When to Use the View-Based API

From your own Knack apps' custom JavaScript
From any other client-side application, hosted webpage, or embedded application
When you want a record's data entered with only the same information available through your app's front end
When you want your API calls to trigger a form's record rules
When you need to use the logged-in user's information to create or update a record's data

How do View Based Requests Work?

View-based requests give you access to create/retrieve/update/delete records exactly as your apps' users do while interacting with your Live Apps.

A View-Based access pattern has the following implications

GET requests only retrieve data for fields included in the (table, list, etc.) view specified
POST and PUT requests will only set values for fields with inputs on the form view specified
PUT requests can only be made against table or list views when inline editing is enabled for that view.
Views on pages which are protected by logins require authentication by a user token.

🔒
More Secure
View Based Requests require a user token in the Authorization header, allowing you to make secure, cross-origin requests from client-side code (as a logged-in user) without exposing an API key.
To use this more secure application development pattern, leverage the Knack.getUserToken utility function.

These requests are often used in conjunction with JavaScript events to add advanced functionality to the behavior of live Knack apps.

All view-based requests are accessed through a scene key and view key and use a URL in the following format: https://api.knack.com/v1/pages/scene_key/views/view_key/records

Finding scene and view keys

You can find your scene and view keys by going to the Builder and selecting the view through which you want to access your records and checking your URL, where you will see, for example, scene_3 and view_69:

Classic:

Next-Gen:

Authenticating View-Based Requests

View-based requests require at least two headers: an application ID - to identify to our servers the app whose records you are requesting - and the value of knack for the API key header; note that you should not include your actual API key in view-based requests.

To authenticate requests to views on pages protected by logins, you will need to use the Authorization header whose value should be a user token.

Note that PUT and POST requests require that you tell our servers explicitly that your payload is in JSON format via the content-type header, whose value should always be application/json.

Request Headers

Key	Value	Required
X-Knack-Application-Id	Your application ID	Yes
X-Knack-REST-API-KEY	knack	Yes
Authorization	A user token valid for the view	Only for login-protected pages
content-type	application/json	Only for PUT and POST requests