01
Register an integration app
Create the external app record and confirm which grant types and redirect URIs are approved for your tenant.
[Reviewed external integration path]
Integration Guide
Use this path for approved external integrations. Public setup starts with app registration, approved scopes, tokens, webhook delivery, and GraphQL transport. Reviewed access is used only when a workflow needs partner-only capabilities.
Recommended onboarding flow
Start with the public contract, then escalate to reviewed access only when your use case requires it.
02
Review approved scopes
Request only the scopes your tenant administrator has approved. Do not design for unpublished scopes.
03
Choose the token flow
Use authorization code when a user is acting in the workflow, or service tokens for headless automation.
04
Verify tokens and configure delivery
Validate JWTs against JWKS and configure webhook subscriptions or GraphQL transport with tenant scoping.
05
Request reviewed access only if needed
Use the vendor request flow for advanced platform APIs, curated GraphQL bundles, federation, or environment-specific onboarding.
Public surfaces you can rely on
These public surfaces are the supported starting point for third-party integrators.
Identity and app registration
App registration, scope discovery, governance, service-token minting, and secret rotation.
Open API referenceOAuth and service tokens
Approved token issuance flows for user-delegated access and machine-to-machine automation.
Open API referenceEvent delivery and webhooks
Outbound webhook management, testing, and delivery diagnostics for approved integrations.
Open API referenceGraphQL transport contract
Bearer-authenticated GraphQL transport with tenant scoping, without schema dumps or operation inventories.
Open API referenceOperating expectations
Treat the public contract as the only supported automation boundary unless you have reviewed access.
Store client secrets and service tokens in your own secret manager and rotate them deliberately.
Design webhook consumers to be idempotent and tolerant of retries.
Assume machine-readable topics and example payloads remain canonical English across locales.
Public flow example
# Register an external integration app
curl -X POST https://auth.knogin.com/v1/platform/apps \
-H "Authorization: Bearer <admin-access-token>" \
-H "Content-Type: application/json" \
-d '{"name":"Case sync connector","grant_types":["client_credentials"],"requested_scopes":["webhooks:write"]}'
# Exchange client credentials for a bearer token
curl -X POST https://auth.knogin.com/v1/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=<client-id>&client_secret=<client-secret>&scope=webhooks:write"
# Create an outbound webhook
curl -X POST https://auth.knogin.com/v1/webhooks \
-H "Authorization: Bearer <access-token>" \
-H "Content-Type: application/json" \
-d '{"url":"https://integrator.example/webhooks/argus","events":["case.updated"]}'The example stays inside the reviewed public contract: register, mint a token, then create an outbound webhook.
Capabilities that stay behind reviewed access
These workflows exist, but they are not documented as a public blueprint.
Advanced platform APIs
Expanded control-plane workflows and partner-only administrative paths are shared only after review.
Curated GraphQL bundles
Approved query and mutation bundles can be shared for specific integration programs without exposing the full schema.
Federation and environment review
Enterprise federation, SAML, sovereign deployment review, and environment-specific onboarding are handled case by case.
Request reviewed access
Use this form when you need a reviewed workflow, sandbox coordination, or partner-specific documentation that is intentionally not published on the public site.
Vendor Integration Request
Tell us about your integration needs and we'll get back to you within 2-3 business days.