View-Based Requests
When to Use the View-Based API
- From your own Knack apps' custom
JavaScript
- From any other client-side application, hosted webpage, or embedded application
- When you want a record's data entered with only the same information available through your app's front end
- When you want your API calls to trigger a form's record rules
- When you need to use the logged-in user's information to create or update a record's data
How do View Based Requests Work?
View-based requests give you access to create/retrieve/update/delete records exactly as your apps' users do while interacting with your Live Apps.
A View-Based access pattern has the following implications
GET
requests only retrieve data for fields included in the (table, list, etc.) view specifiedPOST
andPUT
requests will only set values for fields with inputs on the form view specifiedPUT
requests can only be made against table or list views when inline editing is enabled for that view.- Views on pages which are protected by logins require authentication by a user token.
More Secure
View Based Requests require a user token in the
Authorization
header, allowing you to make secure, cross-origin requests from client-side code (as a logged-in user) without exposing an API key.To use this more secure application development pattern, leverage the
Knack.getUserToken
utility function.
These requests are often used in conjunction with JavaScript events to add advanced functionality to the behavior of live Knack apps.
All view-based requests are accessed through a scene key and view key and use a URL in the following format:
https://api.knack.com/v1/pages/scene_key/views/view_key/records
Finding scene and view keys
You can find your scene and view keys by going to the Builder and selecting the view through which you want to access your records and checking your URL, where you will see, for example, scene_3 and view_69:
Authenticating View-Based Requests
View-based requests require at least two headers: an application ID - to identify to our servers the app whose records you are requesting - and the value of knack for the API key header; note that you should not include your actual API key in view-based requests.
To authenticate requests to views on pages protected by logins, you will need to use the Authorization header whose value should be a user token.
Note that PUT and POST requests require that you tell our servers explicitly that your payload is in JSON format via the content-type header, whose value should always be application/json.
Request Headers
Key | Value | Required |
---|---|---|
X-Knack-Application-Id | Your application ID | Yes |
X-Knack-REST-API-KEY | knack | Yes |
Authorization | A user token valid for the view | Only for login-protected pages |
content-type | application/json | Only for PUT and POST requests |
Updated 3 months ago