View-Based Requests

View-based requests give you access to create/retrieve/update/delete records exactly as your apps' users do while interacting with your Live Apps. This means that:

  • GET requests only retrieve data for fields included in the (table, list, etc.) view specified
  • POST and PUT requests will only set values for fields with inputs on the form view specified
  • PUT requests can only be made against table or list views when inline editing is enabled for that view.
  • Views on pages which are protected by logins require authentication by a user token.


Note that you do not need to authenticate these requests with an API key, making them a more secure option for being made from client-side code, such as your own apps' custom JavaScript.

These requests are often used in conjunction with JavaScript events to add advanced functionality to the behavior of live Knack apps.

All view-based requests are accessed through a scene key and view key and use a URL in the following format:

Finding scene and view keys

You can find your scene and view keys by going to the Builder and selecting the view through which you want to access your records and checking your URL, where you will see, for example, scene_3 and view_69:


When to Use the View-Based API

  • From your own Knack apps' JavaScript
  • From any other client-side application (lack of API key allows for security)
  • When you want a record's data entered with only the same information available through your app's front end
  • When you want your API calls to trigger a form's record rules
  • When you need to use the logged-in user's information to create or update a record's data

Authenticating View-Based Requests

View-based requests require at least two headers: an application ID - to identify to our servers the app whose records you are requesting - and the value of knack for the API key header; note that you should not include your actual API key in view-based requests.

To authenticate requests to views on pages protected by logins, you will need to use the Authorization header whose value should be a user token.

Note that PUT and POST requests require that you tell our servers explicitly that your payload is in JSON format via the content-type header, whose value should always be application/json.

Request Headers

X-Knack-Application-IdYour application IDYes
AuthorizationA user token valid for the viewOnly for login-protected pages
content-typeapplication/jsonOnly for PUT and POST requests

Whatโ€™s Next