Allowlist
Unlike most other types of Knocknoc backends that require the Knocknoc agent to actively push grants into the target system, the Allowlist backend simply publishes a list of active grants via the API.
Pros
- Does not require a Knocknoc agent.
- Provides an additional option for custom integrations.
Cons
- Knocknoc cannot know if/when grants are applied on the target system, therefore less feedback is provided to users.
- We rely on appliances/clients to poll for allowlist updates, so they are potentially slower.
- Since Knocknoc only publishes the active allowlist, the client must implement revocation/deny.
Usage
- Add an API key with scope
allowlists.read
. - Add a backend of type "Allowlist".
- Add an ACL and select your new allowlist backend.
- Copy the provided URL. This is where your allowlist grants will be published. The URL is in format
https://example.knoc.cloud/api/v1/allowlists/<aclId>/<token>.<format>
- When fetching the URL, use http basic authentication with:
- username:
apikey
(or any string value) - password: the API key secret
- username:
The Allowlist backend is available in Knocknoc v5.2.