--- swagger: "2.0" info: description: "# Introduction\n\nUnbound Key Control (\"UKC\") supports a complete\ \ set of REST API for all UKC operations, including user, client and key management,\ \ cluster and partition management, backup automation, and crypto operations.\n\ \n\n- To download the YAML version of the REST API, click here.\n- To download a JavaScript sample for the REST API, click here.\n\n## UKC at a Glance\n\nUnbound Key Control\ \ (\"UKC\") is an enterprise cryptography orchestration platform, offering secure\ \ key management, key storage and key-based services. It is a scalable multi-site\ \ and multi-cloud solution that works hand-in-hand with hardware security capabilities\ \ while leveraging its own FIPS certified vHSM (virtual hardware security module).\n\ \nUKC has many use-cases, including tokenization, code signing, and virtual machine,\ \ database, and storage encryption.\n\nSome notable features of UKC are:\n\n-\ \ It supports all standard RSA, ECC, and symmetric keys while remaining transparent\ \ to the application.\n- It supports standard crypto-API’s: KMIP, PKCS#11, OpenSSL,\ \ KSP and CSP.\n- It is platform agnostic and supports cloud vendors, including\ \ but not limited to AWS, Azure, and GCP.\n- Its installation does not disrupt\ \ the existing workflow of applications.\n- It provides lifecycle management of\ \ crypto-keys including partitioning, BYOK (Bring Your Own Key), generation, renewal,\ \ archiving, and revocation.\n\n## UKC Documentation\n\nIn addition to this API\ \ reference, the following documents are available:\n\n- UKC Release Notes\n- UKC User's Guide\n- UKC Integration Guide\n- UKC Code Signing Guide\n- UKC Developer's Guide\n\n# UKC API Overview\n\n\n## Authentication Types\n\ \nMost UKC API operations require an authorization context and user\npermissions.\ \ Users are identified by an authentication token attached to the\nrequest headers.\n\ \n### Basic Authentication\n\nUKC supports the basic authentication scheme. The\ \ \"Basic\" HTTP\nauthentication scheme is defined in RFC 7617, which transmits\ \ credentials\nas user/password pairs, encoded using base64 in the HTTP Authorization\n\ header.\n\nThe user ID can include the required partition in the format:\n\n`username@partitionId:password`\n\ \nNote: If any of the above strings include the '%' character, it must be replaced\ \ with '%25'. Otherwise, you will receive \"Authentication format error\".\n\n\ For example, instead of\n`my-name@my-partition:my-pa%%word`\n\nuse\n\n`my-name@my-partition:my-pa%25%25word`\n\ \nFor further reference see: https://en.wikipedia.org/wiki/Percent-encoding\n\n\ \n### Authentication Token\n\nThe system can authenticate the user with a generated\ \ authentication token,\nwhich is valid for a limited time. This token eliminates\ \ the need to\ntransmit the username/password on every request.\nSee Get OAuth authentication token\nfor more information.\n\n### Authentication\ \ with a Certificate\n\nThe client can authenticate with the UKC using a client\ \ certificate. This method can be useful to either add another layer of security\ \ or when you do not desire to use a username and password.\n\nTo get a token,\ \ call Get OAuth authentication token with a client certificate. Then use the returned\ \ token for subsequent calls.\n\n### Authentication Failure (unauthorized)\n\n\ If an operation is unauthorized, an HTTP 401 status code is returned with\nthe\ \ `WWW-Authenticate` header.\n\n### API Key (Authorization)\nParameter Name: Authorization,\ \ in: header.\n\nFor accessing the API a valid JWT token must be passed in all\ \ the queries in the 'Authorization' header. A valid JWT token is generated by\ \ the API and returned as answer of a call to the route /login giving a valid\ \ user and password. The following syntax must be used in the 'Authorization'\ \ header : Bearer: xxxxxx.yyyyyyy.zzzzzz\n\n## Partitioning\n\nUKC objects are\ \ organized into partitions. Partitioning allows namespacing\nand access control\ \ to objects by configuring users with roles per partition.\n\n\nThe objects contained\ \ in a partition are: \n\nUsers, Clients, Keys, Certificates, and Secrets. The\ \ Root partition may also contain other partitions.\n\n### Permissions\n\nAny\ \ partition can have many users who can access its objects.\n\nA partition user\ \ can have one of two security roles:\n\n- **so** - Security Officer. Can perform\ \ all operations on the partition\nobjects including administration: adding, modifying\ \ and deleting objects.\n\n- **user** - Can only perform cryptographic operations\ \ with the partition\nobjects, such as sign and verify, and can also create, manage,\ \ and edit keys, certificates and\nsecrets.\n\n### Root Partition\n\nThe default\ \ built-in partition for an UKC cluster is called `root` and is\ncreated automatically\ \ when setting up a new UKC cluster.\n\n### Partition Hierarchy\n\n- __Parent\ \ partition__ - The root partition is the parent of all partitions.\n\n- __Permission\ \ inheritance__ - User access permissions can be configured to\nbe _inherited_\ \ from the root partition. For example, a user `userA`, which\nis an SO on root,\ \ would also have SO permissions on `partitionB`.\n\t- __Note:__ By default, access\ \ permissions are not inherited from the root partition. To use permission inheritance,\ \ it should be configured explicitly.\n\n \n\n## Object IDs\n\nMany operations\ \ require an object ID as part of the resource URI. Object IDs\ncan be one of\ \ the following:\n\n- Keys - refer to keys using the UID, which is unique in the\ \ partition. You can also use the name, but it may not be unique. Operations using\ \ a name that is not unique will fail.\n- All other objects - refer to the object\ \ by name, which is unique.\n\n## Quorum\n\nThe UKC can be configured to require\ \ quorum approval for certain operations. In case the operation you are executing\ \ requires it, the http result would be 202 (ACCEPTED) and a quorum job object.\n\ \nUse the `jobs` API in order to manage approvals for different jobs.\n\n\n##\ \ Error Handling\n\nResponses are formatted in the standard REST format, with\ \ a fields showing information about the error. The possible error codes are described\ \ with each API.\n\nFor example, here is a token request:\n\nhttps:///api/v1/token\n\ \nThe error that is received is shown on the right.\n\n```\n{\n \"type\": \"\ UNAUTHORIZED\",\n \"title\": \"Login failed due to wrong username, password\ \ or missing certificate\",\n \"details\": \"Login failed due to wrong username,\ \ password or missing certificate\",\n \"status\": \"UNAUTHORIZED\",\n \"\ message\": \"Login failed due to wrong username, password or missing certificate\"\ \n}\n```\n" version: "2.0.2112" title: "CORE REST API" contact: name: "Contact" url: "https://www.unboundsecurity.com" email: "support@unboundsecurity.com" tags: - name: "Authentication" - name: "Backup" - name: "Certificates" - name: "Clients" - name: "Cryptography" - name: "General" - name: "Groups" - name: "Identity Providers" - name: "Jobs" - name: "KeyStores" - name: "Keys" - name: "Partitions" - name: "Roles" - name: "Secrets" - name: "Servers" - name: "System" - name: "Users" schemes: - "https" paths: /api/v1/auth/keys: get: tags: - "Authentication" summary: "Get oauth keys" description: "Get oauth keys," operationId: "getSystemyKey" consumes: - "application/json" produces: - "application/json" parameters: [] responses: 200: description: "successful operation" schema: type: "array" items: $ref: "#/definitions/JWKSKey" security: - basicAuth: [] - Authorization: [] /api/v1/authToken: get: tags: - "Authentication" summary: "Get token (deprecated)" description: "Returns an authentication token which can be used in future calls\ \ for authentication.\nThe user credentials are provided in the HTTP headers.\n\ \nNote: This endpoint is deprecated. Use Get OAuth authentication token\ \ instead." operationId: "getAuthToken" produces: - "application/json" parameters: [] responses: 200: description: "OK" schema: $ref: "#/definitions/Token" 401: description: "Authentication failure, the system could not verify the user\ \ name and password passed in the request header" security: - basicAuth: [] - Authorization: [] deprecated: true delete: tags: - "Authentication" summary: "Revoke token (deprecated)" description: "Invalidates an authentication token" operationId: "invalidateAuthToken" produces: - "application/json" parameters: [] responses: 200: description: "OK" 401: description: "Authentication failure, the system could not verify the user\ \ name and password passed in the request header" security: - basicAuth: [] - Authorization: [] deprecated: true /api/v1/backup: get: tags: - "Backup" summary: "List backups" description: "List all backup items" operationId: "listDbBackups" parameters: - name: "from" in: "query" description: "from" required: false type: "string" - name: "to" in: "query" description: "to" required: false type: "string" - name: "limit" in: "query" description: "Limit" required: false type: "integer" minimum: 1 format: "int32" - name: "skip" in: "query" description: "skip" required: false type: "integer" default: 0 minimum: 0 format: "int32" responses: 200: description: "OK" schema: $ref: "#/definitions/DbBackupListResponse" security: - basicAuth: [] - Authorization: [] post: tags: - "Backup" summary: "Backup database" description: "Perform a database backup" operationId: "backupDatabase" consumes: - "application/json" produces: - "application/json" parameters: [] responses: 200: description: "Backup request received" schema: $ref: "#/definitions/DbBackup" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/backup/alerts: get: tags: - "Backup" summary: "Get backup alerts summary" description: "Get backup alerts summary" operationId: "getBackupAlertsSummary" produces: - "application/json" parameters: [] responses: 200: description: "OK" schema: $ref: "#/definitions/AlertsSummary" security: - basicAuth: [] - Authorization: [] /api/v1/backup/{backupId}: get: tags: - "Backup" summary: "Get backup information" description: "Get database backup information" operationId: "getDbBackup" parameters: - name: "backupId" in: "path" description: "Backup ID" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/DbBackup" security: - basicAuth: [] - Authorization: [] delete: tags: - "Backup" summary: "Delete backup" description: "Delete a backup record in the database." operationId: "deleteDbBackup" parameters: - name: "backupId" in: "path" description: "Backup ID" required: true type: "string" responses: 200: description: "OK" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/backup/{backupId}/alerts: get: tags: - "Backup" summary: "Check for backup alert" description: "Get alerts from a backup. Returns an alert if backup digest test\ \ fails." operationId: "getBackupAlerts" produces: - "application/json" parameters: - name: "backupId" in: "path" description: "Backup ID" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Alert" security: - basicAuth: [] - Authorization: [] /api/v1/clients: get: tags: - "Clients" summary: "List clients" description: "Return a list of clients." operationId: "listClients" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "limit" in: "query" description: "Limit" required: false type: "integer" default: 200 format: "int32" - name: "skip" in: "query" description: "Skip" required: false type: "integer" default: 0 format: "int32" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" - name: "template" in: "query" description: "Template" required: false type: "string" - name: "activationCodeExpiry" in: "query" description: "Search activation codes that expire within N days" required: false type: "integer" format: "int32" - name: "filter" in: "query" description: "Pagination filter" required: false type: "string" - name: "sort" in: "query" description: "Specify the column name to sort by and the sort direction. The\ \ format is '{column_name}:{asc/desc}'. The default sort is ascending.

The\ \ column name can be one of the following: NAME, STATUS, TYPE, EXPIRY_AT,\ \ UPDATED_AT, CREATED_AT, ACTIVATION_CODE_EXPIRY" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/ClientListResponse" security: - basicAuth: [] - Authorization: [] post: tags: - "Clients" summary: "Create a client" description: "Creates a new client and returns the activation code." operationId: "createClient" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New Client" required: false schema: $ref: "#/definitions/NewClient" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "successful operation" schema: $ref: "#/definitions/Client" 201: description: "New client created successfully" schema: $ref: "#/definitions/Client" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already exists" security: - basicAuth: [] - Authorization: [] /api/v1/clients/alerts: get: tags: - "Clients" summary: "Get client alert summary" description: "Get a summary of the client alerts." operationId: "getClientAlertsSummary" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/AlertsSummary" security: - basicAuth: [] - Authorization: [] /api/v1/clients/with-cert: post: tags: - "Clients" summary: "Create client with certificate (JSON)" description: "Creates a new client and returns the certificate. It uses CSR\ \ or public key material in JSON format." operationId: "createClientWithCertificate" consumes: - "application/json" produces: - "application/json,application/x-pkcs12,application/x-x509-user-cert" - "application/json" - "application/x-pkcs12" - "application/x-x509-user-cert" parameters: - in: "body" name: "body" description: "New Client" required: false schema: $ref: "#/definitions/NewClientWithCertificate" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "successful operation" schema: type: "file" 201: description: "New client created successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already exists" security: - basicAuth: [] - Authorization: [] /api/v1/clients/with-cert-file: post: tags: - "Clients" summary: "Create client with certificate (DER)" description: "Creates a new client and returns the certificate. It uses FS description\ \ of the certificate." operationId: "createClientWithCertificateWithFile" consumes: - "multipart/form-data" produces: - "application/json,application/x-pkcs12,application/x-x509-user-cert" - "application/json" - "application/x-pkcs12" - "application/x-x509-user-cert" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "file" in: "formData" description: "key file" required: true type: "file" - name: "newClientWithCertificate" in: "formData" description: "the new client" required: false type: "string" responses: 200: description: "successful operation" schema: type: "file" 201: description: "New client created successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already exists" security: - basicAuth: [] - Authorization: [] /api/v1/clients/with-secret: post: tags: - "Clients" summary: "Create a client with secret" description: "Creates a new client and returns the secret." operationId: "createClientWithSecret" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New Client" required: false schema: $ref: "#/definitions/NewClientWithSecret" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "successful operation" schema: $ref: "#/definitions/Client" 201: description: "New client created successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already exists" security: - basicAuth: [] - Authorization: [] /api/v1/clients/{clientId}: get: tags: - "Clients" summary: "Get client details" description: "Return details of a client." operationId: "getClient" produces: - "application/json" parameters: - name: "clientId" in: "path" description: "Client ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/Client" security: - basicAuth: [] - Authorization: [] put: tags: - "Clients" summary: "Update client details" description: "Update client properties." operationId: "updateClient" produces: - "application/json" parameters: - name: "clientId" in: "path" description: "Client ID" required: true type: "string" - in: "body" name: "body" description: "Clients updates" required: false schema: $ref: "#/definitions/ClientsUpdates" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Client Updated successfully." schema: $ref: "#/definitions/Client" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "Clients" summary: "Delete a client" description: "Delete the specified client." operationId: "deleteClient" produces: - "application/json" parameters: - name: "clientId" in: "path" description: "Client ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Client deleted successfully." 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/clients/{clientId}/activation-code: put: tags: - "Clients" summary: "Refresh activation code" description: "Refresh the client's activation code." operationId: "refreshClientActivationCode" produces: - "application/json" parameters: - name: "clientId" in: "path" description: "Client ID" required: true type: "string" - in: "body" name: "body" description: "Refreshed values" required: false schema: $ref: "#/definitions/RefreshedCertificateClient" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Activation code Refreshed successfully." schema: $ref: "#/definitions/Client" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/clients/{clientId}/alerts: get: tags: - "Clients" summary: "Get alerts for a specific client" description: "Return the alerts for a specific client." operationId: "getClientAlerts" produces: - "application/json" parameters: - name: "clientId" in: "path" description: "Client ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Alert" security: - basicAuth: [] - Authorization: [] /api/v1/clients/{clientId}/publicKey: put: tags: - "Clients" summary: "Refresh client public key" description: "Refresh client public key." operationId: "refreshClientPublicKey" produces: - "application/json" parameters: - name: "clientId" in: "path" description: "Client ID" required: true type: "string" - in: "body" name: "body" description: "Refreshed values" required: false schema: $ref: "#/definitions/RefreshedPublicKeyClient" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Secret Refreshed successfully." schema: $ref: "#/definitions/Client" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/clients/{clientId}/secret: put: tags: - "Clients" summary: "Refresh client secret" description: "Refresh client secret" operationId: "refreshClientSecret" produces: - "application/json" parameters: - name: "clientId" in: "path" description: "Client ID" required: true type: "string" - in: "body" name: "body" description: "Refreshed values" required: false schema: $ref: "#/definitions/RefreshedSecretClient" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Secret Refreshed successfully." schema: $ref: "#/definitions/Client" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/groups: get: tags: - "Groups" summary: "List users groups" description: "Return a list of all existing users groups." operationId: "listGroups" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "limit" in: "query" description: "Limit" required: false type: "integer" default: 200 format: "int32" - name: "skip" in: "query" description: "skip" required: false type: "integer" default: 0 format: "int32" - name: "filter" in: "query" description: "Pagination filter" required: false type: "string" - name: "sort" in: "query" description: "Specify the column name to sort by and the sort direction. The\ \ format is '{column_name}:{asc/desc}'. The default sort is ascending.

The\ \ column name can be one of the following: NAME, UPDATED_AT, CREATED_AT" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/UsersGroupListResponse" security: - basicAuth: [] - Authorization: [] post: tags: - "Groups" summary: "Create a new group" description: "Create a new group in a given partition." operationId: "createGroup" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New Users Group" required: false schema: $ref: "#/definitions/NewUsersGroup" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 201: description: "Group created successfully" schema: $ref: "#/definitions/UsersGroup" 202: description: "ACCEPTED" schema: $ref: "#/definitions/UsersGroup" 409: description: "Group already exists" security: - basicAuth: [] - Authorization: [] /api/v1/groups/{groupId}: get: tags: - "Groups" summary: "Get users group details" description: "Get details of an existing users group." operationId: "getGroup" produces: - "application/json" parameters: - name: "groupId" in: "path" description: "Group ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/UsersGroup" security: - basicAuth: [] - Authorization: [] put: tags: - "Groups" summary: "Update users group" description: "Update an existing users group." operationId: "updateGroup" produces: - "application/json" parameters: - name: "groupId" in: "path" description: "Group ID to update" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - in: "body" name: "body" description: "Users Group" required: false schema: $ref: "#/definitions/UsersGroup" responses: 200: description: "OK" schema: $ref: "#/definitions/UsersGroup" security: - basicAuth: [] - Authorization: [] delete: tags: - "Groups" summary: "Delete users group" description: "Delete an existing users group." operationId: "deleteGroup" produces: - "application/json" parameters: - name: "groupId" in: "path" description: "Group ID to delete" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" security: - basicAuth: [] - Authorization: [] /api/v1/groups/{groupId}/permissions: get: tags: - "Groups" summary: "Get users group permissions" description: "Get permissions of an existing users group." operationId: "getGroupPermissions" produces: - "application/json" parameters: - name: "groupId" in: "path" description: "Group ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/UsersGroup" security: - basicAuth: [] - Authorization: [] /api/v1/groups/{groupId}/roles: put: tags: - "Groups" summary: "Add roles to group" description: "Add a list of roles to an existing users group." operationId: "addRoles" produces: - "application/json" parameters: - name: "groupId" in: "path" description: "Group ID to update" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - in: "body" name: "body" description: "Roles" required: false schema: type: "array" items: type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/UsersGroup" security: - basicAuth: [] - Authorization: [] delete: tags: - "Groups" summary: "Delete roles from group" description: "Delete a list of roles from an existing users group." operationId: "deleteRoles" produces: - "application/json" parameters: - name: "groupId" in: "path" description: "Group ID to update" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - in: "body" name: "body" description: "Roles" required: false schema: type: "array" items: type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/UsersGroup" security: - basicAuth: [] - Authorization: [] /api/v1/groups/{groupId}/users: put: tags: - "Groups" summary: "Add users to group" description: "Add a list of users to an existing users group." operationId: "addUsers" produces: - "application/json" parameters: - name: "groupId" in: "path" description: "Group ID to update" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - in: "body" name: "body" description: "Users" required: false schema: type: "array" items: type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/UsersGroup" security: - basicAuth: [] - Authorization: [] delete: tags: - "Groups" summary: "Delete users from group" description: "Delete a list of users from an existing users group." operationId: "deleteUsers" produces: - "application/json" parameters: - name: "groupId" in: "path" description: "Group ID to update" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - in: "body" name: "body" description: "Users" required: false schema: type: "array" items: type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/UsersGroup" security: - basicAuth: [] - Authorization: [] /api/v1/health: get: tags: - "General" summary: "Check UKC health" description: "Return health status of the UKC system and determine if it is\ \ usable. As long as the HTTP return code is OK, the system is usable." operationId: "getHealth" parameters: - name: "pairOnly" in: "query" description: "pairOnly" required: false type: "boolean" default: false - name: "timeout" in: "query" description: "Timeout" required: false type: "integer" minimum: 0 format: "int32" responses: 200: description: "OK" schema: type: "string" /api/v1/idps: get: tags: - "Identity Providers" summary: "List identity providers" description: "Return a list of all identity providers." operationId: "listIdentityProviders" produces: - "application/json" parameters: - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/IdentityProviderListResponse" post: tags: - "Identity Providers" summary: "Create identity provider" description: "Create a new identity provider." operationId: "createIdentityProvider" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New Identity provider" required: false schema: $ref: "#/definitions/NewIdentityProvider" responses: 201: description: "Identity provider created successfully" schema: $ref: "#/definitions/IdentityProvider" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Identity provider exists" security: - basicAuth: [] - Authorization: [] /api/v1/idps/{idpId}: get: tags: - "Identity Providers" summary: "Get identity provider details" description: "Get details of an existing identity provider." operationId: "getIdentityProvider" produces: - "application/json" parameters: - name: "idpId" in: "path" description: "Identity Provider ID to look for" required: true type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/IdentityProvider" put: tags: - "Identity Providers" summary: "Update identity provider" description: "Update an identity provider." operationId: "updateIdentityProvider" produces: - "application/json" parameters: - name: "idpId" in: "path" description: "Identity Provider ID" required: true type: "string" - in: "body" name: "body" description: "Identity Provider updates" required: false schema: $ref: "#/definitions/IdentityProviderUpdates" responses: 200: description: "Identity provider updated successfully." schema: $ref: "#/definitions/IdentityProvider" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "Identity Providers" summary: "Delete identity provider" description: "Delete an identity provider." operationId: "deleteIdentityProvider" consumes: - "application/json" produces: - "application/json" parameters: - name: "idpId" in: "path" description: "Identity Provider ID" required: true type: "string" responses: 200: description: "Deleted identity provider successfully" schema: $ref: "#/definitions/IdentityProvider" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/info: get: tags: - "General" summary: "Get system information" description: "Return system information, including version and supported capabilities.\ \ If authentication is provided, it returns the allowed operations." operationId: "getSystemInfo" produces: - "application/json" parameters: [] responses: 200: description: "OK" schema: $ref: "#/definitions/SystemInfo" /api/v1/jobs/my/status: get: tags: - "Jobs" summary: "Get job status" description: "Get the status of pending quorum requests." operationId: "getQuorumStatus" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "successful operation" schema: $ref: "#/definitions/QuorumStatus" security: - basicAuth: [] - Authorization: [] /api/v1/jobs/quorum: get: tags: - "Jobs" summary: "List pending jobs" description: "Get a list of the pending quorum jobs." operationId: "getQuorumJobs" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: type: "array" items: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/jobs/{jobId}: get: tags: - "Jobs" summary: "Get job data" description: "Get job data for a specific job." operationId: "getQuorumJob" produces: - "application/json" parameters: - name: "jobId" in: "path" description: "Job ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "Jobs" summary: "Delete a job" description: "Delete a specific job." operationId: "deleteQuorumJob" parameters: - name: "jobId" in: "path" description: "Job ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/jobs/{jobId}/approve: post: tags: - "Jobs" summary: "Approve a job" description: "Approve a pending quorum job." operationId: "approveJob" produces: - "application/json" parameters: - name: "jobId" in: "path" description: "Job ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/jobs/{jobId}/execute: post: tags: - "Jobs" summary: "Execute a job" description: "Execute an approved quorum job." operationId: "executeJob" produces: - "application/json" parameters: - name: "jobId" in: "path" description: "Job ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keyStores: get: tags: - "KeyStores" summary: "List external keystores" description: "Return a list of all external keystores." operationId: "listKeystores" produces: - "application/json" parameters: - name: "limit" in: "query" description: "Limit" required: false type: "integer" format: "int32" - name: "skip" in: "query" description: "skip" required: false type: "integer" default: 0 format: "int32" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "syncPolicies" in: "query" description: "Sync Policies" required: false type: "array" items: type: "string" collectionFormat: "multi" responses: 200: description: "OK" schema: $ref: "#/definitions/KeystoreListResponse" security: - basicAuth: [] - Authorization: [] post: tags: - "KeyStores" summary: "Create a new keystore" description: "Create a new keystore." operationId: "createKeyStore" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New Keystore" required: false schema: $ref: "#/definitions/NewKeyStore" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 201: description: "Keystore created successfully" schema: $ref: "#/definitions/KeyStore" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Keystore already exists" security: - basicAuth: [] - Authorization: [] /api/v1/keyStores/templates: get: tags: - "KeyStores" summary: "Get keystore parameters" description: "Get details to configure keystore." operationId: "getKeystoreTemplates" produces: - "application/json" parameters: [] responses: 200: description: "OK" schema: $ref: "#/definitions/KeyStore" security: - basicAuth: [] - Authorization: [] /api/v1/keyStores/{keystoreId}: get: tags: - "KeyStores" summary: "Get keystore details" description: "Get details of an existing keystore." operationId: "getKeystore" produces: - "application/json" parameters: - name: "keystoreId" in: "path" description: "Keystore ID to look for" required: true type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/KeyStore" security: - basicAuth: [] - Authorization: [] put: tags: - "KeyStores" summary: "Update a keystore" description: "Update a keystore." operationId: "updateKeystore" produces: - "application/json" parameters: - name: "keystoreId" in: "path" description: "Keystore ID" required: true type: "string" - in: "body" name: "body" description: "Keystore updates" required: false schema: $ref: "#/definitions/KeyStoreUpdates" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "KeyStore Updated successfully." schema: $ref: "#/definitions/KeyStore" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "KeyStores" summary: "Delete a keystore" description: "Delete a keystore." operationId: "deleteKeyStore" consumes: - "application/json" produces: - "application/json" parameters: - name: "keystoreId" in: "path" description: "Keystore ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Key store registered successfully" schema: $ref: "#/definitions/KeyStore" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keyStores/{keystoreId}/keys: get: tags: - "KeyStores" summary: "List keys from a keystore" description: "Return a list of keys from a keystore." operationId: "listKSKeys" produces: - "application/json" parameters: - name: "keystoreId" in: "path" description: "Keystore ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "limit" in: "query" description: "Page Limit" required: false type: "integer" default: 100 format: "int32" - name: "pageToken" in: "query" description: "Page Token" required: false type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" default: false - name: "onlyIds" in: "query" description: "Only Ids" required: false type: "boolean" default: false - name: "includeNotInUkc" in: "query" description: "Include not in ukc" required: false type: "boolean" default: false responses: 200: description: "OK" schema: $ref: "#/definitions/KeyInfoListResponse" headers: X-total-count: type: "integer" format: "int32" description: "total amount of keys" security: - basicAuth: [] - Authorization: [] /api/v1/keyStores/{keystoreId}/keys/{externalKeyId}: get: tags: - "KeyStores" summary: "Get external KS key details" description: "Get details of an existing keystore key." operationId: "getKSkey" produces: - "application/json" parameters: - name: "keystoreId" in: "path" description: "Keystore ID to look for" required: true type: "string" - name: "externalKeyId" in: "path" description: "External key ID to look for" required: true type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" - name: "delegate" in: "query" description: "Delegate" required: false type: "boolean" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/KeyStore" security: - basicAuth: [] - Authorization: [] /api/v1/keyStores/{keystoreId}/register: post: tags: - "KeyStores" summary: "Register keystore endpoint" description: "Register a new keystore endpoint." operationId: "registerKeyStore" consumes: - "application/json" produces: - "application/json" - "application/x-pkcs12" parameters: - in: "body" name: "body" description: "New Endpoint" required: false schema: $ref: "#/definitions/NewKeyStoreEndpoint" - name: "keystoreId" in: "path" description: "Keystore ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Key store registered successfully" schema: $ref: "#/definitions/KeyStore" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keyStores/{keystoreId}/unregister: post: tags: - "KeyStores" summary: "Unregister keystore endpoint" description: "Unregister a keystore endpoint." operationId: "unRegisterKeyStore" consumes: - "application/json" produces: - "application/json" parameters: - name: "keystoreId" in: "path" description: "Keystore ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Key store registered successfully" schema: $ref: "#/definitions/KeyStore" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys: get: tags: - "Keys" summary: "List keys" description: "Return a list of keys." operationId: "listKeys" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "limit" in: "query" description: "Limit" required: false type: "integer" default: 200 format: "int32" - name: "skip" in: "query" description: "skip" required: false type: "integer" default: 0 format: "int32" - name: "id" in: "query" description: "Key id" required: false type: "string" - name: "type" in: "query" description: "Key type" required: false type: "string" enum: - "RSA" - "ECC" - "AES" - "TDES" - "DES" - "HMAC" - "XTS" - "PRF" - "PWD" - "LIMA" - "EDDSA" - "TOTSSeed" - "CHACHA20" - "SPLIT_KEY" - name: "exportType" in: "query" description: "exportType" required: false type: "string" enum: - "IN_PLAIN" - "WRAPPED" - "WRAPPED_WITH_TRUSTED" - "NON_EXPORTABLE" - name: "trusted" in: "query" description: "Is Trusted" required: false type: "boolean" - name: "groups" in: "query" description: "Groups" required: false type: "array" items: type: "string" collectionFormat: "multi" - name: "state" in: "query" description: "Key state" required: false type: "string" enum: - "PREACTIVE" - "ACTIVE" - "DEACTIVATED" - "COMPROMISED" - "DESTROYED" - "DESTROYED_COMPROMISED" - name: "isEnabled" in: "query" description: "Is Enabled" required: false type: "boolean" - name: "showDestroyed" in: "query" description: "Include destroyed objects" required: false type: "boolean" - name: "keystoreName" in: "query" description: "Keystore name" required: false type: "string" - name: "filter" in: "query" description: "Pagination filter" required: false type: "string" - name: "sort" in: "query" description: "Specify the column name to sort by and the sort direction. The\ \ format is '{column_name}:{asc/desc}'. The default sort is ascending.

The\ \ column name can be one of the following: UID, NAME, DESCRIPTION, STATE,\ \ ALGORITHM, GROUPS, PERMITTED_OPERATIONS, UPDATED_AT" required: false type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" default: false responses: 200: description: "OK" schema: $ref: "#/definitions/KeyInfoListResponse" headers: X-total-count: type: "integer" format: "int32" description: "total amount of keys" security: - basicAuth: [] - Authorization: [] post: tags: - "Keys" summary: "Import key" description: "Import a key based on the given file.

Note: The\ \ response data depends on the key type and other factors. It includes only\ \ those attributes that are relevant to the requested key type.

" operationId: "importKey" consumes: - "multipart/form-data" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "file" in: "formData" description: "key file" required: true type: "file" - name: "id" in: "formData" description: "key id" required: true type: "string" - name: "idEncoding" in: "formData" description: "key id encoding" required: false type: "string" - name: "password" in: "formData" description: "password for the file if required" required: false type: "string" - name: "description" in: "formData" description: "key description" required: false type: "string" - name: "usage" in: "formData" description: "key usage" required: false type: "string" - name: "exportType" in: "formData" description: "Export Type" required: false type: "string" - name: "trusted" in: "formData" description: "trusted (yes or no)" required: false type: "boolean" - name: "groups" in: "formData" description: "List of groups" required: false type: "string" - name: "keyOnly" in: "formData" description: "import only key (no chain)" required: false type: "boolean" - name: "isSymmetric" in: "formData" description: "is key is symmetric" required: false type: "boolean" - name: "symmetricKeyType" in: "formData" description: "the symmetric key type" required: false type: "string" - name: "testMode" in: "formData" description: "get key info without importing" required: false type: "boolean" - name: "keyRotationInterval" in: "formData" description: "key rotation interval (days)" required: false type: "integer" - name: "activate" in: "formData" description: "activate the key" required: false type: "boolean" - name: "activationDate" in: "formData" description: "Activation Date" required: false type: "string" - name: "deactivationDate" in: "formData" description: "Deactivation Date" required: false type: "string" - name: "splitKeyParts" in: "formData" description: "number of split key parts" required: false type: "integer" - name: "keyPartIdentifier" in: "formData" description: "key part identifier" required: false type: "integer" - name: "splitKeyThreshold" in: "formData" description: "split key threshold" required: false type: "integer" - name: "splitKeyMethod" in: "formData" description: "split key method" required: false type: "string" - name: "encoding" in: "formData" description: "key encoding" required: false type: "string" default: "PLAIN" responses: 201: description: "Key generated successfully" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already exist" security: - basicAuth: [] - Authorization: [] /api/v1/keys/alerts: get: tags: - "Keys" summary: "Get alerts summary for keys\n" description: "Get the alerts summary for keys." operationId: "getKeysAlertsSummary" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/AlertsSummary" security: - basicAuth: [] - Authorization: [] /api/v1/keys/generate: post: tags: - "Keys" summary: "Generate key" description: "Generate a new asymmetric or symmetric key. The key format is\ \ provided as a parameter.

For example, to create a 256-bit AES symmetric\ \ key, use the parameters:
{
   \"keyId\":\"AES-KEY\"\ ,
   \"keyFormat\": {
       \"type\"\ : \"AES\", \"size\": \"256\"
   }
}

The\ \ keyFormat type can be: RSA, ECC, AES, DES, TDES, HMAC, XTS, PRF, PWD, LIMA,\ \ or EDDSA


Note: The response data depends on the key type\ \ and other factors. It includes only those attributes that are relevant to\ \ the requested key type.

" operationId: "generateKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - in: "body" name: "body" description: "The new key" required: false schema: $ref: "#/definitions/NewGeneratedKey" responses: 201: description: "Key generated successfully" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already exist" schema: $ref: "#/definitions/KeyInfo" security: - basicAuth: [] - Authorization: [] /api/v1/keys/groups: get: tags: - "Keys" summary: "Get key groups" description: "Get key groups." operationId: "getKeysGroups" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "operations" in: "query" description: "Operations" required: false type: "array" items: type: "string" enum: - "ACTIVATE" - "ADD_ATTRIBUTE" - "CREATE" - "CREATE_KEY_PAIR" - "DECRYPT" - "DELETE_ATTRIBUTE" - "DERIVE_KEY" - "DESTROY" - "DELETE" - "DY_DERIVE" - "DY_GET_KEY_MATERIAL" - "DY_GET_SECRET_DATA" - "DY_UPDATE_DATA" - "ENCRYPT" - "MAC" - "MAC_VERIFY" - "MODIFY_ATTRIBUTE" - "MODIFY_ATTRIBUTE_LIST" - "REGISTER" - "REKEY" - "REKEY_KEY_PAIR" - "REVOKE" - "SIGN" - "SIGNATURE_VERIFY" - "DY_ENABLE" - "DY_TOKENIZE" - "DY_DETOKENIZE" - "LINK" - "RELINK" - "UNLINK" - "JOIN_SPLIT_KEY" collectionFormat: "multi" responses: 200: description: "OK" schema: type: "array" items: type: "string" security: - basicAuth: [] - Authorization: [] /api/v1/keys/joinSplitKey: post: tags: - "Keys" summary: "Join split key" description: "Join split keys" operationId: "joinSplitKey" consumes: - "multipart/form-data" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "id" in: "formData" description: "key id" required: true type: "string" - name: "idEncoding" in: "formData" description: "key id encoding" required: false type: "string" - name: "password" in: "formData" description: "password for the file if required" required: false type: "string" - name: "description" in: "formData" description: "key description" required: false type: "string" - name: "usage" in: "formData" description: "key usage" required: false type: "string" - name: "exportType" in: "formData" description: "Export Type" required: false type: "string" - name: "trusted" in: "formData" description: "trusted (yes or no)" required: false type: "boolean" - name: "groups" in: "formData" description: "List of groups" required: false type: "string" - name: "symmetricKeyType" in: "formData" description: "the symmetric key type" required: false type: "string" - name: "testMode" in: "formData" description: "get key info without importing" required: false type: "boolean" - name: "keyRotationInterval" in: "formData" description: "key rotation interval (days)" required: false type: "integer" - name: "activate" in: "formData" description: "activate the key" required: false type: "boolean" - name: "activationDate" in: "formData" description: "Activation Date" required: false type: "string" - name: "deactivationDate" in: "formData" description: "Deactivation Date" required: false type: "string" - name: "splitKeyIdentifiers" in: "formData" description: "split key parts unique identifiers" required: false type: "string" - name: "signed" in: "formData" description: "signed flag" required: false type: "boolean" - name: "deleteSplitKeyParts" in: "formData" description: "delete split key parts flag" required: false type: "boolean" responses: 201: description: "Split key joined successfully" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/link: post: tags: - "Keys" summary: "Link keystore key" description: "Link an existing KeyStore key" operationId: "linkKey" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "Keystore Object Uid" required: false schema: $ref: "#/definitions/NewLinkedKey" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 201: description: "Key linked successfully" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already linked" schema: $ref: "#/definitions/KeyInfo" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}: get: tags: - "Keys" summary: "Get key details" description: "Get detailed key information." operationId: "getKey" produces: - "application/json" parameters: - name: "keyId" in: "path" description: "Key ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" default: true - name: "signed" in: "query" description: "Signed" required: false type: "boolean" default: false responses: 200: description: "OK" schema: $ref: "#/definitions/KeyInfo" security: - basicAuth: [] - Authorization: [] put: tags: - "Keys" summary: "Update a key" description: "Update an existing key." operationId: "updateKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "includeCert" in: "query" description: "Include Cert" required: false type: "boolean" - name: "keyId" in: "path" description: "Key id" required: true type: "string" - in: "body" name: "body" description: "Key updates" required: false schema: $ref: "#/definitions/KeyUpdates" responses: 200: description: "OK" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "Keys" summary: "Destroy a key" description: "Delete the specified key." operationId: "deleteKey" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key ID to delete" required: true type: "string" - name: "fullDelete" in: "query" description: "Delete object completely" required: false type: "boolean" responses: 200: description: "OK" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/activate: post: tags: - "Keys" summary: "Activate a key" description: "Activate the specified key." operationId: "activateKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "includeCert" in: "query" description: "Include Cert" required: false type: "boolean" - name: "keyId" in: "path" description: "Key ID to activate" required: true type: "string" responses: 200: description: "OK" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/alerts: get: tags: - "Keys" summary: "Get alerts for a specific key" description: "Return the alerts for a specific key." operationId: "getKeyAlerts" produces: - "application/json" parameters: - name: "keyId" in: "path" description: "Key ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Alert" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/caspSign: post: tags: - "Cryptography" summary: "Sign a message with CASP keys" description: "Used internally by CASP" operationId: "caspSign" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key used for signing" required: true type: "string" - in: "body" name: "body" description: "Data that needs to be signed." required: false schema: $ref: "#/definitions/CaspSign" responses: 200: description: "OK" schema: $ref: "#/definitions/CaspSignatures" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/certificate: get: tags: - "Certificates" summary: "Export a certificate" description: "Returns the encoded certificate." operationId: "exportCertificate" produces: - "application/json" - "application/x-pem-file" parameters: - name: "keyId" in: "path" description: "Certificate ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK. Returns certificate data encoded in base64" schema: $ref: "#/definitions/ExportedCertificate" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/challenge: post: tags: - "Cryptography" summary: "Generate TOTS offline challenge" description: "Generate TOTS challenge for getPublic and TOTS sign operations.\ \ Relevant for TOTS offline keys" operationId: "getTOTSChallenge" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key used for signing" required: true type: "string" - in: "body" name: "body" description: "Data used to generate TOTS challenge" required: false schema: $ref: "#/definitions/TOTSChallengeData" responses: 200: description: "OK" schema: $ref: "#/definitions/Challenge" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/decrypt: post: tags: - "Cryptography" summary: "Decrypt a value" description: "Decrypt a value using the key. The same parameters for encryption\ \ are supported for decryption." operationId: "decryptWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "The key used for decryption" required: true type: "string" - in: "body" name: "body" description: "Data to decrypt" required: false schema: $ref: "#/definitions/DecryptData" responses: 200: description: "OK. Returns clear text encoded according to request parameters" schema: $ref: "#/definitions/ClearText" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "Authentication encryption failure" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/decryptx: post: tags: - "Cryptography" summary: "Decrypt multiple values" description: "Decryption is done using the key. The same parameters for encryption\ \ are supported for decryption." operationId: "multiDecryptWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "The key used for decryption" required: true type: "string" - in: "body" name: "body" description: "Object containing a list of ciphertexts that you want to decrypt." required: false schema: $ref: "#/definitions/Decryptx" responses: 200: description: "Array of decrypted values with requested encoding" schema: type: "array" items: $ref: "#/definitions/ClearText" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "Authentication encryption failure" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/derive: post: tags: - "Cryptography" summary: "Derive and store a new key" description: "Derive a new key and store it in UKC.

Note: The\ \ response data depends on the key type and other factors. It includes only\ \ those attributes that are relevant to the requested key type.

" operationId: "derive" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "The key used for derive" required: true type: "string" - in: "body" name: "body" description: "Derivation data" required: false schema: $ref: "#/definitions/DeriveData" responses: 201: description: "New key derived successfully" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/derive-key: post: tags: - "Cryptography" summary: "Derive a new key" description: "Derive a new key and return it without storing it.

Note:\ \ The response data depends on the key type and other factors. It includes\ \ only those attributes that are relevant to the requested key type.

" operationId: "deriveKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "The key used for derive" required: true type: "string" - in: "body" name: "body" description: "Derivation data" required: false schema: $ref: "#/definitions/DeriveKeyData" responses: 201: description: "New key derived successfully" schema: $ref: "#/definitions/Key" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/detokenize: post: tags: - "Cryptography" summary: "Detokenize data" description: "Detokenize single items with an existing PRF key. Detokenization\ \ uses the values and parameters provided in the JSON output of the tokenized\ \ data." operationId: "detokenize" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition name with a PRF key." required: false type: "string" - name: "keyId" in: "path" description: "PRF key UID used for detokenization." required: true type: "string" - in: "body" name: "body" description: "The tokenization parameters in JSON." required: false schema: $ref: "#/definitions/DetokenizeData" responses: 200: description: "OK" schema: $ref: "#/definitions/DetokenizeResponse" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/detokenizex: post: tags: - "Cryptography" summary: "Detokenize multiple values" description: "Detokenize multiple items with an existing PRF key. Detokenization\ \ uses the values and parameters provided in the JSON output of the tokenized\ \ data." operationId: "multiDetokenize" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition name with a PRF key." required: false type: "string" - name: "keyId" in: "path" description: "PRF key UID designated for detokenization." required: true type: "string" - in: "body" name: "body" description: "The tokenization parameters in JSON." required: false schema: $ref: "#/definitions/DeTokenizeX" responses: 200: description: "Array of decrypted values with requested encoding" schema: type: "array" items: $ref: "#/definitions/DetokenizeResponse" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "Authentication encryption failure" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/disable: post: tags: - "Keys" summary: "Disable a key" description: "Disable a specific key." operationId: "disableKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key ID to enable/disable" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/enable: post: tags: - "Keys" summary: "Enable a key" description: "Enable a specific key." operationId: "enabledKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key ID to enable" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/encrypt: post: tags: - "Cryptography" summary: "Encrypt clear text" description: "Encrypt clear text into cipher text with an existing key. Parameters\ \ allow selecting padding mode and encryption mode." operationId: "encryptWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Id of the Key used for encryption" required: true type: "string" - in: "body" name: "body" description: "Data to encrypt" required: false schema: $ref: "#/definitions/EncryptData" responses: 200: description: "OK" schema: $ref: "#/definitions/Cipher" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/encryptx: post: tags: - "Cryptography" summary: "Encrypt multiple values" description: "Encryption is done using the key. Parameters allow selecting padding\ \ mode and encryption mode." operationId: "multiEncryptWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key used for encryption" required: true type: "string" - in: "body" name: "body" description: "Object containing a list of plaintexts that you want to encrypt." required: false schema: $ref: "#/definitions/Encryptx" responses: 200: description: "OK" schema: type: "array" items: $ref: "#/definitions/Cipher" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/mac: post: tags: - "Cryptography" summary: "Create MAC for a message" description: "Generate a Message Authentication Code (MAC) for a message. MAC\ \ mode is provided as a parameter." operationId: "createMacWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key used for MAC" required: true type: "string" - in: "body" name: "body" description: "Mac Data" required: false schema: $ref: "#/definitions/MACSignData" responses: 200: description: "OK. Returns the generated Message Authentication Code" schema: $ref: "#/definitions/Mac" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/macVerify: post: tags: - "Cryptography" summary: "Verify MAC" description: "Verifies a MAC value. Supports the same parameters as the MAC\ \ option." operationId: "verifyMacWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key used for verification" required: true type: "string" - in: "body" name: "body" description: "Mac Verify Data" required: false schema: $ref: "#/definitions/MACVerifyData" responses: 200: description: "OK. Verified Successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "Verification failed" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/permissions: get: tags: - "Keys" summary: "Get key operations" description: "Returns specific allowed operations on a key for a specific key\ \ UID." operationId: "getKeyPermissions" produces: - "application/json" parameters: - name: "keyId" in: "path" description: "Key ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: type: "array" items: type: "string" enum: - "ACTIVATE" - "ADD_ATTRIBUTE" - "CREATE" - "CREATE_KEY_PAIR" - "DECRYPT" - "DELETE_ATTRIBUTE" - "DERIVE_KEY" - "DESTROY" - "DELETE" - "DY_DERIVE" - "DY_GET_KEY_MATERIAL" - "DY_GET_SECRET_DATA" - "DY_UPDATE_DATA" - "ENCRYPT" - "MAC" - "MAC_VERIFY" - "MODIFY_ATTRIBUTE" - "MODIFY_ATTRIBUTE_LIST" - "REGISTER" - "REKEY" - "REKEY_KEY_PAIR" - "REVOKE" - "SIGN" - "SIGNATURE_VERIFY" - "DY_ENABLE" - "DY_TOKENIZE" - "DY_DETOKENIZE" - "LINK" - "RELINK" - "UNLINK" - "JOIN_SPLIT_KEY" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/public: get: tags: - "Keys" summary: "Get public key" description: "Return the public details of a key." operationId: "getPublicKeyData" produces: - "application/json" - "application/x-pem-file" parameters: - name: "keyId" in: "path" description: "Key ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "obfuscate" in: "query" description: "Add obfuscated private key as part of the encoded data, relevant\ \ only for PKI keys." required: false type: "boolean" - name: "totsIndex" in: "query" description: "Index to the relevant derived public key, relevant only for\ \ TOTS keys." required: false type: "integer" format: "int32" - name: "totsNOF" in: "query" description: "Number of fragments, relevant only for TOTS keys." required: false type: "integer" format: "int32" - name: "challengeResponse" in: "query" description: "Challenge response for TOTS offline mode" required: false type: "string" - name: "paillierKey" in: "query" description: "Paillier public key for TOTS offline mode" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Key" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/reLink: post: tags: - "Keys" summary: "Relink a key from keystore" description: "Relink a specific key." operationId: "relinkKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key ID to unLink" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/rekey: post: tags: - "Keys" summary: "Renew a key" description: "Create a new key with the same parameters as the existing one.\ \ The new key inherits the current key ID and a link is created between the\ \ two keys." operationId: "rekey" consumes: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyRotationInterval" in: "query" description: "key rotation interval" required: false type: "integer" minimum: 0 format: "int32" - name: "keyStateOffset" in: "query" description: "key state offset" required: false type: "integer" minimum: 0 format: "int32" - name: "keyId" in: "path" description: "The key to move. This could be either a key UID or label." required: true type: "string" responses: 200: description: "successful operation" schema: $ref: "#/definitions/KeyInfo" 201: description: "OK. Key renewed successfully." schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/revoke: post: tags: - "Keys" summary: "Revoke a key" description: "Revoke the specified key." operationId: "revokeKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key ID to activate" required: true type: "string" - name: "includeCert" in: "query" description: "Include Cert" required: false type: "boolean" - in: "body" name: "body" description: "Revocation parameters" required: false schema: $ref: "#/definitions/RevokeParams" responses: 200: description: "OK" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/seal: post: tags: - "Cryptography" summary: "Seal clear text" description: "Seal clear text into cipher text with an existing key. Encryption\ \ is done exactly as encryption with a certificate." operationId: "sealWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Id of the Key used for encryption" required: true type: "string" - in: "body" name: "body" description: "Data to seal" required: false schema: $ref: "#/definitions/SealData" responses: 200: description: "OK" schema: $ref: "#/definitions/SealedCipher" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/sign: post: tags: - "Cryptography" summary: "Sign a message" description: "Hash and sign a given message. If requested, it can also assume\ \ the input is a hash value and just sign it. Different modes are supported\ \ as parameters and the output can be either a raw signature or PKCS7, based\ \ on request." operationId: "signWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key used for signing" required: true type: "string" - in: "body" name: "body" description: "Data that needs to be signed." required: false schema: $ref: "#/definitions/SignData" responses: 200: description: "OK" schema: $ref: "#/definitions/Signature" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/tokenize: post: tags: - "Cryptography" summary: "Tokenize data" description: "Tokenize single items with a PRF key." operationId: "tokenize" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition name with a PRF key." required: false type: "string" - name: "keyId" in: "path" description: "PRF key UID designated for tokenization." required: true type: "string" - in: "body" name: "body" description: "The tokenization parameters in JSON." required: false schema: $ref: "#/definitions/TokenizeData" responses: 200: description: "OK" schema: $ref: "#/definitions/TokenizeResponse" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/tokenizex: post: tags: - "Cryptography" summary: "Tokenize multiple values" description: "Tokenize multiple items with a PRF key." operationId: "multiTokenize" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition name with a PRF key." required: false type: "string" - name: "keyId" in: "path" description: "PRF key UID designated for tokenization." required: true type: "string" - in: "body" name: "body" description: "The tokenization parameters in JSON." required: false schema: $ref: "#/definitions/TokenizeX" responses: 200: description: "OK" schema: type: "array" items: $ref: "#/definitions/TokenizeResponse" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/unLink: post: tags: - "Keys" summary: "Unlink a key from keystore" description: "Unlink a specific key." operationId: "unlinkKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key ID to unLink" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/KeyInfo" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/unseal: post: tags: - "Cryptography" summary: "Unseal a value" description: "Unseal a value using the key. The same parameters for encryption\ \ are supported for decryption." operationId: "unSealWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "The key used for decryption" required: true type: "string" - in: "body" name: "body" description: "Data to un-seal" required: false schema: $ref: "#/definitions/UnSealData" responses: 200: description: "OK. Returns clear text encoded according to request parameters" schema: $ref: "#/definitions/ClearText" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "Authentication encryption failure" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/unwrap: post: tags: - "Cryptography" summary: "Unwrap and import key" description: "Unwrap and import a new key.

Note: The response\ \ data depends on the key type and other factors. It includes only those attributes\ \ that are relevant to the requested key type.

" operationId: "unwrap" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "The key used for unwrapping" required: true type: "string" - in: "body" name: "body" description: "UnWrap Data" required: false schema: $ref: "#/definitions/UnwrapData" responses: 201: description: "New key created added successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "Authentication encryption failure" 409: description: "Key with this ID already exist" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/value: get: tags: - "Keys" summary: "Get key material" description: "Return the key material for an asymmetric key or exportable symmetric\ \ key.\n\nYou can request the asymmetric key in PFX or PEM format and symmetric\ \ keys in raw format." operationId: "getKeyData" produces: - "application/json" - "application/x-pkcs12" - "application/x-pem-file" parameters: - name: "keyId" in: "path" description: "Key ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "password" in: "query" description: "Password" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Key" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/verify: post: tags: - "Cryptography" summary: "Verify a signature" description: "Verifies a signature value. Supports the same parameters as the\ \ sign option." operationId: "verifyWithKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Certificate used for verification" required: true type: "string" - in: "body" name: "body" description: "Data with a signature that needs to be verified." required: false schema: $ref: "#/definitions/VerifyData" responses: 200: description: "OK. Signature verified successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "Verification failed" security: - basicAuth: [] - Authorization: [] /api/v1/keys/{keyId}/wrap: post: tags: - "Cryptography" summary: "Wrap and export key" description: "Wrap and export a key with an existing key." operationId: "wrap" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "keyId" in: "path" description: "Key used for wrapping" required: true type: "string" - in: "body" name: "body" description: "Wrap data" required: false schema: $ref: "#/definitions/WrapData" responses: 200: description: "OK" schema: $ref: "#/definitions/Cipher" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/me/password: put: tags: - "Authentication" summary: "Change password" description: "Change the password for the current user. The current user credentials\ \ are provided in the HTTP headers. Could be either password or JWT token." operationId: "changePassword" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New and existing password" required: false schema: $ref: "#/definitions/NewAndExistingPassword" responses: 201: description: "Password changed successfully" 400: description: "New password does not comply with password policy rules" security: - basicAuth: [] - Authorization: [] /api/v1/pair/health: get: tags: - "General" summary: "Check pair health" description: "Return health status of the UKC pair and determine if it is usable" operationId: "getPairHealth" parameters: - name: "timeout" in: "query" description: "Timeout" required: false type: "integer" minimum: 0 format: "int32" responses: 200: description: "OK" /api/v1/partitions: get: tags: - "Partitions" summary: "List partitions" description: "Get a list of partitions." operationId: "listPartitions" produces: - "application/json" parameters: - name: "limit" in: "query" description: "Limit" required: false type: "integer" default: 200 format: "int32" - name: "skip" in: "query" description: "skip" required: false type: "integer" default: 0 format: "int32" - name: "filter" in: "query" description: "Pagination filter" required: false type: "string" - name: "sort" in: "query" description: "Specify the column name to sort by and the sort direction. The\ \ format is '{column_name}:{asc/desc}'. The default sort is ascending.

The\ \ column name can be one of the following: NAME, INHERITED, UPDATED_AT,\ \ CREATED_AT" required: false type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/PartitionListResponse" security: - basicAuth: [] - Authorization: [] post: tags: - "Partitions" summary: "Create a new partition" description: "Create a new logical partition. It can optionally create a default\ \ client certificate for the new partition." operationId: "createPartition" consumes: - "application/json" produces: - "application/json,application/x-pkcs12,application/x-x509-user-cert" - "application/json" - "application/x-pkcs12" - "application/x-x509-user-cert" parameters: - in: "body" name: "body" description: "The new partition" required: false schema: $ref: "#/definitions/NewPartition" responses: 200: description: "successful operation" schema: type: "file" 201: description: "Partition created successfully. If initial client was specified,\ \ the response will include the generated PFX in Base64 encoded DER format" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already exists" security: - basicAuth: [] - Authorization: [] /api/v1/partitions/{partitionId}: get: tags: - "Partitions" summary: "Get partition information" description: "Get partition information." operationId: "getPartition" produces: - "application/json" parameters: - name: "partitionId" in: "path" description: "Partition Id" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Partition" security: - basicAuth: [] - Authorization: [] delete: tags: - "Partitions" summary: "Delete partition" description: "Deletes a partition. The partition must not contain any keys or\ \ clients in order to be deleted." operationId: "deletePartition" produces: - "application/json" parameters: - name: "partitionId" in: "path" description: "The Id of the partition to delete. The partition name can be\ \ used as the ID" required: true type: "string" responses: 200: description: "Partition deleted successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/partitions/{partitionId}/recover: put: tags: - "Partitions" summary: "Recover partition" description: "Recover partition." operationId: "recoverPartition" consumes: - "application/json" produces: - "application/json,application/x-pkcs12,application/x-x509-user-cert" - "application/json" - "application/x-pkcs12" - "application/x-x509-user-cert" parameters: - name: "partitionId" in: "path" description: "Partition Id" required: true type: "string" - in: "body" name: "body" description: "The recovered partition new client" required: false schema: $ref: "#/definitions/NewClientWithCertificate" responses: 200: description: "Partition recovered successfully" schema: type: "file" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/partitions/{partitionId}/settings: get: tags: - "Partitions" summary: "List partition settings" description: "Get a list of configuration parameters for a partition." operationId: "getPartitionSettings" produces: - "application/json" parameters: - name: "partitionId" in: "path" description: "Partition Id/name of the target partition. Can be \\"default\\\ " to use the default partition for the current autneticated user." required: true type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" - name: "signed" in: "query" description: "Signed" required: false type: "boolean" default: false responses: 200: description: "OK" schema: type: "array" items: $ref: "#/definitions/KeyValueEntry" security: - basicAuth: [] - Authorization: [] /api/v1/partitions/{partitionId}/settings/{settingKey}: put: tags: - "Partitions" summary: "Update partition settings" description: "Use this method to change one or more settings for the partition." operationId: "updatePartitionSetting" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "path" description: "Partition ID" required: true type: "string" - name: "settingKey" in: "path" description: "Setting key" required: true type: "string" - in: "body" name: "body" description: "Setting value" required: false schema: type: "string" responses: 200: description: "OK" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/random: get: tags: - "General" summary: "Generate random bytes" description: "Get random bytes from the UKC server. By default it returns 32\ \ bytes, unless size is specified. The UKC random number generator is combined\ \ from different entropy sources of the different servers in the UKC cluster" operationId: "generateRandom" produces: - "application/json" parameters: - name: "size" in: "query" description: "Size (in bytes) of random bytes to return" required: false type: "integer" default: 32 maximum: 1024 minimum: 32 format: "int32" responses: 200: description: "OK" schema: $ref: "#/definitions/RandomEntropyBytes" security: - basicAuth: [] - Authorization: [] /api/v1/random/entropy-bytes: put: tags: - "General" summary: "Add entropy bytes" description: "Add random bytes to the UKC entropy source. Different clients\ \ can add entropy to the server. Collecting entropy from the clients can enhance\ \ the strength of the UKC random number generator. This function only adds\ \ entropy, i.e. if the provided value has no entropy, it does not harm the\ \ generator quality." operationId: "addRandomEntropyBytes" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "Random bytes" required: false schema: $ref: "#/definitions/RandomEntropyBytes" responses: 200: description: "OK" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/roles: get: tags: - "Roles" summary: "List partition roles" description: "Return a list of all roles in a partition." operationId: "listRoles" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "limit" in: "query" description: "Limit" required: false type: "integer" default: 200 format: "int32" - name: "skip" in: "query" description: "skip" required: false type: "integer" default: 0 format: "int32" - name: "filter" in: "query" description: "Pagination filter" required: false type: "string" - name: "sort" in: "query" description: "Specify the column name to sort by and the sort direction. The\ \ format is '{column_name}:{asc/desc}'. The default sort is ascending.

The\ \ column name can be one of the following: NAME, GROUPS, UPDATED_AT, CREATED_AT" required: false type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/RoleListResponse" security: - basicAuth: [] - Authorization: [] post: tags: - "Roles" summary: "Create a new role" description: "Create a new role in a given partition." operationId: "createRole" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New Role" required: false schema: $ref: "#/definitions/NewRole" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 201: description: "Role created successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Role already exists" security: - basicAuth: [] - Authorization: [] /api/v1/roles/{roleId}: get: tags: - "Roles" summary: "Get role details" description: "Get details of an existing role." operationId: "getRole" produces: - "application/json" parameters: - name: "roleId" in: "path" description: "Role ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/Role" security: - basicAuth: [] - Authorization: [] put: tags: - "Roles" summary: "Update a role" description: "Update a role." operationId: "updateRole" produces: - "application/json" parameters: - name: "roleId" in: "path" description: "Role ID" required: true type: "string" - in: "body" name: "body" description: "Role updates" required: false schema: $ref: "#/definitions/UpdatedRole" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Client Updated successfully." schema: $ref: "#/definitions/Role" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "Roles" summary: "Delete a role" description: "Deletes a role." operationId: "deleteRole" produces: - "application/json" parameters: - name: "roleId" in: "path" description: "Role ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Role deleted successfully." 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/roles/{roleId}/permissions: post: tags: - "Roles" summary: "Add permissions to role" description: "Add role permission. A permission is the name of a key group (objectGroup)\ \ and a set of associated operations. See here for more information." operationId: "createPermissions" produces: - "application/json" parameters: - name: "roleId" in: "path" description: "Role ID" required: true type: "string" - in: "body" name: "body" description: "RolePermission" required: false schema: $ref: "#/definitions/RolePermission" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Client Updated successfully." schema: $ref: "#/definitions/Role" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/roles/{roleId}/{objectGroup}: put: tags: - "Roles" summary: "Update role permissions" description: "Update role permissions." operationId: "updateObjectGroup" produces: - "application/json" parameters: - name: "roleId" in: "path" description: "Role ID" required: true type: "string" - name: "objectGroup" in: "path" description: "Key group name" required: true type: "string" - in: "body" name: "body" description: "RolePermission updates" required: false schema: $ref: "#/definitions/RolePermission" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Client Updated successfully." schema: $ref: "#/definitions/Role" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "Roles" summary: "Delete role permissions" description: "Delete role permissions." operationId: "deleteObjectGroup" produces: - "application/json" parameters: - name: "roleId" in: "path" description: "Role ID" required: true type: "string" - name: "objectGroup" in: "path" description: "Key group name" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Permission deleted successfully." schema: $ref: "#/definitions/Role" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/roles/{roleId}/{objectGroup}/operation: post: tags: - "Roles" summary: "Add operation to permissions" description: "Add an operation to the set of operations associated with the\ \ objectGroup." operationId: "createOperation" produces: - "application/json" parameters: - name: "roleId" in: "path" description: "Role ID" required: true type: "string" - name: "objectGroup" in: "path" description: "Key group name" required: true type: "string" - in: "body" name: "body" description: "Operation" required: false schema: type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Client Updated successfully." schema: $ref: "#/definitions/Role" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/roles/{roleId}/{objectGroup}/{operation}: delete: tags: - "Roles" summary: "Delete operation from permissions" description: "Delete an operation from the set of operations associated with\ \ the objectGroup." operationId: "deleteOperation" produces: - "application/json" parameters: - name: "roleId" in: "path" description: "Role ID" required: true type: "string" - name: "objectGroup" in: "path" description: "Key group name" required: true type: "string" - name: "operation" in: "path" description: "operation" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Permission deleted successfully." schema: $ref: "#/definitions/Role" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/secrets: get: tags: - "Secrets" summary: "List secrets" description: "Return a list of all secrets in a partition" operationId: "listSecrets" produces: - "application/json" parameters: - name: "id" in: "query" description: "Key id" required: false type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "limit" in: "query" description: "Limit" required: false type: "integer" default: 200 format: "int32" - name: "skip" in: "query" description: "skip" required: false type: "integer" default: 0 format: "int32" - name: "groups" in: "query" description: "Groups" required: false type: "array" items: type: "string" collectionFormat: "multi" - name: "filter" in: "query" description: "Pagination filter" required: false type: "string" - name: "sort" in: "query" description: "Specify the column name to sort by and the sort direction. The\ \ format is '{column_name}:{asc/desc}'. The default sort is ascending.

The\ \ column name can be one of the following: UID, NAME, DESCRIPTION, GROUPS,\ \ UPDATED_AT" required: false type: "string" responses: 200: description: "OK" schema: type: "array" items: $ref: "#/definitions/SecretListResponse" security: - basicAuth: [] - Authorization: [] /api/v1/secrets/file: post: tags: - "Secrets" summary: "Create secret (application/octet-stream)" description: "Import a secret from a file" operationId: "addFileSecret" consumes: - "multipart/form-data" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "newSecret" in: "formData" description: "Secret data" required: true type: "file" - name: "id" in: "formData" description: "Secret ID" required: true type: "string" - name: "description" in: "formData" description: "Key description" required: false type: "string" - name: "groups" in: "formData" description: "List of groups" required: false type: "string" responses: 201: description: "OK" schema: $ref: "#/definitions/Secret" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Secret with this ID already exist" security: - basicAuth: [] - Authorization: [] /api/v1/secrets/generate: post: tags: - "Secrets" summary: "Generate a new secret" description: "Add new secret data with label" operationId: "generateSecret" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - in: "body" name: "body" description: "newSecret" required: false schema: $ref: "#/definitions/NewGeneratedSecret" - name: "complexity" in: "query" description: "complexity" required: false type: "boolean" default: true - name: "length" in: "query" description: "length" required: false type: "integer" default: 8 maximum: 32767 minimum: 1 format: "int32" responses: 201: description: "OK" schema: $ref: "#/definitions/Secret" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Secret with this ID already exists" security: - basicAuth: [] - Authorization: [] /api/v1/secrets/groups: get: tags: - "Secrets" summary: "Get secret groups" description: "Get groups for secrets" operationId: "getSecretsGroups" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "operations" in: "query" description: "Operations" required: false type: "array" items: type: "string" enum: - "ACTIVATE" - "ADD_ATTRIBUTE" - "CREATE" - "CREATE_KEY_PAIR" - "DECRYPT" - "DELETE_ATTRIBUTE" - "DERIVE_KEY" - "DESTROY" - "DELETE" - "DY_DERIVE" - "DY_GET_KEY_MATERIAL" - "DY_GET_SECRET_DATA" - "DY_UPDATE_DATA" - "ENCRYPT" - "MAC" - "MAC_VERIFY" - "MODIFY_ATTRIBUTE" - "MODIFY_ATTRIBUTE_LIST" - "REGISTER" - "REKEY" - "REKEY_KEY_PAIR" - "REVOKE" - "SIGN" - "SIGNATURE_VERIFY" - "DY_ENABLE" - "DY_TOKENIZE" - "DY_DETOKENIZE" - "LINK" - "RELINK" - "UNLINK" - "JOIN_SPLIT_KEY" collectionFormat: "multi" responses: 200: description: "OK" schema: type: "array" items: type: "string" security: - basicAuth: [] - Authorization: [] /api/v1/secrets/text: post: tags: - "Secrets" summary: "Create secret (text/plain)" description: "Add new secret data with label" operationId: "addTextSecret" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - in: "body" name: "body" description: "newSecret" required: false schema: $ref: "#/definitions/NewSecret" responses: 201: description: "OK" schema: $ref: "#/definitions/Secret" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Secret with this ID already exist" security: - basicAuth: [] - Authorization: [] /api/v1/secrets/{secretId}: get: tags: - "Secrets" summary: "Get secret metadata" description: "Return the metadata for an existing secret" operationId: "getSecret" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "secretId" in: "path" description: "Secret ID to look for" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Secret" security: - basicAuth: [] - Authorization: [] put: tags: - "Secrets" summary: "Update secret details" description: "Update existing secret details" operationId: "updateSecret" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "secretId" in: "path" description: "Secret ID" required: true type: "string" - in: "body" name: "body" description: "Secret updates" required: false schema: $ref: "#/definitions/SecretUpdates" responses: 200: description: "OK" schema: $ref: "#/definitions/Secret" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "Secrets" summary: "Delete a secret" description: "Deletes a secret by its label/ID" operationId: "deleteSecret" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "secretId" in: "path" description: "Secret ID to delete" required: true type: "string" responses: 200: description: "OK" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/secrets/{secretId}/file: get: tags: - "Secrets" summary: "Get secret (application/octet-stream)" description: "Gets the value of a secret from a file." operationId: "getSecretFileData" consumes: - "application/json" produces: - "application/json,application/octet-stream" - "application/json" - "application/octet-stream" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "secretId" in: "path" description: "Secret ID to look for" required: true type: "string" responses: 200: description: "OK" schema: type: "file" security: - basicAuth: [] - Authorization: [] put: tags: - "Secrets" summary: "Update secret (application/octet-stream)" description: "Update existing secret" operationId: "updateFileSecret" consumes: - "multipart/form-data" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "secretId" in: "path" description: "Secret ID" required: true type: "string" - name: "newSecret" in: "formData" description: "secret data" required: true type: "file" responses: 200: description: "OK" schema: $ref: "#/definitions/Secret" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/secrets/{secretId}/text: get: tags: - "Secrets" summary: "Get secret (text/plain)" description: "Gets the value of a secret from a text string" operationId: "getSecretTextData" consumes: - "application/json" produces: - "application/json" - "text/plain" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "secretId" in: "path" description: "Secret ID to look for" required: true type: "string" responses: 200: description: "OK" schema: type: "string" security: - basicAuth: [] - Authorization: [] put: tags: - "Secrets" summary: "Update secret (text/plain)" description: "Update existing secret" operationId: "updateTextSecret" consumes: - "application/json" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "secretId" in: "path" description: "Secret ID" required: true type: "string" - in: "body" name: "body" description: "updatedSecret" required: false schema: $ref: "#/definitions/UpdatedSecret" responses: 200: description: "OK" schema: $ref: "#/definitions/Secret" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/self.cer: get: tags: - "General" summary: "Get server certificate" description: "Download this specific server certificate. It is used for registering\ \ new servers." operationId: "selfCertGet" produces: - "application/x-x509-user-cert,application/json" - "application/x-x509-user-cert" - "application/json" parameters: [] responses: 200: description: "OK" schema: type: "file" /api/v1/server-ca.p7b: get: tags: - "General" summary: "Get root certificate" description: "Download the root CA certificate of UKC." operationId: "getCaCert" produces: - "application/x-pkcs7-certificates,application/json" - "application/x-pkcs7-certificates" - "application/json" parameters: [] responses: 200: description: "OK" schema: type: "file" /api/v1/servers/alerts: get: tags: - "Servers" summary: "Get server alerts" description: "Get server alerts." operationId: "getServersAlerts" produces: - "application/json" parameters: [] responses: 200: description: "OK" schema: $ref: "#/definitions/Server" security: - basicAuth: [] - Authorization: [] /api/v1/servers/new/auxiliary: get: tags: - "Servers" summary: "Add auxiliary server (Step 1)" description: "Get the auxiliary server certificate for the candidate. You can\ \ use this endpoint to verify the server before adding it." operationId: "getNewAuxiliary" consumes: - "application/json" produces: - "application/json" parameters: - name: "host" in: "query" description: "Auxiliary host" required: true type: "string" - name: "port" in: "query" description: "Auxiliary port" required: false type: "integer" format: "int32" responses: 200: description: "OK" schema: $ref: "#/definitions/NewServer" security: - basicAuth: [] - Authorization: [] post: tags: - "Servers" summary: "Add auxiliary server (Step 2)" description: "Add a new auxiliary server. You can optionally use Add auxiliary\ \ server (Step 1) to verify the server before adding it." operationId: "addAuxServer" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "the new auxiliary" required: false schema: $ref: "#/definitions/NewServer" - name: "force" in: "query" description: "Force" required: false type: "boolean" responses: 200: description: "successful operation" schema: $ref: "#/definitions/NewServer" 201: description: "Auxiliary server added successfully" schema: $ref: "#/definitions/NewServer" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/servers/new/pair: get: tags: - "Servers" summary: "Add UKC server pair (Step 1)" description: "Get the crypto server pair certificates for the server candidates.\ \ This endpoint can be used to verify that you are adding the correct servers." operationId: "getNewPair" consumes: - "application/json" produces: - "application/json" parameters: - name: "ep_host" in: "query" description: "Entry point host" required: true type: "string" - name: "ep_port" in: "query" description: "Entry point port" required: false type: "integer" format: "int32" - name: "partner_host" in: "query" description: "Partner host" required: true type: "string" - name: "partner_port" in: "query" description: "Partner port" required: false type: "integer" format: "int32" responses: 200: description: "OK" schema: $ref: "#/definitions/NewPair" security: - basicAuth: [] - Authorization: [] post: tags: - "Servers" summary: "Add UKC server pair (Step 2)" description: "Add a new UKC server pair. You can optionally use Add UKC server\ \ pair (Step 1) to verify the servers before adding them." operationId: "addServerPair" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New pair" required: false schema: $ref: "#/definitions/NewPair" - name: "force" in: "query" description: "Force" required: false type: "boolean" responses: 200: description: "successful operation" schema: $ref: "#/definitions/NewPair" 201: description: "Pair added successfully" schema: $ref: "#/definitions/NewPair" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/servers/{serverId}: get: tags: - "Servers" summary: "Get server details" description: "Get detailed server information." operationId: "getServer" produces: - "application/json" parameters: - name: "serverId" in: "path" description: "The identifier of the server is it's url (escaped)" required: true type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/Server" security: - basicAuth: [] - Authorization: [] delete: tags: - "Servers" summary: "Delete server" description: "Removes an auxiliary server or server pair from UKC cluster. A\ \ server pair is treated as one unit, identified by the host of its Entry\ \ Point server." operationId: "deleteServer" consumes: - "application/json" produces: - "application/json" parameters: - name: "serverId" in: "path" description: "The identifier of the server is it's url. In case of server\ \ pair, this should be the host of the EntryPoint server" required: true type: "string" responses: 200: description: "Server deleted" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/servers/{serverId}/alerts: get: tags: - "Servers" summary: "Get server alerts" description: "Get server alerts." operationId: "getServerAlerts" produces: - "application/json" parameters: - name: "serverId" in: "path" description: "The identifier of the server is it's url (escaped)" required: true type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Server" security: - basicAuth: [] - Authorization: [] /api/v1/system/certificates: get: tags: - "System" summary: "Get all system certificates" description: "Get the UKC servers and root CA certificates." operationId: "getSystemCertificates" consumes: - "application/json" produces: - "application/json" parameters: - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/SystemCertificate" security: - basicAuth: [] - Authorization: [] /api/v1/system/certificates/alerts: get: tags: - "System" summary: "Get certificate alerts" description: "Get alerts associated with the servers and root CA certificates." operationId: "getSystemAlerts" consumes: - "application/json" produces: - "application/json" parameters: [] responses: 200: description: "OK" schema: $ref: "#/definitions/AlertsSummary" security: - basicAuth: [] - Authorization: [] /api/v1/system/certificates/{certificateId}: get: tags: - "System" summary: "Get specific certificate" description: "Get specific system certificate." operationId: "getSystemCertificate" consumes: - "application/json" produces: - "application/json" parameters: - name: "certificateId" in: "path" description: "Certificate ID" required: true type: "string" - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/SystemCertificate" security: - basicAuth: [] - Authorization: [] /api/v1/system/certificates/{certificateId}/alerts: get: tags: - "System" summary: "Get specific certificate alert" description: "Get specific system certificate alert." operationId: "getSystemCertificateAlerts" consumes: - "application/json" produces: - "application/json" parameters: - name: "certificateId" in: "path" description: "Certificate ID" required: true type: "string" responses: 200: description: "successful operation" schema: $ref: "#/definitions/Alert" security: - basicAuth: [] - Authorization: [] /api/v1/system/keys/{keyId}: get: tags: - "System" summary: "Get system key" description: "Get a signed system key." operationId: "getSystemKey" consumes: - "application/json" produces: - "application/json" parameters: - name: "keyId" in: "path" description: "Key ID" required: true type: "string" responses: 200: description: "successful operation" schema: $ref: "#/definitions/JWS" security: - basicAuth: [] - Authorization: [] /api/v1/system/settings: get: tags: - "System" summary: "Get system settings" description: "Get UKC system configuration parameters. Returns a list of key-value\ \ entries that represent the configuration parameters for the UKC system." operationId: "getSettings" produces: - "application/json" parameters: - name: "detailed" in: "query" description: "detailed" required: false type: "boolean" responses: 200: description: "OK" schema: type: "array" items: $ref: "#/definitions/KeyValueEntry" security: - basicAuth: [] - Authorization: [] /api/v1/system/settings/{settingKey}: put: tags: - "System" summary: "Set system settings" description: "Sets the value for one or more system configuration parameters." operationId: "setSettings" consumes: - "application/json" produces: - "application/json" parameters: - name: "settingKey" in: "path" description: "Setting key" required: true type: "string" - in: "body" name: "body" description: "Setting value" required: false schema: type: "string" responses: 200: description: "OK" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/system/signlogs: get: tags: - "System" summary: "Get signed logs" description: "Return signed logs (compressed) from the UKC engine." operationId: "logSign" produces: - "application/json" - "application/x-tar" parameters: - name: "from" in: "query" description: "from" required: false type: "string" - name: "to" in: "query" description: "to" required: false type: "string" - name: "period" in: "query" description: "period" required: false type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: type: "string" security: - basicAuth: [] - Authorization: [] /api/v1/token: post: tags: - "Authentication" summary: "Get OAuth authentication token" description: "Returns an OAuth authentication token which can be used in future\ \ calls for authentication." operationId: "getToken" consumes: - "application/x-www-form-urlencoded" produces: - "application/json" parameters: - name: "grant_type" in: "formData" description: "Grant type" required: true type: "string" - name: "username" in: "formData" description: "The username" required: false type: "string" - name: "password" in: "formData" description: "Password" required: false type: "string" - name: "refresh_token" in: "formData" description: "Refresh token" required: false type: "string" - name: "assertion" in: "formData" description: "Assertion" required: false type: "string" - name: "id_token" in: "formData" description: "ID Token" required: false type: "string" - name: "code" in: "formData" description: "Authorization Code" required: false type: "string" - name: "otp" in: "formData" description: "One time password" required: false type: "string" - name: "redirect_uri" in: "formData" description: "Redirect URI" required: false type: "string" - name: "idp_id" in: "formData" description: "Identity Provider ID" required: false type: "string" - name: "partition_id" in: "formData" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/OauthToken" 401: description: "Authentication failure, the system could not verify the user\ \ name and password passed in the request header" security: - basicAuth: [] - Authorization: [] /api/v1/token/revoke: post: tags: - "Authentication" summary: "Revoke all tokens for a user" description: "Revoke all tokens related to given authentication." operationId: "revokeToken" consumes: - "application/x-www-form-urlencoded" produces: - "application/json" parameters: - name: "token" in: "formData" description: "token" required: true type: "string" responses: 200: description: "OK" 401: description: "Authentication failure, the system could not verify the user\ \ name and password passed in the request header" security: - basicAuth: [] - Authorization: [] /api/v1/topology: get: tags: - "System" summary: "Get cluster topology" description: "Return the topology in the cluster including servers status." operationId: "getTopology" produces: - "application/json" parameters: - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/Topology" security: - basicAuth: [] - Authorization: [] /api/v1/trust: get: tags: - "General" summary: "Get root CA certificates" description: "Get all root CA certificates." operationId: "getTrust" produces: - "application/json" parameters: - name: "detailed" in: "query" description: "Detailed" required: false type: "boolean" responses: 200: description: "OK" schema: $ref: "#/definitions/SystemCertificate" /api/v1/users: get: tags: - "Users" summary: "List partition users" description: "Return a list of all users in a partition." operationId: "listUsers" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" - name: "limit" in: "query" description: "Limit" required: false type: "integer" default: 200 format: "int32" - name: "skip" in: "query" description: "skip" required: false type: "integer" default: 0 format: "int32" - name: "filter" in: "query" description: "Pagination filter" required: false type: "string" - name: "sort" in: "query" description: "Specify the column name to sort by and the sort direction. The\ \ format is '{column_name}:{asc/desc}'. The default sort is ascending.

The\ \ column name can be one of the following: NAME, ROLE, AUTHENTICATION, LOGIN_FAILURES,\ \ UPDATED_AT, CREATED_AT" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/UserListResponse" security: - basicAuth: [] - Authorization: [] post: tags: - "Users" summary: "Create a user" description: "Create a new user in a given partition." operationId: "createUser" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "New User" required: false schema: $ref: "#/definitions/NewUser" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 201: description: "User created successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 409: description: "Object already exists" security: - basicAuth: [] - Authorization: [] /api/v1/users/2fa/secret: post: tags: - "Users" summary: "Generate 2FA secret" description: "Generate 2FA secret." operationId: "generate2FASecret" produces: - "application/json" parameters: - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "successful operation" schema: $ref: "#/definitions/TwoFactorAuthSecretResponse" 201: description: "CREATED" schema: $ref: "#/definitions/TwoFactorAuthSecretResponse" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/users/{soId}/recover: put: tags: - "Users" summary: "Recover SO password" description: "Recover the SO password. The Root SO can do it for other SOs." operationId: "recoverSoPassword" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "Password" required: false schema: $ref: "#/definitions/Password" - name: "soId" in: "path" description: "So ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: true type: "string" responses: 200: description: "So password recovered successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "New password does not comply with password policy rules" security: - basicAuth: [] - Authorization: [] /api/v1/users/{userId}: get: tags: - "Users" summary: "Get user details" description: "Get details of an existing user." operationId: "getUser" produces: - "application/json" parameters: - name: "userId" in: "path" description: "User ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/User" security: - basicAuth: [] - Authorization: [] put: tags: - "Users" summary: "Change user role" description: "Change an existing user role." operationId: "changeUserRole" produces: - "application/json" parameters: - name: "userId" in: "path" description: "User ID to look for" required: true type: "string" - in: "body" name: "body" description: "Role ID" required: false schema: type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/User" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] delete: tags: - "Users" summary: "Delete a user" description: "Delete a user." operationId: "deleteUser" produces: - "application/json" parameters: - name: "userId" in: "path" description: "User ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "User deleted successfully." 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/users/{userId}/2fa: delete: tags: - "Users" summary: "Revoke user 2FA enrollment" description: "Revoke user 2FA enrollment." operationId: "revokeUser2fa" produces: - "application/json" parameters: - name: "userId" in: "path" description: "User ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 204: description: "NO CONTENT" security: - basicAuth: [] - Authorization: [] /api/v1/users/{userId}/aliases: put: tags: - "Users" summary: "Update user aliases" description: "Update user aliases." operationId: "updateUserAliases" produces: - "application/json" parameters: - name: "userId" in: "path" description: "User ID to look for" required: true type: "string" - in: "body" name: "body" description: "User aliases" required: false schema: type: "array" items: $ref: "#/definitions/UserAliases" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/User" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] /api/v1/users/{userId}/password: put: tags: - "Users" summary: "Reset user password" description: "Reset user password. SO can do it for users in his partition.\ \ The root parition SO can do it to SO of any partition." operationId: "resetUserPassword" consumes: - "application/json" produces: - "application/json" parameters: - in: "body" name: "body" description: "Password" required: false schema: $ref: "#/definitions/Password" - name: "userId" in: "path" description: "User ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "User password reset successfully" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" 400: description: "New password does not comply with password policy rules" security: - basicAuth: [] - Authorization: [] /api/v1/users/{userId}/permissions: get: tags: - "Users" summary: "Get user details" description: "Get details of an existing user." operationId: "getUserPermissions" produces: - "application/json" parameters: - name: "userId" in: "path" description: "User ID to look for" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "OK" schema: $ref: "#/definitions/User" security: - basicAuth: [] - Authorization: [] /api/v1/users/{userId}/role: delete: tags: - "Users" summary: "Unassign user role" description: "Unassign user role." operationId: "deleteUserRole" produces: - "application/json" parameters: - name: "userId" in: "path" description: "User ID" required: true type: "string" - name: "partitionId" in: "query" description: "Partition ID" required: false type: "string" responses: 200: description: "Role unassigned successfully." schema: $ref: "#/definitions/User" 202: description: "ACCEPTED" schema: $ref: "#/definitions/Job" security: - basicAuth: [] - Authorization: [] securityDefinitions: Authorization: description: "For accessing the API a valid JWT token must be passed in all the\ \ queries in\nthe 'Authorization' header.\nA valid JWT token is generated by\ \ the API and returned as answer of a call\nto the route /login giving a valid\ \ user and password.\nThe following syntax must be \nused in the 'Authorization'\ \ header :\n Bearer: xxxxxx.yyyyyyy.zzzzzz" type: "apiKey" name: "Authorization" in: "header" basicAuth: type: "basic" definitions: AWSKeyStoreTemplate: type: "object" properties: name: type: "string" accessKeyId: type: "string" secretKey: type: "string" description: type: "string" param: $ref: "#/definitions/AWSParam" AWSParam: type: "object" properties: REGION: type: "string" Aad: type: "object" required: - "value" properties: value: type: "string" description: "Additional Authentication Data" encoding: type: "string" description: "Authentication data encoding" enum: - "PLAIN" - "BASE64" - "HEX" Alert: type: "object" properties: alertType: type: "string" description: "alertType" readOnly: true enum: - "CERT_ABOUT_TO_EXPIRE" - "CERT_EXPIRED" - "OUT_OF_SYNC" - "IS_LOCKED" - "RENEW_REQUIRED" - "DB_BACKUP_INCONSISTENT" - "DB_BACKUP_FAILURE" - "SECRET_ABOUT_TO_EXPIRE" - "SECRET_EXPIRED" - "KEY_ROTATION_IS_APPROACHING" - "KEY_ACTIVATION_IS_APPROACHING" - "KEY_DEACTIVATION_IS_APPROACHING" - "RESTART_REQUIRED" - "ACTIVATION_CODE_ABOUT_TO_EXPIRE" - "ACTIVATION_CODE_EXPIRED" alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" title: type: "string" description: "title" readOnly: true AlertsSummary: type: "object" properties: category: type: "string" description: "category" readOnly: true enum: - "CLIENTS" - "SYSTEM" - "KEYS" - "BACKUP" alertType: type: "string" description: "alertType" readOnly: true enum: - "CERT_ABOUT_TO_EXPIRE" - "CERT_EXPIRED" - "OUT_OF_SYNC" - "IS_LOCKED" - "RENEW_REQUIRED" - "DB_BACKUP_INCONSISTENT" - "DB_BACKUP_FAILURE" - "SECRET_ABOUT_TO_EXPIRE" - "SECRET_EXPIRED" - "KEY_ROTATION_IS_APPROACHING" - "KEY_ACTIVATION_IS_APPROACHING" - "KEY_DEACTIVATION_IS_APPROACHING" - "RESTART_REQUIRED" - "ACTIVATION_CODE_ABOUT_TO_EXPIRE" - "ACTIVATION_CODE_EXPIRED" alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" counter: type: "integer" format: "int32" description: "counter" readOnly: true title: type: "string" description: "title" readOnly: true AlternativeNames: type: "object" required: - "isCritical" - "uid" properties: uid: type: "string" description: "Extension UID" isCritical: type: "boolean" description: "Is Extension Critical" names: type: "array" description: "names" items: type: "string" description: "Certificate x509 extension" ApplicationInfo: type: "object" properties: nameSpace: type: "string" description: "nameSpace" data: type: "object" description: "data" additionalProperties: type: "object" AsymmetricCryptoParams: type: "object" properties: padding: description: "Padding information" $ref: "#/definitions/Padding" hash: type: "string" description: "the hash type" enum: - "SHA1" - "SHA256" - "SHA384" - "SHA512" - "SHA3_256" - "SHA3_384" - "SHA3_512" AttributeTemplateDetails: type: "object" required: - "id" - "type" properties: id: type: "string" description: "attribute template ID" description: type: "string" description: "Attribute template description" type: type: "string" description: "attribute template type" range: description: "attribute template range" $ref: "#/definitions/Range" AttributeTemplateGroupDetails: type: "object" properties: id: type: "string" description: type: "string" attributeTemplateDetails: type: "array" items: $ref: "#/definitions/AttributeTemplateDetails" AuthorityKeyIdentifier: type: "object" required: - "isCritical" - "uid" properties: uid: type: "string" description: "Extension UID" isCritical: type: "boolean" description: "Is Extension Critical" keyId: type: "string" readOnly: true authNames: type: "array" description: "Auth names" items: type: "string" serialNumber: type: "string" description: "Serial number" description: "Certificate x509 extension" AzureKeyStoreTemplate: type: "object" properties: name: type: "string" accessKeyId: type: "string" secretKey: type: "string" params: $ref: "#/definitions/AzureParams" description: type: "string" AzureParams: type: "object" properties: URL: type: "string" BasicConstraints: type: "object" required: - "isCritical" - "uid" properties: uid: type: "string" description: "Extension UID" isCritical: type: "boolean" description: "Is Extension Critical" pathLen: type: "integer" format: "int32" description: "Path Len" isCa: type: "boolean" description: "Is CA" description: "Certificate x509 extension" Capabilities: type: "object" properties: keyStoreObjectTypes: type: "array" uniqueItems: true items: type: "string" enum: - "KEY" - "CERTIFICATE" - "SECRET" cryptoOperationTypes: type: "array" uniqueItems: true items: type: "string" enum: - "DERIVE" - "UNWRAP" - "ENCRYPT" - "DECRYPT" - "SIGN" - "VERIFY" - "WRAP" - "ENCRYPT_DECRYPT" - "SIGN_VERIFY" keyStoreObjectAlgorithmTypes: type: "array" uniqueItems: true items: type: "string" enum: - "RSA" - "EC" - "EDDSA" - "AES" - "XTS" - "SIV" - "DES3" - "HMAC" cryptoOperationAlgorithmTypes: type: "array" uniqueItems: true items: type: "string" enum: - "PSS_SHA_256" - "PSS_SHA_384" - "PSS_SHA_512" - "ES_SHA_256" - "ES_SHA_384" - "ES_SHA_512" - "ES256K" - "OAEP_SHA_1" - "OAEP_SHA_256" - "OAEP_SHA_512" - "PKCS1_RSA1_5" - "PKCS1_SHA_256" - "PKCS1_SHA_384" - "PKCS1_SHA_512" - "CCM" - "GCM" - "NIST" - "ECB" - "CTR" - "XTS" - "CBC" - "CMAC" - "HMAC" - "GMAC" hashTypes: type: "array" uniqueItems: true items: type: "string" enum: - "SHA1" - "SHA256" - "SHA384" - "SHA512" byokSupport: type: "array" uniqueItems: true items: type: "string" enum: - "RSA_IMPORT" - "RSA_GENERATE" - "ECC_IMPORT" - "ECC_GENERATE" - "AES_IMPORT" - "AES_GENERATE" renameSupport: type: "boolean" CaspSign: type: "object" required: - "signOperationData" properties: dataEncoding: type: "string" enum: - "PLAIN" - "BASE64" - "HEX" paillierKey: type: "string" signOperationData: $ref: "#/definitions/SignOperationData" CaspSignatures: type: "object" properties: signatures: type: "array" description: "base64 encoded signatures" items: type: "string" CertificateInfo: type: "object" required: - "id" - "isCa" - "isSelfSigned" - "issuer" - "pkInfo" - "serial" - "sha1Thumbprint" - "signature" - "signatureAlgorithm" - "subject" - "uid" - "validFrom" - "validUntil" - "version" properties: id: type: "string" example: "my-certificate" description: "Certificate identifier label" uid: type: "string" description: "UID" sha1Thumbprint: type: "string" description: "certificate sha1" subject: type: "string" description: "subject" issuer: type: "string" description: "The CA that signed this certificate" validFrom: type: "string" description: "Date of of validity period start for this certificate" validUntil: type: "string" description: "Date of of validity period end for this certificate" version: type: "string" example: "V3" description: "Certificate version" serial: type: "string" example: "185fb61e97f55b19" description: "Certificate serial number" signatureAlgorithm: type: "string" example: "sha256RSA" description: "Signing algorithm used for signing this certificate" isCa: type: "boolean" description: "Determines if this certificate is a CA certificate" isSelfSigned: type: "boolean" description: "Determines if this certificate is a self signed certificate" pkInfo: $ref: "#/definitions/PKInfoType" basicConstraints: description: "Basic Constraints Extension" $ref: "#/definitions/BasicConstraints" subjectKeyIdentifier: description: "Subject Key Identifier Extension" $ref: "#/definitions/SubjectKeyIdentifier" authorityKeyIdentifier: description: "Authority Key Identifier Extension" $ref: "#/definitions/AuthorityKeyIdentifier" subjectAlternativeNames: description: "Subject Alternative Names Extension" $ref: "#/definitions/AlternativeNames" issuerAlternativeNames: description: "Issuer Alternative Names Extension" $ref: "#/definitions/AlternativeNames" extendedKeyUsage: description: "Extended Key Usage Extension" $ref: "#/definitions/ExtendedKeyUsage" signature: type: "string" description: "CA signature value for this certificate" alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" description: "Certificate public information" Challenge: type: "object" required: - "value" properties: value: type: "string" example: "example" description: "Challenge to be solved by client" minLength: 1 description: "Challenge" Cipher: type: "object" required: - "cipherTextBase64" properties: cipherTextBase64: type: "string" description: "base64 encoded encrypted data" minLength: 1 ivBase64: type: "string" description: "base64 encoded Initialize Vector" description: "Includes encrypted data" ClearText: type: "object" properties: clearText: type: "string" description: "clearText" Client: type: "object" properties: name: type: "string" example: "client-name" description: "Client name" readOnly: true partition: type: "string" example: "~.codeSign.developers" description: "Partition" readOnly: true createdAt: type: "string" description: "Created at" activationStatus: type: "string" description: "Client activation status" readOnly: true enum: - "ACTIVATED" - "PENDING" - "LOCKED" activationType: type: "string" description: "Client activation type" readOnly: true enum: - "CERTIFICATE_REQUEST" - "ACTIVATION_CODE" - "CERTIFICATE_DOWNLOAD" - "EXTERNAL" - "TEMPLATE" - "SECRET" - "EPHEMERAL" - "PUBLIC_KEY" lastUpdatedAt: type: "string" description: "Last update time for this client record" readOnly: true failedActivationCounter: type: "integer" format: "int32" description: "Number of failed retries to use client activation code" readOnly: true isActivationLocked: type: "boolean" description: "Is activation locked" readOnly: true checkIp: type: "boolean" description: "Enforce client ip verification" allowNat: type: "boolean" description: "Allow client use NAT" ipRange: type: "string" description: "Client IP range" expiresAt: type: "string" description: "Client secret expiration date" expiration: type: "integer" format: "int32" description: "Client secret expiration time (ms)" activationCodeValidity: type: "integer" format: "int32" description: "Client activation code validity in minutes" activationCodeLength: type: "integer" format: "int32" description: "Client activation code length (digits)" activationCodeExpiration: type: "string" description: "Client activation code expiration date" template: type: "string" description: "Client template" persistentClient: type: "boolean" example: true description: "Use ephemeral persistent client (relevant for Templates clients\ \ only)" activationCode: type: "string" description: "Client activation code" certificateRenewRequired: type: "boolean" description: "Is client certificate need to be renewed" grantTypes: type: "array" description: "Client grant types" uniqueItems: true items: type: "string" enum: - "CLIENT_CREDENTIALS" - "PASSWORD" - "REFRESH_TOKEN" - "JWT_BEARER" - "ID_TOKEN" - "AUTHORIZATION_CODE" certificateInfo: description: "Client certificate info" $ref: "#/definitions/CertificateInfo" certExpiresAt: type: "string" description: "Client certificate expiration date" readOnly: true certificateExpiration: type: "integer" format: "int32" description: "Client certificate validity in minutes" readOnly: true alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" version: type: "string" description: "Client version" secret: type: "string" description: "Client secret" description: "A UKC new client" ClientListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/Client" ClientsUpdates: type: "object" properties: checkIp: type: "boolean" example: false description: "Enforce client ip verification" allowNat: type: "boolean" example: false description: "Allow client use NAT" ipRange: type: "string" example: "0.0.0.0/0" description: "Client IP range" CollectedData: type: "object" properties: dataCollectorDetails: $ref: "#/definitions/DataCollectorDetails" data: type: "object" additionalProperties: type: "string" collectionDone: type: "boolean" signedUniqueData: type: "string" collectionStart: type: "integer" format: "int64" collectionEnd: type: "integer" format: "int64" CollectedDataGroupsDetails: type: "object" properties: collectionComplete: type: "boolean" dataCollectionGroups: type: "array" items: $ref: "#/definitions/DataCollectionGroup" ConcatDerivationParams: type: "object" required: - "data" properties: data: type: "string" description: "Derivation data" isPrefix: type: "boolean" description: "True for prefix, false for suffix" DataCollectionGroup: type: "object" properties: minimumRequired: type: "integer" format: "int32" collectedData: type: "array" items: $ref: "#/definitions/CollectedData" name: type: "string" DataCollectorDetails: type: "object" properties: id: type: "string" name: type: "string" state: type: "string" description: type: "string" creationTime: type: "string" modificationTime: type: "string" authenticationKey: type: "string" attributeTemplateGroup: $ref: "#/definitions/AttributeTemplateGroupDetails" activationCode: type: "string" DbBackup: type: "object" properties: id: type: "string" description: "ID" state: type: "string" description: "State" enum: - "IN_PROGRESS" - "PENDING_TEST" - "TEST_SUCCESS" - "TEST_FAILURE" - "MANUAL_TEST" - "GENERAL_FAILURE" - "INVALID" error: type: "string" date: type: "string" description: "Date" file: type: "string" description: "File" pairHostnames: type: "array" description: "Pair host names" items: type: "string" version: type: "string" description: "Version" digestDiff: description: "Digest diff" $ref: "#/definitions/DigestDiff" alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" DbBackupListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/DbBackup" DeTokenizeX: type: "object" required: - "dataType" - "tweak" - "valueItems" properties: valueItems: type: "array" description: "Array of input values to tokenize." items: type: "string" tweak: type: "string" description: "Changes the tokenization effect." minLength: 0 maxLength: 2084 dataType: type: "string" description: "Data type of valueItems." enum: - "EMAIL" - "SSN" - "CREDIT_CARD" - "US_PHONE" - "STRING" - "BOOLEAN" - "SHORT" - "INTEGER" - "LONG" - "FLOAT" - "DOUBLE" - "DECIMAL" - "DATE" - "TIME" - "TIMESTAMP" - "TOKEN" format: type: "string" description: "Defines the tokenization format. Applies to SSN and US_PHONE\ \ data types only." description: "Detokenize multiple items with an existing PRF key. Detokenization\ \ uses the values and parameters provided in the JSON output of the tokenized\ \ data. Note that all data types are input values except for TOKEN which is\ \ an output value." DeactivationInfo: type: "object" properties: revocationReason: type: "string" description: "Revocation reason" message: type: "string" description: "Message" description: "Deactivated key info" DecryptData: type: "object" required: - "cipher" properties: aSymmetricParams: description: "Asymmetric cryptographic parameters for symmetric keys" $ref: "#/definitions/AsymmetricCryptoParams" symmetricParams: description: "Symmetric cryptographic parameters for symmetric keys" $ref: "#/definitions/SymmetricCryptoParams" cipher: description: "the cipher to decrypt" $ref: "#/definitions/Cipher" outputEncoding: type: "string" description: "the decrypted result encoding" enum: - "PLAIN" - "BASE64" - "HEX" description: "Input for a decrypt operation" Decryptx: type: "object" required: - "encrypted" properties: encrypted: type: "array" description: "encrypted" items: $ref: "#/definitions/Cipher" params: description: "params" $ref: "#/definitions/SymmetricCryptoParams" outputEncoding: type: "string" description: "outputEncoding" enum: - "PLAIN" - "BASE64" - "HEX" description: "Input for multi decrypt operation" DeriveData: type: "object" required: - "derivationMode" - "newGeneratedKey" properties: bipDerivationParams: $ref: "#/definitions/SlipDerivationParams" policyKeyId: type: "string" newGeneratedKey: description: "New generated key" $ref: "#/definitions/NewGeneratedKey" derivationMode: type: "string" description: "Derivation Mode" enum: - "CONCAT" - "HASH" - "SLIP_10" hash: type: "string" description: "Hash algorithm" enum: - "SHA1" - "SHA256" - "SHA384" - "SHA512" - "SHA3_256" - "SHA3_384" - "SHA3_512" slipDerivationParams: description: "Slip derivation parameters" $ref: "#/definitions/SlipDerivationParams" concatDerivationParams: description: "Concat derivation parameters" $ref: "#/definitions/ConcatDerivationParams" description: "Input for a derive operation" DeriveKeyData: type: "object" required: - "data" properties: data: type: "string" description: "data" dataEncoding: type: "string" description: "data encoding" enum: - "PLAIN" - "BASE64" - "HEX" size: type: "integer" format: "int32" description: "key size" DetokenizeData: type: "object" required: - "dataType" - "tweak" - "value" properties: value: type: "string" description: "Input value." tweak: type: "string" description: "Changes the tokenization effect." minLength: 0 maxLength: 2084 dataType: type: "string" description: "Data type of value." enum: - "EMAIL" - "SSN" - "CREDIT_CARD" - "US_PHONE" - "STRING" - "BOOLEAN" - "SHORT" - "INTEGER" - "LONG" - "FLOAT" - "DOUBLE" - "DECIMAL" - "DATE" - "TIME" - "TIMESTAMP" - "TOKEN" format: type: "string" description: "Defines the tokenization format. Applies to SSN and US_PHONE\ \ data types only." description: "Detokenize single items with an existing PRF key. Detokenization\ \ uses the values and parameters provided in the JSON output of the tokenized\ \ data. Note that all data types are input values except for TOKEN which is\ \ an output value." DetokenizeResponse: type: "object" required: - "tweak" - "uid" - "value" properties: uid: type: "string" description: "PRF key UID." minLength: 1 tweak: type: "string" description: "Tokenized tweak." minLength: 1 value: type: "string" description: "Array of tokenized values." minLength: 1 DiffEntry: type: "object" properties: objectType: type: "string" digestSource: type: "string" uid: type: "string" description: "UID" name: type: "string" description: "Name" partitionId: type: "string" description: "Partition ID" partitionName: type: "string" version: type: "string" description: "Version" detail: type: "string" description: "Detail" object type: type: "string" digest source: type: "string" partition id: type: "string" partition name: type: "string" description: "partition name" DiffRecord: type: "object" properties: sectionDiff: type: "string" description: "Section diff" entriesDiff: type: "array" description: "Entries diff" items: $ref: "#/definitions/DiffEntry" DigestDiff: type: "object" properties: diffRecords: type: "array" description: "Diff records" items: $ref: "#/definitions/DiffRecord" ECCBipKeyInfo: type: "object" properties: level: type: "string" format: "byte" description: "Level (0 for master)" readOnly: true childNumber: type: "integer" format: "int32" description: "child number" readOnly: true hardened: type: "boolean" description: "True if hardened" readOnly: true chainCode: type: "string" description: "BASE64 chain code" readOnly: true parentUid: type: "string" description: "the parent uid" readOnly: true parentFingerprint: type: "integer" format: "int32" description: "parent fingerprint (The first 32 bits of the identifier)" readOnly: true ECCKeyInfoType: type: "object" required: - "curve" - "ecPoint" - "eccBipKeyInfo" properties: curve: type: "string" enum: - "P256" - "P384" - "P521" - "SECP256K1" - "CURVE25519" - "CURVE448" ecPoint: type: "string" description: "Encoded public key (EC point)" eccBipKeyInfo: description: "ECC BIP info" $ref: "#/definitions/ECCBipKeyInfo" description: "Details of ECC public key" EncryptData: type: "object" required: - "clearText" properties: aSymmetricParams: description: "Asymmetric cryptographic parameters for symmetric keys" $ref: "#/definitions/AsymmetricCryptoParams" symmetricParams: description: "Symmetric cryptographic parameters for symmetric keys" $ref: "#/definitions/SymmetricCryptoParams" clearText: type: "string" description: "data to encrypt" minLength: 1 dataEncoding: type: "string" description: "the input data encoding" enum: - "PLAIN" - "BASE64" - "HEX" description: "Input for encryption" Encryptx: type: "object" required: - "clearTextItems" properties: clearTextItems: type: "array" description: "Array of clearText items to encrypt" items: type: "string" dataEncoding: type: "string" description: "Data encoding" enum: - "PLAIN" - "BASE64" - "HEX" params: description: "Params" $ref: "#/definitions/SymmetricCryptoParams" description: "Input for encryption of multiple values" ExportedCertificate: type: "object" properties: certData: type: "string" description: "Cert data" ExtendedKeyUsage: type: "object" required: - "isCritical" - "uid" properties: uid: type: "string" description: "Extension UID" isCritical: type: "boolean" description: "Is Extension Critical" keyUsages: type: "array" description: "Key usages" items: type: "string" description: "Certificate x509 extension" GCPKeyStoreTemplate: type: "object" properties: name: type: "string" secretKey: type: "string" params: $ref: "#/definitions/GCPParams" description: type: "string" GCPParams: type: "object" properties: keyring_id: type: "string" location: type: "string" HSMKeyStoreTemplate: type: "object" properties: name: type: "string" secretKey: type: "string" params: $ref: "#/definitions/HSMParams" isExternal: type: "boolean" description: type: "string" HSMParams: type: "object" properties: URL: type: "string" IdentityProvider: type: "object" properties: name: type: "string" description: "Identity Provider name" description: type: "string" description: "Identity Provider description" url: type: "string" description: "Identity Provider URL" clientId: type: "string" description: "Identity Provider clientId" usedClaims: type: "array" example: "[sub]" description: "Identity Provider claims used for authentication" uniqueItems: true items: type: "string" requiredScopes: type: "array" example: "[openid]" description: "Identity Provider scopes required for authentication" uniqueItems: true items: type: "string" tokenEndpoint: type: "string" format: "uri" description: "Identity Provider token endpoint" authorizationEndpoint: type: "string" format: "uri" description: "Identity Provider authorization endpoint" userinfoEndpoint: type: "string" format: "uri" description: "Identity Provider User Info uri" jwksUri: type: "string" format: "uri" description: "Identity Provider JWKS uri" supportedClaims: type: "array" description: "Identity Provider supported claims" items: type: "string" supportedScopes: type: "array" description: "Identity Provider supported scopes" items: type: "string" supportedResponseTypes: type: "array" description: "Identity Provider supported response types" items: type: "string" supportedGrantTypes: type: "array" description: "Identity Provider supported grant types" items: type: "string" IdentityProviderListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/IdentityProvider" IdentityProviderUpdates: type: "object" properties: description: type: "string" description: "Identity Provider description" url: type: "string" description: "Identity Provider URL" clientId: type: "string" description: "Identity Provider clientId" clientSecret: type: "string" description: "Identity Provider clientSecret" usedClaims: type: "array" example: "[sub]" description: "Identity Provider claims used for authentication" uniqueItems: true items: type: "string" requiredScopes: type: "array" example: "[openid]" description: "Identity Provider scopes required for authentication" uniqueItems: true items: type: "string" Iv: type: "object" required: - "value" properties: value: type: "string" description: "Externally provided IV" encoding: type: "string" description: "Encoding" enum: - "PLAIN" - "BASE64" - "HEX" JWKSKey: type: "object" properties: kid: type: "string" example: "0x0083a3c96dd563b329" description: "Key Id" x: type: "string" example: "7KTOg6UAP99GsQF43UyxPEjrUKk68Dwo+npP6XrIbBg=" description: "X" y: type: "string" example: "tpMGf3UQo/80J+15J10n63NpPoeBowMODj9e1hIyTF4=" description: "Y" crv: type: "string" example: "P_256" description: "Curve" readOnly: true alg: type: "string" example: "ES256" description: "Algorithm" readOnly: true use: type: "string" example: "sig" description: "Usage" readOnly: true kty: type: "string" example: "EC" description: "Key Type" readOnly: true JWS: type: "object" properties: value: type: "string" example: "eyJraWQiOiJpbnRlZ3JpdHkta2V5IiwiYWxnIjoiRVMyNTYifQ.eyJpZCI6InIxIiwidWlkIjoiMHgwMDY0MjczNWJmNDkyNDNiODciLCJvYmplY3RUeXBlIjoiUFJJVkFURV9LRVkiLCJrZXlGb3JtYXQiOnsidHlwZSI6IlJTQSIsInNpemUiOjIwNDh9LCJrZXlQcm9wZXJ0aWVzIjp7InRydXN0ZWQiOmZhbHNlLCJleHBvcnRUeXBlIjoiTk9OX0VYUE9SVEFCTEUiLCJncm91cHMiOlsiZGVmYXVsdCJdfSwibG9jYWwiOnRydWUsImhhc0NlcnRpZmljYXRlIjpmYWxzZSwic3RhdGUiOiJBQ1RJVkUiLCJzeW5jIjp0cnVlLCJyZXF1aXJlQXBwcm92YWwiOmZhbHNlLCJwa0luZm8iOnsicnNhIjp7InB1YmxpY0V4cG9uZW50IjoiNjU1MzciLCJtb2R1bHVzIjoiMDA6QkQ6MTA6MTc6ODI6QkM6M0U6Mjc6MDI6QUQ6RDI6Mjk6REI6ODQ6ODY6MTE6QjY6RDk6REM6MTA6QjU6M0I6QjU6QTM6NzA6OEY6MUU6QUE6Mzk6MkI6Njc6RTE6Nzk6NzM6RDc6QkU6OTA6RDY6REU6QjQ6REM6OUM6RjY6Nzc6MDg6MTA6RkQ6QzE6N0Y6Qzk6M0Y6RDQ6RTk6OTQ6MDM6NjM6Q0E6RDQ6NUI6NEE6MjE6QUU6Qzg6RjE6RkY6OTU6MzY6RDI6RDE6NzI6QUE6M0I6NEY6RUQ6MjA6MzI6RDk6NDc6QzM6NTk6NDI6MDk6NkI6RUU6Rjc6MjA6NUU6NTA6NjM6ODg6NkU6QzY6NzY6RjI6NjA6QUM6MTM6Mzc6MDE6NDM6NkU6Qzc6NDc6MjA6RTc6NjI6MzI6MjI6REQ6NDA6Qjk6MDk6MjI6M0U6RTc6QkY6NDU6MUM6NzY6OTg6QUM6Rjg6RTA6MjU6Qjg6RDY6NDQ6QTQ6RkM6N0I6Qjc6NkQ6RTc6REM6Q0I6OEM6NjU6MTA6RUM6QUE6RTU6Qzg6RUQ6Q0U6NzI6RUE6RDA6MjU6QjQ6OUQ6MkQ6QkI6REY6QjU6NUQ6QjQ6OTA6NUM6MDI6N0U6MEU6N0E6MjQ6QjM6Qzg6Qjg6RTc6QzM6RDg6NEU6ODI6OUE6NUQ6N0M6QkM6Mzk6MDg6MjA6Njg6NDc6NDc6Rjk6NDc6QkU6MzU6NkE6NUQ6NUQ6NkY6MUI6QTM6QjQ6MUY6QjU6Mjg6Njg6QjU6ODI6QkI6RDQ6NkI6RjQ6RTE6MzI6RDA6Qzg6M0I6MDU6QjA6MzE6RTA6NTQ6NEE6QjY6ODU6NkM6MUY6MkE6QkU6QjQ6MTQ6Q0M6NEE6Mjk6M0E6OEE6RTc6QUI6ODg6RDQ6RTg6OEY6QTE6NkI6RTQ6ODQ6N0Y6NUE6RjU6QzU6QjU6RUY6RDQ6REQ6Mjg6Njc6MjE6Qzg6QkU6OUY6Mzk6QzE6MTQ6Mzk6Q0Y6RDA6REIifX0sImNyZWF0ZWRBdCI6IjIwMTktMDMtMTFUMDg6MzM6NDdaIiwidXBkYXRlZEF0IjoiMjAxOS0wMy0xMVQwODozMzo0OFoifQ.OMsru0JgLra358guXW8jMgCgArlkHdeR0m2rbFLl4yIKLNjxt4TUv3q2IpdUKgeOvWsexBb3VT1TZQ7ON6Y3pA" description: "value" readOnly: true Job: type: "object" properties: initiator: type: "string" example: "so@root" description: "Initiator" readOnly: true id: type: "string" example: "389323ee-3588-416e-94bd-f93ca815762e" description: "ID" readOnly: true title: type: "string" description: "Title" readOnly: true opName: type: "string" example: "PARTITION_CONFIG_SET " description: "opName" readOnly: true createdAt: type: "string" description: "Created at" readOnly: true expiresAt: type: "string" description: "Expires at" readOnly: true opParams: type: "array" description: "opParams" readOnly: true items: $ref: "#/definitions/KeyValueEntry" response: type: "string" description: "response" readOnly: true approvedBy: type: "array" description: "Approved by" readOnly: true items: type: "string" status: type: "string" description: "status" readOnly: true enum: - "PENDING_APPROVAL" - "PENDING_EXECUTION" - "DONE" - "EXPIRED" totalRequiredApprovals: type: "integer" format: "int32" description: "Total required approvals" readOnly: true description: "An asynchronous job" Key: type: "object" properties: keyData: type: "string" description: "base64 encoded key data" KeyFormat: type: "object" required: - "type" properties: type: type: "string" description: "key type" enum: - "RSA" - "ECC" - "AES" - "TDES" - "DES" - "HMAC" - "XTS" - "PRF" - "PWD" - "LIMA" - "EDDSA" - "TOTSSeed" - "CHACHA20" - "SPLIT_KEY" size: type: "integer" format: "int32" example: "for RSA : {2048,3072,4096}" description: "key size" curve: type: "string" description: "Required for ecliptic curve" enum: - "P256" - "P384" - "P521" - "SECP256K1" - "CURVE25519" - "CURVE448" offlineKeyParams: description: "Required for offline ECC keys" $ref: "#/definitions/OfflineKeyParams" KeyInfo: type: "object" properties: id: type: "string" example: "my-key" description: "key identifier label" readOnly: true uid: type: "string" example: "0x00d78d6a396072e9a0" description: "key identifier" readOnly: true isExternal: type: "boolean" description: "Is key is external" readOnly: true existsInUkc: type: "boolean" description: "Exists in ukc" objectType: type: "string" description: "object type" readOnly: true enum: - "CERTIFICATE" - "PRIVATE_KEY" - "SYMMETRIC" - "PUBLIC_KEY" - "SECRET_DATA" - "SPLIT_KEY" keyFormat: description: "Key format" readOnly: true $ref: "#/definitions/KeyFormat" keyProperties: description: "keyProperties" readOnly: true $ref: "#/definitions/KeyProperties" local: type: "boolean" description: "True if this key was created inside UKC, false when imported" readOnly: true hasCertificate: type: "boolean" description: "True if this key has a matching certificate in UKC" readOnly: true certificateOnly: type: "boolean" description: "True if this certificate does not have a matching certificate\ \ in UKC" readOnly: true state: type: "string" description: "state" readOnly: true enum: - "PREACTIVE" - "ACTIVE" - "DEACTIVATED" - "COMPROMISED" - "DESTROYED" - "DESTROYED_COMPROMISED" isEnabled: type: "boolean" description: "Is enabled" readOnly: true sync: type: "boolean" description: "This key is synchronized in within the UKC pair" readOnly: true isFips: type: "boolean" description: "This key created in FIPS mode" readOnly: true cacheTimeout: type: "integer" format: "int32" description: "This is key cache timeout" readOnly: true requireApproval: type: "boolean" description: "This key is requires partner approval for sign operations" readOnly: true prev: type: "string" description: "Does the key have previous key (created by Rekey operation)" readOnly: true next: type: "string" description: "Does the key have next key (created by Rekey operation)" readOnly: true nextKeyRotationTime: type: "string" description: "Next key rotation time" readOnly: true applicationInfos: type: "array" description: "Application infos" readOnly: true uniqueItems: true items: $ref: "#/definitions/ApplicationInfo" pkInfo: description: "Private key (RSA/ECC) information" readOnly: true $ref: "#/definitions/PKInfoType" chain: type: "array" description: "Private key (RSA/ECC) information" readOnly: true items: $ref: "#/definitions/CertificateInfo" chains: type: "array" description: "Key chains" readOnly: true items: type: "array" items: $ref: "#/definitions/CertificateInfo" createdAt: type: "string" description: "Creation date" readOnly: true updatedAt: type: "string" description: "Last update date" readOnly: true activationDate: type: "string" description: "Activation date" readOnly: true deactivationDate: type: "string" description: "Deactivation date" readOnly: true compromiseDate: type: "string" description: "Compromise date" readOnly: true compromiseOccurrenceDate: type: "string" description: "Compromise occurrence date" readOnly: true keyStoreProperties: description: "Key Store Properties" $ref: "#/definitions/KeyStoreProperties" splitKeyInfo: description: "Split Key Info" $ref: "#/definitions/SplitKeyInfo" kcv: type: "string" description: "Kcv" readOnly: true policyKeyId: type: "string" example: "0x005945c208734d6fa3" description: "for internal CASP use" readOnly: true alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" deactivationInfo: description: "Deactivated key information" readOnly: true $ref: "#/definitions/DeactivationInfo" destroyDate: type: "string" description: "Destroy date" readOnly: true description: "Key object details" KeyInfoListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/KeyInfo" KeyProperties: type: "object" properties: description: type: "string" description: "Description for the key" supportedOperations: type: "array" description: "Key supported operations" items: type: "string" enum: - "SIGN" - "VERIFY" - "ENCRYPT" - "DECRYPT" - "WRAP" - "UNWRAP" - "DERIVE" - "MAC" - "MAC_VERIFY" - "JOIN_SPLIT_KEY" trusted: type: "boolean" example: false description: "True if the key is trusted" keyRotationInterval: type: "integer" format: "int32" description: "Key rotation interval" minimum: 0 exportType: type: "string" description: "The default value is IN_PLAIN for certificates and public\ \ keys. Otherwise, the default is NOT_EXPORTABLE." enum: - "IN_PLAIN" - "WRAPPED" - "WRAPPED_WITH_TRUSTED" - "NON_EXPORTABLE" groups: type: "array" description: "Key groups" uniqueItems: true items: type: "string" KeyStore: type: "object" properties: name: type: "string" description: "Key store name" description: type: "string" description: "Key store description" params: type: "object" description: "Key store params" additionalProperties: type: "object" endpoints: type: "array" description: "Key store endpoints" uniqueItems: true items: $ref: "#/definitions/KeyStoreEndpoint" isExternal: type: "boolean" description: "External key store flag" status: description: "Key store keyStoreStatus" $ref: "#/definitions/KeyStoreStatus" keyStoreSyncPolicy: type: "string" description: "Key store sync policy" enum: - "ALL_ACTIVE" - "ONLY_MODIFIED" - "NONE" capabilities: description: "Key store capabilities" $ref: "#/definitions/Capabilities" KeyStoreEndpoint: type: "object" properties: url: type: "string" description: "Endpoint url" certificateInfo: description: "certificateInfo" $ref: "#/definitions/CertificateInfo" KeyStoreProperties: type: "object" required: - "keyStoreName" properties: keyStoreName: type: "string" description: "Key store ID" minLength: 1 keyStoreObjectId: type: "string" description: "Key store Object ID" keyStoreProtectionMethod: type: "string" example: "HSM, Software, External or Default " description: "Key store Object Protection Method" enum: - "HSM" - "SOFTWARE" - "EXTERNAL" - "DEFAULT" byok: type: "boolean" description: "Is Byok" KeyStoreStatus: type: "object" properties: keyStoreCode: type: "string" description: "Key store code" enum: - "STOPPED" - "UNREGISTERED" - "RUNNING" message: type: "string" description: "Message" KeyStoreTemplates: type: "object" properties: GCP: $ref: "#/definitions/GCPKeyStoreTemplate" Azure: $ref: "#/definitions/AzureKeyStoreTemplate" AWSKMS: $ref: "#/definitions/AWSKeyStoreTemplate" LunaHSM: $ref: "#/definitions/HSMKeyStoreTemplate" nCipherHSM: $ref: "#/definitions/HSMKeyStoreTemplate" KeyStoreUpdates: type: "object" properties: description: type: "string" description: "description" accessKeyId: type: "string" description: "accessKeyId" secretKey: type: "string" description: "secretKey" params: type: "object" description: "params" additionalProperties: type: "object" keyStoreSyncPolicy: type: "string" description: "Key store sync policy" enum: - "ALL_ACTIVE" - "ONLY_MODIFIED" - "NONE" KeyUpdates: type: "object" properties: id: type: "string" description: "Key ID" description: type: "string" description: "Key description" splitKeyParts: type: "integer" format: "int32" description: "Number of parts" keyPartIdentifier: type: "integer" format: "int32" description: "Part identifier" splitKeyThreshold: type: "integer" format: "int32" description: "Threshold" splitKeyMethod: type: "string" description: "Threshold" groups: type: "array" description: "Key groups" uniqueItems: true items: type: "string" activationDate: type: "integer" format: "int64" description: "Activation date" readOnly: true deactivationDate: type: "integer" format: "int64" description: "Deactivation date" readOnly: true KeyValueEntry: type: "object" required: - "key" - "value" properties: key: type: "string" description: "key" minLength: 1 value: type: "string" description: "value" description: type: "string" description: "quorum timeout" readOnly: true type: type: "string" description: "value type" readOnly: true enum: - "BOOLEAN" - "TEXT" - "INTEGER" - "ARRAY" - "MAP" - "CERTIFICATE" - "POLICY" defaultValue: type: "string" description: "default value" readOnly: true min: type: "integer" format: "int32" description: "minimum value" readOnly: true max: type: "integer" format: "int32" description: "maximum value" readOnly: true unit: type: "string" description: "unit type" readOnly: true enum: - "SECONDS" - "MINUTES" - "HOURS" - "DAYS" - "MONTHS" - "YEARS" - "CHARACTERS" - "MILLIS" description: "Key value entry" KeystoreListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/KeyStore" Label: type: "object" required: - "value" properties: value: type: "string" description: "Value" encoding: type: "string" description: "Encoding" enum: - "PLAIN" - "BASE64" - "HEX" MACSignData: type: "object" required: - "data" properties: data: type: "string" description: "data" minLength: 1 dataEncoding: type: "string" description: "data encoding" enum: - "PLAIN" - "BASE64" - "HEX" params: description: "Params" $ref: "#/definitions/MacCryptoParams" description: "Input for MAC operation" MACVerifyData: type: "object" required: - "data" - "mac" properties: data: type: "string" description: "data" minLength: 1 dataEncoding: type: "string" description: "data encoding" enum: - "PLAIN" - "BASE64" - "HEX" params: description: "Params" $ref: "#/definitions/MacCryptoParams" mac: description: "MAC value to be verified, encoded as BASE64" $ref: "#/definitions/Mac" description: "Includes data used for MAC verification" Mac: type: "object" properties: mac: type: "string" example: "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz" description: "mac" ivBase64: type: "string" description: "base64 encoded Initialize Vector" MacCryptoParams: type: "object" properties: mode: type: "string" description: "Mode of operation" enum: - "GMAC" - "CMAC" - "X919_3DES_MAC" - "HMAC_SHA1" - "HMAC_SHA256" - "HMAC_SHA384" - "HMAC_SHA512" - "HMAC_SHA3_256" - "HMAC_SHA3_384" - "HMAC_SHA3_512" iv: description: "Externally provided IV, default encoded in BASE64" $ref: "#/definitions/Iv" tagLength: type: "integer" format: "int32" description: "Tag length" NewAndExistingPassword: type: "object" required: - "existingPassword" - "newPassword" properties: existingPassword: type: "string" description: "The existing user password" newPassword: type: "string" description: "The new password" otp: type: "string" example: "815713" description: "User TOTP" description: "New And Existing Password" NewClient: type: "object" required: - "name" properties: name: type: "string" example: "client-name" description: "Client name" minLength: 1 checkIp: type: "boolean" example: false description: "Enforce client ip verification" allowNat: type: "boolean" example: false description: "Allow client use NAT" expiration: type: "integer" format: "int32" example: 1578240 description: "Client expiration in minutes" activationCodeValidity: type: "integer" format: "int32" example: 20 description: "Client activation code validity in minutes" isTemplate: type: "boolean" example: false description: "Is client is a template client or not" persistentClient: type: "boolean" example: true description: "Use ephemeral persistent client (relevant for Templates clients\ \ only)" activationCodeLength: type: "integer" format: "int32" example: 10 description: "Client activation code length (digits)" ipRange: type: "string" example: "0.0.0.0/0" description: "Client IP range" certificateExpiration: type: "integer" format: "int32" example: 1578240 description: "Client certificate validity in minutes" NewClientWithCertificate: type: "object" required: - "name" properties: name: type: "string" example: "client-name" description: "Client name" minLength: 1 checkIp: type: "boolean" example: false description: "Enforce client ip verification" allowNat: type: "boolean" example: false description: "Allow client use NAT" expiration: type: "integer" format: "int32" example: 1578240 description: "Client expiration in minutes" persistentClient: type: "boolean" example: true description: "Use ephemeral persistent client (relevant for Templates clients\ \ only)" alternativeNames: type: "array" example: "{client-ip,client-name}" description: "Client alternative names" items: type: "string" pfxPassword: type: "string" description: "The new client PFX password" csr: type: "string" example: "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\n\ MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\n\ Z2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\n\ WFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n\ 4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n\ 6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn" description: "The new client Base64 encoded Certificate Request" publicKey: type: "string" example: "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\n\ ejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW" description: "The new client Base64 encoded ECC Public Key" certificate: type: "string" description: "The new certificate PEN or DER encoded " certificateExpiration: type: "integer" format: "int32" example: 1578240 description: "Client certificate validity in minutes" NewClientWithSecret: type: "object" required: - "name" properties: name: type: "string" example: "client-name" description: "Client name" minLength: 1 checkIp: type: "boolean" example: false description: "Enforce client ip verification" allowNat: type: "boolean" example: false description: "Allow client use NAT" expiration: type: "integer" format: "int32" example: 1578240 description: "Client expiration in minutes" persistentClient: type: "boolean" example: true description: "Use ephemeral persistent client (relevant for Templates clients\ \ only)" ipRange: type: "string" example: "0.0.0.0/0" description: "Client IP range" grantTypes: type: "array" description: "Client grant types" uniqueItems: true items: type: "string" enum: - "CLIENT_CREDENTIALS" - "PASSWORD" - "REFRESH_TOKEN" - "JWT_BEARER" - "ID_TOKEN" - "AUTHORIZATION_CODE" minItems: 1 NewGeneratedKey: type: "object" required: - "keyFormat" - "keyId" properties: policyKeyId: type: "string" keyId: type: "string" description: "An ID for the new key" minLength: 1 keyIdEncoding: type: "string" description: "Encoding for the new key ID" readOnly: true enum: - "PLAIN" - "BASE64" - "HEX" keyProperties: $ref: "#/definitions/KeyProperties" keyStoreProperties: description: "Linked Key Store" $ref: "#/definitions/KeyStoreProperties" activate: type: "boolean" description: "Activate the key" activationDate: type: "integer" format: "int64" description: "Activation date" deactivationDate: type: "integer" format: "int64" description: "Deactivation date" keyFormat: description: "Key format" $ref: "#/definitions/KeyFormat" NewGeneratedSecret: type: "object" required: - "id" properties: id: type: "string" example: "mySecret1" description: "An identifier/label for the secret data" minLength: 1 description: type: "string" description: "The secret description" groups: type: "array" description: "Secret groups" uniqueItems: true items: type: "string" NewIdentityProvider: type: "object" required: - "name" properties: name: type: "string" description: "Identity Provider name" description: type: "string" description: "Identity Provider description" url: type: "string" description: "Identity Provider URL" clientId: type: "string" description: "Identity Provider clientId" clientSecret: type: "string" description: "Identity Provider clientSecret" usedClaims: type: "array" example: "[sub]" description: "Identity Provider claims used for authentication" uniqueItems: true items: type: "string" requiredScopes: type: "array" example: "[openid]" description: "Identity Provider scopes required for authentication" uniqueItems: true items: type: "string" NewKeyStore: type: "object" required: - "name" - "secretKey" properties: name: type: "string" description: "Key store name" minLength: 1 description: type: "string" description: "Key store description" accessKeyId: type: "string" description: "Key store accessKeyId" secretKey: type: "string" description: "Key store secretKey" minLength: 1 params: type: "object" description: "Key store params" additionalProperties: type: "object" isExternal: type: "boolean" description: "External key store flag" keyStoreSyncPolicy: type: "string" description: "Key store sync policy" enum: - "ALL_ACTIVE" - "ONLY_MODIFIED" - "NONE" NewKeyStoreEndpoint: type: "object" required: - "pfxPassword" - "url" properties: url: type: "string" description: "Endpoint url" pfxPassword: type: "string" description: "Endpoint pfx password" san: type: "string" description: "Endpoint subject alternative name" NewLinkedKey: type: "object" required: - "keyStoreName" - "keyStoreObjectId" properties: keyStoreName: type: "string" description: "Key store ID" minLength: 1 keyStoreObjectId: type: "string" description: "Key store Object ID" minLength: 1 alias: type: "string" description: "Key alias" activate: type: "boolean" description: "Activate the key" groups: type: "array" description: "Key groups" uniqueItems: true items: type: "string" keyRotationInterval: type: "integer" format: "int32" description: "Key rotation interval" minimum: 0 activationDate: type: "integer" format: "int64" description: "Activation date" deactivationDate: type: "integer" format: "int64" description: "Deactivation date" NewPair: type: "object" required: - "entryPoint" - "partner" properties: entryPoint: description: "Entry Point" $ref: "#/definitions/NewServer" partner: description: "Partner" $ref: "#/definitions/NewServer" description: "A UKC pair" NewPartition: type: "object" required: - "name" - "newClient" - "soPassword" properties: name: type: "string" description: "The new partition name" minLength: 1 soPassword: type: "string" description: "The new partition SO password" minLength: 1 newClient: description: "The initial partition client" $ref: "#/definitions/NewClientWithCertificate" inherit: type: "boolean" example: false description: "Inherit root partition settings" propagate: type: "boolean" example: false description: " Support certificate propagation" fipsRequirements: type: "string" example: "FIPS_NONE" description: "The Partition FIPS Requirements" enum: - "FIPS_MANDATORY" - "FIPS_PREFERRED" - "FIPS_NONE" isAllowDefaultClient: type: "boolean" example: false description: "Allow using default client" allowKeystores: type: "boolean" example: false description: "Allow using key stores" cacheTimeout: type: "integer" format: "int32" example: 3600 description: "The partition cache timeout" description: "A UKC Partition" NewRole: type: "object" required: - "managedObjectsPermissions" - "name" properties: name: type: "string" example: "role_name" description: "role name" minLength: 1 managedObjectsPermissions: type: "array" items: $ref: "#/definitions/RolePermission" NewSecret: type: "object" required: - "data" - "id" properties: id: type: "string" example: "mySecret1" description: "An identifier/label for the secret data" minLength: 1 description: type: "string" description: "The secret description" groups: type: "array" description: "Secret groups" uniqueItems: true items: type: "string" data: type: "string" example: "My secret data" description: "The data to keep as secret" minLength: 1 NewServer: type: "object" required: - "host" - "port" properties: host: type: "string" example: "ip or fqdn" description: "The server host" minLength: 1 port: type: "integer" format: "int32" example: 8443 description: "The server port" newServerCertificate: description: "The new server certificate" $ref: "#/definitions/NewServerCertificate" description: "An UKC New Server" NewServerCertificate: type: "object" properties: certificate: type: "string" description: "The server certificate encoded in base64" certificateFingerprint: type: "string" description: "The server certificate fingerprint" certificateInfo: type: "string" description: "The server certificate info" description: "New server certificate data" NewUser: type: "object" required: - "name" properties: password: type: "string" example: "Password1!" description: "The user password" name: type: "string" example: "john_a" description: "name" minLength: 1 role: type: "string" example: "user" description: "The user role" aliases: type: "array" description: "aliases" uniqueItems: true items: $ref: "#/definitions/UserAliases" authType: type: "string" example: "STANDARD" description: "Auth type" enum: - "STANDARD" - "LDAP" - "OIDC" description: "A UKC new user" NewUsersGroup: type: "object" required: - "name" properties: name: type: "string" example: "group1" minLength: 0 maxLength: 64 roles: type: "array" example: "[so, user, signer]" description: "List of all roles in the group" items: type: "string" users: type: "array" example: "[so, user, admin]" description: "List of all users in the group" items: type: "string" expression: type: "string" example: ".*@somedomain.com" description: "A regular expression string" description: "A UKC new users group" OAEPPadding: type: "object" properties: mgf: type: "string" description: "mgf" enum: - "SHA1" - "SHA256" - "SHA384" - "SHA512" - "SHA3_256" - "SHA3_384" - "SHA3_512" label: description: "OAEP label, default encoding as PLAIN" $ref: "#/definitions/Label" description: "(Only relevant for encryption) The OAEP padding parameters" OauthToken: type: "object" properties: access_token: type: "string" example: "eyJ...MoQ" description: "Access Token" token_type: type: "string" example: "bearer" description: "Token type" expires_at: type: "string" description: "Token expiration date" expires_in: type: "integer" format: "int64" example: 1000 description: "The lifetime of the access token, in seconds" scope: type: "string" example: "user" description: "The provided scope (the user Role)" refresh_token: type: "string" example: "eyJ...0N" description: "Refresh Token" description: "Oauth Token" OfflineKeyParams: type: "object" required: - "paillierKey" - "paillierKeys" properties: backup: type: "string" description: "BASE64 ECDSA offline backup" readOnly: true paillierKey: type: "string" description: "EC offline Paillier key public key" paillierKeys: type: "array" description: "EC offline Paillier keys public key" items: type: "string" PKInfoType: type: "object" properties: rsa: description: "rsa" $ref: "#/definitions/RSAKeyInfoType" ecc: description: "ecc" $ref: "#/definitions/ECCKeyInfoType" description: "Properties of PKI key" PSSPadding: type: "object" required: - "saltSize" properties: mgf: type: "string" description: "MGF hash algorithm" enum: - "SHA1" - "SHA256" - "SHA384" - "SHA512" - "SHA3_256" - "SHA3_384" - "SHA3_512" saltSize: type: "integer" format: "int32" description: "the salt size" description: "(Only relevant for signing) The PSS padding parameters" Padding: type: "object" required: - "type" properties: type: type: "string" enum: - "RAW" - "PKCS1" - "OAEP" - "PSS" pss: description: "pss" $ref: "#/definitions/PSSPadding" oaep: description: "oaep" $ref: "#/definitions/OAEPPadding" description: "Crypto operation padding type" Pair: type: "object" properties: entryPoint: description: "Entry Point" readOnly: true $ref: "#/definitions/Server" partner: description: "Partner" readOnly: true $ref: "#/definitions/Server" description: "A UKC pair" Partition: type: "object" properties: checkClientIp: type: "boolean" description: "check clients ip" readOnly: true name: type: "string" example: "root" readOnly: true allowNat: type: "boolean" description: "True when allowing NAT" readOnly: true allowUserOnlyCryptoOperations: type: "boolean" description: "True if user is only allowed to do crypto" readOnly: true clientRetriesLimit: type: "integer" format: "int32" description: "client retries limit" readOnly: true clientRetriesTimeout: type: "integer" format: "int32" description: "client retries timeout" readOnly: true creationDate: type: "string" description: "partition creation date" readOnly: true getjWTLimit: type: "integer" format: "int32" description: "JWT usage limit" readOnly: true lastUpdate: type: "string" description: "partition last update" readOnly: true passwordComplexity: type: "boolean" description: "enforce password complexity" readOnly: true passwordLength: type: "integer" format: "int32" description: "partition allowed password length" readOnly: true quorumOperations: type: "string" description: "quorum operations" readOnly: true quorumSize: type: "integer" format: "int32" description: "quorum size" readOnly: true quorumTimeout: type: "integer" format: "int32" description: "quorum timeout" readOnly: true supportCertificatePropagation: type: "boolean" description: "True when supporting certificate propagation" readOnly: true supportPartitionInheritance: type: "boolean" description: "True when supporting certificate inheritance" readOnly: true userRetriesLimit: type: "integer" format: "int32" description: "user retries limit" readOnly: true fipsRequirements: type: "string" example: "FIPS_NONE" description: "The Partition FIPS Requirements" enum: - "FIPS_MANDATORY" - "FIPS_PREFERRED" - "FIPS_NONE" policy: type: "array" description: "The Partition Policy" items: $ref: "#/definitions/PartitionPolicyRule" allowKeystores: type: "boolean" example: false description: "Allow using key stores" enforceTwoFactorAuth: type: "boolean" example: false description: "Enforce 2FA" totpTimeDrift: type: "integer" format: "int32" example: 30 description: "TOTP time drift" cacheTimeout: type: "integer" format: "int32" example: 3600 description: "Cache-timeout" jWTExpiration: type: "integer" format: "int32" description: "JWT expiration time" readOnly: true description: "A partitions is used as a logical container for security objects\ \ like keys and Certificates" PartitionListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/Partition" PartitionPolicyRule: type: "object" required: - "type" properties: type: type: "string" description: "type" enum: - "RSA" - "ECC" - "AES" - "TDES" - "DES" - "HMAC" - "XTS" - "PRF" - "PWD" - "LIMA" - "EDDSA" - "TOTSSeed" - "CHACHA20" - "SPLIT_KEY" minSize: type: "integer" format: "int32" description: "minimum size" minimum: 0 curves: type: "array" description: "allowed curves" uniqueItems: true items: type: "string" enum: - "P256" - "P384" - "P521" - "SECP256K1" - "CURVE25519" - "CURVE448" operations: type: "array" description: "allowed operations" uniqueItems: true items: type: "string" enum: - "SIGN" - "VERIFY" - "ENCRYPT" - "DECRYPT" - "WRAP" - "UNWRAP" - "DERIVE" - "MAC" - "MAC_VERIFY" - "JOIN_SPLIT_KEY" paddings: type: "array" description: "allowed paddings" uniqueItems: true items: type: "string" enum: - "RAW" - "PKCS1" - "OAEP" - "PSS" hashes: type: "array" description: "allowed hashs" uniqueItems: true items: type: "string" enum: - "SHA1" - "SHA256" - "SHA384" - "SHA512" - "SHA3_256" - "SHA3_384" - "SHA3_512" modes: type: "array" description: "allowed modes" uniqueItems: true items: type: "string" enum: - "ECB" - "CBC" - "OFB" - "CFB" - "CTR" - "GCM" - "CCM" - "XTS" - "NISTWRAP" - "CHACHA20" - "CHACHA20_POLY_1305" macs: type: "array" description: "allowed macs" uniqueItems: true items: type: "string" enum: - "GMAC" - "CMAC" - "X919_3DES_MAC" - "HMAC_SHA1" - "HMAC_SHA256" - "HMAC_SHA384" - "HMAC_SHA512" - "HMAC_SHA3_256" - "HMAC_SHA3_384" - "HMAC_SHA3_512" exportType: type: "string" description: "minimum export type" enum: - "IN_PLAIN" - "WRAPPED" - "WRAPPED_WITH_TRUSTED" - "NON_EXPORTABLE" trusted: type: "boolean" description: "is trusted" local: type: "boolean" description: "is local" Password: type: "object" properties: password: type: "string" example: "Password2!" description: "New user password" description: "A password" QuorumStatus: type: "object" properties: pendingApproval: type: "integer" format: "int32" example: 2 description: "pending approval" readOnly: true pendingExecution: type: "integer" format: "int32" example: 0 description: "pending execution" readOnly: true description: "Quorum jobs status" RSAKeyInfoType: type: "object" required: - "modulus" - "publicExponent" properties: publicExponent: type: "string" description: "HEX encoded exponent" modulus: type: "string" description: "HEX encoded modulus" description: "Details of RSA public key" RandomEntropyBytes: type: "object" required: - "entropy" properties: entropy: type: "string" description: "base64 encoded entropy bytes" minLength: 1 description: "Random Entropy Bytes" Range: type: "object" required: - "max" - "min" properties: min: type: "string" description: "min value" max: type: "string" description: "max value" RefreshedCertificateClient: type: "object" properties: certificateExpiration: type: "integer" format: "int32" example: 1578240 description: "Client certificate validity in minutes" activationCodeValidity: type: "integer" format: "int32" example: 20 description: "Client activation code validity in minutes" activationCodeLength: type: "integer" format: "int32" example: 10 description: "Client activation code length (digits)" ipRange: type: "string" example: "0.0.0.0/0" description: "Client IP range" generateNewActivationCode: type: "boolean" description: "Generate new activation code (default true" RefreshedPublicKeyClient: type: "object" required: - "publicKey" properties: publicKey: type: "string" example: "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\n\ ejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW" description: "The new client Base64 encoded ECC Public Key" minLength: 1 expiration: type: "integer" format: "int32" example: 1578240 description: "Client certificate validity in minutes" alternativeNames: type: "array" example: "{client-ip,client-name}" description: "Client alternative names" items: type: "string" RefreshedSecretClient: type: "object" properties: expiration: type: "integer" format: "int32" example: 1578240 description: "Client expiration in minutes" grantTypes: type: "array" description: "Client grant types" uniqueItems: true items: type: "string" enum: - "CLIENT_CREDENTIALS" - "PASSWORD" - "REFRESH_TOKEN" - "JWT_BEARER" - "ID_TOKEN" - "AUTHORIZATION_CODE" minItems: 1 RevokeParams: type: "object" properties: message: type: "string" description: "revocation message" reason: type: "string" description: "Revocation reason" enum: - "UNSPECIFIED" - "KEY_COMPROMISE" - "CA_COMPROMISE" - "AFFILIATION_CHANGED" - "SUPERSEDED" - "CESSATION_OF_OPERATION" - "PRIVILEGE_WITHDRAWN" compromiseOccurrenceDate: type: "integer" format: "int64" description: "Date when the compromise occurred" Role: type: "object" properties: name: type: "string" example: "role_name" description: "name" readOnly: true partition: type: "string" example: "~.codeSign.developers" description: "partition" readOnly: true createdAt: type: "string" description: "created at" readOnly: true updatedAt: type: "string" description: "updated at" readOnly: true managedObjectsPermissions: type: "array" description: "managed objects permissions" readOnly: true items: $ref: "#/definitions/RolePermission" description: "An ekm role" RoleListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/Role" RolePermission: type: "object" properties: objectGroup: type: "string" description: "object group" operations: type: "array" description: "operations" uniqueItems: true items: type: "string" enum: - "ACTIVATE" - "ADD_ATTRIBUTE" - "CREATE" - "CREATE_KEY_PAIR" - "DECRYPT" - "DELETE_ATTRIBUTE" - "DERIVE_KEY" - "DESTROY" - "DELETE" - "DY_DERIVE" - "DY_GET_KEY_MATERIAL" - "DY_GET_SECRET_DATA" - "DY_UPDATE_DATA" - "ENCRYPT" - "MAC" - "MAC_VERIFY" - "MODIFY_ATTRIBUTE" - "MODIFY_ATTRIBUTE_LIST" - "REGISTER" - "REKEY" - "REKEY_KEY_PAIR" - "REVOKE" - "SIGN" - "SIGNATURE_VERIFY" - "DY_ENABLE" - "DY_TOKENIZE" - "DY_DETOKENIZE" - "LINK" - "RELINK" - "UNLINK" - "JOIN_SPLIT_KEY" SealData: type: "object" required: - "clearText" properties: clearText: type: "string" description: "Data to seal" minLength: 1 dataEncoding: type: "string" description: "the data encoding" enum: - "PLAIN" - "BASE64" - "HEX" SealedCipher: type: "object" required: - "value" properties: value: type: "string" description: "base64 encoded sealed value" minLength: 1 Secret: type: "object" required: - "id" properties: id: type: "string" example: "mySecret1" description: "An identifier/label for the secret data" description: type: "string" description: "The secret description" readOnly: true uid: type: "string" example: "0x00d78d6a396072e9a0" description: "Secret identifier" readOnly: true groups: type: "array" description: "Secret groups" uniqueItems: true items: type: "string" createdAt: type: "string" description: "Creation date" readOnly: true updatedAt: type: "string" description: "Last update date" readOnly: true SecretListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/Secret" SecretUpdates: type: "object" properties: id: type: "string" description: "Key ID" minLength: 0 maxLength: 256 description: type: "string" description: "Key description" minLength: 0 maxLength: 256 groups: type: "array" description: "Secret groups" uniqueItems: true items: type: "string" Server: type: "object" properties: name: type: "string" description: "The server name" readOnly: true host: type: "string" description: "The server host" readOnly: true role: type: "string" description: "The server role" readOnly: true enum: - "ENTRYPOINT" - "PARTNER" - "AUXILIARY" status: type: "string" description: "The server status" readOnly: true enum: - "RUNNING" - "STOPPED" os: type: "string" description: "The server operation system" readOnly: true cores: type: "integer" format: "int32" description: "The server amount of cores" readOnly: true cpuLoadPrecents: type: "integer" format: "int32" description: "The server CPU load" readOnly: true freeMemMegaBytes: type: "integer" format: "int32" description: "The server free Mega Bytes" readOnly: true totalMemMegaBytes: type: "integer" format: "int32" description: "The server total Mega Bytes" readOnly: true version: type: "string" description: "The server version" readOnly: true serverVersionMatch: type: "string" description: "The server version is not compatible" readOnly: true error: type: "string" description: "The server status error" readOnly: true lastStart: type: "string" description: "The server last starting time" readOnly: true requireRestart: type: "string" description: "The server needed to be restarted" readOnly: true alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" certificateInfo: description: "The server certificate info" readOnly: true $ref: "#/definitions/CertificateInfo" description: "A UKC server" SignData: type: "object" required: - "data" properties: data: type: "string" description: "data" dataEncoding: type: "string" description: "data encoding" enum: - "PLAIN" - "BASE64" - "HEX" params: description: "the operation parameters" $ref: "#/definitions/AsymmetricCryptoParams" doHash: type: "boolean" description: "do hash or not" ecdsaMode: type: "string" description: "ecdsa sign mode" enum: - "ECDSA" - "SCHNORR" paillierKey: type: "string" description: "paillier Key" totsSignData: description: "TOTS sign data" $ref: "#/definitions/TOTSSignData" description: "Input for sign operation" SignOperationAttributeTemplate: type: "object" properties: id: type: "string" name: type: "string" description: type: "string" min: type: "string" max: type: "string" templateTypeName: type: "string" SignOperationData: type: "object" properties: publicKeys: type: "array" items: type: "string" dataToSign: type: "array" items: type: "string" rawTransactions: type: "array" items: type: "string" details: type: "string" operationId: type: "string" data: type: "array" items: type: "string" description: type: "string" signedVaultDeclaration: type: "string" collectedDataGroups: $ref: "#/definitions/CollectedDataGroupsDetails" vaultAttributes: $ref: "#/definitions/SignOperationVaultAttributes" policyId: type: "string" creationTime: type: "integer" format: "int64" ledgerName: type: "string" changePublicKeys: type: "array" items: type: "string" derivedWhitelistChildNumbers: type: "array" items: type: "integer" format: "int32" ukcKeyIds: type: "array" items: type: "string" ledgerHashAlgorithm: type: "string" SignOperationVaultAttribute: type: "object" properties: value: type: "string" attributeTemplate: $ref: "#/definitions/SignOperationAttributeTemplate" SignOperationVaultAttributes: type: "object" properties: attributes: type: "array" items: $ref: "#/definitions/SignOperationVaultAttribute" Signature: type: "object" properties: signature: type: "string" example: "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q=" description: "base64 encoded signature" SlipDerivationParams: type: "object" required: - "childNumber" - "hardened" properties: childNumber: type: "integer" format: "int32" description: "child number" hardened: type: "boolean" description: "True if hardened" SplitKeyInfo: type: "object" properties: alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" splitKeyParts: type: "integer" format: "int32" example: 4 description: "split key parts" readOnly: true keyPartIdentifier: type: "integer" format: "int32" example: 2 description: "key part identifier" readOnly: true splitKeyThreshold: type: "integer" format: "int32" example: 5 description: "split key threshold" readOnly: true splitKeyMethod: type: "string" example: "PolynomialSharingGF2_16" description: "split key method" readOnly: true enum: - "XOR" - "PolynomialSharingGF2_16" - "PolynomialSharingPrimeField" - "PolynomialSharingGF2_8" description: "Key object details" SubjectKeyIdentifier: type: "object" required: - "isCritical" - "uid" properties: uid: type: "string" description: "Extension UID" isCritical: type: "boolean" description: "Is Extension Critical" keyId: type: "string" readOnly: true description: "Certificate x509 extension" SymmetricCryptoParams: type: "object" properties: mode: type: "string" description: "Mode of operation" enum: - "ECB" - "CBC" - "OFB" - "CFB" - "CTR" - "GCM" - "CCM" - "XTS" - "NISTWRAP" - "CHACHA20" - "CHACHA20_POLY_1305" iv: description: "Externally provided IV, default encoded in BASE64. Must be no\ \ more than 15 bytes." $ref: "#/definitions/Iv" aad: description: "Authentication data, default encoding is PLAIN" $ref: "#/definitions/Aad" tagLength: type: "integer" format: "int32" example: 16 description: "For CCM, the value must be between 4 and 16, inclusive, and\ \ must be even. For other algorithms, the value must be between 1 and 16,\ \ inclusive." SystemCertificate: type: "object" required: - "id" - "isCa" - "isSelfSigned" - "issuer" - "pkInfo" - "serial" - "sha1Thumbprint" - "signature" - "signatureAlgorithm" - "subject" - "uid" - "validFrom" - "validUntil" - "version" properties: id: type: "string" example: "my-certificate" description: "Certificate identifier label" role: type: "string" description: "The server certificate role (EP, PARTNER, AUXILIARY, ROOT_CA)" readOnly: true enum: - "ROOT_CA" - "ENTRYPOINT" - "PARTNER" - "AUXILIARY" subject: type: "string" description: "subject" validUntil: type: "string" description: "Date of of validity period end for this certificate" subjectAlternativeNames: description: "Subject Alternative Names Extension" $ref: "#/definitions/AlternativeNames" version: type: "string" example: "V3" description: "Certificate version" alertLevel: type: "string" description: "alertLevel" readOnly: true enum: - "WARN" uid: type: "string" description: "UID" serial: type: "string" example: "185fb61e97f55b19" description: "Certificate serial number" signatureAlgorithm: type: "string" example: "sha256RSA" description: "Signing algorithm used for signing this certificate" issuer: type: "string" description: "The CA that signed this certificate" validFrom: type: "string" description: "Date of of validity period start for this certificate" pkInfo: $ref: "#/definitions/PKInfoType" basicConstraints: description: "Basic Constraints Extension" $ref: "#/definitions/BasicConstraints" subjectKeyIdentifier: description: "Subject Key Identifier Extension" $ref: "#/definitions/SubjectKeyIdentifier" authorityKeyIdentifier: description: "Authority Key Identifier Extension" $ref: "#/definitions/AuthorityKeyIdentifier" issuerAlternativeNames: description: "Issuer Alternative Names Extension" $ref: "#/definitions/AlternativeNames" extendedKeyUsage: description: "Extended Key Usage Extension" $ref: "#/definitions/ExtendedKeyUsage" sha1Thumbprint: type: "string" description: "certificate sha1" signature: type: "string" description: "CA signature value for this certificate" isCa: type: "boolean" description: "Determines if this certificate is a CA certificate" isSelfSigned: type: "boolean" description: "Determines if this certificate is a self signed certificate" description: "Certificate public information" SystemInfo: type: "object" properties: version: type: "string" example: "2.0.1" description: "UKC server version" readOnly: true lastActivityAt: type: "string" readOnly: true allowedOperations: type: "array" example: "{Create,Destroy,Sign,...}" description: "A list of operation ID's that represent the operations that\ \ the current user is allowed to use. Should match the operation ID's as\ \ specified in this document" readOnly: true items: type: "string" allowedPartitions: type: "array" example: "{part1, part2, ...}" description: "the partitions on which the user can contact them" readOnly: true items: type: "string" alerts: type: "array" readOnly: true items: $ref: "#/definitions/AlertsSummary" allowedCryptoAlgorithms: type: "array" example: "{RSA,DES,AES,...}" description: "A list of allowed Crypto algorithm" readOnly: true items: type: "string" allowedDigitalSignatureAlgorithms: type: "array" example: "{ECDSAWithSHA_1,ECDSAWithSHA256,ECDSAWithSHA384,...}" description: "A list of allowed digital signature algorithm" readOnly: true items: type: "string" allowedHashingAlgorithms: type: "array" example: "{SHA_1,SHA_224,SHA_256,...}" description: "A list of allowed hashing algorithm" readOnly: true items: type: "string" allowedBlockCipherModes: type: "array" example: "{CBC,ECB,CFB,...}" description: "A list of allowed BlockCipher mode" readOnly: true items: type: "string" allowedPaddings: type: "array" example: "{RSA,DES,AES,...}" description: "A list of allowed padding method" readOnly: true items: type: "string" allowedCurves: type: "array" example: "{SECP256K1,CURVE25519,CURVE448,...}" description: "A list of allowed recommended curves" readOnly: true items: type: "string" description: "Include information on UKC server" TOTSChallengeData: type: "object" required: - "paillierKey" - "totsParams" properties: paillierKey: type: "string" description: "Paillier Key" message: type: "string" description: "Message to be signed with challenge response" dataEncoding: type: "string" description: "data encoding" enum: - "PLAIN" - "BASE64" - "HEX" totsParams: description: "TOTS parameters" $ref: "#/definitions/TOTSParams" description: "Input for challenge operation" TOTSParams: type: "object" required: - "index" - "nof" properties: index: type: "integer" format: "int32" description: "index of ephemeral TOTS derived key" minimum: 0 nof: type: "integer" format: "int32" description: "Number of fragments - the Security level of the signature (1,\ \ 2, or 3)" minimum: 1 maximum: 3 TOTSSignData: type: "object" required: - "totsParams" properties: challengeResponse: type: "string" description: "challenge response for TOTS offline mode" totsParams: description: "TOTS parameters" $ref: "#/definitions/TOTSParams" Token: type: "object" required: - "value" properties: value: type: "string" example: "eyJraWQiOiIweDAwMGNhZGQ5ODZiNWMwYTM5NCIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiJzb0BhenVyZSIsIm9yaWciOiIxMjcuMC4wLjEiLCJpc3MiOiJVTkJPVU5EIiwiaXNfcmVmcmVzaCI6ZmFsc2UsImV4cCI6MTU4MjQ0OTczNSwiaWF0IjoxNTgyNDQ3OTM1LCJqdGkiOiI5YWE0YjhiYi1kMGM4LTQxODEtYjhlMC0zYWQ4ODkzYjg1ZjcifQ.jqwC3O4XuIb678uVsBkWh-bBpvumnEIoFtde-xdBcF9CpUnqC1FURw6dpDeIb9TZvIzXDsjusucwv-JjjYbUYA" description: "The generated authentication token" minLength: 1 description: "Auth Token" TokenizeData: type: "object" required: - "dataType" - "tweak" - "value" properties: value: type: "string" description: "Input value." tweak: type: "string" description: "Changes the tokenization effect." minLength: 0 maxLength: 2084 dataType: type: "string" description: "Data type of value." enum: - "EMAIL" - "SSN" - "CREDIT_CARD" - "US_PHONE" - "STRING" - "BOOLEAN" - "SHORT" - "INTEGER" - "LONG" - "FLOAT" - "DOUBLE" - "DECIMAL" - "DATE" - "TIME" - "TIMESTAMP" - "TOKEN" format: type: "string" description: "Defines the tokenization format. Applies to SSN and US_PHONE\ \ data types only." maxSize: type: "integer" format: "int32" description: "The operation parameters" minimum: 40 maximum: 254 description: "Tokenize single items with a PRF key. Note that all data types are\ \ input values except for TOKEN which is an output value." TokenizeResponse: type: "object" required: - "tweak" - "uid" - "value" properties: uid: type: "string" description: "PRF key UID." minLength: 1 tweak: type: "string" description: "Tokenized tweak." minLength: 1 value: type: "string" description: "Array of tokenized values." minLength: 1 TokenizeX: type: "object" required: - "dataType" - "tweak" - "valueItems" properties: valueItems: type: "array" description: "Array of input values to tokenize." items: type: "string" tweak: type: "string" description: "Changes the tokenization effect." minLength: 0 maxLength: 2084 dataType: type: "string" description: "Data type of valueItems." enum: - "EMAIL" - "SSN" - "CREDIT_CARD" - "US_PHONE" - "STRING" - "BOOLEAN" - "SHORT" - "INTEGER" - "LONG" - "FLOAT" - "DOUBLE" - "DECIMAL" - "DATE" - "TIME" - "TIMESTAMP" - "TOKEN" format: type: "string" description: "Defines the tokenization format. Applies to SSN and US_PHONE\ \ data types only." maxSize: type: "integer" format: "int32" description: "The operation parameters" minimum: 40 maximum: 254 description: "Tokenize multiple items with a PRF key. Note that all data types\ \ are input values except for TOKEN which is an output value." Topology: type: "object" properties: pairs: type: "array" description: "Pairs" readOnly: true items: $ref: "#/definitions/Pair" auxiliaries: type: "array" description: "Auxiliaries" readOnly: true items: $ref: "#/definitions/Server" triplets: type: "array" description: "Triplets" readOnly: true items: $ref: "#/definitions/Triplet" description: "A UKC server topology" Triplet: type: "object" properties: entryPoint: type: "string" description: "Entry Point name" readOnly: true partner: type: "string" description: "Partner name" readOnly: true auxiliary: type: "string" description: "Auxiliary name" readOnly: true connected: type: "boolean" description: "Is Triplet connected " readOnly: true TwoFactorAuthSecretResponse: type: "object" properties: name: type: "string" description: "The Enrolled user name" totpUrl: type: "string" description: "The totp auth url" UnSealData: type: "object" required: - "cipher" properties: cipher: description: "cipher to decrypt" $ref: "#/definitions/SealedCipher" outputEncoding: type: "string" description: "output encoding" enum: - "PLAIN" - "BASE64" - "HEX" UnwrapData: type: "object" required: - "keyData" - "newGeneratedKey" properties: aSymmetricParams: description: "Asymmetric cryptographic parameters for symmetric keys" $ref: "#/definitions/AsymmetricCryptoParams" symmetricParams: description: "Symmetric cryptographic parameters for symmetric keys" $ref: "#/definitions/SymmetricCryptoParams" keyData: type: "string" description: "optional key data to import" minLength: 1 newGeneratedKey: description: "new generated key" $ref: "#/definitions/NewGeneratedKey" description: "Input for unwrap operation" UpdatedRole: type: "object" properties: managedObjectsPermissions: type: "array" description: "managed objects permissions" items: $ref: "#/definitions/RolePermission" UpdatedSecret: type: "object" required: - "data" properties: data: type: "string" example: "My secret data" description: "The data to keep as secret" minLength: 1 User: type: "object" properties: name: type: "string" example: "john_a" description: "name" readOnly: true partition: type: "string" example: "~.codeSign.developers" description: "partition" readOnly: true role: type: "string" description: "role" readOnly: true createdAt: type: "string" description: "created at" readOnly: true lastActivityAt: type: "string" description: "last activity at" readOnly: true retries: type: "integer" format: "int32" description: "retries" readOnly: true authType: type: "string" description: "auth type" readOnly: true enum: - "STANDARD" - "LDAP" - "OIDC" lastUpdateAt: type: "string" description: "last update at" readOnly: true lastPasswordUpdated: type: "string" description: "last password updated" readOnly: true is2FAEnrolled: type: "boolean" description: "is2FAEnrolled" readOnly: true lastEnrolledAt: type: "string" description: "lastEnrolledAt" readOnly: true aliases: type: "array" description: "aliases" readOnly: true uniqueItems: true items: $ref: "#/definitions/UserAliases" groups: type: "array" example: "[groupA, groupB]" readOnly: true uniqueItems: true items: type: "string" isLoginLocked: type: "boolean" description: "is login locked" readOnly: true description: "A UKC user" UserAliases: type: "object" required: - "aliases" - "identityProviderName" properties: identityProviderName: type: "string" description: "The Identity Provider Name" aliases: type: "array" description: "Aliases" uniqueItems: true items: type: "object" UserListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/User" UsersGroup: type: "object" properties: name: type: "string" readOnly: true partition: type: "string" readOnly: true expression: type: "string" example: ".*@somedomain.com" description: "A regular expression string" createdAt: type: "string" readOnly: true updatedAt: type: "string" readOnly: true users: type: "array" example: "[so, user, admin]" description: "List of all users in the group" items: type: "string" roles: type: "array" example: "[so, user, signer]" description: "List of all roles in the group" items: type: "string" description: "A UKC users group" UsersGroupListResponse: type: "object" properties: totalItems: type: "integer" format: "int32" description: "totalItems" readOnly: true limit: type: "integer" format: "int32" description: "limit" readOnly: true skip: type: "integer" format: "int32" description: "skip" readOnly: true nextPageToken: type: "string" description: "nextPageToken" items: type: "array" description: "items" readOnly: true items: $ref: "#/definitions/UsersGroup" VerifyData: type: "object" required: - "data" - "signature" properties: data: type: "string" description: "data" dataEncoding: type: "string" description: "data encoding" enum: - "PLAIN" - "BASE64" - "HEX" params: description: "the operation parameters" $ref: "#/definitions/AsymmetricCryptoParams" doHash: type: "boolean" description: "do hash or not" signature: description: "Signature, encoded as BAS64" $ref: "#/definitions/Signature" description: "Includes data used for signature verification" WrapData: type: "object" required: - "wrappedKeyId" properties: aSymmetricParams: description: "Asymmetric cryptographic parameters for symmetric keys" $ref: "#/definitions/AsymmetricCryptoParams" symmetricParams: description: "Symmetric cryptographic parameters for symmetric keys" $ref: "#/definitions/SymmetricCryptoParams" wrappedKeyId: type: "string" description: "ID of the wrapped key" description: "Input for the Wrap operation"