It sounds like what you want is actually an HTTP signer, not knox. I started working on something like that for the Mostr bridge a while back but never finished it. The idea being that you leverage firewalls and local network security so this thing is only accessible to internal services, then they can just POST to it from your services without authorization to get events.