Managing Clients
Complete guide to creating, editing, deleting, and assigning clients for IP authorization.Creating Clients
Step 1: Navigate to Clients
- Click Resources in the sidebar
- Select Clients
- Click Create Client button
Step 2: Fill in Client Details
Name (Required)
Give your client a descriptive name. Good examples:Type (Required)
Choose the appropriate type:| Type | Best For | Example |
|---|---|---|
| Server | Production servers with static IPs | AWS EC2 with Elastic IP |
| User | Developer machines, dynamic IPs | Laptops, home offices |
| Network | IP ranges, office networks | 192.168.1.0/24 |
IP Address (Required)
Enter the IP address or CIDR range. Single IP:Description (Optional but Recommended)
Document what this client is for. Good descriptions:Enabled Toggle
- ON (default): Client is active and authorized
- OFF: Client is disabled, requests will be rejected
Step 3: Save
Click Create Client ✅ Client is now created but not yet assigned to any routes!Assigning Clients to Routes
Creating a client doesn’t automatically authorize it. You must assign it to specific routes.Method 1: Assign from Route Page
Best for: Assigning to one route- Go to Routes
- Click on your route
- Go to Environment Clients tab
- Select environment (e.g., “production”)
- Click Assign Clients
- Check the boxes next to clients you want to authorize
- Click Save
Method 2: Assign from Client Page
Best for: Assigning one client to multiple routes- Go to Resources → Clients
- Click on your client
- Go to Assigned Routes tab
- Click Assign to Routes
- Select routes and environments
- Click Save
Per-Environment Assignment
Clients can be assigned differently per environment.Example Setup
Route:user-api
Production environment:
- Clients:
prod-server-1,prod-server-2
- Clients:
staging-server,qa-laptop-1,qa-laptop-2
- Clients:
dev-laptop-1,dev-laptop-2,dev-laptop-3
How to Assign Per Environment
- Go to route → Environment Clients tab
- Select environment dropdown (e.g., “production”)
- Click Assign Clients
- Check clients for this environment only
- Save
- Repeat for each environment
- Production requests only work from production servers
- Staging requests work from staging + QA machines
- Dev requests work from developer laptops
Editing Clients
When to Edit
Common reasons to edit:- IP address changed (especially for User type)
- Need to update description
- Need to enable/disable temporarily
- Expanding IP range (CIDR)
How to Edit
- Go to Resources → Clients
- Find your client in the list
- Click on the client name
- Click Edit button
- Update fields as needed
- Click Save
Common Edits
Update IP Address
When: Your development machine IP changed Before:Expand IP Range
When: Need to cover more IPs Before:Change Type
When: Server gets static IP Before:Enabling/Disabling Clients
Temporarily Disable
When to use:- Testing without deleting
- Temporarily block access
- Troubleshooting
- Edit client
- Toggle Enabled to OFF
- Save
Re-Enable
How:- Edit client
- Toggle Enabled to ON
- Save
Deleting Clients
When to Delete
- Client is no longer needed
- IP is permanently decommissioned
- Cleaning up old test clients
- Security: remove unauthorized access
⚠️ Warning
Deleting a client is permanent and will:- Remove client from ALL routes
- Reject all future requests from this IP
- Cannot be undone
How to Delete
- Go to Resources → Clients
- Find your client
- Click on client name
- Click Delete button
- Confirm deletion
Safe Alternative: Disable Instead
Instead of deleting, consider disabling:- Keeps configuration
- Can be re-enabled later
- Reversible
Viewing Client Information
Client Details Page
Click on any client to see: Basic Info:- Name, Type, IP address
- Description
- Enabled status
- Created date
- Which routes this client can access
- Which environments it’s assigned to
- Recent requests from this IP
- Success/failure rate
- Last seen timestamp
Bulk Operations
Assign Multiple Clients at Once
Scenario: Add 5 developer laptops to dev environment Steps:- Go to route → Environment Clients
- Select “development”
- Click Assign Clients
- Check all 5 developer clients at once
- Save
Create Multiple Clients from CSV
Not currently supported in UI - Need to create one by one. Workaround for many clients: Use KnoxCall API to script client creation:Client Organization
Naming Convention
Use consistent naming for easy management: Pattern:{environment}-{purpose}-{identifier}
Examples:
Use Descriptions
Always add descriptions to remember purpose:Common Scenarios
Scenario 1: New Developer Joins
Steps:- Ask developer for their IP:
curl https://api.ipify.org - Create client:
- Name:
dev-alice-laptop - Type: User
- IP:
203.50.60.70
- Name:
- Assign to development environment of all necessary routes
- Developer can now test locally!
Scenario 2: Move to Production
Steps:- Provision production server with static IP (Elastic IP)
- Create client:
- Name:
prod-api-server-1 - Type: Server
- IP:
52.100.200.50(Elastic IP)
- Name:
- Assign to production environment only (not staging/dev)
- Test carefully before going live
Scenario 3: Office Network
Steps:- Get office network CIDR range:
192.168.1.0/24 - Create client:
- Name:
office-network-main - Type: Network
- IP:
192.168.1.0/24
- Name:
- Assign to staging or dev environments (not production!)
- All office computers can now access
Scenario 4: IP Changed Unexpectedly
Symptoms: Requests suddenly fail with “IP not authorized” Steps:- Check current IP:
curl https://api.ipify.org - Compare to client IP in KnoxCall
- If different → Edit client
- Update IP to new value
- Save → Requests work again!
Alternative: API Key Authentication
For environments with dynamic IPs, consider using API key auth instead:When to Use API Keys Instead
- Developer laptops (IP changes frequently)
- Mobile devices
- Serverless functions (Lambda, Cloud Functions)
- Behind CDN/proxy with changing IPs
How to Set Up
- Create API key in Settings → API Keys
- Enable “Allow any IP” for dev/test keys
- Use key in requests instead of IP whitelisting
Security Best Practices
✅ Do
- Use descriptive names - Know what each client is for
- Add descriptions - Document IP source and purpose
- Use static IPs for production - Elastic IPs, not dynamic
- Separate environments - Different clients for prod/staging/dev
- Regular audits - Review and remove unused clients monthly
- Least privilege - Only assign to routes that need it
❌ Don’t
- Don’t use 0.0.0.0/0 - This allows ALL IPs (defeats purpose!)
- Don’t share clients - Production and dev should have separate clients
- Don’t ignore changes - Update IPs promptly when they change
- Don’t use generic names - “client1”, “test” are confusing
- Don’t allow dev IPs in prod - Keep environments isolated
Troubleshooting
Client Created But Requests Rejected
Cause: Client not assigned to route. Solution:- Go to route → Environment Clients
- Select environment
- Assign your client
- Try again
IP Keeps Changing
Cause: Dynamic IP from ISP (home/office internet). Solution:- Option A: Update IP each time it changes
- Option B: Use API key auth with “Allow any IP”
- Option C: Use VPN with static IP
Wrong Client Authorized
Symptom: Wrong server can access route. Solution:- Review Environment Clients for route
- Remove unauthorized clients
- Only keep necessary clients assigned
Quick Reference
| Task | Steps |
|---|---|
| Create client | Resources → Clients → Create |
| Edit client | Clients → Click name → Edit |
| Delete client | Clients → Click name → Delete |
| Assign to route | Route → Environment Clients → Assign |
| Disable client | Edit → Toggle Enabled OFF |
| Check current IP | curl https://api.ipify.org |
Next Steps
What are Clients?
Understand IP whitelisting basics
Client Types
Server vs User vs Network (coming soon)
CIDR Notation
Understanding IP ranges (coming soon)
IP Authorization Issues
Fix common IP problems
Pro Tip: For production, always use Server type with static IPs. For development, use User type or API key auth to handle dynamic IPs easily.