/v1 Management API. Built with the Terraform Plugin Framework.
Resources
| Resource | CRUD | Import |
|---|---|---|
knoxcall_route | Yes | Yes (id) |
knoxcall_secret | Yes | Yes (id) |
knoxcall_client | Yes | Yes (id) |
knoxcall_webhook | Yes | Yes (id) |
Provider configuration
Not yet published to the Terraform Registry — until it is, build from the monorepo (
sdk/knoxcall-terraform) and point Terraform at the local binary with a dev_overrides block in ~/.terraformrc.Example
Sensitive state
knoxcall_secret.valueis write-only server-side —GETreturns metadata, never the value — soReadkeeps the value from state instead of diffing it. Rotations you make outside Terraform will not show as drift.knoxcall_webhook.secret_keyis returned exactly once at create and preserved in state (markedSensitive) across refreshes.- The provider’s
api_keyisSensitivein the schema and never appears in errors, logs, or diagnostics.
Import
All four resources import byid (the resource’s UUID):
Behavior
The provider’s API client follows the SDK parity standard where applicable:- Retries: 408/429/500/502/503/504 retried up to 3 attempts with half-jitter exponential backoff (100ms base, 5s cap). 409 is never retried. On 429 a server
Retry-Afteris honored, capped at 30s. - Idempotency: every mutating request carries a ULID
X-Idempotency-Keygenerated once per logical request — stable across retries, so transport failures are also safe to retry. - 401: fails fast with a clear diagnostic (the credential is a static
api_key, so there is nothing to re-mint). - Cancellation: all requests and retry backoffs respect Terraform’s operation context — interrupts abort promptly.
Full reference
Local build instructions anddev_overrides setup: sdk/knoxcall-terraform/README.md in the monorepo.