Generates a new key version. Old versions remain usable for decryption." } }, { "name": "Destroy key version", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/versions/{{key_version}}", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "versions", "{{key_version}}"] } } }, { "name": "Get public key", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/public-key", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "public-key"] } } }, { "name": "Encrypt", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"plaintext\": \"sensitive data\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/encrypt", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "encrypt"] } } }, { "name": "Decrypt", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"ciphertext\": \"vault:v1:base64encodedciphertext\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/decrypt", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "decrypt"] } } }, { "name": "Rewrap", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"ciphertext\": \"vault:v1:base64encodedciphertext\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/rewrap", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "rewrap"] }, "description": "Re-encrypts ciphertext under the latest key version without exposing the plaintext." } }, { "name": "Sign", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"data\": \"message to sign\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/sign", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "sign"] } } }, { "name": "Verify", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"data\": \"message to sign\",\n \"signature\": \"base64signature\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/verify", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "verify"] } } }, { "name": "Sign JWT", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"claims\": {\n \"sub\": \"user-123\",\n \"aud\": \"my-service\",\n \"exp\": 9999999999\n }\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/sign-jwt", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "sign-jwt"] } } }, { "name": "Verify JWT", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"token\": \"eyJhbGciOiJFZERTQSJ9...\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/verify-jwt", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "verify-jwt"] } } }, { "name": "Sign webhook payload", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"payload\": \"{\\\"event\\\": \\\"order.created\\\", \\\"id\\\": \\\"ord_123\\\"}\",\n \"format\": \"knoxcall-v1\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/crypto/keys/{{key_name}}/sign-webhook", "host": ["{{kc_base}}"], "path": ["v1", "crypto", "keys", "{{key_name}}", "sign-webhook"] } } } ] }, { "name": "PKI / Certificate Authority", "description": "KnoxCall's built-in Certificate Authority. Create private roots, issue short-lived leaf certificates, and manage revocation.", "item": [ { "name": "List roots", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/pki/roots", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots"] } } }, { "name": "Create root", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"internal-ca\",\n \"subject\": {\n \"common_name\": \"Internal CA\",\n \"organization\": \"Acme Corp\",\n \"country\": \"US\"\n }\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/pki/roots", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots"] } } }, { "name": "Get root certificate (PEM)", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/pki/roots/{{root_name}}/cert", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots", "{{root_name}}", "cert"] } } }, { "name": "Rotate intermediate", "request": { "method": "POST", "url": { "raw": "{{kc_base}}/v1/pki/roots/{{root_name}}/rotate-intermediate", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots", "{{root_name}}", "rotate-intermediate"] } } }, { "name": "Get CRL", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/pki/roots/{{root_name}}/crl", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots", "{{root_name}}", "crl"] } } }, { "name": "List roles", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/pki/roots/{{root_name}}/roles", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots", "{{root_name}}", "roles"] } } }, { "name": "Create role", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"role_name\": \"internal-services\",\n \"allowed_domains\": [\"internal.example.com\"],\n \"allow_subdomains\": true,\n \"max_ttl_seconds\": 86400,\n \"default_ttl_seconds\": 3600\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/pki/roots/{{root_name}}/roles", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots", "{{root_name}}", "roles"] } } }, { "name": "Issue certificate", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"subject\": { \"common_name\": \"api.internal.example.com\" },\n \"san_dns\": [\"api.internal.example.com\"],\n \"ttl_seconds\": 3600\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/pki/roots/{{root_name}}/roles/{{role_name}}/issue", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots", "{{root_name}}", "roles", "{{role_name}}", "issue"] } } }, { "name": "Revoke certificate", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"serial_hex\": \"4a:bc:12:...\",\n \"reason\": \"superseded\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/pki/roots/{{root_name}}/revoke", "host": ["{{kc_base}}"], "path": ["v1", "pki", "roots", "{{root_name}}", "revoke"] } } } ] }, { "name": "Vaults", "description": "Data tokenization vaults. Store sensitive values (card numbers, SSNs, PII) as format-preserving tokens. Values never leave KnoxCall in plaintext.", "item": [ { "name": "List vaults", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/vaults?limit=20", "host": ["{{kc_base}}"], "path": ["v1", "vaults"], "query": [ { "key": "limit", "value": "20" }, { "key": "cursor", "value": "", "disabled": true } ] } } }, { "name": "Get vault", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}"] } } }, { "name": "Create vault", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"pci-cards\",\n \"token_format\": \"preserve\",\n \"default_ttl_seconds\": 2592000,\n \"description\": \"Payment card tokenization vault\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/vaults", "host": ["{{kc_base}}"], "path": ["v1", "vaults"] } } }, { "name": "Update vault", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"description\": \"Updated description\",\n \"default_ttl_seconds\": 86400,\n \"enabled\": true\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}"] } } }, { "name": "Delete vault", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}"] } } }, { "name": "Rotate vault key", "request": { "method": "POST", "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}/rotate", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}", "rotate"] } } }, { "name": "Tokenize", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"value\": \"4111111111111111\",\n \"metadata\": { \"card_type\": \"visa\", \"last4\": \"1111\" },\n \"ttl_seconds\": 2592000\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}/tokenize", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}", "tokenize"] } } }, { "name": "Bulk tokenize", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"values\": [\n { \"value\": \"4111111111111111\" },\n { \"value\": \"5500005555555559\" },\n { \"value\": \"4222222222222\" }\n ]\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}/tokenize-bulk", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}", "tokenize-bulk"] } } }, { "name": "List tokens", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}/tokens?limit=20", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}", "tokens"], "query": [ { "key": "limit", "value": "20" }, { "key": "cursor", "value": "", "disabled": true } ] } } }, { "name": "Detokenize", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}/tokens/{{token_id}}", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}", "tokens", "{{token_id}}"] }, "description": "Returns the token and its plaintext value. Requires elevated scope." } }, { "name": "Update token metadata", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"metadata\": { \"card_type\": \"visa\", \"billing_zip\": \"10001\" }\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}/tokens/{{token_id}}", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}", "tokens", "{{token_id}}"] } } }, { "name": "Delete token", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/vaults/{{vault_name}}/tokens/{{token_id}}", "host": ["{{kc_base}}"], "path": ["v1", "vaults", "{{vault_name}}", "tokens", "{{token_id}}"] } } } ] }, { "name": "Dynamic DB Credentials", "description": "Manage database connections and issue short-lived credential leases. The KnoxCall Agent handles the actual DB proxy inside your network.", "item": [ { "name": "List connections", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/dyn-db-credentials", "host": ["{{kc_base}}"], "path": ["v1", "dyn-db-credentials"] } } }, { "name": "Get connection", "request": { "method": "GET", "url": { "raw": "{{kc_base}}/v1/dyn-db-credentials/{{connection_name}}", "host": ["{{kc_base}}"], "path": ["v1", "dyn-db-credentials", "{{connection_name}}"] } } }, { "name": "Create connection", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"name\": \"prod-postgres\",\n \"engine\": \"postgres\",\n \"host\": \"db.internal.example.com\",\n \"port\": 5432,\n \"database_name\": \"mydb\",\n \"admin_username\": \"knoxcall_admin\",\n \"admin_password\": \"supersecret\",\n \"default_ttl_seconds\": 3600,\n \"max_ttl_seconds\": 86400\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/dyn-db-credentials", "host": ["{{kc_base}}"], "path": ["v1", "dyn-db-credentials"] }, "description": "engine: postgres | mysql | mssql | mongodb" } }, { "name": "Update connection", "request": { "method": "PATCH", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"default_ttl_seconds\": 1800\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/dyn-db-credentials/{{connection_name}}", "host": ["{{kc_base}}"], "path": ["v1", "dyn-db-credentials", "{{connection_name}}"] } } }, { "name": "Delete connection", "request": { "method": "DELETE", "url": { "raw": "{{kc_base}}/v1/dyn-db-credentials/{{connection_name}}", "host": ["{{kc_base}}"], "path": ["v1", "dyn-db-credentials", "{{connection_name}}"] } } }, { "name": "Rotate SSH key", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"ssh_private_key\": \"-----BEGIN OPENSSH PRIVATE KEY-----\\n...\",\n \"ssh_host_fingerprint\": \"SHA256:...\"\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/dyn-db-credentials/{{connection_name}}/rotate-ssh-key", "host": ["{{kc_base}}"], "path": ["v1", "dyn-db-credentials", "{{connection_name}}", "rotate-ssh-key"] } } }, { "name": "Issue credential lease", "request": { "method": "POST", "header": [{ "key": "Content-Type", "value": "application/json" }], "body": { "mode": "raw", "raw": "{\n \"ttl_seconds\": 3600\n}", "options": { "raw": { "language": "json" } } }, "url": { "raw": "{{kc_base}}/v1/dyn-db-credentials/{{connection_name}}/lease", "host": ["{{kc_base}}"], "path": ["v1", "dyn-db-credentials", "{{connection_name}}", "lease"] }, "description": "Issues a short-lived username/password pair. The KnoxCall Agent creates the DB user and revokes it when the lease expires." } } ] } ] }