The Knowledge Management API allows you to organize your organization's information with knowledge management software and request information on the knowledge base using advanced GraphQL queries.

API specification

Test the API on SwaggerHub

Base URL

Conceptual model

Conceptual model



To interact with an entity within the knowledge base, you will require a token to uniquely indentify the entity. This token information consists of an e-mail, an Id, IdType, a token and a DocName. The information from the token will be used in the POST /graphql request.

The token service returns a JSON message and looks like this:

^^Response example^^
        "CustomerEmail": "xx@xx.xx",
        "Id": "xxxx",
        "IdType": "knowledgebase",
        "Token": "xxxx",
        "DocName": "Demo Retail NL"

API workflow

Sequence diagram


To fill and configure the knowledge base, the same e-mail address will be used as the one you registered with at the KPN API Store. There are also some publication types that require a buddy e-mail account setup, which will be a different e-mail address from the one registered with our store.

Features and constraints


  • Create and query knowledge base collections of articles.
  • Create simple or complex graphQL queries on your categorised knowledge.
  • For external (website) or internal use.


  • Decision trees are not accessible through the API.

Getting started

Make sure you've read What's in it for you for more info on how to register and start testing APIs.


The API follows the KPN Store API Authentication Standard to secure the API. It includes the use of OAuth 2.0 client_id and client_secret to receive an access token.

Go to the Authentication tab on top of this page to find out how to:

  • Authenticate to an API using cURL.
  • Authenticate to an API on Swaggerhub.
  • Import Open API Specifications (OAS), also called Swagger files into Postman.

Setting up your third-party account with

When you add this Knowledge Management API to your project in the My API Store, you will receive an e-mail at the e-mail address that you registered. The e-mail will provide you with your password to log into the website. Go to the login page and log in with your e-mail address and provided password.

Once logged in, you can create a knowledge base. Select the appropriate template from the list of templates for the type of knowledge base you would like to create. For example: Demo Retail NL, which provides you with default collections, articles and more, written in Dutch.

With collections and articles in place, you can create a publication. Add collections to the publications and publish one or more articles.

How to...

Get token information

This request returns one or more tokens of your published information. Use token id and token in the POST /graphql request.


  1. Select GET /token.
  2. Click Try it out.
  3. Check the response code and message.


  1. Select GET (GetToken).
  2. Click Send.
  3. Check the response code and message.

Get query information

This is a powerful request that allows you to fire a graphQL query on the knowledge base. For each request you will need to provide id and token, that were previously retrieved by the GET /token request.


  1. Select POST /graphql.
  2. Supply query, token and publication id in the payload. See below for examples.
  3. Click Try it out.
  4. Check the response code and message.


  1. In the Postman collection, there are different payload based requests available, based on a query using same endpoint POST /graphql. See below for the queries.
  2. Supply query, token, publication id in the payload.
  3. Click Send.
  4. Check the response code and message.

In Postman payloads are available in the collection, whereas this is not available in SwaggerHub. Here is an overview of available GraphQL queries, so you can provide the payload to the SwaggerHub request.

Query name   Postman request   Query content payload  
Get article   POST (get article)   { "query": "{ article(id: \"{{articleId}}\") { id name content } }", "variables": {"publicationId": "{{publicationId}}", "api_token": "{{polly-api-token}}" } }
Search   POST (search)   { "query": "{ search(query: \"article\") { results { id name contentsnippet(length: 100) }} }", "variables": { "publicationId": "{{publicationId}}", "api_token": "{{polly-api-token}}" } }
Publications popular   POST (get publication > most popular)   { "query": "{ publication { mostpopular(first: 5) { id name contentsnippet(length: 100) } } }", "variables": { "publicationId": "{{publicationId}}", "api_token": "{{polly-api-token}}" } }
Publication   Post (get publication)   { "query": "{ publication { mostpopular(first: 5) { name } collections { name, mostpopular(first:3) { name}}} }", "operationName": "", "variables": { "publicationId": "{{publicationId}}", "api_token": "{{polly-api-token}}", "user": "{{emailAddress}}" } }
Analytics   POST (get analytics count article.views)   { "query": "{ search(query: \"article\") { results { id name contentsnippet(length: 100) }} }", "variables": { "publicationId": "{{publicationId}}", "api_token": "{{polly-api-token}}" } }
Suggestion   POST (submitSuggestion)   { "query": "mutation submitSuggestion { submitSuggestion( content:\"I suggest to...\" articleId:\"{{articleID}}" value:0 feedbackReason:1 priority:1 ){ id } }", "variables": { "publicationId": "{{publicationId}}", "api_token": "{{polly-api-token}}", "user" : "{{emailAddress}}" } }

Create GraphQL queries

For creating GraphQL queries, you could use an online editor. In this editor, copy and uncomment the lines below # Use these query variables for access to the demo publication: and copy this to the QUERY VARIABLES section below it. Now create your own GraphQL. If you need a GraphQL reference, check out this cheatsheet.

Return codes

Code Description
200 Success.
201 Created.
202 Accepted.
302 Found. Link in location header.
400 Bad request.
401 Unauthorized.
403 Forbidden.
404 Not found.
405 Method not allowed.
412 Precondition failed.
429 Too many requests.
500 Internal server error.
502 Bad gateway.
503 Service unavailable.

HTTP response headers

The following tables display the standard response headers that are returned with each API response:

Standard response field name Description
sunset This field will be populated with the deprecation details. By default the value is n/a.
api-version Indicates the API version you have used.
quota-interval Used to specify an integer (for example, 1, 2, 5, 60, and so on) that will be paired with the quota-time-unit you specify (minute, hour, day, week, or month) to determine a time period during which the quota use is calculated.
For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours.
quota-limit Number of API calls an user can make within a given time period.
If this limit is exceeded, the user will be throttled and API requests will fail.
quota-reset-UTC All quota times are set to the Coordinated Universal Time (UTC) time zone.
quota-time-unit Used to specify the unit of time applicable to the quota.
For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours.
quota-used Number of API calls made within the quota.
strict-transport-security The HTTP Strict-Transport-Security (HSTS) response header lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP. All present and future subdomains will be HTTPS for a maximum of 1 year and access is blocked to pages or sub domains that can only be served over HTTP including HSTS preload lists of web browsers.
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload.
Access control field name Description
access-control-allow-credentials Tells browsers whether to expose the response to frontend JavaScript when the request's credentials mode (Request.credentials) is include.
When a request's credentials mode (Request.credentials) is include, browsers will only expose the response to frontend JavaScript if the Access-Control-Allow-Credentials value is true. Boolean.
access-control-allow-origin Indicates whether the response can be shared with requesting code from the given origin.
access-control-allow-headers Used in response to a pre-flight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request.
access-control-max-age Indicates how long the results of a pre-flight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached.
access-control-allow-methods Indicates which HTTP methods are allowed on a particular endpoint for cross-origin requests.
For example: GET, PUT, POST, DELETE.
content-length The Content-Length entity header indicates the size of the entity-body, in bytes, sent to the recipient.
content-type The Content-Type entity header the client what the content type of the returned content actually is.

Mopinion feedback