Object-Based Requests

Object-Based Requests

Object-based requests give you unrestricted access to create/retrieve/update/delete records in all fields on all records for a specific object.

Each object-based request requires an object key in its URL. You can find the object key for any object by selecting that object from left-hand menu in the Builder and checking your URL.

The object key for the Services object in the following example is object_12:


Every object-based request requires authentication with an API key.

When to Use Object-Based Requests

  • When you are making requests from server-side code which you maintain and where you can secure your API key.
  • When you want full access to all fields and records.
  • When you do not want to retrieve/create/update records based on a view and/or a logged-in user.


We strongly recommend that you do not use object-based requests from any client-side code, including custom JavaScript added directly to your Knack apps, as this will expose your API key.

Authenticating Object-Based Requests

Object-based requests require at least two headers: an application ID - to identify to our servers the app whose records you are requesting - and an API key (which is specific to each app) to authenticate the request.

PUT and POST requests require that you tell our servers explicitly that your payload is in JSON format via the content-type header, whose value should always be application/json.

Request Headers

X-Knack-Application-IdYour application IDYes
X-Knack-REST-API-KEYYour API keyYes
content-typeapplication/jsonOnly for PUT and POST requests

Working with User Roles

When working with User Roles, the data needs to be formatted as an array of corresponding profile keys. For example, ["profile_3", "profile_4"], etc.

What’s Next