Object-Based Requests
Object-Based Requests
Object-based requests give you unrestricted access to create/retrieve/update/delete records in all fields on all records for a specific object.
Each object-based request requires an object key in its URL. You can find the object key for any object by selecting that object from left-hand menu in the Builder and checking your URL.
The object key for the Services object in the following example is object_12:
Every object-based request requires authentication with an API key.
When to Use Object-Based Requests
- When you are making requests from server-side code which you maintain and where you can secure your API key.
- When you want full access to all fields and records.
- When you do not want to retrieve/create/update records based on a view and/or a logged-in user.
Security Warning
We strongly recommend that you do not use object-based requests from any client-side code, including custom
JavaScriptadded directly to your Knack apps, as this will expose your API key to your end users. This is insecure, and may result in information disclosure risks for your application.Instead, we recommend using View Based Requests
Authenticating Object-Based Requests
Object-based requests require at least two headers: an application ID - to identify to our servers the application whose records you are requesting - and an API key (which is specific to each app) to authenticate the request.
PUT and POST requests require that you tell our servers explicitly that your payload is in JSON format via the content-type header, whose value should always be application/json.
Request Headers
| Key | Value | Required |
|---|---|---|
| X-Knack-Application-Id | Your application ID | Yes |
| X-Knack-REST-API-KEY | Your API key | Yes |
| content-type | application/json | Only for PUT and POST requests |
Working with User Roles
When working with User Roles, the data needs to be formatted as an array of corresponding profile keys. For example, ["profile_3", "profile_4"], etc.
Updated 3 months ago