CORE REST API v2.0.2112
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
Introduction
Unbound Key Control ("UKC") supports a complete set of REST API for all UKC operations, including user, client and key management, cluster and partition management, backup automation, and crypto operations.
- To download the YAML version of the REST API, click here.
- To download a JavaScript sample for the REST API, click here.
UKC at a Glance
Unbound Key Control ("UKC") is an enterprise cryptography orchestration platform, offering secure key management, key storage and key-based services. It is a scalable multi-site and multi-cloud solution that works hand-in-hand with hardware security capabilities while leveraging its own FIPS certified vHSM (virtual hardware security module).
UKC has many use-cases, including tokenization, code signing, and virtual machine, database, and storage encryption.
Some notable features of UKC are:
- It supports all standard RSA, ECC, and symmetric keys while remaining transparent to the application.
- It supports standard crypto-API’s: KMIP, PKCS#11, OpenSSL, KSP and CSP.
- It is platform agnostic and supports cloud vendors, including but not limited to AWS, Azure, and GCP.
- Its installation does not disrupt the existing workflow of applications.
- It provides lifecycle management of crypto-keys including partitioning, BYOK (Bring Your Own Key), generation, renewal, archiving, and revocation.
UKC Documentation
In addition to this API reference, the following documents are available:
- UKC Release Notes
- UKC User's Guide
- UKC Integration Guide
- UKC Code Signing Guide
- UKC Developer's Guide
UKC API Overview
Authentication Types
Most UKC API operations require an authorization context and user permissions. Users are identified by an authentication token attached to the request headers.
Basic Authentication
UKC supports the basic authentication scheme. The "Basic" HTTP authentication scheme is defined in RFC 7617, which transmits credentials as user/password pairs, encoded using base64 in the HTTP Authorization header.
The user ID can include the required partition in the format:
username@partitionId:password
Note: If any of the above strings include the '%' character, it must be replaced with '%25'. Otherwise, you will receive "Authentication format error".
For example, instead of
my-name@my-partition:my-pa%%word
use
my-name@my-partition:my-pa%25%25word
For further reference see: https://en.wikipedia.org/wiki/Percent-encoding
Authentication Token
The system can authenticate the user with a generated authentication token, which is valid for a limited time. This token eliminates the need to transmit the username/password on every request. See Get OAuth authentication token for more information.
Authentication with a Certificate
The client can authenticate with the UKC using a client certificate. This method can be useful to either add another layer of security or when you do not desire to use a username and password.
To get a token, call Get OAuth authentication token with a client certificate. Then use the returned token for subsequent calls.
Authentication Failure (unauthorized)
If an operation is unauthorized, an HTTP 401 status code is returned with
the WWW-Authenticate header.
API Key (Authorization)
Parameter Name: Authorization, in: header.
For accessing the API a valid JWT token must be passed in all the queries in the 'Authorization' header. A valid JWT token is generated by the API and returned as answer of a call to the route /login giving a valid user and password. The following syntax must be used in the 'Authorization' header : Bearer: xxxxxx.yyyyyyy.zzzzzz
Partitioning
UKC objects are organized into partitions. Partitioning allows namespacing and access control to objects by configuring users with roles per partition.
The objects contained in a partition are:
Users, Clients, Keys, Certificates, and Secrets. The Root partition may also contain other partitions.
Permissions
Any partition can have many users who can access its objects.
A partition user can have one of two security roles:
-
so - Security Officer. Can perform all operations on the partition objects including administration: adding, modifying and deleting objects.
-
user - Can only perform cryptographic operations with the partition objects, such as sign and verify, and can also create, manage, and edit keys, certificates and secrets.
Root Partition
The default built-in partition for an UKC cluster is called root and is
created automatically when setting up a new UKC cluster.
Partition Hierarchy
-
Parent partition - The root partition is the parent of all partitions.
-
Permission inheritance - User access permissions can be configured to be inherited from the root partition. For example, a user
userA, which is an SO on root, would also have SO permissions onpartitionB.- Note: By default, access permissions are not inherited from the root partition. To use permission inheritance, it should be configured explicitly.
Object IDs
Many operations require an object ID as part of the resource URI. Object IDs can be one of the following:
- Keys - refer to keys using the UID, which is unique in the partition. You can also use the name, but it may not be unique. Operations using a name that is not unique will fail.
- All other objects - refer to the object by name, which is unique.
Quorum
The UKC can be configured to require quorum approval for certain operations. In case the operation you are executing requires it, the http result would be 202 (ACCEPTED) and a quorum job object.
Use the jobs API in order to manage approvals for different jobs.
Error Handling
Responses are formatted in the standard REST format, with a fields showing information about the error. The possible error codes are described with each API.
For example, here is a token request:
https:///api/v1/token
The error that is received is shown on the right.
{
"type": "UNAUTHORIZED",
"title": "Login failed due to wrong username, password or missing certificate",
"details": "Login failed due to wrong username, password or missing certificate",
"status": "UNAUTHORIZED",
"message": "Login failed due to wrong username, password or missing certificate"
}
Authorization
- API Key (Authorization)
- Parameter Name: Authorization, in: header. For accessing the API a valid JWT token must be passed in all the queries in the 'Authorization' header. A valid JWT token is generated by the API and returned as answer of a call to the route /login giving a valid user and password. The following syntax must be used in the 'Authorization' header : Bearer: xxxxxx.yyyyyyy.zzzzzz
Authentication
Get OAuth authentication token
Code samples
const inputBody = '{
"grant_type": "string",
"username": "string",
"password": "string",
"refresh_token": "string",
"assertion": "string",
"id_token": "string",
"code": "string",
"otp": "string",
"redirect_uri": "string",
"idp_id": "string",
"partition_id": "string"
}';
const headers = {
'Content-Type':'application/x-www-form-urlencoded',
'Accept':'application/json'
};
fetch('/api/v1/token',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json'
POST /api/v1/token
Returns an OAuth authentication token which can be used in future calls for authentication.
Body parameter
grant_type: string
username: string
password: string
refresh_token: string
assertion: string
id_token: string
code: string
otp: string
redirect_uri: string
idp_id: string
partition_id: string
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | object | false | none |
| » grant_type | body | string | true | Grant type |
| » username | body | string | false | The username |
| » password | body | string | false | Password |
| » refresh_token | body | string | false | Refresh token |
| » assertion | body | string | false | Assertion |
| » id_token | body | string | false | ID Token |
| » code | body | string | false | Authorization Code |
| » otp | body | string | false | One time password |
| » redirect_uri | body | string | false | Redirect URI |
| » idp_id | body | string | false | Identity Provider ID |
| » partition_id | body | string | false | Partition ID |
Example responses
200 Response
{
"access_token": "eyJ...MoQ",
"token_type": "bearer",
"expires_at": "string",
"expires_in": 1000,
"scope": "user",
"refresh_token": "eyJ...0N"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | OauthToken |
| 401 | Unauthorized | Authentication failure, the system could not verify the user name and password passed in the request header | None |
Revoke all tokens for a user
Code samples
const inputBody = '{
"token": "string"
}';
const headers = {
'Content-Type':'application/x-www-form-urlencoded'
};
fetch('/api/v1/token/revoke',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/token/revoke \
-H 'Content-Type: application/x-www-form-urlencoded'
POST /api/v1/token/revoke
Revoke all tokens related to given authentication.
Body parameter
token: string
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | object | false | none |
| » token | body | string | true | token |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 401 | Unauthorized | Authentication failure, the system could not verify the user name and password passed in the request header | None |
Get token (deprecated)
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/authToken',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/authToken \
-H 'Accept: application/json'
GET /api/v1/authToken
Returns an authentication token which can be used in future calls for authentication. The user credentials are provided in the HTTP headers.
Note: This endpoint is deprecated. Use Get OAuth authentication token instead.
Example responses
200 Response
{
"value": "eyJraWQiOiIweDAwMGNhZGQ5ODZiNWMwYTM5NCIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiJzb0BhenVyZSIsIm9yaWciOiIxMjcuMC4wLjEiLCJpc3MiOiJVTkJPVU5EIiwiaXNfcmVmcmVzaCI6ZmFsc2UsImV4cCI6MTU4MjQ0OTczNSwiaWF0IjoxNTgyNDQ3OTM1LCJqdGkiOiI5YWE0YjhiYi1kMGM4LTQxODEtYjhlMC0zYWQ4ODkzYjg1ZjcifQ.jqwC3O4XuIb678uVsBkWh-bBpvumnEIoFtde-xdBcF9CpUnqC1FURw6dpDeIb9TZvIzXDsjusucwv-JjjYbUYA"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Token |
| 401 | Unauthorized | Authentication failure, the system could not verify the user name and password passed in the request header | None |
Revoke token (deprecated)
Code samples
fetch('/api/v1/authToken',
{
method: 'DELETE'
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/authToken
DELETE /api/v1/authToken
Invalidates an authentication token
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 401 | Unauthorized | Authentication failure, the system could not verify the user name and password passed in the request header | None |
Change password
Code samples
const inputBody = '{
"existingPassword": "string",
"newPassword": "string",
"otp": "815713"
}';
const headers = {
'Content-Type':'application/json'
};
fetch('/api/v1/me/password',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/me/password \
-H 'Content-Type: application/json'
PUT /api/v1/me/password
Change the password for the current user. The current user credentials are provided in the HTTP headers. Could be either password or JWT token.
Body parameter
{
"existingPassword": "string",
"newPassword": "string",
"otp": "815713"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | NewAndExistingPassword | false | New and existing password |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Password changed successfully | None |
| 400 | Bad Request | New password does not comply with password policy rules | None |
Get oauth keys
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/auth/keys',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/auth/keys \
-H 'Accept: application/json'
GET /api/v1/auth/keys
Get oauth keys,
Example responses
200 Response
[
{
"kid": "0x0083a3c96dd563b329",
"x": "7KTOg6UAP99GsQF43UyxPEjrUKk68Dwo+npP6XrIbBg=",
"y": "tpMGf3UQo/80J+15J10n63NpPoeBowMODj9e1hIyTF4=",
"crv": "P_256",
"use": "sig",
"kty": "EC",
"alg": "ES256"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | Inline |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [JWKSKey] | false | none | none |
| » kid | string | false | none | Key Id |
| » x | string | false | none | X |
| » y | string | false | none | Y |
| » crv | string | false | read-only | Curve |
| » use | string | false | read-only | Usage |
| » kty | string | false | read-only | Key Type |
| » alg | string | false | read-only | Algorithm |
Backup
Backup database
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/backup',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/backup \
-H 'Accept: application/json'
POST /api/v1/backup
Perform a database backup
Example responses
200 Response
{
"id": "string",
"state": "IN_PROGRESS",
"error": "string",
"date": "string",
"file": "string",
"pairHostnames": [
"string"
],
"version": "string",
"digestDiff": {
"diffRecords": [
{
"sectionDiff": "string",
"entriesDiff": [
{
"objectType": "string",
"digestSource": "string",
"uid": "string",
"name": "string",
"partitionId": "string",
"partitionName": "string",
"version": "string",
"detail": "string",
"object type": "string",
"digest source": "string",
"partition id": "string",
"partition name": "string"
}
]
}
]
},
"alertLevel": "WARN"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Backup request received | DbBackup |
| 202 | Accepted | ACCEPTED | Job |
List backups
Code samples
const headers = {
'Accept':'*/*'
};
fetch('/api/v1/backup',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/backup \
-H 'Accept: */*'
GET /api/v1/backup
List all backup items
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| from | query | string | false | from |
| to | query | string | false | to |
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | skip |
Example responses
200 Response
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | DbBackupListResponse |
Get backup information
Code samples
const headers = {
'Accept':'*/*'
};
fetch('/api/v1/backup/{backupId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/backup/{backupId} \
-H 'Accept: */*'
GET /api/v1/backup/{backupId}
Get database backup information
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| backupId | path | string | true | Backup ID |
Example responses
200 Response
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | DbBackup |
Delete backup
Code samples
const headers = {
'Accept':'*/*'
};
fetch('/api/v1/backup/{backupId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/backup/{backupId} \
-H 'Accept: */*'
DELETE /api/v1/backup/{backupId}
Delete a backup record in the database.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| backupId | path | string | true | Backup ID |
Example responses
202 Response
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 202 | Accepted | ACCEPTED | Job |
Get backup alerts summary
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/backup/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/backup/alerts \
-H 'Accept: application/json'
GET /api/v1/backup/alerts
Get backup alerts summary
Example responses
200 Response
{
"category": "CLIENTS",
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"counter": 0,
"title": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | AlertsSummary |
Check for backup alert
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/backup/{backupId}/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/backup/{backupId}/alerts \
-H 'Accept: application/json'
GET /api/v1/backup/{backupId}/alerts
Get alerts from a backup. Returns an alert if backup digest test fails.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| backupId | path | string | true | Backup ID |
Example responses
200 Response
{
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"title": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Alert |
Clients
Create a client
Code samples
const inputBody = '{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"activationCodeValidity": 20,
"isTemplate": false,
"persistentClient": true,
"activationCodeLength": 10,
"ipRange": "0.0.0.0/0",
"certificateExpiration": 1578240
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/clients',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/clients \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/clients
Creates a new client and returns the activation code.
Body parameter
{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"activationCodeValidity": 20,
"isTemplate": false,
"persistentClient": true,
"activationCodeLength": 10,
"ipRange": "0.0.0.0/0",
"certificateExpiration": 1578240
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewClient | false | New Client |
Example responses
200 Response
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | Client |
| 201 | Created | New client created successfully | Client |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exists | None |
Create client with certificate (JSON)
Code samples
const inputBody = '{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"alternativeNames": "{client-ip,client-name}",
"pfxPassword": "string",
"csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"certificate": "string",
"certificateExpiration": 1578240
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'
};
fetch('/api/v1/clients/with-cert',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/clients/with-cert \
-H 'Content-Type: application/json' \
-H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'
POST /api/v1/clients/with-cert
Creates a new client and returns the certificate. It uses CSR or public key material in JSON format.
Body parameter
{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"alternativeNames": "{client-ip,client-name}",
"pfxPassword": "string",
"csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"certificate": "string",
"certificateExpiration": 1578240
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewClientWithCertificate | false | New Client |
Example responses
200 Response
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | string |
| 201 | Created | New client created successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exists | None |
Create client with certificate (DER)
Code samples
const inputBody = '{
"file": "string",
"newClientWithCertificate": "string"
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'
};
fetch('/api/v1/clients/with-cert-file',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/clients/with-cert-file \
-H 'Content-Type: multipart/form-data' \
-H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'
POST /api/v1/clients/with-cert-file
Creates a new client and returns the certificate. It uses FS description of the certificate.
Body parameter
file: string
newClientWithCertificate: string
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | object | false | none |
| » file | body | string(binary) | true | key file |
| » newClientWithCertificate | body | string | false | the new client |
Example responses
200 Response
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | string |
| 201 | Created | New client created successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exists | None |
Create a client with secret
Code samples
const inputBody = '{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"ipRange": "0.0.0.0/0",
"grantTypes": [
"CLIENT_CREDENTIALS"
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/clients/with-secret',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/clients/with-secret \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/clients/with-secret
Creates a new client and returns the secret.
Body parameter
{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"ipRange": "0.0.0.0/0",
"grantTypes": [
"CLIENT_CREDENTIALS"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewClientWithSecret | false | New Client |
Example responses
200 Response
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | Client |
| 201 | Created | New client created successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exists | None |
List clients
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/clients',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/clients \
-H 'Accept: application/json'
GET /api/v1/clients
Return a list of clients.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | Skip |
| detailed | query | boolean | false | Detailed |
| template | query | string | false | Template |
| activationCodeExpiry | query | integer(int32) | false | Search activation codes that expire within N days |
| filter | query | string | false | Pagination filter |
| sort | query | string | false | Specify the column name to sort by and the sort direction. The format is '{column_name}:{asc/desc}'. The default sort is ascending. The column name can be one of the following: NAME, STATUS, TYPE, EXPIRY_AT, UPDATED_AT, CREATED_AT, ACTIVATION_CODE_EXPIRY |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | ClientListResponse |
Get client details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/clients/{clientId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/clients/{clientId} \
-H 'Accept: application/json'
GET /api/v1/clients/{clientId}
Return details of a client.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| clientId | path | string | true | Client ID |
| partitionId | query | string | false | Partition ID |
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Client |
Update client details
Code samples
const inputBody = '{
"checkIp": false,
"allowNat": false,
"ipRange": "0.0.0.0/0"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/clients/{clientId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/clients/{clientId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/clients/{clientId}
Update client properties.
Body parameter
{
"checkIp": false,
"allowNat": false,
"ipRange": "0.0.0.0/0"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| clientId | path | string | true | Client ID |
| partitionId | query | string | false | Partition ID |
| body | body | ClientsUpdates | false | Clients updates |
Example responses
200 Response
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Client Updated successfully. | Client |
| 202 | Accepted | ACCEPTED | Job |
Delete a client
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/clients/{clientId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/clients/{clientId} \
-H 'Accept: application/json'
DELETE /api/v1/clients/{clientId}
Delete the specified client.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| clientId | path | string | true | Client ID |
| partitionId | query | string | false | Partition ID |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Client deleted successfully. | None |
| 202 | Accepted | ACCEPTED | Job |
Refresh activation code
Code samples
const inputBody = '{
"certificateExpiration": 1578240,
"activationCodeValidity": 20,
"activationCodeLength": 10,
"ipRange": "0.0.0.0/0",
"generateNewActivationCode": true
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/clients/{clientId}/activation-code',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/activation-code \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/clients/{clientId}/activation-code
Refresh the client's activation code.
Body parameter
{
"certificateExpiration": 1578240,
"activationCodeValidity": 20,
"activationCodeLength": 10,
"ipRange": "0.0.0.0/0",
"generateNewActivationCode": true
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| clientId | path | string | true | Client ID |
| partitionId | query | string | false | Partition ID |
| body | body | RefreshedCertificateClient | false | Refreshed values |
Example responses
200 Response
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Activation code Refreshed successfully. | Client |
| 202 | Accepted | ACCEPTED | Job |
Refresh client public key
Code samples
const inputBody = '{
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"expiration": 1578240,
"alternativeNames": "{client-ip,client-name}"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/clients/{clientId}/publicKey',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/publicKey \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/clients/{clientId}/publicKey
Refresh client public key.
Body parameter
{
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"expiration": 1578240,
"alternativeNames": "{client-ip,client-name}"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| clientId | path | string | true | Client ID |
| partitionId | query | string | false | Partition ID |
| body | body | RefreshedPublicKeyClient | false | Refreshed values |
Example responses
200 Response
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Secret Refreshed successfully. | Client |
| 202 | Accepted | ACCEPTED | Job |
Refresh client secret
Code samples
const inputBody = '{
"expiration": 1578240,
"grantTypes": [
"CLIENT_CREDENTIALS"
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/clients/{clientId}/secret',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/secret \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/clients/{clientId}/secret
Refresh client secret
Body parameter
{
"expiration": 1578240,
"grantTypes": [
"CLIENT_CREDENTIALS"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| clientId | path | string | true | Client ID |
| partitionId | query | string | false | Partition ID |
| body | body | RefreshedSecretClient | false | Refreshed values |
Example responses
200 Response
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Secret Refreshed successfully. | Client |
| 202 | Accepted | ACCEPTED | Job |
Get client alert summary
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/clients/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/clients/alerts \
-H 'Accept: application/json'
GET /api/v1/clients/alerts
Get a summary of the client alerts.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"category": "CLIENTS",
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"counter": 0,
"title": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | AlertsSummary |
Get alerts for a specific client
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/clients/{clientId}/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/clients/{clientId}/alerts \
-H 'Accept: application/json'
GET /api/v1/clients/{clientId}/alerts
Return the alerts for a specific client.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| clientId | path | string | true | Client ID |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"title": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Alert |
Cryptography
Encrypt clear text
Code samples
const inputBody = '{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"clearText": "string",
"dataEncoding": "PLAIN"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/encrypt',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/encrypt \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/encrypt
Encrypt clear text into cipher text with an existing key. Parameters allow selecting padding mode and encryption mode.
Body parameter
{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"clearText": "string",
"dataEncoding": "PLAIN"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Id of the Key used for encryption |
| body | body | EncryptData | false | Data to encrypt |
Example responses
200 Response
{
"cipherTextBase64": "string",
"ivBase64": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Cipher |
| 202 | Accepted | ACCEPTED | Job |
Encrypt multiple values
Code samples
const inputBody = '{
"clearTextItems": [
"string"
],
"dataEncoding": "PLAIN",
"params": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/encryptx',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/encryptx \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/encryptx
Encryption is done using the key. Parameters allow selecting padding mode and encryption mode.
Body parameter
{
"clearTextItems": [
"string"
],
"dataEncoding": "PLAIN",
"params": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key used for encryption |
| body | body | Encryptx | false | Object containing a list of plaintexts that you want to encrypt. |
Example responses
200 Response
[
{
"cipherTextBase64": "string",
"ivBase64": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [Cipher] | false | none | [Includes encrypted data] |
| » cipherTextBase64 | string | true | none | base64 encoded encrypted data |
| » ivBase64 | string | false | none | base64 encoded Initialize Vector |
Decrypt a value
Code samples
const inputBody = '{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"cipher": {
"cipherTextBase64": "string",
"ivBase64": "string"
},
"outputEncoding": "PLAIN"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/decrypt',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/decrypt \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/decrypt
Decrypt a value using the key. The same parameters for encryption are supported for decryption.
Body parameter
{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"cipher": {
"cipherTextBase64": "string",
"ivBase64": "string"
},
"outputEncoding": "PLAIN"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | The key used for decryption |
| body | body | DecryptData | false | Data to decrypt |
Example responses
200 Response
{
"clearText": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK. Returns clear text encoded according to request parameters | ClearText |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | Authentication encryption failure | None |
Decrypt multiple values
Code samples
const inputBody = '{
"encrypted": [
{
"cipherTextBase64": "string",
"ivBase64": "string"
}
],
"params": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"outputEncoding": "PLAIN"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/decryptx',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/decryptx \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/decryptx
Decryption is done using the key. The same parameters for encryption are supported for decryption.
Body parameter
{
"encrypted": [
{
"cipherTextBase64": "string",
"ivBase64": "string"
}
],
"params": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"outputEncoding": "PLAIN"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | The key used for decryption |
| body | body | Decryptx | false | Object containing a list of ciphertexts that you want to decrypt. |
Example responses
200 Response
[
{
"clearText": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Array of decrypted values with requested encoding | Inline |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | Authentication encryption failure | None |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [ClearText] | false | none | none |
| » clearText | string | false | none | clearText |
Seal clear text
Code samples
const inputBody = '{
"clearText": "string",
"dataEncoding": "PLAIN"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/seal',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/seal \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/seal
Seal clear text into cipher text with an existing key. Encryption is done exactly as encryption with a certificate.
Body parameter
{
"clearText": "string",
"dataEncoding": "PLAIN"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Id of the Key used for encryption |
| body | body | SealData | false | Data to seal |
Example responses
200 Response
{
"value": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | SealedCipher |
| 202 | Accepted | ACCEPTED | Job |
Unseal a value
Code samples
const inputBody = '{
"cipher": {
"value": "string"
},
"outputEncoding": "PLAIN"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/unseal',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/unseal \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/unseal
Unseal a value using the key. The same parameters for encryption are supported for decryption.
Body parameter
{
"cipher": {
"value": "string"
},
"outputEncoding": "PLAIN"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | The key used for decryption |
| body | body | UnSealData | false | Data to un-seal |
Example responses
200 Response
{
"clearText": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK. Returns clear text encoded according to request parameters | ClearText |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | Authentication encryption failure | None |
Wrap and export key
Code samples
const inputBody = '{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"wrappedKeyId": "string"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/wrap',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/wrap \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/wrap
Wrap and export a key with an existing key.
Body parameter
{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"wrappedKeyId": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key used for wrapping |
| body | body | WrapData | false | Wrap data |
Example responses
200 Response
{
"cipherTextBase64": "string",
"ivBase64": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Cipher |
| 202 | Accepted | ACCEPTED | Job |
Unwrap and import key
Code samples
const inputBody = '{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"keyData": "string",
"newGeneratedKey": {
"policyKeyId": "string",
"keyId": "string",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/unwrap',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/unwrap \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/unwrap
Unwrap and import a new key.
Note: The response data depends on the key type and other factors. It includes only those attributes that are relevant to the requested key type.
Body parameter
{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"keyData": "string",
"newGeneratedKey": {
"policyKeyId": "string",
"keyId": "string",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | The key used for unwrapping |
| body | body | UnwrapData | false | UnWrap Data |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | New key created added successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | Authentication encryption failure | None |
| 409 | Conflict | Key with this ID already exist | None |
Derive a new key
Code samples
const inputBody = '{
"data": "string",
"dataEncoding": "PLAIN",
"size": 0
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/derive-key',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/derive-key \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/derive-key
Derive a new key and return it without storing it.
Note: The response data depends on the key type and other factors. It includes only those attributes that are relevant to the requested key type.
Body parameter
{
"data": "string",
"dataEncoding": "PLAIN",
"size": 0
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | The key used for derive |
| body | body | DeriveKeyData | false | Derivation data |
Example responses
201 Response
{
"keyData": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | New key derived successfully | Key |
| 202 | Accepted | ACCEPTED | Job |
Derive and store a new key
Code samples
const inputBody = '{
"bipDerivationParams": {
"childNumber": 0,
"hardened": true
},
"policyKeyId": "string",
"newGeneratedKey": {
"policyKeyId": "string",
"keyId": "string",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
},
"derivationMode": "CONCAT",
"hash": "SHA1",
"slipDerivationParams": {
"childNumber": 0,
"hardened": true
},
"concatDerivationParams": {
"data": "string",
"isPrefix": true
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/derive',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/derive \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/derive
Derive a new key and store it in UKC.
Note: The response data depends on the key type and other factors. It includes only those attributes that are relevant to the requested key type.
Body parameter
{
"bipDerivationParams": {
"childNumber": 0,
"hardened": true
},
"policyKeyId": "string",
"newGeneratedKey": {
"policyKeyId": "string",
"keyId": "string",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
},
"derivationMode": "CONCAT",
"hash": "SHA1",
"slipDerivationParams": {
"childNumber": 0,
"hardened": true
},
"concatDerivationParams": {
"data": "string",
"isPrefix": true
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | The key used for derive |
| body | body | DeriveData | false | Derivation data |
Example responses
201 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | New key derived successfully | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
Create MAC for a message
Code samples
const inputBody = '{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"mode": "GMAC",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 0
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/mac',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/mac \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/mac
Generate a Message Authentication Code (MAC) for a message. MAC mode is provided as a parameter.
Body parameter
{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"mode": "GMAC",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 0
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key used for MAC |
| body | body | MACSignData | false | Mac Data |
Example responses
200 Response
{
"mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
"ivBase64": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK. Returns the generated Message Authentication Code | Mac |
| 202 | Accepted | ACCEPTED | Job |
Verify MAC
Code samples
const inputBody = '{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"mode": "GMAC",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 0
},
"mac": {
"mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
"ivBase64": "string"
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/macVerify',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/macVerify \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/macVerify
Verifies a MAC value. Supports the same parameters as the MAC option.
Body parameter
{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"mode": "GMAC",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 0
},
"mac": {
"mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
"ivBase64": "string"
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key used for verification |
| body | body | MACVerifyData | false | Mac Verify Data |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK. Verified Successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | Verification failed | None |
Sign a message
Code samples
const inputBody = '{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"doHash": true,
"ecdsaMode": "ECDSA",
"paillierKey": "string",
"totsSignData": {
"challengeResponse": "string",
"totsParams": {
"index": 0,
"nof": 1
}
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/sign',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/sign \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/sign
Hash and sign a given message. If requested, it can also assume the input is a hash value and just sign it. Different modes are supported as parameters and the output can be either a raw signature or PKCS7, based on request.
Body parameter
{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"doHash": true,
"ecdsaMode": "ECDSA",
"paillierKey": "string",
"totsSignData": {
"challengeResponse": "string",
"totsParams": {
"index": 0,
"nof": 1
}
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key used for signing |
| body | body | SignData | false | Data that needs to be signed. |
Example responses
200 Response
{
"signature": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q="
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Signature |
| 202 | Accepted | ACCEPTED | Job |
Verify a signature
Code samples
const inputBody = '{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"doHash": true,
"signature": {
"signature": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q="
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/verify',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/verify \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/verify
Verifies a signature value. Supports the same parameters as the sign option.
Body parameter
{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"doHash": true,
"signature": {
"signature": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q="
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Certificate used for verification |
| body | body | VerifyData | false | Data with a signature that needs to be verified. |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK. Signature verified successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | Verification failed | None |
Generate TOTS offline challenge
Code samples
const inputBody = '{
"paillierKey": "string",
"message": "string",
"dataEncoding": "PLAIN",
"totsParams": {
"index": 0,
"nof": 1
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/challenge',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/challenge \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/challenge
Generate TOTS challenge for getPublic and TOTS sign operations. Relevant for TOTS offline keys
Body parameter
{
"paillierKey": "string",
"message": "string",
"dataEncoding": "PLAIN",
"totsParams": {
"index": 0,
"nof": 1
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key used for signing |
| body | body | TOTSChallengeData | false | Data used to generate TOTS challenge |
Example responses
200 Response
{
"value": "example"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Challenge |
| 202 | Accepted | ACCEPTED | Job |
Tokenize data
Code samples
const inputBody = '{
"value": "string",
"tweak": "string",
"dataType": "EMAIL",
"format": "string",
"maxSize": 40
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/tokenize',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/tokenize \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/tokenize
Tokenize single items with a PRF key.
Body parameter
{
"value": "string",
"tweak": "string",
"dataType": "EMAIL",
"format": "string",
"maxSize": 40
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition name with a PRF key. |
| keyId | path | string | true | PRF key UID designated for tokenization. |
| body | body | TokenizeData | false | The tokenization parameters in JSON. |
Example responses
200 Response
{
"uid": "string",
"tweak": "string",
"value": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | TokenizeResponse |
| 202 | Accepted | ACCEPTED | Job |
Tokenize multiple values
Code samples
const inputBody = '{
"valueItems": [
"string"
],
"tweak": "string",
"dataType": "EMAIL",
"format": "string",
"maxSize": 40
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/tokenizex',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/tokenizex \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/tokenizex
Tokenize multiple items with a PRF key.
Body parameter
{
"valueItems": [
"string"
],
"tweak": "string",
"dataType": "EMAIL",
"format": "string",
"maxSize": 40
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition name with a PRF key. |
| keyId | path | string | true | PRF key UID designated for tokenization. |
| body | body | TokenizeX | false | The tokenization parameters in JSON. |
Example responses
200 Response
[
{
"uid": "string",
"tweak": "string",
"value": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
| 202 | Accepted | ACCEPTED | Job |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [TokenizeResponse] | false | none | none |
| » uid | string | true | none | PRF key UID. |
| » tweak | string | true | none | Tokenized tweak. |
| » value | string | true | none | Array of tokenized values. |
Detokenize data
Code samples
const inputBody = '{
"value": "string",
"tweak": "string",
"dataType": "EMAIL",
"format": "string"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/detokenize',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/detokenize \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/detokenize
Detokenize single items with an existing PRF key. Detokenization uses the values and parameters provided in the JSON output of the tokenized data.
Body parameter
{
"value": "string",
"tweak": "string",
"dataType": "EMAIL",
"format": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition name with a PRF key. |
| keyId | path | string | true | PRF key UID used for detokenization. |
| body | body | DetokenizeData | false | The tokenization parameters in JSON. |
Example responses
200 Response
{
"uid": "string",
"tweak": "string",
"value": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | DetokenizeResponse |
| 202 | Accepted | ACCEPTED | Job |
Detokenize multiple values
Code samples
const inputBody = '{
"valueItems": [
"string"
],
"tweak": "string",
"dataType": "EMAIL",
"format": "string"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/detokenizex',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/detokenizex \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/detokenizex
Detokenize multiple items with an existing PRF key. Detokenization uses the values and parameters provided in the JSON output of the tokenized data.
Body parameter
{
"valueItems": [
"string"
],
"tweak": "string",
"dataType": "EMAIL",
"format": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition name with a PRF key. |
| keyId | path | string | true | PRF key UID designated for detokenization. |
| body | body | DeTokenizeX | false | The tokenization parameters in JSON. |
Example responses
200 Response
[
{
"uid": "string",
"tweak": "string",
"value": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Array of decrypted values with requested encoding | Inline |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | Authentication encryption failure | None |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [DetokenizeResponse] | false | none | none |
| » uid | string | true | none | PRF key UID. |
| » tweak | string | true | none | Tokenized tweak. |
| » value | string | true | none | Array of tokenized values. |
Sign a message with CASP keys
Code samples
const inputBody = '{
"dataEncoding": "PLAIN",
"paillierKey": "string",
"signOperationData": {
"publicKeys": [
"string"
],
"dataToSign": [
"string"
],
"rawTransactions": [
"string"
],
"details": "string",
"operationId": "string",
"data": [
"string"
],
"description": "string",
"signedVaultDeclaration": "string",
"collectedDataGroups": {
"collectionComplete": true,
"dataCollectionGroups": [
{
"minimumRequired": 0,
"collectedData": [
{
"dataCollectorDetails": {
"id": "string",
"name": "string",
"state": "string",
"description": "string",
"creationTime": "string",
"modificationTime": "string",
"authenticationKey": "string",
"attributeTemplateGroup": {
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{}
]
},
"activationCode": "string"
},
"data": {
"property1": "string",
"property2": "string"
},
"collectionDone": true,
"signedUniqueData": "string",
"collectionStart": 0,
"collectionEnd": 0
}
],
"name": "string"
}
]
},
"vaultAttributes": {
"attributes": [
{
"value": "string",
"attributeTemplate": {
"id": "string",
"name": "string",
"description": "string",
"min": "string",
"max": "string",
"templateTypeName": "string"
}
}
]
},
"policyId": "string",
"creationTime": 0,
"ledgerName": "string",
"changePublicKeys": [
"string"
],
"derivedWhitelistChildNumbers": [
0
],
"ukcKeyIds": [
"string"
],
"ledgerHashAlgorithm": "string"
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/caspSign',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/caspSign \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/caspSign
Used internally by CASP
Body parameter
{
"dataEncoding": "PLAIN",
"paillierKey": "string",
"signOperationData": {
"publicKeys": [
"string"
],
"dataToSign": [
"string"
],
"rawTransactions": [
"string"
],
"details": "string",
"operationId": "string",
"data": [
"string"
],
"description": "string",
"signedVaultDeclaration": "string",
"collectedDataGroups": {
"collectionComplete": true,
"dataCollectionGroups": [
{
"minimumRequired": 0,
"collectedData": [
{
"dataCollectorDetails": {
"id": "string",
"name": "string",
"state": "string",
"description": "string",
"creationTime": "string",
"modificationTime": "string",
"authenticationKey": "string",
"attributeTemplateGroup": {
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{}
]
},
"activationCode": "string"
},
"data": {
"property1": "string",
"property2": "string"
},
"collectionDone": true,
"signedUniqueData": "string",
"collectionStart": 0,
"collectionEnd": 0
}
],
"name": "string"
}
]
},
"vaultAttributes": {
"attributes": [
{
"value": "string",
"attributeTemplate": {
"id": "string",
"name": "string",
"description": "string",
"min": "string",
"max": "string",
"templateTypeName": "string"
}
}
]
},
"policyId": "string",
"creationTime": 0,
"ledgerName": "string",
"changePublicKeys": [
"string"
],
"derivedWhitelistChildNumbers": [
0
],
"ukcKeyIds": [
"string"
],
"ledgerHashAlgorithm": "string"
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key used for signing |
| body | body | CaspSign | false | Data that needs to be signed. |
Example responses
200 Response
{
"signatures": [
"string"
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | CaspSignatures |
General
Get system information
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/info',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/info \
-H 'Accept: application/json'
GET /api/v1/info
Return system information, including version and supported capabilities. If authentication is provided, it returns the allowed operations.
Example responses
200 Response
{
"version": "2.0.1",
"lastActivityAt": "string",
"allowedOperations": "{Create,Destroy,Sign,...}",
"allowedPartitions": "{part1, part2, ...}",
"alerts": [
{
"category": "CLIENTS",
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"counter": 0,
"title": "string"
}
],
"allowedCryptoAlgorithms": "{RSA,DES,AES,...}",
"allowedDigitalSignatureAlgorithms": "{ECDSAWithSHA_1,ECDSAWithSHA256,ECDSAWithSHA384,...}",
"allowedHashingAlgorithms": "{SHA_1,SHA_224,SHA_256,...}",
"allowedBlockCipherModes": "{CBC,ECB,CFB,...}",
"allowedPaddings": "{RSA,DES,AES,...}",
"allowedCurves": "{SECP256K1,CURVE25519,CURVE448,...}"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | SystemInfo |
Check UKC health
Code samples
const headers = {
'Accept':'*/*'
};
fetch('/api/v1/health',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/health \
-H 'Accept: */*'
GET /api/v1/health
Return health status of the UKC system and determine if it is usable. As long as the HTTP return code is OK, the system is usable.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| pairOnly | query | boolean | false | pairOnly |
| timeout | query | integer(int32) | false | Timeout |
Example responses
200 Response
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | string |
Check pair health
Code samples
fetch('/api/v1/pair/health',
{
method: 'GET'
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/pair/health
GET /api/v1/pair/health
Return health status of the UKC pair and determine if it is usable
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| timeout | query | integer(int32) | false | Timeout |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
Get server certificate
Code samples
const headers = {
'Accept':'application/x-x509-user-cert,application/json'
};
fetch('/api/v1/self.cer',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/self.cer \
-H 'Accept: application/x-x509-user-cert,application/json'
GET /api/v1/self.cer
Download this specific server certificate. It is used for registering new servers.
Example responses
200 Response
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | string |
Get root certificate
Code samples
const headers = {
'Accept':'application/x-pkcs7-certificates,application/json'
};
fetch('/api/v1/server-ca.p7b',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/server-ca.p7b \
-H 'Accept: application/x-pkcs7-certificates,application/json'
GET /api/v1/server-ca.p7b
Download the root CA certificate of UKC.
Example responses
200 Response
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | string |
Get root CA certificates
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/trust',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/trust \
-H 'Accept: application/json'
GET /api/v1/trust
Get all root CA certificates.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"id": "my-certificate",
"role": "ROOT_CA",
"subject": "string",
"validUntil": "string",
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"version": "V3",
"alertLevel": "WARN",
"uid": "string",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"issuer": "string",
"validFrom": "string",
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"sha1Thumbprint": "string",
"signature": "string",
"isCa": true,
"isSelfSigned": true
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | SystemCertificate |
Generate random bytes
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/random',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/random \
-H 'Accept: application/json'
GET /api/v1/random
Get random bytes from the UKC server. By default it returns 32 bytes, unless size is specified. The UKC random number generator is combined from different entropy sources of the different servers in the UKC cluster
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| size | query | integer(int32) | false | Size (in bytes) of random bytes to return |
Example responses
200 Response
{
"entropy": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | RandomEntropyBytes |
Add entropy bytes
Code samples
const inputBody = '{
"entropy": "string"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/random/entropy-bytes',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/random/entropy-bytes \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/random/entropy-bytes
Add random bytes to the UKC entropy source. Different clients can add entropy to the server. Collecting entropy from the clients can enhance the strength of the UKC random number generator. This function only adds entropy, i.e. if the provided value has no entropy, it does not harm the generator quality.
Body parameter
{
"entropy": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | RandomEntropyBytes | false | Random bytes |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 202 | Accepted | ACCEPTED | Job |
Groups
List users groups
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/groups',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/groups \
-H 'Accept: application/json'
GET /api/v1/groups
Return a list of all existing users groups.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | skip |
| filter | query | string | false | Pagination filter |
| sort | query | string | false | Specify the column name to sort by and the sort direction. The format is '{column_name}:{asc/desc}'. The default sort is ascending. The column name can be one of the following: NAME, UPDATED_AT, CREATED_AT |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UsersGroupListResponse |
Create a new group
Code samples
const inputBody = '{
"name": "group1",
"roles": "[so, user, signer]",
"users": "[so, user, admin]",
"expression": ".*@somedomain.com"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/groups',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/groups \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/groups
Create a new group in a given partition.
Body parameter
{
"name": "group1",
"roles": "[so, user, signer]",
"users": "[so, user, admin]",
"expression": ".*@somedomain.com"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewUsersGroup | false | New Users Group |
Example responses
201 Response
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Group created successfully | UsersGroup |
| 202 | Accepted | ACCEPTED | UsersGroup |
| 409 | Conflict | Group already exists | None |
Get users group details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/groups/{groupId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/groups/{groupId} \
-H 'Accept: application/json'
GET /api/v1/groups/{groupId}
Get details of an existing users group.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| groupId | path | string | true | Group ID to look for |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UsersGroup |
Get users group permissions
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/groups/{groupId}/permissions',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/groups/{groupId}/permissions \
-H 'Accept: application/json'
GET /api/v1/groups/{groupId}/permissions
Get permissions of an existing users group.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| groupId | path | string | true | Group ID to look for |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UsersGroup |
Update users group
Code samples
const inputBody = '{
"expression": ".*@somedomain.com",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/groups/{groupId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/groups/{groupId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/groups/{groupId}
Update an existing users group.
Body parameter
{
"expression": ".*@somedomain.com",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| groupId | path | string | true | Group ID to update |
| partitionId | query | string | false | Partition ID |
| body | body | UsersGroup | false | Users Group |
Example responses
200 Response
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UsersGroup |
Add users to group
Code samples
const inputBody = '[
"string"
]';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/groups/{groupId}/users',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/groups/{groupId}/users \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/groups/{groupId}/users
Add a list of users to an existing users group.
Body parameter
[
"string"
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| groupId | path | string | true | Group ID to update |
| partitionId | query | string | false | Partition ID |
| body | body | array[string] | false | Users |
Example responses
200 Response
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UsersGroup |
Delete users from group
Code samples
const inputBody = '[
"string"
]';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/groups/{groupId}/users',
{
method: 'DELETE',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/groups/{groupId}/users \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
DELETE /api/v1/groups/{groupId}/users
Delete a list of users from an existing users group.
Body parameter
[
"string"
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| groupId | path | string | true | Group ID to update |
| partitionId | query | string | false | Partition ID |
| body | body | array[string] | false | Users |
Example responses
200 Response
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UsersGroup |
Delete users group
Code samples
fetch('/api/v1/groups/{groupId}',
{
method: 'DELETE'
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/groups/{groupId}
DELETE /api/v1/groups/{groupId}
Delete an existing users group.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| groupId | path | string | true | Group ID to delete |
| partitionId | query | string | false | Partition ID |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
Add roles to group
Code samples
const inputBody = '[
"string"
]';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/groups/{groupId}/roles',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/groups/{groupId}/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/groups/{groupId}/roles
Add a list of roles to an existing users group.
Body parameter
[
"string"
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| groupId | path | string | true | Group ID to update |
| partitionId | query | string | false | Partition ID |
| body | body | array[string] | false | Roles |
Example responses
200 Response
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UsersGroup |
Delete roles from group
Code samples
const inputBody = '[
"string"
]';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/groups/{groupId}/roles',
{
method: 'DELETE',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/groups/{groupId}/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
DELETE /api/v1/groups/{groupId}/roles
Delete a list of roles from an existing users group.
Body parameter
[
"string"
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| groupId | path | string | true | Group ID to update |
| partitionId | query | string | false | Partition ID |
| body | body | array[string] | false | Roles |
Example responses
200 Response
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UsersGroup |
Identity providers
List identity providers
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/idps',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/idps \
-H 'Accept: application/json'
GET /api/v1/idps
Return a list of all identity providers.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]",
"tokenEndpoint": "http://example.com",
"authorizationEndpoint": "http://example.com",
"userinfoEndpoint": "http://example.com",
"jwksUri": "http://example.com",
"supportedClaims": [
"string"
],
"supportedScopes": [
"string"
],
"supportedResponseTypes": [
"string"
],
"supportedGrantTypes": [
"string"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | IdentityProviderListResponse |
Create identity provider
Code samples
const inputBody = '{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"clientSecret": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/idps',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/idps \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/idps
Create a new identity provider.
Body parameter
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"clientSecret": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | NewIdentityProvider | false | New Identity provider |
Example responses
201 Response
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]",
"tokenEndpoint": "http://example.com",
"authorizationEndpoint": "http://example.com",
"userinfoEndpoint": "http://example.com",
"jwksUri": "http://example.com",
"supportedClaims": [
"string"
],
"supportedScopes": [
"string"
],
"supportedResponseTypes": [
"string"
],
"supportedGrantTypes": [
"string"
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Identity provider created successfully | IdentityProvider |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Identity provider exists | None |
Get identity provider details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/idps/{idpId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/idps/{idpId} \
-H 'Accept: application/json'
GET /api/v1/idps/{idpId}
Get details of an existing identity provider.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| idpId | path | string | true | Identity Provider ID to look for |
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]",
"tokenEndpoint": "http://example.com",
"authorizationEndpoint": "http://example.com",
"userinfoEndpoint": "http://example.com",
"jwksUri": "http://example.com",
"supportedClaims": [
"string"
],
"supportedScopes": [
"string"
],
"supportedResponseTypes": [
"string"
],
"supportedGrantTypes": [
"string"
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | IdentityProvider |
Update identity provider
Code samples
const inputBody = '{
"description": "string",
"url": "string",
"clientId": "string",
"clientSecret": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/idps/{idpId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/idps/{idpId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/idps/{idpId}
Update an identity provider.
Body parameter
{
"description": "string",
"url": "string",
"clientId": "string",
"clientSecret": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| idpId | path | string | true | Identity Provider ID |
| body | body | IdentityProviderUpdates | false | Identity Provider updates |
Example responses
200 Response
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]",
"tokenEndpoint": "http://example.com",
"authorizationEndpoint": "http://example.com",
"userinfoEndpoint": "http://example.com",
"jwksUri": "http://example.com",
"supportedClaims": [
"string"
],
"supportedScopes": [
"string"
],
"supportedResponseTypes": [
"string"
],
"supportedGrantTypes": [
"string"
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Identity provider updated successfully. | IdentityProvider |
| 202 | Accepted | ACCEPTED | Job |
Delete identity provider
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/idps/{idpId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/idps/{idpId} \
-H 'Accept: application/json'
DELETE /api/v1/idps/{idpId}
Delete an identity provider.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| idpId | path | string | true | Identity Provider ID |
Example responses
200 Response
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]",
"tokenEndpoint": "http://example.com",
"authorizationEndpoint": "http://example.com",
"userinfoEndpoint": "http://example.com",
"jwksUri": "http://example.com",
"supportedClaims": [
"string"
],
"supportedScopes": [
"string"
],
"supportedResponseTypes": [
"string"
],
"supportedGrantTypes": [
"string"
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Deleted identity provider successfully | IdentityProvider |
| 202 | Accepted | ACCEPTED | Job |
Jobs
List pending jobs
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/jobs/quorum',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/jobs/quorum \
-H 'Accept: application/json'
GET /api/v1/jobs/quorum
Get a list of the pending quorum jobs.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
[
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [Job] | false | none | [An asynchronous job] |
| » initiator | string | false | read-only | Initiator |
| » id | string | false | read-only | ID |
| » title | string | false | read-only | Title |
| » opName | string | false | read-only | opName |
| » createdAt | string | false | read-only | Created at |
| » expiresAt | string | false | read-only | Expires at |
| » opParams | [KeyValueEntry] | false | read-only | opParams |
| »» key | string | true | none | key |
| »» value | string | true | none | value |
| »» description | string | false | read-only | quorum timeout |
| »» type | string | false | read-only | value type |
| »» defaultValue | string | false | read-only | default value |
| »» min | integer(int32) | false | read-only | minimum value |
| »» max | integer(int32) | false | read-only | maximum value |
| »» unit | string | false | read-only | unit type |
| » response | string | false | read-only | response |
| » approvedBy | [string] | false | read-only | Approved by |
| » status | string | false | read-only | status |
| » totalRequiredApprovals | integer(int32) | false | read-only | Total required approvals |
Enumerated Values
| Property | Value |
|---|---|
| type | BOOLEAN |
| type | TEXT |
| type | INTEGER |
| type | ARRAY |
| type | MAP |
| type | CERTIFICATE |
| type | POLICY |
| unit | SECONDS |
| unit | MINUTES |
| unit | HOURS |
| unit | DAYS |
| unit | MONTHS |
| unit | YEARS |
| unit | CHARACTERS |
| unit | MILLIS |
| status | PENDING_APPROVAL |
| status | PENDING_EXECUTION |
| status | DONE |
| status | EXPIRED |
Get job status
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/jobs/my/status',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/jobs/my/status \
-H 'Accept: application/json'
GET /api/v1/jobs/my/status
Get the status of pending quorum requests.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"pendingApproval": 2,
"pendingExecution": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | QuorumStatus |
Get job data
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/jobs/{jobId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/jobs/{jobId} \
-H 'Accept: application/json'
GET /api/v1/jobs/{jobId}
Get job data for a specific job.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| jobId | path | string | true | Job ID |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Job |
Approve a job
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/jobs/{jobId}/approve',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/jobs/{jobId}/approve \
-H 'Accept: application/json'
POST /api/v1/jobs/{jobId}/approve
Approve a pending quorum job.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| jobId | path | string | true | Job ID |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Job |
Execute a job
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/jobs/{jobId}/execute',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/jobs/{jobId}/execute \
-H 'Accept: application/json'
POST /api/v1/jobs/{jobId}/execute
Execute an approved quorum job.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| jobId | path | string | true | Job ID |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Job |
Delete a job
Code samples
const headers = {
'Accept':'*/*'
};
fetch('/api/v1/jobs/{jobId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/jobs/{jobId} \
-H 'Accept: */*'
DELETE /api/v1/jobs/{jobId}
Delete a specific job.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| jobId | path | string | true | Job ID |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Job |
Keys
Generate key
Code samples
const inputBody = '{
"policyKeyId": "string",
"keyId": "string",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/generate',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/generate \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/generate
Generate a new asymmetric or symmetric key. The key format is provided as a parameter.
For example, to create a 256-bit AES symmetric key, use the parameters: {
  "keyId":"AES-KEY",
  "keyFormat": {
    "type": "AES", "size": "256"
  }
}
The keyFormat type can be: RSA, ECC, AES, DES, TDES, HMAC, XTS, PRF, PWD, LIMA, or EDDSA
Note: The response data depends on the key type and other factors. It includes only those attributes that are relevant to the requested key type.
Body parameter
{
"policyKeyId": "string",
"keyId": "string",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewGeneratedKey | false | The new key |
Example responses
201 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Key generated successfully | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exist | KeyInfo |
Import key
Code samples
const inputBody = '{
"file": "string",
"id": "string",
"idEncoding": "string",
"password": "string",
"description": "string",
"usage": "string",
"exportType": "string",
"trusted": true,
"groups": "string",
"keyOnly": true,
"isSymmetric": true,
"symmetricKeyType": "string",
"testMode": true,
"keyRotationInterval": 0,
"activate": true,
"activationDate": "string",
"deactivationDate": "string",
"splitKeyParts": 0,
"keyPartIdentifier": 0,
"splitKeyThreshold": 0,
"splitKeyMethod": "string",
"encoding": "PLAIN"
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json'
};
fetch('/api/v1/keys',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys \
-H 'Content-Type: multipart/form-data' \
-H 'Accept: application/json'
POST /api/v1/keys
Import a key based on the given file.
Note: The response data depends on the key type and other factors. It includes only those attributes that are relevant to the requested key type.
Body parameter
file: string
id: string
idEncoding: string
password: string
description: string
usage: string
exportType: string
trusted: true
groups: string
keyOnly: true
isSymmetric: true
symmetricKeyType: string
testMode: true
keyRotationInterval: 0
activate: true
activationDate: string
deactivationDate: string
splitKeyParts: 0
keyPartIdentifier: 0
splitKeyThreshold: 0
splitKeyMethod: string
encoding: PLAIN
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | object | false | none |
| » file | body | string(binary) | true | key file |
| » id | body | string | true | key id |
| » idEncoding | body | string | false | key id encoding |
| » password | body | string | false | password for the file if required |
| » description | body | string | false | key description |
| » usage | body | string | false | key usage |
| » exportType | body | string | false | Export Type |
| » trusted | body | boolean | false | trusted (yes or no) |
| » groups | body | string | false | List of groups |
| » keyOnly | body | boolean | false | import only key (no chain) |
| » isSymmetric | body | boolean | false | is key is symmetric |
| » symmetricKeyType | body | string | false | the symmetric key type |
| » testMode | body | boolean | false | get key info without importing |
| » keyRotationInterval | body | integer | false | key rotation interval (days) |
| » activate | body | boolean | false | activate the key |
| » activationDate | body | string | false | Activation Date |
| » deactivationDate | body | string | false | Deactivation Date |
| » splitKeyParts | body | integer | false | number of split key parts |
| » keyPartIdentifier | body | integer | false | key part identifier |
| » splitKeyThreshold | body | integer | false | split key threshold |
| » splitKeyMethod | body | string | false | split key method |
| » encoding | body | string | false | key encoding |
Example responses
201 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Key generated successfully | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exist | None |
List keys
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keys \
-H 'Accept: application/json'
GET /api/v1/keys
Return a list of keys.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | skip |
| id | query | string | false | Key id |
| type | query | string | false | Key type |
| exportType | query | string | false | exportType |
| trusted | query | boolean | false | Is Trusted |
| groups | query | array[string] | false | Groups |
| state | query | string | false | Key state |
| isEnabled | query | boolean | false | Is Enabled |
| showDestroyed | query | boolean | false | Include destroyed objects |
| keystoreName | query | string | false | Keystore name |
| filter | query | string | false | Pagination filter |
| sort | query | string | false | Specify the column name to sort by and the sort direction. The format is '{column_name}:{asc/desc}'. The default sort is ascending. The column name can be one of the following: UID, NAME, DESCRIPTION, STATE, ALGORITHM, GROUPS, PERMITTED_OPERATIONS, UPDATED_AT |
| detailed | query | boolean | false | Detailed |
Enumerated Values
| Parameter | Value |
|---|---|
| type | RSA |
| type | ECC |
| type | AES |
| type | TDES |
| type | DES |
| type | HMAC |
| type | XTS |
| type | PRF |
| type | PWD |
| type | LIMA |
| type | EDDSA |
| type | TOTSSeed |
| type | CHACHA20 |
| type | SPLIT_KEY |
| exportType | IN_PLAIN |
| exportType | WRAPPED |
| exportType | WRAPPED_WITH_TRUSTED |
| exportType | NON_EXPORTABLE |
| state | PREACTIVE |
| state | ACTIVE |
| state | DEACTIVATED |
| state | COMPROMISED |
| state | DESTROYED |
| state | DESTROYED_COMPROMISED |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyInfoListResponse |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-total-count | integer | int32 | total amount of keys |
Get key details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keys/{keyId} \
-H 'Accept: application/json'
GET /api/v1/keys/{keyId}
Get detailed key information.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keyId | path | string | true | Key ID to look for |
| partitionId | query | string | false | Partition ID |
| detailed | query | boolean | false | Detailed |
| signed | query | boolean | false | Signed |
Example responses
200 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyInfo |
Get key material
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/value',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keys/{keyId}/value \
-H 'Accept: application/json'
GET /api/v1/keys/{keyId}/value
Return the key material for an asymmetric key or exportable symmetric key.
You can request the asymmetric key in PFX or PEM format and symmetric keys in raw format.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keyId | path | string | true | Key ID to look for |
| partitionId | query | string | false | Partition ID |
| password | query | string | false | Password |
Example responses
200 Response
{
"keyData": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Key |
Get public key
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/public',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keys/{keyId}/public \
-H 'Accept: application/json'
GET /api/v1/keys/{keyId}/public
Return the public details of a key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keyId | path | string | true | Key ID to look for |
| partitionId | query | string | false | Partition ID |
| obfuscate | query | boolean | false | Add obfuscated private key as part of the encoded data, relevant only for PKI keys. |
| totsIndex | query | integer(int32) | false | Index to the relevant derived public key, relevant only for TOTS keys. |
| totsNOF | query | integer(int32) | false | Number of fragments, relevant only for TOTS keys. |
| challengeResponse | query | string | false | Challenge response for TOTS offline mode |
| paillierKey | query | string | false | Paillier public key for TOTS offline mode |
Example responses
200 Response
{
"keyData": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Key |
Get key groups
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/groups',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keys/groups \
-H 'Accept: application/json'
GET /api/v1/keys/groups
Get key groups.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| operations | query | array[string] | false | Operations |
Enumerated Values
| Parameter | Value |
|---|---|
| operations | ACTIVATE |
| operations | ADD_ATTRIBUTE |
| operations | CREATE |
| operations | CREATE_KEY_PAIR |
| operations | DECRYPT |
| operations | DELETE_ATTRIBUTE |
| operations | DERIVE_KEY |
| operations | DESTROY |
| operations | DELETE |
| operations | DY_DERIVE |
| operations | DY_GET_KEY_MATERIAL |
| operations | DY_GET_SECRET_DATA |
| operations | DY_UPDATE_DATA |
| operations | ENCRYPT |
| operations | MAC |
| operations | MAC_VERIFY |
| operations | MODIFY_ATTRIBUTE |
| operations | MODIFY_ATTRIBUTE_LIST |
| operations | REGISTER |
| operations | REKEY |
| operations | REKEY_KEY_PAIR |
| operations | REVOKE |
| operations | SIGN |
| operations | SIGNATURE_VERIFY |
| operations | DY_ENABLE |
| operations | DY_TOKENIZE |
| operations | DY_DETOKENIZE |
| operations | LINK |
| operations | RELINK |
| operations | UNLINK |
| operations | JOIN_SPLIT_KEY |
| operations | RESTORE_BACKUP |
Example responses
200 Response
[
"string"
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
Response Schema
Enable a key
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/enable',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/enable \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/enable
Enable a specific key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key ID to enable |
Example responses
200 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
Disable a key
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/disable',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/disable \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/disable
Disable a specific key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key ID to enable/disable |
Example responses
200 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
Update a key
Code samples
const inputBody = '{
"id": "string",
"description": "string",
"splitKeyParts": 0,
"keyPartIdentifier": 0,
"splitKeyThreshold": 0,
"splitKeyMethod": "string",
"groups": [
"string"
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/keys/{keyId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/keys/{keyId}
Update an existing key.
Body parameter
{
"id": "string",
"description": "string",
"splitKeyParts": 0,
"keyPartIdentifier": 0,
"splitKeyThreshold": 0,
"splitKeyMethod": "string",
"groups": [
"string"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| includeCert | query | boolean | false | Include Cert |
| keyId | path | string | true | Key id |
| body | body | KeyUpdates | false | Key updates |
Example responses
200 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
Activate a key
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/activate',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/activate \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/activate
Activate the specified key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| includeCert | query | boolean | false | Include Cert |
| keyId | path | string | true | Key ID to activate |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 202 | Accepted | ACCEPTED | Job |
Revoke a key
Code samples
const inputBody = '{
"message": "string",
"reason": "UNSPECIFIED",
"compromiseOccurrenceDate": 0
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/revoke',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/revoke \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/revoke
Revoke the specified key.
Body parameter
{
"message": "string",
"reason": "UNSPECIFIED",
"compromiseOccurrenceDate": 0
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key ID to activate |
| includeCert | query | boolean | false | Include Cert |
| body | body | RevokeParams | false | Revocation parameters |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 202 | Accepted | ACCEPTED | Job |
Renew a key
Code samples
const headers = {
'Accept':'*/*'
};
fetch('/api/v1/keys/{keyId}/rekey',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/rekey \
-H 'Accept: */*'
POST /api/v1/keys/{keyId}/rekey
Create a new key with the same parameters as the existing one. The new key inherits the current key ID and a link is created between the two keys.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyRotationInterval | query | integer(int32) | false | key rotation interval |
| keyStateOffset | query | integer(int32) | false | key state offset |
| keyId | path | string | true | The key to move. This could be either a key UID or label. |
Example responses
200 Response
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | KeyInfo |
| 201 | Created | OK. Key renewed successfully. | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
Destroy a key
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/keys/{keyId} \
-H 'Accept: application/json'
DELETE /api/v1/keys/{keyId}
Delete the specified key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key ID to delete |
| fullDelete | query | boolean | false | Delete object completely |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 202 | Accepted | ACCEPTED | Job |
Get alerts summary for keys
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keys/alerts \
-H 'Accept: application/json'
GET /api/v1/keys/alerts
Get the alerts summary for keys.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"category": "CLIENTS",
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"counter": 0,
"title": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | AlertsSummary |
Get alerts for a specific key
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keys/{keyId}/alerts \
-H 'Accept: application/json'
GET /api/v1/keys/{keyId}/alerts
Return the alerts for a specific key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keyId | path | string | true | Key ID to look for |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"title": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Alert |
Get key operations
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/permissions',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keys/{keyId}/permissions \
-H 'Accept: application/json'
GET /api/v1/keys/{keyId}/permissions
Returns specific allowed operations on a key for a specific key UID.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keyId | path | string | true | Key ID to look for |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
[
"ACTIVATE"
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
Response Schema
Link keystore key
Code samples
const inputBody = '{
"keyStoreName": "string",
"keyStoreObjectId": "string",
"alias": "string",
"activate": true,
"groups": [
"string"
],
"keyRotationInterval": 0,
"activationDate": 0,
"deactivationDate": 0
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keys/link',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/link \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keys/link
Link an existing KeyStore key
Body parameter
{
"keyStoreName": "string",
"keyStoreObjectId": "string",
"alias": "string",
"activate": true,
"groups": [
"string"
],
"keyRotationInterval": 0,
"activationDate": 0,
"deactivationDate": 0
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewLinkedKey | false | Keystore Object Uid |
Example responses
201 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Key linked successfully | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already linked | KeyInfo |
Relink a key from keystore
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/reLink',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/reLink \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/reLink
Relink a specific key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key ID to unLink |
Example responses
200 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
Unlink a key from keystore
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keys/{keyId}/unLink',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/{keyId}/unLink \
-H 'Accept: application/json'
POST /api/v1/keys/{keyId}/unLink
Unlink a specific key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| keyId | path | string | true | Key ID to unLink |
Example responses
200 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
Join split key
Code samples
const inputBody = '{
"id": "string",
"idEncoding": "string",
"password": "string",
"description": "string",
"usage": "string",
"exportType": "string",
"trusted": true,
"groups": "string",
"symmetricKeyType": "string",
"testMode": true,
"keyRotationInterval": 0,
"activate": true,
"activationDate": "string",
"deactivationDate": "string",
"splitKeyIdentifiers": "string",
"signed": true,
"deleteSplitKeyParts": true
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json'
};
fetch('/api/v1/keys/joinSplitKey',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/joinSplitKey \
-H 'Content-Type: multipart/form-data' \
-H 'Accept: application/json'
POST /api/v1/keys/joinSplitKey
Join split keys
Body parameter
id: string
idEncoding: string
password: string
description: string
usage: string
exportType: string
trusted: true
groups: string
symmetricKeyType: string
testMode: true
keyRotationInterval: 0
activate: true
activationDate: string
deactivationDate: string
splitKeyIdentifiers: string
signed: true
deleteSplitKeyParts: true
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | object | false | none |
| » id | body | string | true | key id |
| » idEncoding | body | string | false | key id encoding |
| » password | body | string | false | password for the file if required |
| » description | body | string | false | key description |
| » usage | body | string | false | key usage |
| » exportType | body | string | false | Export Type |
| » trusted | body | boolean | false | trusted (yes or no) |
| » groups | body | string | false | List of groups |
| » symmetricKeyType | body | string | false | the symmetric key type |
| » testMode | body | boolean | false | get key info without importing |
| » keyRotationInterval | body | integer | false | key rotation interval (days) |
| » activate | body | boolean | false | activate the key |
| » activationDate | body | string | false | Activation Date |
| » deactivationDate | body | string | false | Deactivation Date |
| » splitKeyIdentifiers | body | string | false | split key parts unique identifiers |
| » signed | body | boolean | false | signed flag |
| » deleteSplitKeyParts | body | boolean | false | delete split key parts flag |
Example responses
201 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Split key joined successfully | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
Restore backup key
Code samples
const inputBody = '{
"file": "string"
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json'
};
fetch('/api/v1/keys/restore',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keys/restore \
-H 'Content-Type: multipart/form-data' \
-H 'Accept: application/json'
POST /api/v1/keys/restore
Restore backup based on the given file.
Note: The response data depends on the key type and other factors. It includes only those attributes that are relevant to the requested key type.
Body parameter
file: string
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | object | false | none |
| » file | body | string(binary) | true | key file |
Example responses
201 Response
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Key restored successfully | KeyInfo |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exist | None |
Keystores
Create a new keystore
Code samples
const inputBody = '{
"name": "string",
"description": "string",
"accessKeyId": "string",
"secretKey": "string",
"params": {
"property1": {},
"property2": {}
},
"isExternal": true,
"keyStoreSyncPolicy": "ALL_ACTIVE"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keyStores',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keyStores \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keyStores
Create a new keystore.
Body parameter
{
"name": "string",
"description": "string",
"accessKeyId": "string",
"secretKey": "string",
"params": {
"property1": {},
"property2": {}
},
"isExternal": true,
"keyStoreSyncPolicy": "ALL_ACTIVE"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewKeyStore | false | New Keystore |
Example responses
201 Response
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Keystore created successfully | KeyStore |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Keystore already exists | None |
List external keystores
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keyStores',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keyStores \
-H 'Accept: application/json'
GET /api/v1/keyStores
Return a list of all external keystores.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | skip |
| detailed | query | boolean | false | Detailed |
| partitionId | query | string | false | Partition ID |
| syncPolicies | query | array[string] | false | Sync Policies |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeystoreListResponse |
List keys from a keystore
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keyStores/{keystoreId}/keys',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keyStores/{keystoreId}/keys \
-H 'Accept: application/json'
GET /api/v1/keyStores/{keystoreId}/keys
Return a list of keys from a keystore.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keystoreId | path | string | true | Keystore ID |
| partitionId | query | string | false | Partition ID |
| limit | query | integer(int32) | false | Page Limit |
| pageToken | query | string | false | Page Token |
| detailed | query | boolean | false | Detailed |
| onlyIds | query | boolean | false | Only Ids |
| includeNotInUkc | query | boolean | false | Include not in ukc |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyInfoListResponse |
Response Headers
| Status | Header | Type | Format | Description |
|---|---|---|---|---|
| 200 | X-total-count | integer | int32 | total amount of keys |
Get external KS key details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keyStores/{keystoreId}/keys/{externalKeyId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keyStores/{keystoreId}/keys/{externalKeyId} \
-H 'Accept: application/json'
GET /api/v1/keyStores/{keystoreId}/keys/{externalKeyId}
Get details of an existing keystore key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keystoreId | path | string | true | Keystore ID to look for |
| externalKeyId | path | string | true | External key ID to look for |
| detailed | query | boolean | false | Detailed |
| delegate | query | boolean | false | Delegate |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyStore |
Get keystore details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keyStores/{keystoreId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keyStores/{keystoreId} \
-H 'Accept: application/json'
GET /api/v1/keyStores/{keystoreId}
Get details of an existing keystore.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keystoreId | path | string | true | Keystore ID to look for |
| detailed | query | boolean | false | Detailed |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyStore |
Update a keystore
Code samples
const inputBody = '{
"description": "string",
"accessKeyId": "string",
"secretKey": "string",
"params": {
"property1": {},
"property2": {}
},
"keyStoreSyncPolicy": "ALL_ACTIVE"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keyStores/{keystoreId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/keyStores/{keystoreId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/keyStores/{keystoreId}
Update a keystore.
Body parameter
{
"description": "string",
"accessKeyId": "string",
"secretKey": "string",
"params": {
"property1": {},
"property2": {}
},
"keyStoreSyncPolicy": "ALL_ACTIVE"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keystoreId | path | string | true | Keystore ID |
| partitionId | query | string | false | Partition ID |
| body | body | KeyStoreUpdates | false | Keystore updates |
Example responses
200 Response
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | KeyStore Updated successfully. | KeyStore |
| 202 | Accepted | ACCEPTED | Job |
Delete a keystore
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keyStores/{keystoreId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/keyStores/{keystoreId} \
-H 'Accept: application/json'
DELETE /api/v1/keyStores/{keystoreId}
Delete a keystore.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keystoreId | path | string | true | Keystore ID |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Key store registered successfully | KeyStore |
| 202 | Accepted | ACCEPTED | Job |
Register keystore endpoint
Code samples
const inputBody = '{
"url": "string",
"pfxPassword": "string",
"san": "string"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/keyStores/{keystoreId}/register',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keyStores/{keystoreId}/register \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/keyStores/{keystoreId}/register
Register a new keystore endpoint.
Body parameter
{
"url": "string",
"pfxPassword": "string",
"san": "string"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keystoreId | path | string | true | Keystore ID |
| partitionId | query | string | false | Partition ID |
| body | body | NewKeyStoreEndpoint | false | New Endpoint |
Example responses
200 Response
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Key store registered successfully | KeyStore |
| 202 | Accepted | ACCEPTED | Job |
Unregister keystore endpoint
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keyStores/{keystoreId}/unregister',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/keyStores/{keystoreId}/unregister \
-H 'Accept: application/json'
POST /api/v1/keyStores/{keystoreId}/unregister
Unregister a keystore endpoint.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keystoreId | path | string | true | Keystore ID |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Key store registered successfully | KeyStore |
| 202 | Accepted | ACCEPTED | Job |
Get keystore parameters
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/keyStores/templates',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/keyStores/templates \
-H 'Accept: application/json'
GET /api/v1/keyStores/templates
Get details to configure keystore.
Example responses
200 Response
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | KeyStore |
Partitions
Create a new partition
Code samples
const inputBody = '{
"name": "string",
"soPassword": "string",
"newClient": {
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"alternativeNames": "{client-ip,client-name}",
"pfxPassword": "string",
"csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"certificate": "string",
"certificateExpiration": 1578240
},
"inherit": false,
"propagate": false,
"fipsRequirements": "FIPS_NONE",
"isAllowDefaultClient": false,
"allowKeystores": false,
"cacheTimeout": 3600
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'
};
fetch('/api/v1/partitions',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/partitions \
-H 'Content-Type: application/json' \
-H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'
POST /api/v1/partitions
Create a new logical partition. It can optionally create a default client certificate for the new partition.
Body parameter
{
"name": "string",
"soPassword": "string",
"newClient": {
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"alternativeNames": "{client-ip,client-name}",
"pfxPassword": "string",
"csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"certificate": "string",
"certificateExpiration": 1578240
},
"inherit": false,
"propagate": false,
"fipsRequirements": "FIPS_NONE",
"isAllowDefaultClient": false,
"allowKeystores": false,
"cacheTimeout": 3600
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| body | body | NewPartition | false | The new partition |
Example responses
200 Response
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | string |
| 201 | Created | Partition created successfully. If initial client was specified, the response will include the generated PFX in Base64 encoded DER format | None |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exists | None |
List partitions
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/partitions',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/partitions \
-H 'Accept: application/json'
GET /api/v1/partitions
Get a list of partitions.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | skip |
| filter | query | string | false | Pagination filter |
| sort | query | string | false | Specify the column name to sort by and the sort direction. The format is '{column_name}:{asc/desc}'. The default sort is ascending. The column name can be one of the following: NAME, INHERITED, UPDATED_AT, CREATED_AT |
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"checkClientIp": true,
"name": "root",
"allowNat": true,
"allowUserOnlyCryptoOperations": true,
"clientRetriesLimit": 0,
"clientRetriesTimeout": 0,
"creationDate": "string",
"getjWTLimit": 0,
"lastUpdate": "string",
"passwordComplexity": true,
"passwordLength": 0,
"quorumOperations": "string",
"quorumSize": 0,
"quorumTimeout": 0,
"supportCertificatePropagation": true,
"supportPartitionInheritance": true,
"userRetriesLimit": 0,
"fipsRequirements": "FIPS_NONE",
"policy": [
{
"type": "RSA",
"minSize": 0,
"curves": [
"P256"
],
"operations": [
"SIGN"
],
"paddings": [
"RAW"
],
"hashes": [
"SHA1"
],
"modes": [
"ECB"
],
"macs": [
"GMAC"
],
"exportType": "IN_PLAIN",
"trusted": true,
"local": true
}
],
"allowKeystores": false,
"enforceTwoFactorAuth": false,
"totpTimeDrift": 30,
"cacheTimeout": 3600,
"jWTExpiration": 0
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | PartitionListResponse |
Get partition information
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/partitions/{partitionId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/partitions/{partitionId} \
-H 'Accept: application/json'
GET /api/v1/partitions/{partitionId}
Get partition information.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | path | string | true | Partition Id |
Example responses
200 Response
{
"checkClientIp": true,
"name": "root",
"allowNat": true,
"allowUserOnlyCryptoOperations": true,
"clientRetriesLimit": 0,
"clientRetriesTimeout": 0,
"creationDate": "string",
"getjWTLimit": 0,
"lastUpdate": "string",
"passwordComplexity": true,
"passwordLength": 0,
"quorumOperations": "string",
"quorumSize": 0,
"quorumTimeout": 0,
"supportCertificatePropagation": true,
"supportPartitionInheritance": true,
"userRetriesLimit": 0,
"fipsRequirements": "FIPS_NONE",
"policy": [
{
"type": "RSA",
"minSize": 0,
"curves": [
"P256"
],
"operations": [
"SIGN"
],
"paddings": [
"RAW"
],
"hashes": [
"SHA1"
],
"modes": [
"ECB"
],
"macs": [
"GMAC"
],
"exportType": "IN_PLAIN",
"trusted": true,
"local": true
}
],
"allowKeystores": false,
"enforceTwoFactorAuth": false,
"totpTimeDrift": 30,
"cacheTimeout": 3600,
"jWTExpiration": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Partition |
List partition settings
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/partitions/{partitionId}/settings',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/partitions/{partitionId}/settings \
-H 'Accept: application/json'
GET /api/v1/partitions/{partitionId}/settings
Get a list of configuration parameters for a partition.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | path | string | true | Partition Id/name of the target partition. Can be "default" to use the default partition for the current autneticated user. |
| detailed | query | boolean | false | Detailed |
| signed | query | boolean | false | Signed |
Example responses
200 Response
[
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [KeyValueEntry] | false | none | [Key value entry] |
| » key | string | true | none | key |
| » value | string | true | none | value |
| » description | string | false | read-only | quorum timeout |
| » type | string | false | read-only | value type |
| » defaultValue | string | false | read-only | default value |
| » min | integer(int32) | false | read-only | minimum value |
| » max | integer(int32) | false | read-only | maximum value |
| » unit | string | false | read-only | unit type |
Enumerated Values
| Property | Value |
|---|---|
| type | BOOLEAN |
| type | TEXT |
| type | INTEGER |
| type | ARRAY |
| type | MAP |
| type | CERTIFICATE |
| type | POLICY |
| unit | SECONDS |
| unit | MINUTES |
| unit | HOURS |
| unit | DAYS |
| unit | MONTHS |
| unit | YEARS |
| unit | CHARACTERS |
| unit | MILLIS |
Update partition settings
Code samples
const inputBody = 'string';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/partitions/{partitionId}/settings/{settingKey}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/partitions/{partitionId}/settings/{settingKey} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/partitions/{partitionId}/settings/{settingKey}
Use this method to change one or more settings for the partition.
Body parameter
"string"
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | path | string | true | Partition ID |
| settingKey | path | string | true | Setting key |
| body | body | string | false | Setting value |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 202 | Accepted | ACCEPTED | Job |
Delete partition
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/partitions/{partitionId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/partitions/{partitionId} \
-H 'Accept: application/json'
DELETE /api/v1/partitions/{partitionId}
Deletes a partition. The partition must not contain any keys or clients in order to be deleted.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | path | string | true | The Id of the partition to delete. The partition name can be used as the ID |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Partition deleted successfully | None |
| 202 | Accepted | ACCEPTED | Job |
Recover partition
Code samples
const inputBody = '{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"alternativeNames": "{client-ip,client-name}",
"pfxPassword": "string",
"csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"certificate": "string",
"certificateExpiration": 1578240
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'
};
fetch('/api/v1/partitions/{partitionId}/recover',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/partitions/{partitionId}/recover \
-H 'Content-Type: application/json' \
-H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'
PUT /api/v1/partitions/{partitionId}/recover
Recover partition.
Body parameter
{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"alternativeNames": "{client-ip,client-name}",
"pfxPassword": "string",
"csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"certificate": "string",
"certificateExpiration": 1578240
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | path | string | true | Partition Id |
| body | body | NewClientWithCertificate | false | The recovered partition new client |
Example responses
200 Response
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Partition recovered successfully | string |
| 202 | Accepted | ACCEPTED | Job |
Roles
Create a new role
Code samples
const inputBody = '{
"name": "role_name",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/roles',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/roles
Create a new role in a given partition.
Body parameter
{
"name": "role_name",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewRole | false | New Role |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | Role created successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Role already exists | None |
List partition roles
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/roles',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/roles \
-H 'Accept: application/json'
GET /api/v1/roles
Return a list of all roles in a partition.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | skip |
| filter | query | string | false | Pagination filter |
| sort | query | string | false | Specify the column name to sort by and the sort direction. The format is '{column_name}:{asc/desc}'. The default sort is ascending. The column name can be one of the following: NAME, GROUPS, UPDATED_AT, CREATED_AT |
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | RoleListResponse |
Get role details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/roles/{roleId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/roles/{roleId} \
-H 'Accept: application/json'
GET /api/v1/roles/{roleId}
Get details of an existing role.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| roleId | path | string | true | Role ID to look for |
| partitionId | query | string | false | Partition ID |
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Role |
Update a role
Code samples
const inputBody = '{
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/roles/{roleId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/roles/{roleId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/roles/{roleId}
Update a role.
Body parameter
{
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| roleId | path | string | true | Role ID |
| partitionId | query | string | false | Partition ID |
| body | body | UpdatedRole | false | Role updates |
Example responses
200 Response
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Client Updated successfully. | Role |
| 202 | Accepted | ACCEPTED | Job |
Delete a role
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/roles/{roleId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/roles/{roleId} \
-H 'Accept: application/json'
DELETE /api/v1/roles/{roleId}
Deletes a role.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| roleId | path | string | true | Role ID |
| partitionId | query | string | false | Partition ID |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Role deleted successfully. | None |
| 202 | Accepted | ACCEPTED | Job |
Add permissions to role
Code samples
const inputBody = '{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/roles/{roleId}/permissions',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/roles/{roleId}/permissions \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/roles/{roleId}/permissions
Add role permission. A permission is the name of a key group (objectGroup) and a set of associated operations. See here for more information.
Body parameter
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| roleId | path | string | true | Role ID |
| partitionId | query | string | false | Partition ID |
| body | body | RolePermission | false | RolePermission |
Example responses
200 Response
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Client Updated successfully. | Role |
| 202 | Accepted | ACCEPTED | Job |
Update role permissions
Code samples
const inputBody = '{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/roles/{roleId}/{objectGroup}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/roles/{roleId}/{objectGroup} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/roles/{roleId}/{objectGroup}
Update role permissions.
Body parameter
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| roleId | path | string | true | Role ID |
| objectGroup | path | string | true | Key group name |
| partitionId | query | string | false | Partition ID |
| body | body | RolePermission | false | RolePermission updates |
Example responses
200 Response
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Client Updated successfully. | Role |
| 202 | Accepted | ACCEPTED | Job |
Delete role permissions
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/roles/{roleId}/{objectGroup}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/roles/{roleId}/{objectGroup} \
-H 'Accept: application/json'
DELETE /api/v1/roles/{roleId}/{objectGroup}
Delete role permissions.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| roleId | path | string | true | Role ID |
| objectGroup | path | string | true | Key group name |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Permission deleted successfully. | Role |
| 202 | Accepted | ACCEPTED | Job |
Add operation to permissions
Code samples
const inputBody = 'string';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/roles/{roleId}/{objectGroup}/operation',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/roles/{roleId}/{objectGroup}/operation \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/roles/{roleId}/{objectGroup}/operation
Add an operation to the set of operations associated with the objectGroup.
Body parameter
"string"
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| roleId | path | string | true | Role ID |
| objectGroup | path | string | true | Key group name |
| partitionId | query | string | false | Partition ID |
| body | body | string | false | Operation |
Example responses
200 Response
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Client Updated successfully. | Role |
| 202 | Accepted | ACCEPTED | Job |
Delete operation from permissions
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/roles/{roleId}/{objectGroup}/{operation}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/roles/{roleId}/{objectGroup}/{operation} \
-H 'Accept: application/json'
DELETE /api/v1/roles/{roleId}/{objectGroup}/{operation}
Delete an operation from the set of operations associated with the objectGroup.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| roleId | path | string | true | Role ID |
| objectGroup | path | string | true | Key group name |
| operation | path | string | true | operation |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Permission deleted successfully. | Role |
| 202 | Accepted | ACCEPTED | Job |
Secrets
Create secret (application/octet-stream)
Code samples
const inputBody = '{
"newSecret": "string",
"id": "string",
"description": "string",
"groups": "string"
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json'
};
fetch('/api/v1/secrets/file',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/secrets/file \
-H 'Content-Type: multipart/form-data' \
-H 'Accept: application/json'
POST /api/v1/secrets/file
Import a secret from a file
Body parameter
newSecret: string
id: string
description: string
groups: string
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | object | false | none |
| » newSecret | body | string(binary) | true | Secret data |
| » id | body | string | true | Secret ID |
| » description | body | string | false | Key description |
| » groups | body | string | false | List of groups |
Example responses
201 Response
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | OK | Secret |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Secret with this ID already exist | None |
Create secret (text/plain)
Code samples
const inputBody = '{
"id": "mySecret1",
"description": "string",
"groups": [
"string"
],
"data": "My secret data"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/secrets/text',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/secrets/text \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/secrets/text
Add new secret data with label
Body parameter
{
"id": "mySecret1",
"description": "string",
"groups": [
"string"
],
"data": "My secret data"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewSecret | false | newSecret |
Example responses
201 Response
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | OK | Secret |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Secret with this ID already exist | None |
Generate a new secret
Code samples
const inputBody = '{
"id": "mySecret1",
"description": "string",
"groups": [
"string"
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/secrets/generate',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/secrets/generate \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/secrets/generate
Add new secret data with label
Body parameter
{
"id": "mySecret1",
"description": "string",
"groups": [
"string"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| complexity | query | boolean | false | complexity |
| length | query | integer(int32) | false | length |
| body | body | NewGeneratedSecret | false | newSecret |
Example responses
201 Response
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | OK | Secret |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Secret with this ID already exists | None |
List secrets
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/secrets',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/secrets \
-H 'Accept: application/json'
GET /api/v1/secrets
Return a list of all secrets in a partition
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| id | query | string | false | Key id |
| partitionId | query | string | false | Partition ID |
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | skip |
| groups | query | array[string] | false | Groups |
| filter | query | string | false | Pagination filter |
| sort | query | string | false | Specify the column name to sort by and the sort direction. The format is '{column_name}:{asc/desc}'. The default sort is ascending. The column name can be one of the following: UID, NAME, DESCRIPTION, GROUPS, UPDATED_AT |
Example responses
200 Response
[
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [SecretListResponse] | false | none | none |
| » totalItems | integer(int32) | false | read-only | totalItems |
| » limit | integer(int32) | false | read-only | limit |
| » skip | integer(int32) | false | read-only | skip |
| » nextPageToken | string | false | none | nextPageToken |
| » items | [Secret] | false | read-only | items |
| »» id | string | true | none | An identifier/label for the secret data |
| »» description | string | false | read-only | The secret description |
| »» uid | string | false | read-only | Secret identifier |
| »» groups | [string] | false | none | Secret groups |
| »» createdAt | string | false | read-only | Creation date |
| »» updatedAt | string | false | read-only | Last update date |
Get secret metadata
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/secrets/{secretId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/secrets/{secretId} \
-H 'Accept: application/json'
GET /api/v1/secrets/{secretId}
Return the metadata for an existing secret
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| secretId | path | string | true | Secret ID to look for |
Example responses
200 Response
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Secret |
Get secret (application/octet-stream)
Code samples
const headers = {
'Accept':'application/json,application/octet-stream'
};
fetch('/api/v1/secrets/{secretId}/file',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/secrets/{secretId}/file \
-H 'Accept: application/json,application/octet-stream'
GET /api/v1/secrets/{secretId}/file
Gets the value of a secret from a file.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| secretId | path | string | true | Secret ID to look for |
Example responses
200 Response
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | string |
Get secret (text/plain)
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/secrets/{secretId}/text',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/secrets/{secretId}/text \
-H 'Accept: application/json'
GET /api/v1/secrets/{secretId}/text
Gets the value of a secret from a text string
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| secretId | path | string | true | Secret ID to look for |
Example responses
200 Response
"string"
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | string |
Get secret groups
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/secrets/groups',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/secrets/groups \
-H 'Accept: application/json'
GET /api/v1/secrets/groups
Get groups for secrets
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| operations | query | array[string] | false | Operations |
Enumerated Values
| Parameter | Value |
|---|---|
| operations | ACTIVATE |
| operations | ADD_ATTRIBUTE |
| operations | CREATE |
| operations | CREATE_KEY_PAIR |
| operations | DECRYPT |
| operations | DELETE_ATTRIBUTE |
| operations | DERIVE_KEY |
| operations | DESTROY |
| operations | DELETE |
| operations | DY_DERIVE |
| operations | DY_GET_KEY_MATERIAL |
| operations | DY_GET_SECRET_DATA |
| operations | DY_UPDATE_DATA |
| operations | ENCRYPT |
| operations | MAC |
| operations | MAC_VERIFY |
| operations | MODIFY_ATTRIBUTE |
| operations | MODIFY_ATTRIBUTE_LIST |
| operations | REGISTER |
| operations | REKEY |
| operations | REKEY_KEY_PAIR |
| operations | REVOKE |
| operations | SIGN |
| operations | SIGNATURE_VERIFY |
| operations | DY_ENABLE |
| operations | DY_TOKENIZE |
| operations | DY_DETOKENIZE |
| operations | LINK |
| operations | RELINK |
| operations | UNLINK |
| operations | JOIN_SPLIT_KEY |
| operations | RESTORE_BACKUP |
Example responses
200 Response
[
"string"
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
Response Schema
Update secret (application/octet-stream)
Code samples
const inputBody = '{
"newSecret": "string"
}';
const headers = {
'Content-Type':'multipart/form-data',
'Accept':'application/json'
};
fetch('/api/v1/secrets/{secretId}/file',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/secrets/{secretId}/file \
-H 'Content-Type: multipart/form-data' \
-H 'Accept: application/json'
PUT /api/v1/secrets/{secretId}/file
Update existing secret
Body parameter
newSecret: string
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| secretId | path | string | true | Secret ID |
| body | body | object | false | none |
| » newSecret | body | string(binary) | true | secret data |
Example responses
200 Response
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Secret |
| 202 | Accepted | ACCEPTED | Job |
Update secret (text/plain)
Code samples
const inputBody = '{
"data": "My secret data"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/secrets/{secretId}/text',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/secrets/{secretId}/text \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/secrets/{secretId}/text
Update existing secret
Body parameter
{
"data": "My secret data"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| secretId | path | string | true | Secret ID |
| body | body | UpdatedSecret | false | updatedSecret |
Example responses
200 Response
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Secret |
| 202 | Accepted | ACCEPTED | Job |
Update secret details
Code samples
const inputBody = '{
"id": "string",
"description": "string",
"groups": [
"string"
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/secrets/{secretId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/secrets/{secretId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/secrets/{secretId}
Update existing secret details
Body parameter
{
"id": "string",
"description": "string",
"groups": [
"string"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| secretId | path | string | true | Secret ID |
| body | body | SecretUpdates | false | Secret updates |
Example responses
200 Response
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Secret |
| 202 | Accepted | ACCEPTED | Job |
Delete a secret
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/secrets/{secretId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/secrets/{secretId} \
-H 'Accept: application/json'
DELETE /api/v1/secrets/{secretId}
Deletes a secret by its label/ID
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| secretId | path | string | true | Secret ID to delete |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 202 | Accepted | ACCEPTED | Job |
Servers
Add UKC server pair (Step 1)
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/servers/new/pair?ep_host=string&partner_host=string',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/servers/new/pair?ep_host=string&partner_host=string \
-H 'Accept: application/json'
GET /api/v1/servers/new/pair
Get the crypto server pair certificates for the server candidates. This endpoint can be used to verify that you are adding the correct servers.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| ep_host | query | string | true | Entry point host |
| ep_port | query | integer(int32) | false | Entry point port |
| partner_host | query | string | true | Partner host |
| partner_port | query | integer(int32) | false | Partner port |
Example responses
200 Response
{
"entryPoint": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
},
"partner": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | NewPair |
Add UKC server pair (Step 2)
Code samples
const inputBody = '{
"entryPoint": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
},
"partner": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/servers/new/pair',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/servers/new/pair \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/servers/new/pair
Add a new UKC server pair. You can optionally use Add UKC server pair (Step 1) to verify the servers before adding them.
Body parameter
{
"entryPoint": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
},
"partner": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| force | query | boolean | false | Force |
| body | body | NewPair | false | New pair |
Example responses
200 Response
{
"entryPoint": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
},
"partner": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | NewPair |
| 201 | Created | Pair added successfully | NewPair |
| 202 | Accepted | ACCEPTED | Job |
Add auxiliary server (Step 1)
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/servers/new/auxiliary?host=string',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/servers/new/auxiliary?host=string \
-H 'Accept: application/json'
GET /api/v1/servers/new/auxiliary
Get the auxiliary server certificate for the candidate. You can use this endpoint to verify the server before adding it.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| host | query | string | true | Auxiliary host |
| port | query | integer(int32) | false | Auxiliary port |
Example responses
200 Response
{
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | NewServer |
Add auxiliary server (Step 2)
Code samples
const inputBody = '{
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/servers/new/auxiliary',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/servers/new/auxiliary \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/servers/new/auxiliary
Add a new auxiliary server. You can optionally use Add auxiliary server (Step 1) to verify the server before adding it.
Body parameter
{
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| force | query | boolean | false | Force |
| body | body | NewServer | false | the new auxiliary |
Example responses
200 Response
{
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | NewServer |
| 201 | Created | Auxiliary server added successfully | NewServer |
| 202 | Accepted | ACCEPTED | Job |
Get server details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/servers/{serverId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/servers/{serverId} \
-H 'Accept: application/json'
GET /api/v1/servers/{serverId}
Get detailed server information.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| serverId | path | string | true | The identifier of the server is it's url (escaped) |
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Server |
Delete server
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/servers/{serverId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/servers/{serverId} \
-H 'Accept: application/json'
DELETE /api/v1/servers/{serverId}
Removes an auxiliary server or server pair from UKC cluster. A server pair is treated as one unit, identified by the host of its Entry Point server.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| serverId | path | string | true | The identifier of the server is it's url. In case of server pair, this should be the host of the EntryPoint server |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Server deleted | None |
| 202 | Accepted | ACCEPTED | Job |
Get server alerts
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/servers/{serverId}/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/servers/{serverId}/alerts \
-H 'Accept: application/json'
GET /api/v1/servers/{serverId}/alerts
Get server alerts.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| serverId | path | string | true | The identifier of the server is it's url (escaped) |
Example responses
200 Response
{
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Server |
System
Get signed logs
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/system/signlogs',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/system/signlogs \
-H 'Accept: application/json'
GET /api/v1/system/signlogs
Return signed logs (compressed) from the UKC engine.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| from | query | string | false | from |
| to | query | string | false | to |
| period | query | string | false | period |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
"string"
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | string |
Get all system certificates
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/system/certificates',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/system/certificates \
-H 'Accept: application/json'
GET /api/v1/system/certificates
Get the UKC servers and root CA certificates.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"id": "my-certificate",
"role": "ROOT_CA",
"subject": "string",
"validUntil": "string",
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"version": "V3",
"alertLevel": "WARN",
"uid": "string",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"issuer": "string",
"validFrom": "string",
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"sha1Thumbprint": "string",
"signature": "string",
"isCa": true,
"isSelfSigned": true
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | SystemCertificate |
Get specific certificate
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/system/certificates/{certificateId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/system/certificates/{certificateId} \
-H 'Accept: application/json'
GET /api/v1/system/certificates/{certificateId}
Get specific system certificate.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| certificateId | path | string | true | Certificate ID |
| detailed | query | boolean | false | Detailed |
Example responses
200 Response
{
"id": "my-certificate",
"role": "ROOT_CA",
"subject": "string",
"validUntil": "string",
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"version": "V3",
"alertLevel": "WARN",
"uid": "string",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"issuer": "string",
"validFrom": "string",
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"sha1Thumbprint": "string",
"signature": "string",
"isCa": true,
"isSelfSigned": true
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | SystemCertificate |
Get certificate alerts
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/system/certificates/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/system/certificates/alerts \
-H 'Accept: application/json'
GET /api/v1/system/certificates/alerts
Get alerts associated with the servers and root CA certificates.
Example responses
200 Response
{
"category": "CLIENTS",
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"counter": 0,
"title": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | AlertsSummary |
Get specific certificate alert
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/system/certificates/{certificateId}/alerts',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/system/certificates/{certificateId}/alerts \
-H 'Accept: application/json'
GET /api/v1/system/certificates/{certificateId}/alerts
Get specific system certificate alert.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| certificateId | path | string | true | Certificate ID |
Example responses
200 Response
{
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"title": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | Alert |
Get system settings
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/system/settings',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/system/settings \
-H 'Accept: application/json'
GET /api/v1/system/settings
Get UKC system configuration parameters. Returns a list of key-value entries that represent the configuration parameters for the UKC system.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| detailed | query | boolean | false | detailed |
Example responses
200 Response
[
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Inline |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| anonymous | [KeyValueEntry] | false | none | [Key value entry] |
| » key | string | true | none | key |
| » value | string | true | none | value |
| » description | string | false | read-only | quorum timeout |
| » type | string | false | read-only | value type |
| » defaultValue | string | false | read-only | default value |
| » min | integer(int32) | false | read-only | minimum value |
| » max | integer(int32) | false | read-only | maximum value |
| » unit | string | false | read-only | unit type |
Enumerated Values
| Property | Value |
|---|---|
| type | BOOLEAN |
| type | TEXT |
| type | INTEGER |
| type | ARRAY |
| type | MAP |
| type | CERTIFICATE |
| type | POLICY |
| unit | SECONDS |
| unit | MINUTES |
| unit | HOURS |
| unit | DAYS |
| unit | MONTHS |
| unit | YEARS |
| unit | CHARACTERS |
| unit | MILLIS |
Set system settings
Code samples
const inputBody = 'string';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/system/settings/{settingKey}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/system/settings/{settingKey} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/system/settings/{settingKey}
Sets the value for one or more system configuration parameters.
Body parameter
"string"
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| settingKey | path | string | true | Setting key |
| body | body | string | false | Setting value |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | None |
| 202 | Accepted | ACCEPTED | Job |
Get cluster topology
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/topology',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/topology \
-H 'Accept: application/json'
GET /api/v1/topology
Return the topology in the cluster including servers status.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| detailed | query | boolean | false | Detailed |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"pairs": [
{
"entryPoint": {
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
},
"partner": {
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
}
],
"auxiliaries": [
{
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"triplets": [
{
"entryPoint": "string",
"partner": "string",
"auxiliary": "string",
"connected": true
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | Topology |
Get system key
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/system/keys/{keyId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/system/keys/{keyId} \
-H 'Accept: application/json'
GET /api/v1/system/keys/{keyId}
Get a signed system key.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| keyId | path | string | true | Key ID |
Example responses
200 Response
{
"value": "eyJraWQiOiJpbnRlZ3JpdHkta2V5IiwiYWxnIjoiRVMyNTYifQ.eyJpZCI6InIxIiwidWlkIjoiMHgwMDY0MjczNWJmNDkyNDNiODciLCJvYmplY3RUeXBlIjoiUFJJVkFURV9LRVkiLCJrZXlGb3JtYXQiOnsidHlwZSI6IlJTQSIsInNpemUiOjIwNDh9LCJrZXlQcm9wZXJ0aWVzIjp7InRydXN0ZWQiOmZhbHNlLCJleHBvcnRUeXBlIjoiTk9OX0VYUE9SVEFCTEUiLCJncm91cHMiOlsiZGVmYXVsdCJdfSwibG9jYWwiOnRydWUsImhhc0NlcnRpZmljYXRlIjpmYWxzZSwic3RhdGUiOiJBQ1RJVkUiLCJzeW5jIjp0cnVlLCJyZXF1aXJlQXBwcm92YWwiOmZhbHNlLCJwa0luZm8iOnsicnNhIjp7InB1YmxpY0V4cG9uZW50IjoiNjU1MzciLCJtb2R1bHVzIjoiMDA6QkQ6MTA6MTc6ODI6QkM6M0U6Mjc6MDI6QUQ6RDI6Mjk6REI6ODQ6ODY6MTE6QjY6RDk6REM6MTA6QjU6M0I6QjU6QTM6NzA6OEY6MUU6QUE6Mzk6MkI6Njc6RTE6Nzk6NzM6RDc6QkU6OTA6RDY6REU6QjQ6REM6OUM6RjY6Nzc6MDg6MTA6RkQ6QzE6N0Y6Qzk6M0Y6RDQ6RTk6OTQ6MDM6NjM6Q0E6RDQ6NUI6NEE6MjE6QUU6Qzg6RjE6RkY6OTU6MzY6RDI6RDE6NzI6QUE6M0I6NEY6RUQ6MjA6MzI6RDk6NDc6QzM6NTk6NDI6MDk6NkI6RUU6Rjc6MjA6NUU6NTA6NjM6ODg6NkU6QzY6NzY6RjI6NjA6QUM6MTM6Mzc6MDE6NDM6NkU6Qzc6NDc6MjA6RTc6NjI6MzI6MjI6REQ6NDA6Qjk6MDk6MjI6M0U6RTc6QkY6NDU6MUM6NzY6OTg6QUM6Rjg6RTA6MjU6Qjg6RDY6NDQ6QTQ6RkM6N0I6Qjc6NkQ6RTc6REM6Q0I6OEM6NjU6MTA6RUM6QUE6RTU6Qzg6RUQ6Q0U6NzI6RUE6RDA6MjU6QjQ6OUQ6MkQ6QkI6REY6QjU6NUQ6QjQ6OTA6NUM6MDI6N0U6MEU6N0E6MjQ6QjM6Qzg6Qjg6RTc6QzM6RDg6NEU6ODI6OUE6NUQ6N0M6QkM6Mzk6MDg6MjA6Njg6NDc6NDc6Rjk6NDc6QkU6MzU6NkE6NUQ6NUQ6NkY6MUI6QTM6QjQ6MUY6QjU6Mjg6Njg6QjU6ODI6QkI6RDQ6NkI6RjQ6RTE6MzI6RDA6Qzg6M0I6MDU6QjA6MzE6RTA6NTQ6NEE6QjY6ODU6NkM6MUY6MkE6QkU6QjQ6MTQ6Q0M6NEE6Mjk6M0E6OEE6RTc6QUI6ODg6RDQ6RTg6OEY6QTE6NkI6RTQ6ODQ6N0Y6NUE6RjU6QzU6QjU6RUY6RDQ6REQ6Mjg6Njc6MjE6Qzg6QkU6OUY6Mzk6QzE6MTQ6Mzk6Q0Y6RDA6REIifX0sImNyZWF0ZWRBdCI6IjIwMTktMDMtMTFUMDg6MzM6NDdaIiwidXBkYXRlZEF0IjoiMjAxOS0wMy0xMVQwODozMzo0OFoifQ.OMsru0JgLra358guXW8jMgCgArlkHdeR0m2rbFLl4yIKLNjxt4TUv3q2IpdUKgeOvWsexBb3VT1TZQ7ON6Y3pA"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | JWS |
Users
Create a user
Code samples
const inputBody = '{
"password": "Password1!",
"name": "john_a",
"role": "user",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"authType": "STANDARD"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/users',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/users \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST /api/v1/users
Create a new user in a given partition.
Body parameter
{
"password": "Password1!",
"name": "john_a",
"role": "user",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"authType": "STANDARD"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| body | body | NewUser | false | New User |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 201 | Created | User created successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 409 | Conflict | Object already exists | None |
List partition users
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/users',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/users \
-H 'Accept: application/json'
GET /api/v1/users
Return a list of all users in a partition.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
| limit | query | integer(int32) | false | Limit |
| skip | query | integer(int32) | false | skip |
| filter | query | string | false | Pagination filter |
| sort | query | string | false | Specify the column name to sort by and the sort direction. The format is '{column_name}:{asc/desc}'. The default sort is ascending. The column name can be one of the following: NAME, ROLE, AUTHENTICATION, LOGIN_FAILURES, UPDATED_AT, CREATED_AT |
Example responses
200 Response
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "john_a",
"partition": "~.codeSign.developers",
"role": "string",
"createdAt": "string",
"lastActivityAt": "string",
"retries": 0,
"authType": "STANDARD",
"lastUpdateAt": "string",
"lastPasswordUpdated": "string",
"is2FAEnrolled": true,
"lastEnrolledAt": "string",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"groups": "[groupA, groupB]",
"isLoginLocked": true
}
]
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | UserListResponse |
Get user details
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/users/{userId}/permissions',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X GET /api/v1/users/{userId}/permissions \
-H 'Accept: application/json'
GET /api/v1/users/{userId}/permissions
Get details of an existing user.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| userId | path | string | true | User ID to look for |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "john_a",
"partition": "~.codeSign.developers",
"role": "string",
"createdAt": "string",
"lastActivityAt": "string",
"retries": 0,
"authType": "STANDARD",
"lastUpdateAt": "string",
"lastPasswordUpdated": "string",
"is2FAEnrolled": true,
"lastEnrolledAt": "string",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"groups": "[groupA, groupB]",
"isLoginLocked": true
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | User |
Delete a user
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/users/{userId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/users/{userId} \
-H 'Accept: application/json'
DELETE /api/v1/users/{userId}
Delete a user.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| userId | path | string | true | User ID |
| partitionId | query | string | false | Partition ID |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | User deleted successfully. | None |
| 202 | Accepted | ACCEPTED | Job |
Reset user password
Code samples
const inputBody = '{
"password": "Password2!"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/users/{userId}/password',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/users/{userId}/password \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/users/{userId}/password
Reset user password. SO can do it for users in his partition. The root parition SO can do it to SO of any partition.
Body parameter
{
"password": "Password2!"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| userId | path | string | true | User ID |
| partitionId | query | string | false | Partition ID |
| body | body | Password | false | Password |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | User password reset successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | New password does not comply with password policy rules | None |
Recover SO password
Code samples
const inputBody = '{
"password": "Password2!"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/users/{soId}/recover?partitionId=string',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/users/{soId}/recover?partitionId=string \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/users/{soId}/recover
Recover the SO password. The Root SO can do it for other SOs.
Body parameter
{
"password": "Password2!"
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| soId | path | string | true | So ID |
| partitionId | query | string | true | Partition ID |
| body | body | Password | false | Password |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | So password recovered successfully | None |
| 202 | Accepted | ACCEPTED | Job |
| 400 | Bad Request | New password does not comply with password policy rules | None |
Change user role
Code samples
const inputBody = 'string';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/users/{userId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/users/{userId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/users/{userId}
Change an existing user role.
Body parameter
"string"
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| userId | path | string | true | User ID to look for |
| partitionId | query | string | false | Partition ID |
| body | body | string | false | Role ID |
Example responses
200 Response
{
"name": "john_a",
"partition": "~.codeSign.developers",
"role": "string",
"createdAt": "string",
"lastActivityAt": "string",
"retries": 0,
"authType": "STANDARD",
"lastUpdateAt": "string",
"lastPasswordUpdated": "string",
"is2FAEnrolled": true,
"lastEnrolledAt": "string",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"groups": "[groupA, groupB]",
"isLoginLocked": true
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | User |
| 202 | Accepted | ACCEPTED | Job |
Unassign user role
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/users/{userId}/role',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/users/{userId}/role \
-H 'Accept: application/json'
DELETE /api/v1/users/{userId}/role
Unassign user role.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| userId | path | string | true | User ID |
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "john_a",
"partition": "~.codeSign.developers",
"role": "string",
"createdAt": "string",
"lastActivityAt": "string",
"retries": 0,
"authType": "STANDARD",
"lastUpdateAt": "string",
"lastPasswordUpdated": "string",
"is2FAEnrolled": true,
"lastEnrolledAt": "string",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"groups": "[groupA, groupB]",
"isLoginLocked": true
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | Role unassigned successfully. | User |
| 202 | Accepted | ACCEPTED | Job |
Update user aliases
Code samples
const inputBody = '[
{
"identityProviderName": "string",
"aliases": [
{}
]
}
]';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('/api/v1/users/{userId}/aliases',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X PUT /api/v1/users/{userId}/aliases \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT /api/v1/users/{userId}/aliases
Update user aliases.
Body parameter
[
{
"identityProviderName": "string",
"aliases": [
{}
]
}
]
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| userId | path | string | true | User ID to look for |
| partitionId | query | string | false | Partition ID |
| body | body | UserAliases | false | User aliases |
Example responses
200 Response
{
"name": "john_a",
"partition": "~.codeSign.developers",
"role": "string",
"createdAt": "string",
"lastActivityAt": "string",
"retries": 0,
"authType": "STANDARD",
"lastUpdateAt": "string",
"lastPasswordUpdated": "string",
"is2FAEnrolled": true,
"lastEnrolledAt": "string",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"groups": "[groupA, groupB]",
"isLoginLocked": true
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | User |
| 202 | Accepted | ACCEPTED | Job |
Generate 2FA secret
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/users/2fa/secret',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X POST /api/v1/users/2fa/secret \
-H 'Accept: application/json'
POST /api/v1/users/2fa/secret
Generate 2FA secret.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| partitionId | query | string | false | Partition ID |
Example responses
200 Response
{
"name": "string",
"totpUrl": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | successful operation | TwoFactorAuthSecretResponse |
| 201 | Created | CREATED | TwoFactorAuthSecretResponse |
| 202 | Accepted | ACCEPTED | Job |
Revoke user 2FA enrollment
Code samples
const headers = {
'Accept':'application/json'
};
fetch('/api/v1/users/{userId}/2fa',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
# You can also use wget
curl -X DELETE /api/v1/users/{userId}/2fa \
-H 'Accept: application/json'
DELETE /api/v1/users/{userId}/2fa
Revoke user 2FA enrollment.
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
| userId | path | string | true | User ID to look for |
| partitionId | query | string | false | Partition ID |
Example responses
202 Response
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 202 | Accepted | ACCEPTED | Job |
| 204 | No Content | NO CONTENT | None |
Schemas
AWSKeyStoreTemplate
{
"name": "string",
"accessKeyId": "string",
"secretKey": "string",
"description": "string",
"param": {
"REGION": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | none |
| accessKeyId | string | false | none | none |
| secretKey | string | false | none | none |
| description | string | false | none | none |
| param | AWSParam | false | none | none |
AWSParam
{
"REGION": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| REGION | string | false | none | none |
Aad
{
"value": "string",
"encoding": "PLAIN"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | true | none | Additional Authentication Data |
| encoding | string | false | none | Authentication data encoding |
Enumerated Values
| Property | Value |
|---|---|
| encoding | PLAIN |
| encoding | BASE64 |
| encoding | HEX |
Alert
{
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"title": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| alertType | string | false | read-only | alertType |
| alertLevel | string | false | read-only | alertLevel |
| title | string | false | read-only | title |
Enumerated Values
| Property | Value |
|---|---|
| alertType | CERT_ABOUT_TO_EXPIRE |
| alertType | CERT_EXPIRED |
| alertType | OUT_OF_SYNC |
| alertType | IS_LOCKED |
| alertType | RENEW_REQUIRED |
| alertType | DB_BACKUP_INCONSISTENT |
| alertType | DB_BACKUP_FAILURE |
| alertType | SECRET_ABOUT_TO_EXPIRE |
| alertType | SECRET_EXPIRED |
| alertType | KEY_ROTATION_IS_APPROACHING |
| alertType | KEY_ACTIVATION_IS_APPROACHING |
| alertType | KEY_DEACTIVATION_IS_APPROACHING |
| alertType | RESTART_REQUIRED |
| alertType | ACTIVATION_CODE_ABOUT_TO_EXPIRE |
| alertType | ACTIVATION_CODE_EXPIRED |
| alertLevel | WARN |
AlertsSummary
{
"category": "CLIENTS",
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"counter": 0,
"title": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| category | string | false | read-only | category |
| alertType | string | false | read-only | alertType |
| alertLevel | string | false | read-only | alertLevel |
| counter | integer(int32) | false | read-only | counter |
| title | string | false | read-only | title |
Enumerated Values
| Property | Value |
|---|---|
| category | CLIENTS |
| category | SYSTEM |
| category | KEYS |
| category | BACKUP |
| alertType | CERT_ABOUT_TO_EXPIRE |
| alertType | CERT_EXPIRED |
| alertType | OUT_OF_SYNC |
| alertType | IS_LOCKED |
| alertType | RENEW_REQUIRED |
| alertType | DB_BACKUP_INCONSISTENT |
| alertType | DB_BACKUP_FAILURE |
| alertType | SECRET_ABOUT_TO_EXPIRE |
| alertType | SECRET_EXPIRED |
| alertType | KEY_ROTATION_IS_APPROACHING |
| alertType | KEY_ACTIVATION_IS_APPROACHING |
| alertType | KEY_DEACTIVATION_IS_APPROACHING |
| alertType | RESTART_REQUIRED |
| alertType | ACTIVATION_CODE_ABOUT_TO_EXPIRE |
| alertType | ACTIVATION_CODE_EXPIRED |
| alertLevel | WARN |
AlternativeNames
{
"uid": "string",
"isCritical": true,
"names": [
"string"
]
}
Certificate x509 extension
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| uid | string | true | none | Extension UID |
| isCritical | boolean | true | none | Is Extension Critical |
| names | [string] | false | none | names |
ApplicationInfo
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| nameSpace | string | false | none | nameSpace |
| data | object | false | none | data |
| » additionalProperties | object | false | none | none |
AsymmetricCryptoParams
{
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| padding | Padding | false | none | Crypto operation padding type |
| hash | string | false | none | the hash type |
Enumerated Values
| Property | Value |
|---|---|
| hash | SHA1 |
| hash | SHA256 |
| hash | SHA384 |
| hash | SHA512 |
| hash | SHA3_256 |
| hash | SHA3_384 |
| hash | SHA3_512 |
AttributeTemplateDetails
{
"id": "string",
"description": "string",
"type": "string",
"range": {
"min": "string",
"max": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | true | none | attribute template ID |
| description | string | false | none | Attribute template description |
| type | string | true | none | attribute template type |
| range | Range | false | none | none |
AttributeTemplateGroupDetails
{
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{
"id": "string",
"description": "string",
"type": "string",
"range": {
"min": "string",
"max": "string"
}
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | false | none | none |
| description | string | false | none | none |
| attributeTemplateDetails | [AttributeTemplateDetails] | false | none | none |
AuthorityKeyIdentifier
{
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
}
Certificate x509 extension
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| uid | string | true | none | Extension UID |
| isCritical | boolean | true | none | Is Extension Critical |
| keyId | string | false | read-only | none |
| authNames | [string] | false | none | Auth names |
| serialNumber | string | false | none | Serial number |
AzureKeyStoreTemplate
{
"name": "string",
"accessKeyId": "string",
"secretKey": "string",
"params": {
"URL": "string"
},
"description": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | none |
| accessKeyId | string | false | none | none |
| secretKey | string | false | none | none |
| params | AzureParams | false | none | none |
| description | string | false | none | none |
AzureParams
{
"URL": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| URL | string | false | none | none |
BasicConstraints
{
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
}
Certificate x509 extension
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| uid | string | true | none | Extension UID |
| isCritical | boolean | true | none | Is Extension Critical |
| pathLen | integer(int32) | false | none | Path Len |
| isCa | boolean | false | none | Is CA |
Capabilities
{
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| keyStoreObjectTypes | [string] | false | none | none |
| cryptoOperationTypes | [string] | false | none | none |
| keyStoreObjectAlgorithmTypes | [string] | false | none | none |
| cryptoOperationAlgorithmTypes | [string] | false | none | none |
| hashTypes | [string] | false | none | none |
| byokSupport | [string] | false | none | none |
| renameSupport | boolean | false | none | none |
CaspSign
{
"dataEncoding": "PLAIN",
"paillierKey": "string",
"signOperationData": {
"publicKeys": [
"string"
],
"dataToSign": [
"string"
],
"rawTransactions": [
"string"
],
"details": "string",
"operationId": "string",
"data": [
"string"
],
"description": "string",
"signedVaultDeclaration": "string",
"collectedDataGroups": {
"collectionComplete": true,
"dataCollectionGroups": [
{
"minimumRequired": 0,
"collectedData": [
{
"dataCollectorDetails": {
"id": "string",
"name": "string",
"state": "string",
"description": "string",
"creationTime": "string",
"modificationTime": "string",
"authenticationKey": "string",
"attributeTemplateGroup": {
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{}
]
},
"activationCode": "string"
},
"data": {
"property1": "string",
"property2": "string"
},
"collectionDone": true,
"signedUniqueData": "string",
"collectionStart": 0,
"collectionEnd": 0
}
],
"name": "string"
}
]
},
"vaultAttributes": {
"attributes": [
{
"value": "string",
"attributeTemplate": {
"id": "string",
"name": "string",
"description": "string",
"min": "string",
"max": "string",
"templateTypeName": "string"
}
}
]
},
"policyId": "string",
"creationTime": 0,
"ledgerName": "string",
"changePublicKeys": [
"string"
],
"derivedWhitelistChildNumbers": [
0
],
"ukcKeyIds": [
"string"
],
"ledgerHashAlgorithm": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| dataEncoding | string | false | none | none |
| paillierKey | string | false | none | none |
| signOperationData | SignOperationData | true | none | none |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
CaspSignatures
{
"signatures": [
"string"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| signatures | [string] | false | none | base64 encoded signatures |
CertificateInfo
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
Certificate public information
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | true | none | Certificate identifier label |
| uid | string | true | none | UID |
| sha1Thumbprint | string | true | none | certificate sha1 |
| subject | string | true | none | subject |
| issuer | string | true | none | The CA that signed this certificate |
| validFrom | string | true | none | Date of of validity period start for this certificate |
| validUntil | string | true | none | Date of of validity period end for this certificate |
| version | string | true | none | Certificate version |
| serial | string | true | none | Certificate serial number |
| signatureAlgorithm | string | true | none | Signing algorithm used for signing this certificate |
| isCa | boolean | true | none | Determines if this certificate is a CA certificate |
| isSelfSigned | boolean | true | none | Determines if this certificate is a self signed certificate |
| pkInfo | PKInfoType | true | none | Properties of PKI key |
| basicConstraints | BasicConstraints | false | none | Certificate x509 extension |
| subjectKeyIdentifier | SubjectKeyIdentifier | false | none | Certificate x509 extension |
| authorityKeyIdentifier | AuthorityKeyIdentifier | false | none | Certificate x509 extension |
| subjectAlternativeNames | AlternativeNames | false | none | Certificate x509 extension |
| issuerAlternativeNames | AlternativeNames | false | none | Certificate x509 extension |
| extendedKeyUsage | ExtendedKeyUsage | false | none | Certificate x509 extension |
| signature | string | true | none | CA signature value for this certificate |
| alertLevel | string | false | read-only | alertLevel |
Enumerated Values
| Property | Value |
|---|---|
| alertLevel | WARN |
Challenge
{
"value": "example"
}
Challenge
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | true | none | Challenge to be solved by client |
Cipher
{
"cipherTextBase64": "string",
"ivBase64": "string"
}
Includes encrypted data
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cipherTextBase64 | string | true | none | base64 encoded encrypted data |
| ivBase64 | string | false | none | base64 encoded Initialize Vector |
ClearText
{
"clearText": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| clearText | string | false | none | clearText |
Client
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
A UKC new client
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | read-only | Client name |
| partition | string | false | read-only | Partition |
| createdAt | string | false | none | Created at |
| activationStatus | string | false | read-only | Client activation status |
| activationType | string | false | read-only | Client activation type |
| lastUpdatedAt | string | false | read-only | Last update time for this client record |
| failedActivationCounter | integer(int32) | false | read-only | Number of failed retries to use client activation code |
| isActivationLocked | boolean | false | read-only | Is activation locked |
| checkIp | boolean | false | none | Enforce client ip verification |
| allowNat | boolean | false | none | Allow client use NAT |
| ipRange | string | false | none | Client IP range |
| expiresAt | string | false | none | Client secret expiration date |
| expiration | integer(int32) | false | none | Client secret expiration time (ms) |
| activationCodeValidity | integer(int32) | false | none | Client activation code validity in minutes |
| activationCodeLength | integer(int32) | false | none | Client activation code length (digits) |
| activationCodeExpiration | string | false | none | Client activation code expiration date |
| template | string | false | none | Client template |
| persistentClient | boolean | false | none | Use ephemeral persistent client (relevant for Templates clients only) |
| activationCode | string | false | none | Client activation code |
| certificateRenewRequired | boolean | false | none | Is client certificate need to be renewed |
| grantTypes | [string] | false | none | Client grant types |
| certificateInfo | CertificateInfo | false | none | Certificate public information |
| certExpiresAt | string | false | read-only | Client certificate expiration date |
| certificateExpiration | integer(int32) | false | read-only | Client certificate validity in minutes |
| alertLevel | string | false | read-only | alertLevel |
| version | string | false | none | Client version |
| secret | string | false | none | Client secret |
Enumerated Values
| Property | Value |
|---|---|
| activationStatus | ACTIVATED |
| activationStatus | PENDING |
| activationStatus | LOCKED |
| activationType | CERTIFICATE_REQUEST |
| activationType | ACTIVATION_CODE |
| activationType | CERTIFICATE_DOWNLOAD |
| activationType | EXTERNAL |
| activationType | TEMPLATE |
| activationType | SECRET |
| activationType | EPHEMERAL |
| activationType | PUBLIC_KEY |
| alertLevel | WARN |
ClientListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "client-name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"activationStatus": "ACTIVATED",
"activationType": "CERTIFICATE_REQUEST",
"lastUpdatedAt": "string",
"failedActivationCounter": 0,
"isActivationLocked": true,
"checkIp": true,
"allowNat": true,
"ipRange": "string",
"expiresAt": "string",
"expiration": 0,
"activationCodeValidity": 0,
"activationCodeLength": 0,
"activationCodeExpiration": "string",
"template": "string",
"persistentClient": true,
"activationCode": "string",
"certificateRenewRequired": true,
"grantTypes": [
"CLIENT_CREDENTIALS"
],
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
},
"certExpiresAt": "string",
"certificateExpiration": 0,
"alertLevel": "WARN",
"version": "string",
"secret": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [Client] | false | read-only | items |
ClientsUpdates
{
"checkIp": false,
"allowNat": false,
"ipRange": "0.0.0.0/0"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| checkIp | boolean | false | none | Enforce client ip verification |
| allowNat | boolean | false | none | Allow client use NAT |
| ipRange | string | false | none | Client IP range |
CollectedData
{
"dataCollectorDetails": {
"id": "string",
"name": "string",
"state": "string",
"description": "string",
"creationTime": "string",
"modificationTime": "string",
"authenticationKey": "string",
"attributeTemplateGroup": {
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{
"id": "string",
"description": "string",
"type": "string",
"range": {
"min": "string",
"max": "string"
}
}
]
},
"activationCode": "string"
},
"data": {
"property1": "string",
"property2": "string"
},
"collectionDone": true,
"signedUniqueData": "string",
"collectionStart": 0,
"collectionEnd": 0
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| dataCollectorDetails | DataCollectorDetails | false | none | none |
| data | object | false | none | none |
| » additionalProperties | string | false | none | none |
| collectionDone | boolean | false | none | none |
| signedUniqueData | string | false | none | none |
| collectionStart | integer(int64) | false | none | none |
| collectionEnd | integer(int64) | false | none | none |
CollectedDataGroupsDetails
{
"collectionComplete": true,
"dataCollectionGroups": [
{
"minimumRequired": 0,
"collectedData": [
{
"dataCollectorDetails": {
"id": "string",
"name": "string",
"state": "string",
"description": "string",
"creationTime": "string",
"modificationTime": "string",
"authenticationKey": "string",
"attributeTemplateGroup": {
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{
"id": "string",
"description": "string",
"type": "string",
"range": {
"min": "string",
"max": "string"
}
}
]
},
"activationCode": "string"
},
"data": {
"property1": "string",
"property2": "string"
},
"collectionDone": true,
"signedUniqueData": "string",
"collectionStart": 0,
"collectionEnd": 0
}
],
"name": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| collectionComplete | boolean | false | none | none |
| dataCollectionGroups | [DataCollectionGroup] | false | none | none |
ConcatDerivationParams
{
"data": "string",
"isPrefix": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| data | string | true | none | Derivation data |
| isPrefix | boolean | false | none | True for prefix, false for suffix |
DataCollectionGroup
{
"minimumRequired": 0,
"collectedData": [
{
"dataCollectorDetails": {
"id": "string",
"name": "string",
"state": "string",
"description": "string",
"creationTime": "string",
"modificationTime": "string",
"authenticationKey": "string",
"attributeTemplateGroup": {
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{
"id": "string",
"description": "string",
"type": "string",
"range": {
"min": "string",
"max": "string"
}
}
]
},
"activationCode": "string"
},
"data": {
"property1": "string",
"property2": "string"
},
"collectionDone": true,
"signedUniqueData": "string",
"collectionStart": 0,
"collectionEnd": 0
}
],
"name": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| minimumRequired | integer(int32) | false | none | none |
| collectedData | [CollectedData] | false | none | none |
| name | string | false | none | none |
DataCollectorDetails
{
"id": "string",
"name": "string",
"state": "string",
"description": "string",
"creationTime": "string",
"modificationTime": "string",
"authenticationKey": "string",
"attributeTemplateGroup": {
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{
"id": "string",
"description": "string",
"type": "string",
"range": {
"min": "string",
"max": "string"
}
}
]
},
"activationCode": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | false | none | none |
| name | string | false | none | none |
| state | string | false | none | none |
| description | string | false | none | none |
| creationTime | string | false | none | none |
| modificationTime | string | false | none | none |
| authenticationKey | string | false | none | none |
| attributeTemplateGroup | AttributeTemplateGroupDetails | false | none | none |
| activationCode | string | false | none | none |
DbBackup
{
"id": "string",
"state": "IN_PROGRESS",
"error": "string",
"date": "string",
"file": "string",
"pairHostnames": [
"string"
],
"version": "string",
"digestDiff": {
"diffRecords": [
{
"sectionDiff": "string",
"entriesDiff": [
{
"objectType": "string",
"digestSource": "string",
"uid": "string",
"name": "string",
"partitionId": "string",
"partitionName": "string",
"version": "string",
"detail": "string",
"object type": "string",
"digest source": "string",
"partition id": "string",
"partition name": "string"
}
]
}
]
},
"alertLevel": "WARN"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | false | none | ID |
| state | string | false | none | State |
| error | string | false | none | none |
| date | string | false | none | Date |
| file | string | false | none | File |
| pairHostnames | [string] | false | none | Pair host names |
| version | string | false | none | Version |
| digestDiff | DigestDiff | false | none | none |
| alertLevel | string | false | read-only | alertLevel |
Enumerated Values
| Property | Value |
|---|---|
| state | IN_PROGRESS |
| state | PENDING_TEST |
| state | TEST_SUCCESS |
| state | TEST_FAILURE |
| state | MANUAL_TEST |
| state | GENERAL_FAILURE |
| state | INVALID |
| alertLevel | WARN |
DbBackupListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"id": "string",
"state": "IN_PROGRESS",
"error": "string",
"date": "string",
"file": "string",
"pairHostnames": [
"string"
],
"version": "string",
"digestDiff": {
"diffRecords": [
{
"sectionDiff": "string",
"entriesDiff": [
{
"objectType": "string",
"digestSource": "string",
"uid": "string",
"name": "string",
"partitionId": "string",
"partitionName": "string",
"version": "string",
"detail": "string",
"object type": "string",
"digest source": "string",
"partition id": "string",
"partition name": "string"
}
]
}
]
},
"alertLevel": "WARN"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [DbBackup] | false | read-only | items |
DeTokenizeX
{
"valueItems": [
"string"
],
"tweak": "string",
"dataType": "EMAIL",
"format": "string"
}
Detokenize multiple items with an existing PRF key. Detokenization uses the values and parameters provided in the JSON output of the tokenized data. Note that all data types are input values except for TOKEN which is an output value.
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| valueItems | [string] | true | none | Array of input values to tokenize. |
| tweak | string | true | none | Changes the tokenization effect. |
| dataType | string | true | none | Data type of valueItems. |
| format | string | false | none | Defines the tokenization format. Applies to SSN and US_PHONE data types only. |
Enumerated Values
| Property | Value |
|---|---|
| dataType | |
| dataType | SSN |
| dataType | CREDIT_CARD |
| dataType | US_PHONE |
| dataType | STRING |
| dataType | BOOLEAN |
| dataType | SHORT |
| dataType | INTEGER |
| dataType | LONG |
| dataType | FLOAT |
| dataType | DOUBLE |
| dataType | DECIMAL |
| dataType | DATE |
| dataType | TIME |
| dataType | TIMESTAMP |
| dataType | TOKEN |
DeactivationInfo
{
"revocationReason": "string",
"message": "string"
}
Deactivated key info
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| revocationReason | string | false | none | Revocation reason |
| message | string | false | none | Message |
DecryptData
{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"cipher": {
"cipherTextBase64": "string",
"ivBase64": "string"
},
"outputEncoding": "PLAIN"
}
Input for a decrypt operation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| aSymmetricParams | AsymmetricCryptoParams | false | none | none |
| symmetricParams | SymmetricCryptoParams | false | none | none |
| cipher | Cipher | true | none | Includes encrypted data |
| outputEncoding | string | false | none | the decrypted result encoding |
Enumerated Values
| Property | Value |
|---|---|
| outputEncoding | PLAIN |
| outputEncoding | BASE64 |
| outputEncoding | HEX |
Decryptx
{
"encrypted": [
{
"cipherTextBase64": "string",
"ivBase64": "string"
}
],
"params": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"outputEncoding": "PLAIN"
}
Input for multi decrypt operation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| encrypted | [Cipher] | true | none | encrypted |
| params | SymmetricCryptoParams | false | none | none |
| outputEncoding | string | false | none | outputEncoding |
Enumerated Values
| Property | Value |
|---|---|
| outputEncoding | PLAIN |
| outputEncoding | BASE64 |
| outputEncoding | HEX |
DeriveData
{
"bipDerivationParams": {
"childNumber": 0,
"hardened": true
},
"policyKeyId": "string",
"newGeneratedKey": {
"policyKeyId": "string",
"keyId": "string",
"keyIdEncoding": "PLAIN",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
},
"derivationMode": "CONCAT",
"hash": "SHA1",
"slipDerivationParams": {
"childNumber": 0,
"hardened": true
},
"concatDerivationParams": {
"data": "string",
"isPrefix": true
}
}
Input for a derive operation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| bipDerivationParams | SlipDerivationParams | false | none | none |
| policyKeyId | string | false | none | none |
| newGeneratedKey | NewGeneratedKey | true | none | none |
| derivationMode | string | true | none | Derivation Mode |
| hash | string | false | none | Hash algorithm |
| slipDerivationParams | SlipDerivationParams | false | none | none |
| concatDerivationParams | ConcatDerivationParams | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| derivationMode | CONCAT |
| derivationMode | HASH |
| derivationMode | SLIP_10 |
| hash | SHA1 |
| hash | SHA256 |
| hash | SHA384 |
| hash | SHA512 |
| hash | SHA3_256 |
| hash | SHA3_384 |
| hash | SHA3_512 |
DeriveKeyData
{
"data": "string",
"dataEncoding": "PLAIN",
"size": 0
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| data | string | true | none | data |
| dataEncoding | string | false | none | data encoding |
| size | integer(int32) | false | none | key size |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
DetokenizeData
{
"value": "string",
"tweak": "string",
"dataType": "EMAIL",
"format": "string"
}
Detokenize single items with an existing PRF key. Detokenization uses the values and parameters provided in the JSON output of the tokenized data. Note that all data types are input values except for TOKEN which is an output value.
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | true | none | Input value. |
| tweak | string | true | none | Changes the tokenization effect. |
| dataType | string | true | none | Data type of value. |
| format | string | false | none | Defines the tokenization format. Applies to SSN and US_PHONE data types only. |
Enumerated Values
| Property | Value |
|---|---|
| dataType | |
| dataType | SSN |
| dataType | CREDIT_CARD |
| dataType | US_PHONE |
| dataType | STRING |
| dataType | BOOLEAN |
| dataType | SHORT |
| dataType | INTEGER |
| dataType | LONG |
| dataType | FLOAT |
| dataType | DOUBLE |
| dataType | DECIMAL |
| dataType | DATE |
| dataType | TIME |
| dataType | TIMESTAMP |
| dataType | TOKEN |
DetokenizeResponse
{
"uid": "string",
"tweak": "string",
"value": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| uid | string | true | none | PRF key UID. |
| tweak | string | true | none | Tokenized tweak. |
| value | string | true | none | Array of tokenized values. |
DiffEntry
{
"objectType": "string",
"digestSource": "string",
"uid": "string",
"name": "string",
"partitionId": "string",
"partitionName": "string",
"version": "string",
"detail": "string",
"object type": "string",
"digest source": "string",
"partition id": "string",
"partition name": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| objectType | string | false | none | none |
| digestSource | string | false | none | none |
| uid | string | false | none | UID |
| name | string | false | none | Name |
| partitionId | string | false | none | Partition ID |
| partitionName | string | false | none | none |
| version | string | false | none | Version |
| detail | string | false | none | Detail |
| object type | string | false | none | none |
| digest source | string | false | none | none |
| partition id | string | false | none | none |
| partition name | string | false | none | partition name |
DiffRecord
{
"sectionDiff": "string",
"entriesDiff": [
{
"objectType": "string",
"digestSource": "string",
"uid": "string",
"name": "string",
"partitionId": "string",
"partitionName": "string",
"version": "string",
"detail": "string",
"object type": "string",
"digest source": "string",
"partition id": "string",
"partition name": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| sectionDiff | string | false | none | Section diff |
| entriesDiff | [DiffEntry] | false | none | Entries diff |
DigestDiff
{
"diffRecords": [
{
"sectionDiff": "string",
"entriesDiff": [
{
"objectType": "string",
"digestSource": "string",
"uid": "string",
"name": "string",
"partitionId": "string",
"partitionName": "string",
"version": "string",
"detail": "string",
"object type": "string",
"digest source": "string",
"partition id": "string",
"partition name": "string"
}
]
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| diffRecords | [DiffRecord] | false | none | Diff records |
ECCBipKeyInfo
{
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| level | string(byte) | false | read-only | Level (0 for master) |
| childNumber | integer(int32) | false | read-only | child number |
| hardened | boolean | false | read-only | True if hardened |
| chainCode | string | false | read-only | BASE64 chain code |
| parentUid | string | false | read-only | the parent uid |
| parentFingerprint | integer(int32) | false | read-only | parent fingerprint (The first 32 bits of the identifier) |
ECCKeyInfoType
{
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
Details of ECC public key
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| curve | string | true | none | none |
| ecPoint | string | true | none | Encoded public key (EC point) |
| eccBipKeyInfo | ECCBipKeyInfo | true | none | none |
Enumerated Values
| Property | Value |
|---|---|
| curve | P256 |
| curve | P384 |
| curve | P521 |
| curve | SECP256K1 |
| curve | CURVE25519 |
| curve | CURVE448 |
EncryptData
{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"clearText": "string",
"dataEncoding": "PLAIN"
}
Input for encryption
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| aSymmetricParams | AsymmetricCryptoParams | false | none | none |
| symmetricParams | SymmetricCryptoParams | false | none | none |
| clearText | string | true | none | data to encrypt |
| dataEncoding | string | false | none | the input data encoding |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
Encryptx
{
"clearTextItems": [
"string"
],
"dataEncoding": "PLAIN",
"params": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
}
}
Input for encryption of multiple values
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| clearTextItems | [string] | true | none | Array of clearText items to encrypt |
| dataEncoding | string | false | none | Data encoding |
| params | SymmetricCryptoParams | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
ExportedCertificate
{
"certData": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| certData | string | false | none | Cert data |
ExtendedKeyUsage
{
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
}
Certificate x509 extension
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| uid | string | true | none | Extension UID |
| isCritical | boolean | true | none | Is Extension Critical |
| keyUsages | [string] | false | none | Key usages |
GCPKeyStoreTemplate
{
"name": "string",
"secretKey": "string",
"params": {
"keyring_id": "string",
"location": "string"
},
"description": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | none |
| secretKey | string | false | none | none |
| params | GCPParams | false | none | none |
| description | string | false | none | none |
GCPParams
{
"keyring_id": "string",
"location": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| keyring_id | string | false | none | none |
| location | string | false | none | none |
HSMKeyStoreTemplate
{
"name": "string",
"secretKey": "string",
"params": {
"URL": "string"
},
"isExternal": true,
"description": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | none |
| secretKey | string | false | none | none |
| params | HSMParams | false | none | none |
| isExternal | boolean | false | none | none |
| description | string | false | none | none |
HSMParams
{
"URL": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| URL | string | false | none | none |
IdentityProvider
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]",
"tokenEndpoint": "http://example.com",
"authorizationEndpoint": "http://example.com",
"userinfoEndpoint": "http://example.com",
"jwksUri": "http://example.com",
"supportedClaims": [
"string"
],
"supportedScopes": [
"string"
],
"supportedResponseTypes": [
"string"
],
"supportedGrantTypes": [
"string"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Identity Provider name |
| description | string | false | none | Identity Provider description |
| url | string | false | none | Identity Provider URL |
| clientId | string | false | none | Identity Provider clientId |
| usedClaims | [string] | false | none | Identity Provider claims used for authentication |
| requiredScopes | [string] | false | none | Identity Provider scopes required for authentication |
| tokenEndpoint | string(uri) | false | none | Identity Provider token endpoint |
| authorizationEndpoint | string(uri) | false | none | Identity Provider authorization endpoint |
| userinfoEndpoint | string(uri) | false | none | Identity Provider User Info uri |
| jwksUri | string(uri) | false | none | Identity Provider JWKS uri |
| supportedClaims | [string] | false | none | Identity Provider supported claims |
| supportedScopes | [string] | false | none | Identity Provider supported scopes |
| supportedResponseTypes | [string] | false | none | Identity Provider supported response types |
| supportedGrantTypes | [string] | false | none | Identity Provider supported grant types |
IdentityProviderListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]",
"tokenEndpoint": "http://example.com",
"authorizationEndpoint": "http://example.com",
"userinfoEndpoint": "http://example.com",
"jwksUri": "http://example.com",
"supportedClaims": [
"string"
],
"supportedScopes": [
"string"
],
"supportedResponseTypes": [
"string"
],
"supportedGrantTypes": [
"string"
]
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [IdentityProvider] | false | read-only | items |
IdentityProviderUpdates
{
"description": "string",
"url": "string",
"clientId": "string",
"clientSecret": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| description | string | false | none | Identity Provider description |
| url | string | false | none | Identity Provider URL |
| clientId | string | false | none | Identity Provider clientId |
| clientSecret | string | false | none | Identity Provider clientSecret |
| usedClaims | [string] | false | none | Identity Provider claims used for authentication |
| requiredScopes | [string] | false | none | Identity Provider scopes required for authentication |
Iv
{
"value": "string",
"encoding": "PLAIN"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | true | none | Externally provided IV |
| encoding | string | false | none | Encoding |
Enumerated Values
| Property | Value |
|---|---|
| encoding | PLAIN |
| encoding | BASE64 |
| encoding | HEX |
JWKSKey
{
"kid": "0x0083a3c96dd563b329",
"x": "7KTOg6UAP99GsQF43UyxPEjrUKk68Dwo+npP6XrIbBg=",
"y": "tpMGf3UQo/80J+15J10n63NpPoeBowMODj9e1hIyTF4=",
"crv": "P_256",
"use": "sig",
"kty": "EC",
"alg": "ES256"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| kid | string | false | none | Key Id |
| x | string | false | none | X |
| y | string | false | none | Y |
| crv | string | false | read-only | Curve |
| use | string | false | read-only | Usage |
| kty | string | false | read-only | Key Type |
| alg | string | false | read-only | Algorithm |
JWS
{
"value": "eyJraWQiOiJpbnRlZ3JpdHkta2V5IiwiYWxnIjoiRVMyNTYifQ.eyJpZCI6InIxIiwidWlkIjoiMHgwMDY0MjczNWJmNDkyNDNiODciLCJvYmplY3RUeXBlIjoiUFJJVkFURV9LRVkiLCJrZXlGb3JtYXQiOnsidHlwZSI6IlJTQSIsInNpemUiOjIwNDh9LCJrZXlQcm9wZXJ0aWVzIjp7InRydXN0ZWQiOmZhbHNlLCJleHBvcnRUeXBlIjoiTk9OX0VYUE9SVEFCTEUiLCJncm91cHMiOlsiZGVmYXVsdCJdfSwibG9jYWwiOnRydWUsImhhc0NlcnRpZmljYXRlIjpmYWxzZSwic3RhdGUiOiJBQ1RJVkUiLCJzeW5jIjp0cnVlLCJyZXF1aXJlQXBwcm92YWwiOmZhbHNlLCJwa0luZm8iOnsicnNhIjp7InB1YmxpY0V4cG9uZW50IjoiNjU1MzciLCJtb2R1bHVzIjoiMDA6QkQ6MTA6MTc6ODI6QkM6M0U6Mjc6MDI6QUQ6RDI6Mjk6REI6ODQ6ODY6MTE6QjY6RDk6REM6MTA6QjU6M0I6QjU6QTM6NzA6OEY6MUU6QUE6Mzk6MkI6Njc6RTE6Nzk6NzM6RDc6QkU6OTA6RDY6REU6QjQ6REM6OUM6RjY6Nzc6MDg6MTA6RkQ6QzE6N0Y6Qzk6M0Y6RDQ6RTk6OTQ6MDM6NjM6Q0E6RDQ6NUI6NEE6MjE6QUU6Qzg6RjE6RkY6OTU6MzY6RDI6RDE6NzI6QUE6M0I6NEY6RUQ6MjA6MzI6RDk6NDc6QzM6NTk6NDI6MDk6NkI6RUU6Rjc6MjA6NUU6NTA6NjM6ODg6NkU6QzY6NzY6RjI6NjA6QUM6MTM6Mzc6MDE6NDM6NkU6Qzc6NDc6MjA6RTc6NjI6MzI6MjI6REQ6NDA6Qjk6MDk6MjI6M0U6RTc6QkY6NDU6MUM6NzY6OTg6QUM6Rjg6RTA6MjU6Qjg6RDY6NDQ6QTQ6RkM6N0I6Qjc6NkQ6RTc6REM6Q0I6OEM6NjU6MTA6RUM6QUE6RTU6Qzg6RUQ6Q0U6NzI6RUE6RDA6MjU6QjQ6OUQ6MkQ6QkI6REY6QjU6NUQ6QjQ6OTA6NUM6MDI6N0U6MEU6N0E6MjQ6QjM6Qzg6Qjg6RTc6QzM6RDg6NEU6ODI6OUE6NUQ6N0M6QkM6Mzk6MDg6MjA6Njg6NDc6NDc6Rjk6NDc6QkU6MzU6NkE6NUQ6NUQ6NkY6MUI6QTM6QjQ6MUY6QjU6Mjg6Njg6QjU6ODI6QkI6RDQ6NkI6RjQ6RTE6MzI6RDA6Qzg6M0I6MDU6QjA6MzE6RTA6NTQ6NEE6QjY6ODU6NkM6MUY6MkE6QkU6QjQ6MTQ6Q0M6NEE6Mjk6M0E6OEE6RTc6QUI6ODg6RDQ6RTg6OEY6QTE6NkI6RTQ6ODQ6N0Y6NUE6RjU6QzU6QjU6RUY6RDQ6REQ6Mjg6Njc6MjE6Qzg6QkU6OUY6Mzk6QzE6MTQ6Mzk6Q0Y6RDA6REIifX0sImNyZWF0ZWRBdCI6IjIwMTktMDMtMTFUMDg6MzM6NDdaIiwidXBkYXRlZEF0IjoiMjAxOS0wMy0xMVQwODozMzo0OFoifQ.OMsru0JgLra358guXW8jMgCgArlkHdeR0m2rbFLl4yIKLNjxt4TUv3q2IpdUKgeOvWsexBb3VT1TZQ7ON6Y3pA"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | false | read-only | value |
Job
{
"initiator": "so@root",
"id": "389323ee-3588-416e-94bd-f93ca815762e",
"title": "string",
"opName": "PARTITION_CONFIG_SET ",
"createdAt": "string",
"expiresAt": "string",
"opParams": [
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
],
"response": "string",
"approvedBy": [
"string"
],
"status": "PENDING_APPROVAL",
"totalRequiredApprovals": 0
}
An asynchronous job
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| initiator | string | false | read-only | Initiator |
| id | string | false | read-only | ID |
| title | string | false | read-only | Title |
| opName | string | false | read-only | opName |
| createdAt | string | false | read-only | Created at |
| expiresAt | string | false | read-only | Expires at |
| opParams | [KeyValueEntry] | false | read-only | opParams |
| response | string | false | read-only | response |
| approvedBy | [string] | false | read-only | Approved by |
| status | string | false | read-only | status |
| totalRequiredApprovals | integer(int32) | false | read-only | Total required approvals |
Enumerated Values
| Property | Value |
|---|---|
| status | PENDING_APPROVAL |
| status | PENDING_EXECUTION |
| status | DONE |
| status | EXPIRED |
Key
{
"keyData": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| keyData | string | false | none | base64 encoded key data |
KeyFormat
{
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| type | string | true | none | key type |
| size | integer(int32) | false | none | key size |
| curve | string | false | none | Required for ecliptic curve |
| offlineKeyParams | OfflineKeyParams | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| type | RSA |
| type | ECC |
| type | AES |
| type | TDES |
| type | DES |
| type | HMAC |
| type | XTS |
| type | PRF |
| type | PWD |
| type | LIMA |
| type | EDDSA |
| type | TOTSSeed |
| type | CHACHA20 |
| type | SPLIT_KEY |
| curve | P256 |
| curve | P384 |
| curve | P521 |
| curve | SECP256K1 |
| curve | CURVE25519 |
| curve | CURVE448 |
KeyInfo
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
Key object details
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | false | read-only | key identifier label |
| uid | string | false | read-only | key identifier |
| isExternal | boolean | false | read-only | Is key is external |
| existsInUkc | boolean | false | none | Exists in ukc |
| objectType | string | false | read-only | object type |
| keyFormat | KeyFormat | false | none | none |
| keyProperties | KeyProperties | false | none | none |
| local | boolean | false | read-only | True if this key was created inside UKC, false when imported |
| hasCertificate | boolean | false | read-only | True if this key has a matching certificate in UKC |
| certificateOnly | boolean | false | read-only | True if this certificate does not have a matching certificate in UKC |
| state | string | false | read-only | state |
| isEnabled | boolean | false | read-only | Is enabled |
| sync | boolean | false | read-only | This key is synchronized in within the UKC pair |
| isFips | boolean | false | read-only | This key created in FIPS mode |
| cacheTimeout | integer(int32) | false | read-only | This is key cache timeout |
| requireApproval | boolean | false | read-only | This key is requires partner approval for sign operations |
| prev | string | false | read-only | Does the key have previous key (created by Rekey operation) |
| next | string | false | read-only | Does the key have next key (created by Rekey operation) |
| nextKeyRotationTime | string | false | read-only | Next key rotation time |
| applicationInfos | [ApplicationInfo] | false | read-only | Application infos |
| pkInfo | PKInfoType | false | none | Properties of PKI key |
| chain | [CertificateInfo] | false | read-only | Private key (RSA/ECC) information |
| chains | [array] | false | read-only | Key chains |
| createdAt | string | false | read-only | Creation date |
| updatedAt | string | false | read-only | Last update date |
| activationDate | string | false | read-only | Activation date |
| deactivationDate | string | false | read-only | Deactivation date |
| compromiseDate | string | false | read-only | Compromise date |
| compromiseOccurrenceDate | string | false | read-only | Compromise occurrence date |
| keyStoreProperties | KeyStoreProperties | false | none | none |
| splitKeyInfo | SplitKeyInfo | false | none | Key object details |
| kcv | string | false | read-only | Kcv |
| policyKeyId | string | false | read-only | for internal CASP use |
| alertLevel | string | false | read-only | alertLevel |
| deactivationInfo | DeactivationInfo | false | none | Deactivated key info |
| destroyDate | string | false | read-only | Destroy date |
Enumerated Values
| Property | Value |
|---|---|
| objectType | CERTIFICATE |
| objectType | PRIVATE_KEY |
| objectType | SYMMETRIC |
| objectType | PUBLIC_KEY |
| objectType | SECRET_DATA |
| objectType | SPLIT_KEY |
| state | PREACTIVE |
| state | ACTIVE |
| state | DEACTIVATED |
| state | COMPROMISED |
| state | DESTROYED |
| state | DESTROYED_COMPROMISED |
| alertLevel | WARN |
KeyInfoListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"id": "my-key",
"uid": "0x00d78d6a396072e9a0",
"isExternal": true,
"existsInUkc": true,
"objectType": "CERTIFICATE",
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
},
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"local": true,
"hasCertificate": true,
"certificateOnly": true,
"state": "PREACTIVE",
"isEnabled": true,
"sync": true,
"isFips": true,
"cacheTimeout": 0,
"requireApproval": true,
"prev": "string",
"next": "string",
"nextKeyRotationTime": "string",
"applicationInfos": [
{
"nameSpace": "string",
"data": {
"property1": {},
"property2": {}
}
}
],
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"chain": [
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
],
"chains": [
[
{
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
]
],
"createdAt": "string",
"updatedAt": "string",
"activationDate": "string",
"deactivationDate": "string",
"compromiseDate": "string",
"compromiseOccurrenceDate": "string",
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"splitKeyInfo": {
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
},
"kcv": "string",
"policyKeyId": "0x005945c208734d6fa3",
"alertLevel": "WARN",
"deactivationInfo": {
"revocationReason": "string",
"message": "string"
},
"destroyDate": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [KeyInfo] | false | read-only | items |
KeyProperties
{
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| description | string | false | none | Description for the key |
| supportedOperations | [string] | false | none | Key supported operations |
| trusted | boolean | false | none | True if the key is trusted |
| keyRotationInterval | integer(int32) | false | none | Key rotation interval |
| exportType | string | false | none | The default value is IN_PLAIN for certificates and public keys. Otherwise, the default is NOT_EXPORTABLE. |
| groups | [string] | false | none | Key groups |
Enumerated Values
| Property | Value |
|---|---|
| exportType | IN_PLAIN |
| exportType | WRAPPED |
| exportType | WRAPPED_WITH_TRUSTED |
| exportType | NON_EXPORTABLE |
KeyStore
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | Key store name |
| description | string | false | none | Key store description |
| params | object | false | none | Key store params |
| » additionalProperties | object | false | none | none |
| endpoints | [KeyStoreEndpoint] | false | none | Key store endpoints |
| isExternal | boolean | false | none | External key store flag |
| status | KeyStoreStatus | false | none | none |
| keyStoreSyncPolicy | string | false | none | Key store sync policy |
| capabilities | Capabilities | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| keyStoreSyncPolicy | ALL_ACTIVE |
| keyStoreSyncPolicy | ONLY_MODIFIED |
| keyStoreSyncPolicy | NONE |
KeyStoreEndpoint
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| url | string | false | none | Endpoint url |
| certificateInfo | CertificateInfo | false | none | Certificate public information |
KeyStoreProperties
{
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| keyStoreName | string | true | none | Key store ID |
| keyStoreObjectId | string | false | none | Key store Object ID |
| keyStoreProtectionMethod | string | false | none | Key store Object Protection Method |
| byok | boolean | false | none | Is Byok |
Enumerated Values
| Property | Value |
|---|---|
| keyStoreProtectionMethod | HSM |
| keyStoreProtectionMethod | SOFTWARE |
| keyStoreProtectionMethod | EXTERNAL |
| keyStoreProtectionMethod | DEFAULT |
KeyStoreStatus
{
"keyStoreCode": "STOPPED",
"message": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| keyStoreCode | string | false | none | Key store code |
| message | string | false | none | Message |
Enumerated Values
| Property | Value |
|---|---|
| keyStoreCode | STOPPED |
| keyStoreCode | UNREGISTERED |
| keyStoreCode | RUNNING |
KeyStoreTemplates
{
"GCP": {
"name": "string",
"secretKey": "string",
"params": {
"keyring_id": "string",
"location": "string"
},
"description": "string"
},
"Azure": {
"name": "string",
"accessKeyId": "string",
"secretKey": "string",
"params": {
"URL": "string"
},
"description": "string"
},
"AWSKMS": {
"name": "string",
"accessKeyId": "string",
"secretKey": "string",
"description": "string",
"param": {
"REGION": "string"
}
},
"LunaHSM": {
"name": "string",
"secretKey": "string",
"params": {
"URL": "string"
},
"isExternal": true,
"description": "string"
},
"nCipherHSM": {
"name": "string",
"secretKey": "string",
"params": {
"URL": "string"
},
"isExternal": true,
"description": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| GCP | GCPKeyStoreTemplate | false | none | none |
| Azure | AzureKeyStoreTemplate | false | none | none |
| AWSKMS | AWSKeyStoreTemplate | false | none | none |
| LunaHSM | HSMKeyStoreTemplate | false | none | none |
| nCipherHSM | HSMKeyStoreTemplate | false | none | none |
KeyStoreUpdates
{
"description": "string",
"accessKeyId": "string",
"secretKey": "string",
"params": {
"property1": {},
"property2": {}
},
"keyStoreSyncPolicy": "ALL_ACTIVE"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| description | string | false | none | description |
| accessKeyId | string | false | none | accessKeyId |
| secretKey | string | false | none | secretKey |
| params | object | false | none | params |
| » additionalProperties | object | false | none | none |
| keyStoreSyncPolicy | string | false | none | Key store sync policy |
Enumerated Values
| Property | Value |
|---|---|
| keyStoreSyncPolicy | ALL_ACTIVE |
| keyStoreSyncPolicy | ONLY_MODIFIED |
| keyStoreSyncPolicy | NONE |
KeyUpdates
{
"id": "string",
"description": "string",
"splitKeyParts": 0,
"keyPartIdentifier": 0,
"splitKeyThreshold": 0,
"splitKeyMethod": "string",
"groups": [
"string"
],
"activationDate": 0,
"deactivationDate": 0
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | false | none | Key ID |
| description | string | false | none | Key description |
| splitKeyParts | integer(int32) | false | none | Number of parts |
| keyPartIdentifier | integer(int32) | false | none | Part identifier |
| splitKeyThreshold | integer(int32) | false | none | Threshold |
| splitKeyMethod | string | false | none | Threshold |
| groups | [string] | false | none | Key groups |
| activationDate | integer(int64) | false | read-only | Activation date |
| deactivationDate | integer(int64) | false | read-only | Deactivation date |
KeyValueEntry
{
"key": "string",
"value": "string",
"description": "string",
"type": "BOOLEAN",
"defaultValue": "string",
"min": 0,
"max": 0,
"unit": "SECONDS"
}
Key value entry
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| key | string | true | none | key |
| value | string | true | none | value |
| description | string | false | read-only | quorum timeout |
| type | string | false | read-only | value type |
| defaultValue | string | false | read-only | default value |
| min | integer(int32) | false | read-only | minimum value |
| max | integer(int32) | false | read-only | maximum value |
| unit | string | false | read-only | unit type |
Enumerated Values
| Property | Value |
|---|---|
| type | BOOLEAN |
| type | TEXT |
| type | INTEGER |
| type | ARRAY |
| type | MAP |
| type | CERTIFICATE |
| type | POLICY |
| unit | SECONDS |
| unit | MINUTES |
| unit | HOURS |
| unit | DAYS |
| unit | MONTHS |
| unit | YEARS |
| unit | CHARACTERS |
| unit | MILLIS |
KeystoreListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "string",
"description": "string",
"params": {
"property1": {},
"property2": {}
},
"endpoints": [
{
"url": "string",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"isExternal": true,
"status": {
"keyStoreCode": "STOPPED",
"message": "string"
},
"keyStoreSyncPolicy": "ALL_ACTIVE",
"capabilities": {
"keyStoreObjectTypes": [
"KEY"
],
"cryptoOperationTypes": [
"DERIVE"
],
"keyStoreObjectAlgorithmTypes": [
"RSA"
],
"cryptoOperationAlgorithmTypes": [
"PSS_SHA_256"
],
"hashTypes": [
"SHA1"
],
"byokSupport": [
"RSA_IMPORT"
],
"renameSupport": true
}
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [KeyStore] | false | read-only | items |
Label
{
"value": "string",
"encoding": "PLAIN"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | true | none | Value |
| encoding | string | false | none | Encoding |
Enumerated Values
| Property | Value |
|---|---|
| encoding | PLAIN |
| encoding | BASE64 |
| encoding | HEX |
MACSignData
{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"mode": "GMAC",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 0
}
}
Input for MAC operation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| data | string | true | none | data |
| dataEncoding | string | false | none | data encoding |
| params | MacCryptoParams | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
MACVerifyData
{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"mode": "GMAC",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 0
},
"mac": {
"mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
"ivBase64": "string"
}
}
Includes data used for MAC verification
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| data | string | true | none | data |
| dataEncoding | string | false | none | data encoding |
| params | MacCryptoParams | false | none | none |
| mac | Mac | true | none | none |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
Mac
{
"mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
"ivBase64": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| mac | string | false | none | mac |
| ivBase64 | string | false | none | base64 encoded Initialize Vector |
MacCryptoParams
{
"mode": "GMAC",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 0
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| mode | string | false | none | Mode of operation |
| iv | Iv | false | none | none |
| tagLength | integer(int32) | false | none | Tag length |
Enumerated Values
| Property | Value |
|---|---|
| mode | GMAC |
| mode | CMAC |
| mode | X919_3DES_MAC |
| mode | HMAC_SHA1 |
| mode | HMAC_SHA256 |
| mode | HMAC_SHA384 |
| mode | HMAC_SHA512 |
| mode | HMAC_SHA3_256 |
| mode | HMAC_SHA3_384 |
| mode | HMAC_SHA3_512 |
NewAndExistingPassword
{
"existingPassword": "string",
"newPassword": "string",
"otp": "815713"
}
New And Existing Password
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| existingPassword | string | true | none | The existing user password |
| newPassword | string | true | none | The new password |
| otp | string | false | none | User TOTP |
NewClient
{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"activationCodeValidity": 20,
"isTemplate": false,
"persistentClient": true,
"activationCodeLength": 10,
"ipRange": "0.0.0.0/0",
"certificateExpiration": 1578240
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true | none | Client name |
| checkIp | boolean | false | none | Enforce client ip verification |
| allowNat | boolean | false | none | Allow client use NAT |
| expiration | integer(int32) | false | none | Client expiration in minutes |
| activationCodeValidity | integer(int32) | false | none | Client activation code validity in minutes |
| isTemplate | boolean | false | none | Is client is a template client or not |
| persistentClient | boolean | false | none | Use ephemeral persistent client (relevant for Templates clients only) |
| activationCodeLength | integer(int32) | false | none | Client activation code length (digits) |
| ipRange | string | false | none | Client IP range |
| certificateExpiration | integer(int32) | false | none | Client certificate validity in minutes |
NewClientWithCertificate
{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"alternativeNames": "{client-ip,client-name}",
"pfxPassword": "string",
"csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"certificate": "string",
"certificateExpiration": 1578240
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true | none | Client name |
| checkIp | boolean | false | none | Enforce client ip verification |
| allowNat | boolean | false | none | Allow client use NAT |
| expiration | integer(int32) | false | none | Client expiration in minutes |
| persistentClient | boolean | false | none | Use ephemeral persistent client (relevant for Templates clients only) |
| alternativeNames | [string] | false | none | Client alternative names |
| pfxPassword | string | false | none | The new client PFX password |
| csr | string | false | none | The new client Base64 encoded Certificate Request |
| publicKey | string | false | none | The new client Base64 encoded ECC Public Key |
| certificate | string | false | none | The new certificate PEN or DER encoded |
| certificateExpiration | integer(int32) | false | none | Client certificate validity in minutes |
NewClientWithSecret
{
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"ipRange": "0.0.0.0/0",
"grantTypes": [
"CLIENT_CREDENTIALS"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true | none | Client name |
| checkIp | boolean | false | none | Enforce client ip verification |
| allowNat | boolean | false | none | Allow client use NAT |
| expiration | integer(int32) | false | none | Client expiration in minutes |
| persistentClient | boolean | false | none | Use ephemeral persistent client (relevant for Templates clients only) |
| ipRange | string | false | none | Client IP range |
| grantTypes | [string] | false | none | Client grant types |
NewGeneratedKey
{
"policyKeyId": "string",
"keyId": "string",
"keyIdEncoding": "PLAIN",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| policyKeyId | string | false | none | none |
| keyId | string | true | none | An ID for the new key |
| keyIdEncoding | string | false | read-only | Encoding for the new key ID |
| keyProperties | KeyProperties | false | none | none |
| keyStoreProperties | KeyStoreProperties | false | none | none |
| activate | boolean | false | none | Activate the key |
| activationDate | integer(int64) | false | none | Activation date |
| deactivationDate | integer(int64) | false | none | Deactivation date |
| keyFormat | KeyFormat | true | none | none |
Enumerated Values
| Property | Value |
|---|---|
| keyIdEncoding | PLAIN |
| keyIdEncoding | BASE64 |
| keyIdEncoding | HEX |
NewGeneratedSecret
{
"id": "mySecret1",
"description": "string",
"groups": [
"string"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | true | none | An identifier/label for the secret data |
| description | string | false | none | The secret description |
| groups | [string] | false | none | Secret groups |
NewIdentityProvider
{
"name": "string",
"description": "string",
"url": "string",
"clientId": "string",
"clientSecret": "string",
"usedClaims": "[sub]",
"requiredScopes": "[openid]"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true | none | Identity Provider name |
| description | string | false | none | Identity Provider description |
| url | string | false | none | Identity Provider URL |
| clientId | string | false | none | Identity Provider clientId |
| clientSecret | string | false | none | Identity Provider clientSecret |
| usedClaims | [string] | false | none | Identity Provider claims used for authentication |
| requiredScopes | [string] | false | none | Identity Provider scopes required for authentication |
NewKeyStore
{
"name": "string",
"description": "string",
"accessKeyId": "string",
"secretKey": "string",
"params": {
"property1": {},
"property2": {}
},
"isExternal": true,
"keyStoreSyncPolicy": "ALL_ACTIVE"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true | none | Key store name |
| description | string | false | none | Key store description |
| accessKeyId | string | false | none | Key store accessKeyId |
| secretKey | string | true | none | Key store secretKey |
| params | object | false | none | Key store params |
| » additionalProperties | object | false | none | none |
| isExternal | boolean | false | none | External key store flag |
| keyStoreSyncPolicy | string | false | none | Key store sync policy |
Enumerated Values
| Property | Value |
|---|---|
| keyStoreSyncPolicy | ALL_ACTIVE |
| keyStoreSyncPolicy | ONLY_MODIFIED |
| keyStoreSyncPolicy | NONE |
NewKeyStoreEndpoint
{
"url": "string",
"pfxPassword": "string",
"san": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| url | string | true | none | Endpoint url |
| pfxPassword | string | true | none | Endpoint pfx password |
| san | string | false | none | Endpoint subject alternative name |
NewLinkedKey
{
"keyStoreName": "string",
"keyStoreObjectId": "string",
"alias": "string",
"activate": true,
"groups": [
"string"
],
"keyRotationInterval": 0,
"activationDate": 0,
"deactivationDate": 0
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| keyStoreName | string | true | none | Key store ID |
| keyStoreObjectId | string | true | none | Key store Object ID |
| alias | string | false | none | Key alias |
| activate | boolean | false | none | Activate the key |
| groups | [string] | false | none | Key groups |
| keyRotationInterval | integer(int32) | false | none | Key rotation interval |
| activationDate | integer(int64) | false | none | Activation date |
| deactivationDate | integer(int64) | false | none | Deactivation date |
NewPair
{
"entryPoint": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
},
"partner": {
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
}
A UKC pair
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| entryPoint | NewServer | true | none | An UKC New Server |
| partner | NewServer | true | none | An UKC New Server |
NewPartition
{
"name": "string",
"soPassword": "string",
"newClient": {
"name": "client-name",
"checkIp": false,
"allowNat": false,
"expiration": 1578240,
"persistentClient": true,
"alternativeNames": "{client-ip,client-name}",
"pfxPassword": "string",
"csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"certificate": "string",
"certificateExpiration": 1578240
},
"inherit": false,
"propagate": false,
"fipsRequirements": "FIPS_NONE",
"isAllowDefaultClient": false,
"allowKeystores": false,
"cacheTimeout": 3600
}
A UKC Partition
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true | none | The new partition name |
| soPassword | string | true | none | The new partition SO password |
| newClient | NewClientWithCertificate | true | none | none |
| inherit | boolean | false | none | Inherit root partition settings |
| propagate | boolean | false | none | Support certificate propagation |
| fipsRequirements | string | false | none | The Partition FIPS Requirements |
| isAllowDefaultClient | boolean | false | none | Allow using default client |
| allowKeystores | boolean | false | none | Allow using key stores |
| cacheTimeout | integer(int32) | false | none | The partition cache timeout |
Enumerated Values
| Property | Value |
|---|---|
| fipsRequirements | FIPS_MANDATORY |
| fipsRequirements | FIPS_PREFERRED |
| fipsRequirements | FIPS_NONE |
NewRole
{
"name": "role_name",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true | none | role name |
| managedObjectsPermissions | [RolePermission] | true | none | none |
NewSecret
{
"id": "mySecret1",
"description": "string",
"groups": [
"string"
],
"data": "My secret data"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | true | none | An identifier/label for the secret data |
| description | string | false | none | The secret description |
| groups | [string] | false | none | Secret groups |
| data | string | true | none | The data to keep as secret |
NewServer
{
"host": "ip or fqdn",
"port": 8443,
"newServerCertificate": {
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
}
An UKC New Server
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| host | string | true | none | The server host |
| port | integer(int32) | true | none | The server port |
| newServerCertificate | NewServerCertificate | false | none | New server certificate data |
NewServerCertificate
{
"certificate": "string",
"certificateFingerprint": "string",
"certificateInfo": "string"
}
New server certificate data
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| certificate | string | false | none | The server certificate encoded in base64 |
| certificateFingerprint | string | false | none | The server certificate fingerprint |
| certificateInfo | string | false | none | The server certificate info |
NewUser
{
"password": "Password1!",
"name": "john_a",
"role": "user",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"authType": "STANDARD"
}
A UKC new user
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| password | string | false | none | The user password |
| name | string | true | none | name |
| role | string | false | none | The user role |
| aliases | [UserAliases] | false | none | aliases |
| authType | string | false | none | Auth type |
Enumerated Values
| Property | Value |
|---|---|
| authType | STANDARD |
| authType | LDAP |
| authType | OIDC |
NewUsersGroup
{
"name": "group1",
"roles": "[so, user, signer]",
"users": "[so, user, admin]",
"expression": ".*@somedomain.com"
}
A UKC new users group
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | true | none | none |
| roles | [string] | false | none | List of all roles in the group |
| users | [string] | false | none | List of all users in the group |
| expression | string | false | none | A regular expression string |
OAEPPadding
{
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
(Only relevant for encryption) The OAEP padding parameters
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| mgf | string | false | none | mgf |
| label | Label | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| mgf | SHA1 |
| mgf | SHA256 |
| mgf | SHA384 |
| mgf | SHA512 |
| mgf | SHA3_256 |
| mgf | SHA3_384 |
| mgf | SHA3_512 |
OauthToken
{
"access_token": "eyJ...MoQ",
"token_type": "bearer",
"expires_at": "string",
"expires_in": 1000,
"scope": "user",
"refresh_token": "eyJ...0N"
}
Oauth Token
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| access_token | string | false | none | Access Token |
| token_type | string | false | none | Token type |
| expires_at | string | false | none | Token expiration date |
| expires_in | integer(int64) | false | none | The lifetime of the access token, in seconds |
| scope | string | false | none | The provided scope (the user Role) |
| refresh_token | string | false | none | Refresh Token |
OfflineKeyParams
{
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| backup | string | false | read-only | BASE64 ECDSA offline backup |
| paillierKey | string | true | none | EC offline Paillier key public key |
| paillierKeys | [string] | true | none | EC offline Paillier keys public key |
PKInfoType
{
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
}
Properties of PKI key
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| rsa | RSAKeyInfoType | false | none | Details of RSA public key |
| ecc | ECCKeyInfoType | false | none | Details of ECC public key |
PSSPadding
{
"mgf": "SHA1",
"saltSize": 0
}
(Only relevant for signing) The PSS padding parameters
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| mgf | string | false | none | MGF hash algorithm |
| saltSize | integer(int32) | true | none | the salt size |
Enumerated Values
| Property | Value |
|---|---|
| mgf | SHA1 |
| mgf | SHA256 |
| mgf | SHA384 |
| mgf | SHA512 |
| mgf | SHA3_256 |
| mgf | SHA3_384 |
| mgf | SHA3_512 |
Padding
{
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
}
Crypto operation padding type
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| type | string | true | none | none |
| pss | PSSPadding | false | none | (Only relevant for signing) The PSS padding parameters |
| oaep | OAEPPadding | false | none | (Only relevant for encryption) The OAEP padding parameters |
Enumerated Values
| Property | Value |
|---|---|
| type | RAW |
| type | PKCS1 |
| type | OAEP |
| type | PSS |
Pair
{
"entryPoint": {
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
},
"partner": {
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
}
A UKC pair
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| entryPoint | Server | false | none | A UKC server |
| partner | Server | false | none | A UKC server |
Partition
{
"checkClientIp": true,
"name": "root",
"allowNat": true,
"allowUserOnlyCryptoOperations": true,
"clientRetriesLimit": 0,
"clientRetriesTimeout": 0,
"creationDate": "string",
"getjWTLimit": 0,
"lastUpdate": "string",
"passwordComplexity": true,
"passwordLength": 0,
"quorumOperations": "string",
"quorumSize": 0,
"quorumTimeout": 0,
"supportCertificatePropagation": true,
"supportPartitionInheritance": true,
"userRetriesLimit": 0,
"fipsRequirements": "FIPS_NONE",
"policy": [
{
"type": "RSA",
"minSize": 0,
"curves": [
"P256"
],
"operations": [
"SIGN"
],
"paddings": [
"RAW"
],
"hashes": [
"SHA1"
],
"modes": [
"ECB"
],
"macs": [
"GMAC"
],
"exportType": "IN_PLAIN",
"trusted": true,
"local": true
}
],
"allowKeystores": false,
"enforceTwoFactorAuth": false,
"totpTimeDrift": 30,
"cacheTimeout": 3600,
"jWTExpiration": 0
}
A partitions is used as a logical container for security objects like keys and Certificates
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| checkClientIp | boolean | false | read-only | check clients ip |
| name | string | false | read-only | none |
| allowNat | boolean | false | read-only | True when allowing NAT |
| allowUserOnlyCryptoOperations | boolean | false | read-only | True if user is only allowed to do crypto |
| clientRetriesLimit | integer(int32) | false | read-only | client retries limit |
| clientRetriesTimeout | integer(int32) | false | read-only | client retries timeout |
| creationDate | string | false | read-only | partition creation date |
| getjWTLimit | integer(int32) | false | read-only | JWT usage limit |
| lastUpdate | string | false | read-only | partition last update |
| passwordComplexity | boolean | false | read-only | enforce password complexity |
| passwordLength | integer(int32) | false | read-only | partition allowed password length |
| quorumOperations | string | false | read-only | quorum operations |
| quorumSize | integer(int32) | false | read-only | quorum size |
| quorumTimeout | integer(int32) | false | read-only | quorum timeout |
| supportCertificatePropagation | boolean | false | read-only | True when supporting certificate propagation |
| supportPartitionInheritance | boolean | false | read-only | True when supporting certificate inheritance |
| userRetriesLimit | integer(int32) | false | read-only | user retries limit |
| fipsRequirements | string | false | none | The Partition FIPS Requirements |
| policy | [PartitionPolicyRule] | false | none | The Partition Policy |
| allowKeystores | boolean | false | none | Allow using key stores |
| enforceTwoFactorAuth | boolean | false | none | Enforce 2FA |
| totpTimeDrift | integer(int32) | false | none | TOTP time drift |
| cacheTimeout | integer(int32) | false | none | Cache-timeout |
| jWTExpiration | integer(int32) | false | read-only | JWT expiration time |
Enumerated Values
| Property | Value |
|---|---|
| fipsRequirements | FIPS_MANDATORY |
| fipsRequirements | FIPS_PREFERRED |
| fipsRequirements | FIPS_NONE |
PartitionListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"checkClientIp": true,
"name": "root",
"allowNat": true,
"allowUserOnlyCryptoOperations": true,
"clientRetriesLimit": 0,
"clientRetriesTimeout": 0,
"creationDate": "string",
"getjWTLimit": 0,
"lastUpdate": "string",
"passwordComplexity": true,
"passwordLength": 0,
"quorumOperations": "string",
"quorumSize": 0,
"quorumTimeout": 0,
"supportCertificatePropagation": true,
"supportPartitionInheritance": true,
"userRetriesLimit": 0,
"fipsRequirements": "FIPS_NONE",
"policy": [
{
"type": "RSA",
"minSize": 0,
"curves": [
"P256"
],
"operations": [
"SIGN"
],
"paddings": [
"RAW"
],
"hashes": [
"SHA1"
],
"modes": [
"ECB"
],
"macs": [
"GMAC"
],
"exportType": "IN_PLAIN",
"trusted": true,
"local": true
}
],
"allowKeystores": false,
"enforceTwoFactorAuth": false,
"totpTimeDrift": 30,
"cacheTimeout": 3600,
"jWTExpiration": 0
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [Partition] | false | read-only | items |
PartitionPolicyRule
{
"type": "RSA",
"minSize": 0,
"curves": [
"P256"
],
"operations": [
"SIGN"
],
"paddings": [
"RAW"
],
"hashes": [
"SHA1"
],
"modes": [
"ECB"
],
"macs": [
"GMAC"
],
"exportType": "IN_PLAIN",
"trusted": true,
"local": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| type | string | true | none | type |
| minSize | integer(int32) | false | none | minimum size |
| curves | [string] | false | none | allowed curves |
| operations | [string] | false | none | allowed operations |
| paddings | [string] | false | none | allowed paddings |
| hashes | [string] | false | none | allowed hashs |
| modes | [string] | false | none | allowed modes |
| macs | [string] | false | none | allowed macs |
| exportType | string | false | none | minimum export type |
| trusted | boolean | false | none | is trusted |
| local | boolean | false | none | is local |
Enumerated Values
| Property | Value |
|---|---|
| type | RSA |
| type | ECC |
| type | AES |
| type | TDES |
| type | DES |
| type | HMAC |
| type | XTS |
| type | PRF |
| type | PWD |
| type | LIMA |
| type | EDDSA |
| type | TOTSSeed |
| type | CHACHA20 |
| type | SPLIT_KEY |
| exportType | IN_PLAIN |
| exportType | WRAPPED |
| exportType | WRAPPED_WITH_TRUSTED |
| exportType | NON_EXPORTABLE |
Password
{
"password": "Password2!"
}
A password
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| password | string | false | none | New user password |
QuorumStatus
{
"pendingApproval": 2,
"pendingExecution": 0
}
Quorum jobs status
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| pendingApproval | integer(int32) | false | read-only | pending approval |
| pendingExecution | integer(int32) | false | read-only | pending execution |
RSAKeyInfoType
{
"publicExponent": "string",
"modulus": "string"
}
Details of RSA public key
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| publicExponent | string | true | none | HEX encoded exponent |
| modulus | string | true | none | HEX encoded modulus |
RandomEntropyBytes
{
"entropy": "string"
}
Random Entropy Bytes
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| entropy | string | true | none | base64 encoded entropy bytes |
Range
{
"min": "string",
"max": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| min | string | true | none | min value |
| max | string | true | none | max value |
RefreshedCertificateClient
{
"certificateExpiration": 1578240,
"activationCodeValidity": 20,
"activationCodeLength": 10,
"ipRange": "0.0.0.0/0",
"generateNewActivationCode": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| certificateExpiration | integer(int32) | false | none | Client certificate validity in minutes |
| activationCodeValidity | integer(int32) | false | none | Client activation code validity in minutes |
| activationCodeLength | integer(int32) | false | none | Client activation code length (digits) |
| ipRange | string | false | none | Client IP range |
| generateNewActivationCode | boolean | false | none | Generate new activation code (default true |
RefreshedPublicKeyClient
{
"publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
"expiration": 1578240,
"alternativeNames": "{client-ip,client-name}"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| publicKey | string | true | none | The new client Base64 encoded ECC Public Key |
| expiration | integer(int32) | false | none | Client certificate validity in minutes |
| alternativeNames | [string] | false | none | Client alternative names |
RefreshedSecretClient
{
"expiration": 1578240,
"grantTypes": [
"CLIENT_CREDENTIALS"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| expiration | integer(int32) | false | none | Client expiration in minutes |
| grantTypes | [string] | false | none | Client grant types |
RevokeParams
{
"message": "string",
"reason": "UNSPECIFIED",
"compromiseOccurrenceDate": 0
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| message | string | false | none | revocation message |
| reason | string | false | none | Revocation reason |
| compromiseOccurrenceDate | integer(int64) | false | none | Date when the compromise occurred |
Enumerated Values
| Property | Value |
|---|---|
| reason | UNSPECIFIED |
| reason | KEY_COMPROMISE |
| reason | CA_COMPROMISE |
| reason | AFFILIATION_CHANGED |
| reason | SUPERSEDED |
| reason | CESSATION_OF_OPERATION |
| reason | PRIVILEGE_WITHDRAWN |
Role
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
An ekm role
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | read-only | name |
| partition | string | false | read-only | partition |
| createdAt | string | false | read-only | created at |
| updatedAt | string | false | read-only | updated at |
| managedObjectsPermissions | [RolePermission] | false | read-only | managed objects permissions |
RoleListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "role_name",
"partition": "~.codeSign.developers",
"createdAt": "string",
"updatedAt": "string",
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [Role] | false | read-only | items |
RolePermission
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| objectGroup | string | false | none | object group |
| operations | [string] | false | none | operations |
SealData
{
"clearText": "string",
"dataEncoding": "PLAIN"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| clearText | string | true | none | Data to seal |
| dataEncoding | string | false | none | the data encoding |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
SealedCipher
{
"value": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | true | none | base64 encoded sealed value |
Secret
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | true | none | An identifier/label for the secret data |
| description | string | false | read-only | The secret description |
| uid | string | false | read-only | Secret identifier |
| groups | [string] | false | none | Secret groups |
| createdAt | string | false | read-only | Creation date |
| updatedAt | string | false | read-only | Last update date |
SecretListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"id": "mySecret1",
"description": "string",
"uid": "0x00d78d6a396072e9a0",
"groups": [
"string"
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [Secret] | false | read-only | items |
SecretUpdates
{
"id": "string",
"description": "string",
"groups": [
"string"
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | false | none | Key ID |
| description | string | false | none | Key description |
| groups | [string] | false | none | Secret groups |
Server
{
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
A UKC server
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | read-only | The server name |
| host | string | false | read-only | The server host |
| role | string | false | read-only | The server role |
| status | string | false | read-only | The server status |
| os | string | false | read-only | The server operation system |
| cores | integer(int32) | false | read-only | The server amount of cores |
| cpuLoadPrecents | integer(int32) | false | read-only | The server CPU load |
| freeMemMegaBytes | integer(int32) | false | read-only | The server free Mega Bytes |
| totalMemMegaBytes | integer(int32) | false | read-only | The server total Mega Bytes |
| version | string | false | read-only | The server version |
| serverVersionMatch | string | false | read-only | The server version is not compatible |
| error | string | false | read-only | The server status error |
| lastStart | string | false | read-only | The server last starting time |
| requireRestart | string | false | read-only | The server needed to be restarted |
| alertLevel | string | false | read-only | alertLevel |
| certificateInfo | CertificateInfo | false | none | Certificate public information |
Enumerated Values
| Property | Value |
|---|---|
| role | ENTRYPOINT |
| role | PARTNER |
| role | AUXILIARY |
| status | RUNNING |
| status | STOPPED |
| alertLevel | WARN |
SignData
{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"doHash": true,
"ecdsaMode": "ECDSA",
"paillierKey": "string",
"totsSignData": {
"challengeResponse": "string",
"totsParams": {
"index": 0,
"nof": 1
}
}
}
Input for sign operation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| data | string | true | none | data |
| dataEncoding | string | false | none | data encoding |
| params | AsymmetricCryptoParams | false | none | none |
| doHash | boolean | false | none | do hash or not |
| ecdsaMode | string | false | none | ecdsa sign mode |
| paillierKey | string | false | none | paillier Key |
| totsSignData | TOTSSignData | false | none | none |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
| ecdsaMode | ECDSA |
| ecdsaMode | SCHNORR |
SignOperationAttributeTemplate
{
"id": "string",
"name": "string",
"description": "string",
"min": "string",
"max": "string",
"templateTypeName": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | false | none | none |
| name | string | false | none | none |
| description | string | false | none | none |
| min | string | false | none | none |
| max | string | false | none | none |
| templateTypeName | string | false | none | none |
SignOperationData
{
"publicKeys": [
"string"
],
"dataToSign": [
"string"
],
"rawTransactions": [
"string"
],
"details": "string",
"operationId": "string",
"data": [
"string"
],
"description": "string",
"signedVaultDeclaration": "string",
"collectedDataGroups": {
"collectionComplete": true,
"dataCollectionGroups": [
{
"minimumRequired": 0,
"collectedData": [
{
"dataCollectorDetails": {
"id": "string",
"name": "string",
"state": "string",
"description": "string",
"creationTime": "string",
"modificationTime": "string",
"authenticationKey": "string",
"attributeTemplateGroup": {
"id": "string",
"description": "string",
"attributeTemplateDetails": [
{
"id": "string",
"description": "string",
"type": "string",
"range": {}
}
]
},
"activationCode": "string"
},
"data": {
"property1": "string",
"property2": "string"
},
"collectionDone": true,
"signedUniqueData": "string",
"collectionStart": 0,
"collectionEnd": 0
}
],
"name": "string"
}
]
},
"vaultAttributes": {
"attributes": [
{
"value": "string",
"attributeTemplate": {
"id": "string",
"name": "string",
"description": "string",
"min": "string",
"max": "string",
"templateTypeName": "string"
}
}
]
},
"policyId": "string",
"creationTime": 0,
"ledgerName": "string",
"changePublicKeys": [
"string"
],
"derivedWhitelistChildNumbers": [
0
],
"ukcKeyIds": [
"string"
],
"ledgerHashAlgorithm": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| publicKeys | [string] | false | none | none |
| dataToSign | [string] | false | none | none |
| rawTransactions | [string] | false | none | none |
| details | string | false | none | none |
| operationId | string | false | none | none |
| data | [string] | false | none | none |
| description | string | false | none | none |
| signedVaultDeclaration | string | false | none | none |
| collectedDataGroups | CollectedDataGroupsDetails | false | none | none |
| vaultAttributes | SignOperationVaultAttributes | false | none | none |
| policyId | string | false | none | none |
| creationTime | integer(int64) | false | none | none |
| ledgerName | string | false | none | none |
| changePublicKeys | [string] | false | none | none |
| derivedWhitelistChildNumbers | [integer] | false | none | none |
| ukcKeyIds | [string] | false | none | none |
| ledgerHashAlgorithm | string | false | none | none |
SignOperationVaultAttribute
{
"value": "string",
"attributeTemplate": {
"id": "string",
"name": "string",
"description": "string",
"min": "string",
"max": "string",
"templateTypeName": "string"
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | false | none | none |
| attributeTemplate | SignOperationAttributeTemplate | false | none | none |
SignOperationVaultAttributes
{
"attributes": [
{
"value": "string",
"attributeTemplate": {
"id": "string",
"name": "string",
"description": "string",
"min": "string",
"max": "string",
"templateTypeName": "string"
}
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| attributes | [SignOperationVaultAttribute] | false | none | none |
Signature
{
"signature": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q="
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| signature | string | false | none | base64 encoded signature |
SlipDerivationParams
{
"childNumber": 0,
"hardened": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| childNumber | integer(int32) | true | none | child number |
| hardened | boolean | true | none | True if hardened |
SplitKeyInfo
{
"alertLevel": "WARN",
"splitKeyParts": 4,
"keyPartIdentifier": 2,
"splitKeyThreshold": 5,
"splitKeyMethod": "PolynomialSharingGF2_16"
}
Key object details
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| alertLevel | string | false | read-only | alertLevel |
| splitKeyParts | integer(int32) | false | read-only | split key parts |
| keyPartIdentifier | integer(int32) | false | read-only | key part identifier |
| splitKeyThreshold | integer(int32) | false | read-only | split key threshold |
| splitKeyMethod | string | false | read-only | split key method |
Enumerated Values
| Property | Value |
|---|---|
| alertLevel | WARN |
| splitKeyMethod | XOR |
| splitKeyMethod | PolynomialSharingGF2_16 |
| splitKeyMethod | PolynomialSharingPrimeField |
| splitKeyMethod | PolynomialSharingGF2_8 |
SubjectKeyIdentifier
{
"uid": "string",
"isCritical": true,
"keyId": "string"
}
Certificate x509 extension
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| uid | string | true | none | Extension UID |
| isCritical | boolean | true | none | Is Extension Critical |
| keyId | string | false | read-only | none |
SymmetricCryptoParams
{
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| mode | string | false | none | Mode of operation |
| iv | Iv | false | none | none |
| aad | Aad | false | none | none |
| tagLength | integer(int32) | false | none | For CCM, the value must be between 4 and 16, inclusive, and must be even. For other algorithms, the value must be between 1 and 16, inclusive. |
Enumerated Values
| Property | Value |
|---|---|
| mode | ECB |
| mode | CBC |
| mode | OFB |
| mode | CFB |
| mode | CTR |
| mode | GCM |
| mode | CCM |
| mode | XTS |
| mode | NISTWRAP |
| mode | CHACHA20 |
| mode | CHACHA20_POLY_1305 |
SystemCertificate
{
"id": "my-certificate",
"role": "ROOT_CA",
"subject": "string",
"validUntil": "string",
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"version": "V3",
"alertLevel": "WARN",
"uid": "string",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"issuer": "string",
"validFrom": "string",
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"sha1Thumbprint": "string",
"signature": "string",
"isCa": true,
"isSelfSigned": true
}
Certificate public information
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| id | string | true | none | Certificate identifier label |
| role | string | false | read-only | The server certificate role (EP, PARTNER, AUXILIARY, ROOT_CA) |
| subject | string | true | none | subject |
| validUntil | string | true | none | Date of of validity period end for this certificate |
| subjectAlternativeNames | AlternativeNames | false | none | Certificate x509 extension |
| version | string | true | none | Certificate version |
| alertLevel | string | false | read-only | alertLevel |
| uid | string | true | none | UID |
| serial | string | true | none | Certificate serial number |
| signatureAlgorithm | string | true | none | Signing algorithm used for signing this certificate |
| issuer | string | true | none | The CA that signed this certificate |
| validFrom | string | true | none | Date of of validity period start for this certificate |
| pkInfo | PKInfoType | true | none | Properties of PKI key |
| basicConstraints | BasicConstraints | false | none | Certificate x509 extension |
| subjectKeyIdentifier | SubjectKeyIdentifier | false | none | Certificate x509 extension |
| authorityKeyIdentifier | AuthorityKeyIdentifier | false | none | Certificate x509 extension |
| issuerAlternativeNames | AlternativeNames | false | none | Certificate x509 extension |
| extendedKeyUsage | ExtendedKeyUsage | false | none | Certificate x509 extension |
| sha1Thumbprint | string | true | none | certificate sha1 |
| signature | string | true | none | CA signature value for this certificate |
| isCa | boolean | true | none | Determines if this certificate is a CA certificate |
| isSelfSigned | boolean | true | none | Determines if this certificate is a self signed certificate |
Enumerated Values
| Property | Value |
|---|---|
| role | ROOT_CA |
| role | ENTRYPOINT |
| role | PARTNER |
| role | AUXILIARY |
| alertLevel | WARN |
SystemInfo
{
"version": "2.0.1",
"lastActivityAt": "string",
"allowedOperations": "{Create,Destroy,Sign,...}",
"allowedPartitions": "{part1, part2, ...}",
"alerts": [
{
"category": "CLIENTS",
"alertType": "CERT_ABOUT_TO_EXPIRE",
"alertLevel": "WARN",
"counter": 0,
"title": "string"
}
],
"allowedCryptoAlgorithms": "{RSA,DES,AES,...}",
"allowedDigitalSignatureAlgorithms": "{ECDSAWithSHA_1,ECDSAWithSHA256,ECDSAWithSHA384,...}",
"allowedHashingAlgorithms": "{SHA_1,SHA_224,SHA_256,...}",
"allowedBlockCipherModes": "{CBC,ECB,CFB,...}",
"allowedPaddings": "{RSA,DES,AES,...}",
"allowedCurves": "{SECP256K1,CURVE25519,CURVE448,...}"
}
Include information on UKC server
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| version | string | false | read-only | UKC server version |
| lastActivityAt | string | false | read-only | none |
| allowedOperations | [string] | false | read-only | A list of operation ID's that represent the operations that the current user is allowed to use. Should match the operation ID's as specified in this document |
| allowedPartitions | [string] | false | read-only | the partitions on which the user can contact them |
| alerts | [AlertsSummary] | false | read-only | none |
| allowedCryptoAlgorithms | [string] | false | read-only | A list of allowed Crypto algorithm |
| allowedDigitalSignatureAlgorithms | [string] | false | read-only | A list of allowed digital signature algorithm |
| allowedHashingAlgorithms | [string] | false | read-only | A list of allowed hashing algorithm |
| allowedBlockCipherModes | [string] | false | read-only | A list of allowed BlockCipher mode |
| allowedPaddings | [string] | false | read-only | A list of allowed padding method |
| allowedCurves | [string] | false | read-only | A list of allowed recommended curves |
TOTSChallengeData
{
"paillierKey": "string",
"message": "string",
"dataEncoding": "PLAIN",
"totsParams": {
"index": 0,
"nof": 1
}
}
Input for challenge operation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| paillierKey | string | true | none | Paillier Key |
| message | string | false | none | Message to be signed with challenge response |
| dataEncoding | string | false | none | data encoding |
| totsParams | TOTSParams | true | none | none |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
TOTSParams
{
"index": 0,
"nof": 1
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| index | integer(int32) | true | none | index of ephemeral TOTS derived key |
| nof | integer(int32) | true | none | Number of fragments - the Security level of the signature (1, 2, or 3) |
TOTSSignData
{
"challengeResponse": "string",
"totsParams": {
"index": 0,
"nof": 1
}
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| challengeResponse | string | false | none | challenge response for TOTS offline mode |
| totsParams | TOTSParams | true | none | none |
Token
{
"value": "eyJraWQiOiIweDAwMGNhZGQ5ODZiNWMwYTM5NCIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiJzb0BhenVyZSIsIm9yaWciOiIxMjcuMC4wLjEiLCJpc3MiOiJVTkJPVU5EIiwiaXNfcmVmcmVzaCI6ZmFsc2UsImV4cCI6MTU4MjQ0OTczNSwiaWF0IjoxNTgyNDQ3OTM1LCJqdGkiOiI5YWE0YjhiYi1kMGM4LTQxODEtYjhlMC0zYWQ4ODkzYjg1ZjcifQ.jqwC3O4XuIb678uVsBkWh-bBpvumnEIoFtde-xdBcF9CpUnqC1FURw6dpDeIb9TZvIzXDsjusucwv-JjjYbUYA"
}
Auth Token
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | true | none | The generated authentication token |
TokenizeData
{
"value": "string",
"tweak": "string",
"dataType": "EMAIL",
"format": "string",
"maxSize": 40
}
Tokenize single items with a PRF key. Note that all data types are input values except for TOKEN which is an output value.
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| value | string | true | none | Input value. |
| tweak | string | true | none | Changes the tokenization effect. |
| dataType | string | true | none | Data type of value. |
| format | string | false | none | Defines the tokenization format. Applies to SSN and US_PHONE data types only. |
| maxSize | integer(int32) | false | none | The operation parameters |
Enumerated Values
| Property | Value |
|---|---|
| dataType | |
| dataType | SSN |
| dataType | CREDIT_CARD |
| dataType | US_PHONE |
| dataType | STRING |
| dataType | BOOLEAN |
| dataType | SHORT |
| dataType | INTEGER |
| dataType | LONG |
| dataType | FLOAT |
| dataType | DOUBLE |
| dataType | DECIMAL |
| dataType | DATE |
| dataType | TIME |
| dataType | TIMESTAMP |
| dataType | TOKEN |
TokenizeResponse
{
"uid": "string",
"tweak": "string",
"value": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| uid | string | true | none | PRF key UID. |
| tweak | string | true | none | Tokenized tweak. |
| value | string | true | none | Array of tokenized values. |
TokenizeX
{
"valueItems": [
"string"
],
"tweak": "string",
"dataType": "EMAIL",
"format": "string",
"maxSize": 40
}
Tokenize multiple items with a PRF key. Note that all data types are input values except for TOKEN which is an output value.
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| valueItems | [string] | true | none | Array of input values to tokenize. |
| tweak | string | true | none | Changes the tokenization effect. |
| dataType | string | true | none | Data type of valueItems. |
| format | string | false | none | Defines the tokenization format. Applies to SSN and US_PHONE data types only. |
| maxSize | integer(int32) | false | none | The operation parameters |
Enumerated Values
| Property | Value |
|---|---|
| dataType | |
| dataType | SSN |
| dataType | CREDIT_CARD |
| dataType | US_PHONE |
| dataType | STRING |
| dataType | BOOLEAN |
| dataType | SHORT |
| dataType | INTEGER |
| dataType | LONG |
| dataType | FLOAT |
| dataType | DOUBLE |
| dataType | DECIMAL |
| dataType | DATE |
| dataType | TIME |
| dataType | TIMESTAMP |
| dataType | TOKEN |
Topology
{
"pairs": [
{
"entryPoint": {
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
},
"partner": {
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
}
],
"auxiliaries": [
{
"name": "string",
"host": "string",
"role": "ENTRYPOINT",
"status": "RUNNING",
"os": "string",
"cores": 0,
"cpuLoadPrecents": 0,
"freeMemMegaBytes": 0,
"totalMemMegaBytes": 0,
"version": "string",
"serverVersionMatch": "string",
"error": "string",
"lastStart": "string",
"requireRestart": "string",
"alertLevel": "WARN",
"certificateInfo": {
"id": "my-certificate",
"uid": "string",
"sha1Thumbprint": "string",
"subject": "string",
"issuer": "string",
"validFrom": "string",
"validUntil": "string",
"version": "V3",
"serial": "185fb61e97f55b19",
"signatureAlgorithm": "sha256RSA",
"isCa": true,
"isSelfSigned": true,
"pkInfo": {
"rsa": {
"publicExponent": "string",
"modulus": "string"
},
"ecc": {
"curve": "P256",
"ecPoint": "string",
"eccBipKeyInfo": {
"level": "string",
"childNumber": 0,
"hardened": true,
"chainCode": "string",
"parentUid": "string",
"parentFingerprint": 0
}
}
},
"basicConstraints": {
"uid": "string",
"isCritical": true,
"pathLen": 0,
"isCa": true
},
"subjectKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string"
},
"authorityKeyIdentifier": {
"uid": "string",
"isCritical": true,
"keyId": "string",
"authNames": [
"string"
],
"serialNumber": "string"
},
"subjectAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"issuerAlternativeNames": {
"uid": "string",
"isCritical": true,
"names": [
"string"
]
},
"extendedKeyUsage": {
"uid": "string",
"isCritical": true,
"keyUsages": [
"string"
]
},
"signature": "string",
"alertLevel": "WARN"
}
}
],
"triplets": [
{
"entryPoint": "string",
"partner": "string",
"auxiliary": "string",
"connected": true
}
]
}
A UKC server topology
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| pairs | [Pair] | false | read-only | Pairs |
| auxiliaries | [Server] | false | read-only | Auxiliaries |
| triplets | [Triplet] | false | read-only | Triplets |
Triplet
{
"entryPoint": "string",
"partner": "string",
"auxiliary": "string",
"connected": true
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| entryPoint | string | false | read-only | Entry Point name |
| partner | string | false | read-only | Partner name |
| auxiliary | string | false | read-only | Auxiliary name |
| connected | boolean | false | read-only | Is Triplet connected |
TwoFactorAuthSecretResponse
{
"name": "string",
"totpUrl": "string"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | none | The Enrolled user name |
| totpUrl | string | false | none | The totp auth url |
UnSealData
{
"cipher": {
"value": "string"
},
"outputEncoding": "PLAIN"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| cipher | SealedCipher | true | none | none |
| outputEncoding | string | false | none | output encoding |
Enumerated Values
| Property | Value |
|---|---|
| outputEncoding | PLAIN |
| outputEncoding | BASE64 |
| outputEncoding | HEX |
UnwrapData
{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"keyData": "string",
"newGeneratedKey": {
"policyKeyId": "string",
"keyId": "string",
"keyIdEncoding": "PLAIN",
"keyProperties": {
"description": "string",
"supportedOperations": [
"SIGN"
],
"trusted": false,
"keyRotationInterval": 0,
"exportType": "IN_PLAIN",
"groups": [
"string"
]
},
"keyStoreProperties": {
"keyStoreName": "string",
"keyStoreObjectId": "string",
"keyStoreProtectionMethod": "HSM, Software, External or Default ",
"byok": true
},
"activate": true,
"activationDate": 0,
"deactivationDate": 0,
"keyFormat": {
"type": "RSA",
"size": "for RSA : {2048,3072,4096}",
"curve": "P256",
"offlineKeyParams": {
"backup": "string",
"paillierKey": "string",
"paillierKeys": [
"string"
]
}
}
}
}
Input for unwrap operation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| aSymmetricParams | AsymmetricCryptoParams | false | none | none |
| symmetricParams | SymmetricCryptoParams | false | none | none |
| keyData | string | true | none | optional key data to import |
| newGeneratedKey | NewGeneratedKey | true | none | none |
UpdatedRole
{
"managedObjectsPermissions": [
{
"objectGroup": "string",
"operations": [
"ACTIVATE"
]
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| managedObjectsPermissions | [RolePermission] | false | none | managed objects permissions |
UpdatedSecret
{
"data": "My secret data"
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| data | string | true | none | The data to keep as secret |
User
{
"name": "john_a",
"partition": "~.codeSign.developers",
"role": "string",
"createdAt": "string",
"lastActivityAt": "string",
"retries": 0,
"authType": "STANDARD",
"lastUpdateAt": "string",
"lastPasswordUpdated": "string",
"is2FAEnrolled": true,
"lastEnrolledAt": "string",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"groups": "[groupA, groupB]",
"isLoginLocked": true
}
A UKC user
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | read-only | name |
| partition | string | false | read-only | partition |
| role | string | false | read-only | role |
| createdAt | string | false | read-only | created at |
| lastActivityAt | string | false | read-only | last activity at |
| retries | integer(int32) | false | read-only | retries |
| authType | string | false | read-only | auth type |
| lastUpdateAt | string | false | read-only | last update at |
| lastPasswordUpdated | string | false | read-only | last password updated |
| is2FAEnrolled | boolean | false | read-only | is2FAEnrolled |
| lastEnrolledAt | string | false | read-only | lastEnrolledAt |
| aliases | [UserAliases] | false | read-only | aliases |
| groups | [string] | false | read-only | none |
| isLoginLocked | boolean | false | read-only | is login locked |
Enumerated Values
| Property | Value |
|---|---|
| authType | STANDARD |
| authType | LDAP |
| authType | OIDC |
UserAliases
{
"identityProviderName": "string",
"aliases": [
{}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| identityProviderName | string | true | none | The Identity Provider Name |
| aliases | [object] | true | none | Aliases |
UserListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "john_a",
"partition": "~.codeSign.developers",
"role": "string",
"createdAt": "string",
"lastActivityAt": "string",
"retries": 0,
"authType": "STANDARD",
"lastUpdateAt": "string",
"lastPasswordUpdated": "string",
"is2FAEnrolled": true,
"lastEnrolledAt": "string",
"aliases": [
{
"identityProviderName": "string",
"aliases": [
{}
]
}
],
"groups": "[groupA, groupB]",
"isLoginLocked": true
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [User] | false | read-only | items |
UsersGroup
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
A UKC users group
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| name | string | false | read-only | none |
| partition | string | false | read-only | none |
| expression | string | false | none | A regular expression string |
| createdAt | string | false | read-only | none |
| updatedAt | string | false | read-only | none |
| users | [string] | false | none | List of all users in the group |
| roles | [string] | false | none | List of all roles in the group |
UsersGroupListResponse
{
"totalItems": 0,
"limit": 0,
"skip": 0,
"nextPageToken": "string",
"items": [
{
"name": "string",
"partition": "string",
"expression": ".*@somedomain.com",
"createdAt": "string",
"updatedAt": "string",
"users": "[so, user, admin]",
"roles": "[so, user, signer]"
}
]
}
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| totalItems | integer(int32) | false | read-only | totalItems |
| limit | integer(int32) | false | read-only | limit |
| skip | integer(int32) | false | read-only | skip |
| nextPageToken | string | false | none | nextPageToken |
| items | [UsersGroup] | false | read-only | items |
VerifyData
{
"data": "string",
"dataEncoding": "PLAIN",
"params": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"doHash": true,
"signature": {
"signature": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q="
}
}
Includes data used for signature verification
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| data | string | true | none | data |
| dataEncoding | string | false | none | data encoding |
| params | AsymmetricCryptoParams | false | none | none |
| doHash | boolean | false | none | do hash or not |
| signature | Signature | true | none | none |
Enumerated Values
| Property | Value |
|---|---|
| dataEncoding | PLAIN |
| dataEncoding | BASE64 |
| dataEncoding | HEX |
WrapData
{
"aSymmetricParams": {
"padding": {
"type": "RAW",
"pss": {
"mgf": "SHA1",
"saltSize": 0
},
"oaep": {
"mgf": "SHA1",
"label": {
"value": "string",
"encoding": "PLAIN"
}
}
},
"hash": "SHA1"
},
"symmetricParams": {
"mode": "ECB",
"iv": {
"value": "string",
"encoding": "PLAIN"
},
"aad": {
"value": "string",
"encoding": "PLAIN"
},
"tagLength": 16
},
"wrappedKeyId": "string"
}
Input for the Wrap operation
Properties
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
| aSymmetricParams | AsymmetricCryptoParams | false | none | none |
| symmetricParams | SymmetricCryptoParams | false | none | none |
| wrappedKeyId | string | true | none | ID of the wrapped key |