NAV Navigation
JavaScript Shell

UKC Admin API v2.0.2004

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

The Unbound Key Control Administration API allows managing 'Unbound Key Control' configuration and objects.

UKC API Overview

Authentication Types

Most UKC API operations require an authorization context and user permissions. Users are identified by an authentication token attached to the request headers.

Basic Authentication

UKC supports the basic authentication scheme. The "Basic" HTTP authentication scheme is defined in RFC 7617, which transmits credentials as user/password pairs, encoded using base64 in the HTTP Authorization header.

The user ID can include the required partition in the format:

username@partitionId:password

Authentication Token

The system can authenticate the user with a generated authentication token, which is valid for a limited time. This token eliminates the need to transmit the username/password on every request. See GET /authToken for more information.

Authentication with a Certificate

The client can authenticate with the UKC using a client certificate. This method can be useful to either add another layer of security or when you do not desire to use a username and password.

Authentication Failure (unauthorized)

If an operation is unauthorized, an HTTP 401 status code is returned with the WWW-Authenticate header.

Partitioning

UKC objects are organized into partitions. Partitioning allows namespacing and access control to objects by configuring users with roles per partition.

The objects contained in a partition are:

Users, Clients, Keys, Certificates, Secrets and other partitions

Permissions

Any partition can have many users who can access its objects.

A partition user can have one of two security roles:

Root Partition

The default built-in partition for an UKC cluster is called root and is created automatically when setting up a new UKC cluster.

Partition Hierarchy

Default Partition Context

For every request the default partition is the home partition of the connected user.

For example:

Object Path

Object IDs

Many operations require an object ID as part of the resource URI. Object ids can be one of:

Quorum

The UKC can be configured to require quorum approval for certain operations. In case the operation you are executing requires it, the http result would be 202 (ACCEPTED) and a quorum job object.

Use the jobs API in order to manage approvals for different jobs.

Common Errors

Any API call can result in one of the following general HTTP codes:

Email: Contact Web: Contact

Authorization

Authentication

Get token

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/authToken',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/authToken \
  -H 'Accept: application/json'

GET /api/v1/authToken

Returns an authentication token which can be used in future calls for authentication. The user credentials are provided in the HTTP headers

Example responses

200 Response

{
  "value": "eyJraWQiOiIweDAwMGNhZGQ5ODZiNWMwYTM5NCIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiJzb0BhenVyZSIsIm9yaWciOiIxMjcuMC4wLjEiLCJpc3MiOiJVTkJPVU5EIiwiaXNfcmVmcmVzaCI6ZmFsc2UsImV4cCI6MTU4MjQ0OTczNSwiaWF0IjoxNTgyNDQ3OTM1LCJqdGkiOiI5YWE0YjhiYi1kMGM4LTQxODEtYjhlMC0zYWQ4ODkzYjg1ZjcifQ.jqwC3O4XuIb678uVsBkWh-bBpvumnEIoFtde-xdBcF9CpUnqC1FURw6dpDeIb9TZvIzXDsjusucwv-JjjYbUYA"
}

Responses

Status Meaning Description Schema
200 OK OK Token
401 Unauthorized Authentication failure, the system could not verify the user name and password passed in the request header None

Revoke token

Code samples


fetch('/api/v1/authToken',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/authToken

DELETE /api/v1/authToken

Invalidates an authentication token

Responses

Status Meaning Description Schema
200 OK OK None
401 Unauthorized Authentication failure, the system could not verify the user name and password passed in the request header None

Get OAuth token

Code samples

const inputBody = '{
  "grantType": "string",
  "username": "string",
  "password": "string",
  "token": "string",
  "assertion": "string"
}';
const headers = {
  'Content-Type':'application/x-www-form-urlencoded',
  'Accept':'application/json'

};

fetch('/api/v1/token',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Accept: application/json'

POST /api/v1/token

Returns an authentication token which can be used in future calls for authentication.

Body parameter

grantType: string
username: string
password: string
token: string
assertion: string

Parameters

Name In Type Required Description
body body object false none
» grantType body string true none
» username body string false none
» password body string false none
» token body string false none
» assertion body string false none

Example responses

200 Response

{
  "accessToken": "eyJ...MoQ",
  "tokenType": "bearer",
  "expiresAt": "string",
  "expiresIn": 1000,
  "scope": "user",
  "refreshToken": "eyJ...0N"
}

Responses

Status Meaning Description Schema
200 OK OK OauthToken
401 Unauthorized Authentication failure, the system could not verify the user name and password passed in the request header None

Revoke all OAuth tokens

Code samples

const inputBody = '{
  "token": "string"
}';
const headers = {
  'Content-Type':'application/x-www-form-urlencoded'

};

fetch('/api/v1/token/revoke',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/token/revoke \
  -H 'Content-Type: application/x-www-form-urlencoded'

POST /api/v1/token/revoke

Revokes all tokens related to given authentication.

Body parameter

token: string

Parameters

Name In Type Required Description
body body object false none
» token body string true none

Responses

Status Meaning Description Schema
200 OK OK None
401 Unauthorized Authentication failure, the system could not verify the user name and password passed in the request header None

Change password

Code samples

const inputBody = '{
  "existingPassword": "string",
  "newPassword": "string"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/me/password',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/me/password \
  -H 'Content-Type: application/json'

PUT /api/v1/me/password

Change the password for the current user. The current user credentials are provided in the HTTP headers. Could be either password or JWT token.

Body parameter

{
  "existingPassword": "string",
  "newPassword": "string"
}

Parameters

Name In Type Required Description
body body NewAndExistingPassword false New and existing password

Responses

Status Meaning Description Schema
201 Created Password changed successfully None
400 Bad Request New password does not comply with password policy rules None

Backup

Backup database

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/backup',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/backup \
  -H 'Accept: application/json'

POST /api/v1/backup

Perform a database backup

Example responses

200 Response

{
  "id": "string",
  "state": "IN_PROGRESS",
  "error": "string",
  "date": "string",
  "file": "string",
  "pair hostnames": [
    "string"
  ],
  "version": "string",
  "digest diff": {
    "diffRecords": [
      {
        "sectionDiff": "string",
        "entriesDiff": [
          {
            "object type": "string",
            "digest source": "string",
            "uid": "string",
            "name": "string",
            "partition id": "string",
            "partition name": "string",
            "version": "string",
            "detail": "string"
          }
        ]
      }
    ]
  },
  "alertLevel": "WARN"
}

Responses

Status Meaning Description Schema
200 OK Backup request received DbBackup

List backups

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/backup',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/backup \
  -H 'Accept: */*'

GET /api/v1/backup

List all backup items

Parameters

Name In Type Required Description
from query string false from
to query string false to
limit query integer(int32) false Limit
skip query integer(int32) false skip

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK OK DbBackupListResponse

Get backup information

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/backup/{backupId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/backup/{backupId} \
  -H 'Accept: */*'

GET /api/v1/backup/{backupId}

Get database backup information

Parameters

Name In Type Required Description
backupId path string true Backup ID

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK OK DbBackup

Delete backup

Code samples


fetch('/api/v1/backup/{backupId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/backup/{backupId}

DELETE /api/v1/backup/{backupId}

Delete a backup record in the database.

Parameters

Name In Type Required Description
backupId path string true Backup ID

Responses

Status Meaning Description Schema
200 OK OK None

Get backup alerts summary

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/backup/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/backup/alerts \
  -H 'Accept: application/json'

GET /api/v1/backup/alerts

Get backup alerts summary

Example responses

200 Response

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK AlertsSummary

Check for backup alert

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/backup/{backupId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/backup/{backupId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/backup/{backupId}/alerts

Get alerts from a backup. Returns an alert if backup digest test fails.

Parameters

Name In Type Required Description
backupId path string true Backup ID

Example responses

200 Response

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Alert

Clients

Create a client

Code samples

const inputBody = '{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "activationCodeValidity": 20,
  "isTemplate": false,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0",
  "certificateExpiration": 1578240
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/clients \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/clients

Creates a new client and returns the activation code.

Body parameter

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "activationCodeValidity": 20,
  "isTemplate": false,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0",
  "certificateExpiration": 1578240
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewClient false New Client

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Client
201 Created New client created successfully Client
202 Accepted ACCEPTED Job
409 Conflict Object already exists None

Create client with certificate

Code samples

const inputBody = '{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'

};

fetch('/api/v1/clients/with-cert',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/clients/with-cert \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'

POST /api/v1/clients/with-cert

Creates a new client and returns the certificate. It uses CSR or public key material.

Body parameter

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewClientWithCertificate false New Client

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK successful operation string
201 Created New client created successfully None
202 Accepted ACCEPTED None
409 Conflict Object already exists None

Create client with cert from file

Code samples

const inputBody = '{
  "file": "string",
  "newClientWithCertificate": "string"
}';
const headers = {
  'Content-Type':'multipart/form-data',
  'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'

};

fetch('/api/v1/clients/with-cert-file',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/clients/with-cert-file \
  -H 'Content-Type: multipart/form-data' \
  -H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'

POST /api/v1/clients/with-cert-file

Creates a new client and returns the certificate. It uses FS description of the certificate.

Body parameter

file: string
newClientWithCertificate: string

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body object false none
» file body string(binary) true key file
» newClientWithCertificate body string false the new client

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK successful operation string
201 Created New client created successfully None
202 Accepted ACCEPTED None
409 Conflict Object already exists None

Create a client with secret

Code samples

const inputBody = '{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "ipRange": "0.0.0.0/0",
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/with-secret',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/clients/with-secret \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/clients/with-secret

Creates a new client and returns the secret.

Body parameter

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "ipRange": "0.0.0.0/0",
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewClientWithSecret false New Client

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Client
201 Created New client created successfully None
202 Accepted ACCEPTED None
409 Conflict Object already exists None

List clients

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/clients \
  -H 'Accept: application/json'

GET /api/v1/clients

Return a list of clients.

Parameters

Name In Type Required Description
partitionId query string false none
limit query integer(int32) false Limit
skip query integer(int32) false skip
detailed query boolean false Detailed
template query string false Template

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "client-name",
      "partition": "~.codeSign.developers",
      "createdAt": "string",
      "activationStatus": "ACTIVATED",
      "activationType": "CERTIFICATE_REQUEST",
      "lastUpdatedAt": "string",
      "failedActivationCounter": 0,
      "isActivationLocked": true,
      "checkIp": true,
      "allowNat": true,
      "ipRange": "string",
      "expiresAt": "string",
      "expiration": 0,
      "activationCodeValidity": 0,
      "activationCodeLength": 0,
      "activationCodeExpiration": "string",
      "template": "string",
      "activationCode": "string",
      "certificateRenewRequired": true,
      "grantTypes": [
        "CLIENT_CREDENTIALS"
      ],
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      },
      "certExpiresAt": "string",
      "certificateExpiration": 0,
      "alertLevel": "WARN",
      "version": "string",
      "secret": "string"
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK ClientListResponse

Get client details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/clients/{clientId} \
  -H 'Accept: application/json'

GET /api/v1/clients/{clientId}

Return details of a client.

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
detailed query boolean false Detailed

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Client

Update client details

Code samples

const inputBody = '{
  "checkIp": false,
  "allowNat": false,
  "ipRange": "0.0.0.0/0"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/clients/{clientId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/clients/{clientId}

Update client properties.

Body parameter

{
  "checkIp": false,
  "allowNat": false,
  "ipRange": "0.0.0.0/0"
}

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
body body ClientsUpdates false Clients updates

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK Client Updated successfully. Client
202 Accepted ACCEPTED Job

Delete a client

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/clients/{clientId} \
  -H 'Accept: application/json'

DELETE /api/v1/clients/{clientId}

Delete the specified client.

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK Client deleted successfully. None
202 Accepted ACCEPTED Job

Refresh activation code

Code samples

const inputBody = '{
  "certificateExpiration": 1578240,
  "activationCodeValidity": 20,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}/activation-code',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/activation-code \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/clients/{clientId}/activation-code

Refresh the client's activation code.

Body parameter

{
  "certificateExpiration": 1578240,
  "activationCodeValidity": 20,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0"
}

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
body body RefreshedCertificateClient false Refreshed values

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK Activation code Refreshed successfully. Client
202 Accepted ACCEPTED Job

Refresh client public key

Code samples

const inputBody = '{
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}/publicKey',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/publicKey \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/clients/{clientId}/publicKey

Refresh client public key.

Body parameter

{
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}"
}

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
body body RefreshedPublicKeyClient false Refreshed values

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK Secret Refreshed successfully. Client
202 Accepted ACCEPTED Job

Refresh client secret

Code samples

const inputBody = '{
  "expiration": 1578240,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}/secret',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/secret \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/clients/{clientId}/secret

Refresh client secret

Body parameter

{
  "expiration": 1578240,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
body body RefreshedSecretClient false Refreshed values

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK Secret Refreshed successfully. Client
202 Accepted ACCEPTED Job

Get alert summary

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/clients/alerts \
  -H 'Accept: application/json'

GET /api/v1/clients/alerts

Get a summary of the client alerts.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK AlertsSummary

Get alerts for a specific client

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/clients/{clientId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/clients/{clientId}/alerts

Return the alerts for a specific client.

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID

Example responses

200 Response

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Alert

General

Get system information

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/info',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/info \
  -H 'Accept: application/json'

GET /api/v1/info

Return system information, including version and supported capabilities. If authentication is provided, it returns the allowed operations.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

{
  "version": "2.0.1",
  "lastActivityAt": "string",
  "allowedOperations": "{Create,Destroy,Sign,...}",
  "allowedPartitions": "{part1, part2, ...}",
  "alerts": [
    {
      "category": "CLIENTS",
      "alertType": "CERT_ABOUT_TO_EXPIRE",
      "alertLevel": "WARN",
      "counter": 0,
      "title": "string"
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK SystemInfo

Check UKC health

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/health',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/health \
  -H 'Accept: */*'

GET /api/v1/health

Return health status of the UKC system and determine if it is usable. As long as the HTTP return code is OK, the system is usable.

Parameters

Name In Type Required Description
pairOnly query boolean false pairOnly
timeout query integer(int32) false Timeout

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK OK string

Check pair health

Code samples


fetch('/api/v1/pair/health',
{
  method: 'GET'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/pair/health

GET /api/v1/pair/health

Return health status of the UKC pair and determine if it is usable

Parameters

Name In Type Required Description
timeout query integer(int32) false Timeout

Responses

Status Meaning Description Schema
200 OK OK None

Get server certificate

Code samples


const headers = {
  'Accept':'application/x-x509-user-cert,application/json'

};

fetch('/api/v1/self.cer',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/self.cer \
  -H 'Accept: application/x-x509-user-cert,application/json'

GET /api/v1/self.cer

Download this specific server certificate. It is used for registering new servers.

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK OK string

Get root certificate

Code samples


const headers = {
  'Accept':'application/x-pkcs7-certificates,application/json'

};

fetch('/api/v1/server-ca.p7b',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/server-ca.p7b \
  -H 'Accept: application/x-pkcs7-certificates,application/json'

GET /api/v1/server-ca.p7b

Download the root CA certificate of UKC.

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK OK string

Get trusted certificates

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/trust',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/trust \
  -H 'Accept: application/json'

GET /api/v1/trust

Get all trusted certificates.

Parameters

Name In Type Required Description
detailed query boolean false Detailed

Example responses

200 Response

{
  "id": "my-certificate",
  "role": "ROOT_CA",
  "subject": "string",
  "validUntil": "string",
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "version": "V3",
  "alertLevel": "WARN",
  "uid": "string",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "issuer": "string",
  "validFrom": "string",
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "sha1Thumbprint": "string",
  "signature": "string",
  "isCa": true,
  "isSelfSigned": true
}

Responses

Status Meaning Description Schema
200 OK OK SystemCertificate

Generate random bytes

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/random',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/random \
  -H 'Accept: application/json'

GET /api/v1/random

Get random bytes from the UKC server. By default it returns 32 bytes, unless size is specified. The UKC random number generator is combined from different entropy sources of the different servers in the UKC cluster

Parameters

Name In Type Required Description
size query integer(int32) false Size (in bytes) of random bytes to return

Example responses

200 Response

{
  "entropy": "string"
}

Responses

Status Meaning Description Schema
200 OK OK RandomEntropyBytes

Add entropy bytes

Code samples

const inputBody = '{
  "entropy": "string"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/random/entropy-bytes',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/random/entropy-bytes \
  -H 'Content-Type: application/json'

PUT /api/v1/random/entropy-bytes

Add random bytes to the UKC entropy source. Different clients can add entropy to the server. Collecting entropy from the clients can enhance the strength of the UKC random number generator. This function only adds entropy, i.e. if the provided value has no entropy, it does not harm the generator quality.

Body parameter

{
  "entropy": "string"
}

Parameters

Name In Type Required Description
body body RandomEntropyBytes false Random bytes

Responses

Status Meaning Description Schema
200 OK OK None

Servers

Get server pair certificates

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/servers/new/pair?ep_host=string&partner_host=string',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/servers/new/pair?ep_host=string&partner_host=string \
  -H 'Accept: application/json'

GET /api/v1/servers/new/pair

Get the new crypto server pair certificates.

Parameters

Name In Type Required Description
ep_host query string true Entry point host
ep_port query integer(int32) false Entry point port
partner_host query string true Partner host
partner_port query integer(int32) false Partner port

Example responses

200 Response

{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}

Responses

Status Meaning Description Schema
200 OK OK NewPair

Add UKC server pair

Code samples

const inputBody = '{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/servers/new/pair',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/servers/new/pair \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/servers/new/pair

Add a new UKC server pair.

Body parameter

{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}

Parameters

Name In Type Required Description
force query boolean false Force
body body NewPair false New pair

Example responses

200 Response

{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}

Responses

Status Meaning Description Schema
200 OK successful operation NewPair
201 Created Pair added successfully NewPair

Get auxiliary certificate

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/servers/new/auxiliary?host=string',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/servers/new/auxiliary?host=string \
  -H 'Accept: application/json'

GET /api/v1/servers/new/auxiliary

Get the new auxiliary server certificate.

Parameters

Name In Type Required Description
host query string true Auxiliary host
port query integer(int32) false Auxiliary port

Example responses

200 Response

{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}

Responses

Status Meaning Description Schema
200 OK OK NewServer

Add auxiliary server

Code samples

const inputBody = '{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/servers/new/auxiliary',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/servers/new/auxiliary \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/servers/new/auxiliary

Add a new auxiliary server.

Body parameter

{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}

Parameters

Name In Type Required Description
force query boolean false Force
body body NewServer false the new auxiliary

Example responses

200 Response

{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}

Responses

Status Meaning Description Schema
200 OK successful operation NewServer
201 Created Auxiliary server added successfully NewServer

Get server details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/servers/{serverId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/servers/{serverId} \
  -H 'Accept: application/json'

GET /api/v1/servers/{serverId}

Get detailed server information.

Parameters

Name In Type Required Description
serverId path string true The identifier of the server is it's url (escaped)
detailed query boolean false Detailed

Example responses

200 Response

{
  "name": "string",
  "host": "string",
  "role": "ENTRYPOINT",
  "status": "RUNNING",
  "os": "string",
  "cores": 0,
  "cpuLoadPrecents": 0,
  "freeMemMegaBytes": 0,
  "totalMemMegaBytes": 0,
  "version": "string",
  "error": "string",
  "lastStart": "string",
  "requireRestart": "string",
  "alertLevel": "WARN",
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  }
}

Responses

Status Meaning Description Schema
200 OK OK Server

Delete server

Code samples


fetch('/api/v1/servers/{serverId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/servers/{serverId}

DELETE /api/v1/servers/{serverId}

Removes an auxiliary server or server pair from UKC cluster. A server pair is treated as one unit, identified by the host of its Entry Point server.

Parameters

Name In Type Required Description
serverId path string true The identifier of the server is it's url. In case of server pair, this should be the host of the EntryPoint server

Responses

Status Meaning Description Schema
200 OK Server deleted None

Get server alerts

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/servers/{serverId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/servers/{serverId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/servers/{serverId}/alerts

Get server alerts.

Parameters

Name In Type Required Description
serverId path string true The identifier of the server is it's url (escaped)

Example responses

200 Response

{
  "name": "string",
  "host": "string",
  "role": "ENTRYPOINT",
  "status": "RUNNING",
  "os": "string",
  "cores": 0,
  "cpuLoadPrecents": 0,
  "freeMemMegaBytes": 0,
  "totalMemMegaBytes": 0,
  "version": "string",
  "error": "string",
  "lastStart": "string",
  "requireRestart": "string",
  "alertLevel": "WARN",
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  }
}

Responses

Status Meaning Description Schema
200 OK OK Server

Jobs

List pending jobs

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/quorum',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/jobs/quorum \
  -H 'Accept: application/json'

GET /api/v1/jobs/quorum

Get a list of the pending quorum jobs.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

[
  {
    "initiator": "so@root",
    "id": "389323ee-3588-416e-94bd-f93ca815762e",
    "title": "string",
    "opName": "PARTITION_CONFIG_SET ",
    "createdAt": "string",
    "expiresAt": "string",
    "opParams": [
      {
        "key": "string",
        "value": "string",
        "description": "string",
        "type": "BOOLEAN",
        "defaultValue": "string",
        "min": 0,
        "max": 0,
        "unit": "SECONDS"
      }
    ],
    "response": "string",
    "approvedBy": [
      "string"
    ],
    "status": "PENDING_APPROVAL",
    "totalRequiredApprovals": 0
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [Job] false none [An asynchrounous job]
» initiator string false read-only none
» id string false read-only none
» title string false read-only none
» opName string false read-only none
» createdAt string false read-only none
» expiresAt string false read-only none
» opParams [KeyValueEntry] false read-only [Key value entry]
»» key string true none none
»» value string true none none
»» description string false read-only quorum timeout
»» type string false read-only value type
»» defaultValue string false read-only default value
»» min integer(int32) false read-only minimum value
»» max integer(int32) false read-only maximum value
»» unit string false read-only unit type
» response string false read-only none
» approvedBy [string] false read-only none
» status string false read-only none
» totalRequiredApprovals integer(int32) false read-only none

Enumerated Values

Property Value
type BOOLEAN
type TEXT
type INTEGER
type ARRAY
type MAP
type CERTIFICATE
type POLICY
unit SECONDS
unit MINUTES
unit HOURS
unit DAYS
unit MONTHS
unit YEARS
unit CHARACTERS
unit MILLIS
status PENDING_APPROVAL
status PENDING_EXECUTION
status DONE
status EXPIRED

Get job status

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/my/status',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/jobs/my/status \
  -H 'Accept: application/json'

GET /api/v1/jobs/my/status

Get the status of pending quorum requests.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

{
  "pendingApproval": 2,
  "pendingExecution": 0
}

Responses

Status Meaning Description Schema
200 OK successful operation QuorumStatus

Get job data

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/{jobId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/jobs/{jobId} \
  -H 'Accept: application/json'

GET /api/v1/jobs/{jobId}

Get job data for a specific job.

Parameters

Name In Type Required Description
jobId path string true Job ID
partitionId query string false Partition ID

Example responses

200 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK Job

Approve a job

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/{jobId}/approve',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/jobs/{jobId}/approve \
  -H 'Accept: application/json'

POST /api/v1/jobs/{jobId}/approve

Approve a pending quorum job.

Parameters

Name In Type Required Description
jobId path string true Job ID
partitionId query string false Partition ID

Example responses

200 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK Job

Execute a job

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/{jobId}/execute',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/jobs/{jobId}/execute \
  -H 'Accept: application/json'

POST /api/v1/jobs/{jobId}/execute

Execute an approved quorum job.

Parameters

Name In Type Required Description
jobId path string true Job ID
partitionId query string false Partition ID

Example responses

200 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK Job

Delete a job

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/jobs/{jobId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/jobs/{jobId} \
  -H 'Accept: */*'

DELETE /api/v1/jobs/{jobId}

Delete a specific job.

Parameters

Name In Type Required Description
jobId path string true Job ID
partitionId query string false Partition ID

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK OK Job

Partitions

Create a new partition

Code samples

const inputBody = '{
  "name": "string",
  "soPassword": "string",
  "newClient": {
    "name": "client-name",
    "checkIp": false,
    "allowNat": false,
    "expiration": 1578240,
    "alternativeNames": "{client-ip,client-name}",
    "pfxPassword": "string",
    "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
    "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
    "certificateExpiration": 1578240
  },
  "inherit": false,
  "propagate": false,
  "fipsRequirements": "FIPS_NONE",
  "isAllowDefaultClient": false
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'

};

fetch('/api/v1/partitions',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/partitions \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'

POST /api/v1/partitions

Create a new logical partition. It can optionally create a default client certificate for the new partition.

Body parameter

{
  "name": "string",
  "soPassword": "string",
  "newClient": {
    "name": "client-name",
    "checkIp": false,
    "allowNat": false,
    "expiration": 1578240,
    "alternativeNames": "{client-ip,client-name}",
    "pfxPassword": "string",
    "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
    "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
    "certificateExpiration": 1578240
  },
  "inherit": false,
  "propagate": false,
  "fipsRequirements": "FIPS_NONE",
  "isAllowDefaultClient": false
}

Parameters

Name In Type Required Description
body body NewPartition false The new partition

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK successful operation string
201 Created Partition created successfully. If initial client was specified, the response will include the generated PFX in Base64 encoded DER format None
409 Conflict Object already exists None

List partitions

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/partitions',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/partitions \
  -H 'Accept: application/json'

GET /api/v1/partitions

Get a list of partitions.

Parameters

Name In Type Required Description
limit query integer(int32) false Limit
skip query integer(int32) false skip

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "checkClientIp": true,
      "name": "root",
      "allowNat": true,
      "allowUserOnlyCryptoOperations": true,
      "clientRetriesLimit": 0,
      "clientRetriesTimeout": 0,
      "creationDate": "string",
      "getjWTLimit": 0,
      "lastUpdate": "string",
      "passwordComplexity": true,
      "passwordLength": 0,
      "quorumOperations": "string",
      "quorumSize": 0,
      "quorumTimeout": 0,
      "supportCertificatePropagation": true,
      "supportPartitionInheritance": true,
      "userRetriesLimit": 0,
      "fipsRequirements": "FIPS_NONE",
      "policy": [
        {
          "type": "RSA",
          "minSize": 0,
          "curves": [
            "P256"
          ],
          "operations": [
            "SIGN"
          ],
          "paddings": [
            "RAW"
          ],
          "hashes": [
            "SHA1"
          ],
          "modes": [
            "ECB"
          ],
          "macs": [
            "GMAC"
          ],
          "exportType": "IN_PLAIN",
          "trusted": true,
          "local": true
        }
      ],
      "jWTExpiration": 0
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK PartitionListResponse

Get partition information

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/partitions/{partitionId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/partitions/{partitionId} \
  -H 'Accept: application/json'

GET /api/v1/partitions/{partitionId}

Get partition information.

Parameters

Name In Type Required Description
partitionId path string true Partition Id

Example responses

200 Response

{
  "checkClientIp": true,
  "name": "root",
  "allowNat": true,
  "allowUserOnlyCryptoOperations": true,
  "clientRetriesLimit": 0,
  "clientRetriesTimeout": 0,
  "creationDate": "string",
  "getjWTLimit": 0,
  "lastUpdate": "string",
  "passwordComplexity": true,
  "passwordLength": 0,
  "quorumOperations": "string",
  "quorumSize": 0,
  "quorumTimeout": 0,
  "supportCertificatePropagation": true,
  "supportPartitionInheritance": true,
  "userRetriesLimit": 0,
  "fipsRequirements": "FIPS_NONE",
  "policy": [
    {
      "type": "RSA",
      "minSize": 0,
      "curves": [
        "P256"
      ],
      "operations": [
        "SIGN"
      ],
      "paddings": [
        "RAW"
      ],
      "hashes": [
        "SHA1"
      ],
      "modes": [
        "ECB"
      ],
      "macs": [
        "GMAC"
      ],
      "exportType": "IN_PLAIN",
      "trusted": true,
      "local": true
    }
  ],
  "jWTExpiration": 0
}

Responses

Status Meaning Description Schema
200 OK OK Partition

List partition settings

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/partitions/{partitionId}/settings',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/partitions/{partitionId}/settings \
  -H 'Accept: application/json'

GET /api/v1/partitions/{partitionId}/settings

Get a list of configuration parameters for a partition.

Parameters

Name In Type Required Description
partitionId path string true Partition Id/name of the target partition. Can be "default" to use the default partition for the current autneticated user.
detailed query boolean false Detailed
signed query boolean false Signed

Example responses

200 Response

[
  {
    "key": "string",
    "value": "string",
    "description": "string",
    "type": "BOOLEAN",
    "defaultValue": "string",
    "min": 0,
    "max": 0,
    "unit": "SECONDS"
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [KeyValueEntry] false none [Key value entry]
» key string true none none
» value string true none none
» description string false read-only quorum timeout
» type string false read-only value type
» defaultValue string false read-only default value
» min integer(int32) false read-only minimum value
» max integer(int32) false read-only maximum value
» unit string false read-only unit type

Enumerated Values

Property Value
type BOOLEAN
type TEXT
type INTEGER
type ARRAY
type MAP
type CERTIFICATE
type POLICY
unit SECONDS
unit MINUTES
unit HOURS
unit DAYS
unit MONTHS
unit YEARS
unit CHARACTERS
unit MILLIS

Update partition settings

Code samples

const inputBody = 'string';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/partitions/{partitionId}/settings/{settingKey}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/partitions/{partitionId}/settings/{settingKey} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/partitions/{partitionId}/settings/{settingKey}

Use this method to change one or more settings for the partition.

Body parameter

"string"

Parameters

Name In Type Required Description
partitionId path string true none
settingKey path string true none
body body string false Setting value

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK None
202 Accepted ACCEPTED Job

Delete partition

Code samples


fetch('/api/v1/partitions/{partitionId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/partitions/{partitionId}

DELETE /api/v1/partitions/{partitionId}

Deletes a partition. The partition must not contain any keys or clients in order to be deleted.

Parameters

Name In Type Required Description
partitionId path string true The Id of the partition to delete. The partition name can be used as the ID

Responses

Status Meaning Description Schema
200 OK Partition deleted successfully None

Recover partition

Code samples

const inputBody = '{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'

};

fetch('/api/v1/partitions/{partitionId}/recover',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/partitions/{partitionId}/recover \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'

PUT /api/v1/partitions/{partitionId}/recover

Recover partition.

Body parameter

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}

Parameters

Name In Type Required Description
partitionId path string true Partition Id
body body NewClientWithCertificate false The recovered partition new client

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK Partition recovered successfully string
409 Conflict Object already exists None

Roles

Create a new role

Code samples

const inputBody = '{
  "name": "role_name",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/roles',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/roles \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/roles

Create a new role in a given partition.

Body parameter

{
  "name": "role_name",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewRole false New Role

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
201 Created Role created successfully None
202 Accepted ACCEPTED Job
409 Conflict Role already exists None

List partition roles

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/roles',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/roles \
  -H 'Accept: application/json'

GET /api/v1/roles

Return a list of all roles in a partition.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
limit query integer(int32) false Limit
skip query integer(int32) false skip
detailed query boolean false Detailed

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "role_name",
      "partition": "~.codeSign.developers",
      "createdAt": "string",
      "updatedAt": "string",
      "managedObjectsPermissions": [
        {
          "objectGroup": "string",
          "operations": [
            "ACTIVATE"
          ]
        }
      ]
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK RoleListResponse

Get role details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/roles/{roleId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/roles/{roleId} \
  -H 'Accept: application/json'

GET /api/v1/roles/{roleId}

Get details of an existing role.

Parameters

Name In Type Required Description
roleId path string true Role ID to look for
partitionId query string false Partition ID
detailed query boolean false Detailed

Example responses

200 Response

{
  "name": "role_name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "updatedAt": "string",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK Role

Update a role

Code samples

const inputBody = '{
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/roles/{roleId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/roles/{roleId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/roles/{roleId}

Update a role.

Body parameter

{
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Parameters

Name In Type Required Description
roleId path string true Role ID
partitionId query string false Partition ID
body body UpdatedRole false Role updates

Example responses

200 Response

{
  "name": "role_name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "updatedAt": "string",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK Client Updated successfully. Role
202 Accepted ACCEPTED Job

Delete a role

Code samples


fetch('/api/v1/roles/{roleId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/roles/{roleId}

DELETE /api/v1/roles/{roleId}

Deletes a role.

Parameters

Name In Type Required Description
roleId path string true Role ID
partitionId query string false Partition ID

Responses

Status Meaning Description Schema
200 OK Role deleted successfully. None

System

Get signed logs

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/signlogs',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/signlogs \
  -H 'Accept: application/json'

GET /api/v1/system/signlogs

Return signed logs (compressed) from the UKC engine.

Parameters

Name In Type Required Description
from query string false from
to query string false to
period query string false period

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK OK string

Get system certificates

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/certificates',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/certificates \
  -H 'Accept: application/json'

GET /api/v1/system/certificates

Get the UKC servers and root CA certificates.

Parameters

Name In Type Required Description
detailed query boolean false Detailed

Example responses

200 Response

{
  "id": "my-certificate",
  "role": "ROOT_CA",
  "subject": "string",
  "validUntil": "string",
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "version": "V3",
  "alertLevel": "WARN",
  "uid": "string",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "issuer": "string",
  "validFrom": "string",
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "sha1Thumbprint": "string",
  "signature": "string",
  "isCa": true,
  "isSelfSigned": true
}

Responses

Status Meaning Description Schema
200 OK OK SystemCertificate

Get specific certificate

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/certificates/{certificateId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/certificates/{certificateId} \
  -H 'Accept: application/json'

GET /api/v1/system/certificates/{certificateId}

Get specific system certificate.

Parameters

Name In Type Required Description
certificateId path string true Certificate ID
detailed query boolean false Detailed

Example responses

200 Response

{
  "id": "my-certificate",
  "role": "ROOT_CA",
  "subject": "string",
  "validUntil": "string",
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "version": "V3",
  "alertLevel": "WARN",
  "uid": "string",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "issuer": "string",
  "validFrom": "string",
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "sha1Thumbprint": "string",
  "signature": "string",
  "isCa": true,
  "isSelfSigned": true
}

Responses

Status Meaning Description Schema
200 OK OK SystemCertificate

Get certificate alerts

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/certificates/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/certificates/alerts \
  -H 'Accept: application/json'

GET /api/v1/system/certificates/alerts

Get alerts associated with the servers and root CA certificates.

Example responses

200 Response

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK AlertsSummary

Get specific certificate alert

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/certificates/{certificateId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/certificates/{certificateId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/system/certificates/{certificateId}/alerts

Get specific system certificate alert.

Parameters

Name In Type Required Description
certificateId path string true Certificate ID

Example responses

200 Response

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Alert

Get integrity key

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/keys/{keyId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/keys/{keyId} \
  -H 'Accept: application/json'

GET /api/v1/system/keys/{keyId}

Get a root CA key signed with JWS.

Parameters

Name In Type Required Description
keyId path string true Key ID

Example responses

200 Response

{
  "value": "eyJraWQiOiJpbnRlZ3JpdHkta2V5IiwiYWxnIjoiRVMyNTYifQ.eyJpZCI6InIxIiwidWlkIjoiMHgwMDY0MjczNWJmNDkyNDNiODciLCJvYmplY3RUeXBlIjoiUFJJVkFURV9LRVkiLCJrZXlGb3JtYXQiOnsidHlwZSI6IlJTQSIsInNpemUiOjIwNDh9LCJrZXlQcm9wZXJ0aWVzIjp7InRydXN0ZWQiOmZhbHNlLCJleHBvcnRUeXBlIjoiTk9OX0VYUE9SVEFCTEUiLCJncm91cHMiOlsiZGVmYXVsdCJdfSwibG9jYWwiOnRydWUsImhhc0NlcnRpZmljYXRlIjpmYWxzZSwic3RhdGUiOiJBQ1RJVkUiLCJzeW5jIjp0cnVlLCJyZXF1aXJlQXBwcm92YWwiOmZhbHNlLCJwa0luZm8iOnsicnNhIjp7InB1YmxpY0V4cG9uZW50IjoiNjU1MzciLCJtb2R1bHVzIjoiMDA6QkQ6MTA6MTc6ODI6QkM6M0U6Mjc6MDI6QUQ6RDI6Mjk6REI6ODQ6ODY6MTE6QjY6RDk6REM6MTA6QjU6M0I6QjU6QTM6NzA6OEY6MUU6QUE6Mzk6MkI6Njc6RTE6Nzk6NzM6RDc6QkU6OTA6RDY6REU6QjQ6REM6OUM6RjY6Nzc6MDg6MTA6RkQ6QzE6N0Y6Qzk6M0Y6RDQ6RTk6OTQ6MDM6NjM6Q0E6RDQ6NUI6NEE6MjE6QUU6Qzg6RjE6RkY6OTU6MzY6RDI6RDE6NzI6QUE6M0I6NEY6RUQ6MjA6MzI6RDk6NDc6QzM6NTk6NDI6MDk6NkI6RUU6Rjc6MjA6NUU6NTA6NjM6ODg6NkU6QzY6NzY6RjI6NjA6QUM6MTM6Mzc6MDE6NDM6NkU6Qzc6NDc6MjA6RTc6NjI6MzI6MjI6REQ6NDA6Qjk6MDk6MjI6M0U6RTc6QkY6NDU6MUM6NzY6OTg6QUM6Rjg6RTA6MjU6Qjg6RDY6NDQ6QTQ6RkM6N0I6Qjc6NkQ6RTc6REM6Q0I6OEM6NjU6MTA6RUM6QUE6RTU6Qzg6RUQ6Q0U6NzI6RUE6RDA6MjU6QjQ6OUQ6MkQ6QkI6REY6QjU6NUQ6QjQ6OTA6NUM6MDI6N0U6MEU6N0E6MjQ6QjM6Qzg6Qjg6RTc6QzM6RDg6NEU6ODI6OUE6NUQ6N0M6QkM6Mzk6MDg6MjA6Njg6NDc6NDc6Rjk6NDc6QkU6MzU6NkE6NUQ6NUQ6NkY6MUI6QTM6QjQ6MUY6QjU6Mjg6Njg6QjU6ODI6QkI6RDQ6NkI6RjQ6RTE6MzI6RDA6Qzg6M0I6MDU6QjA6MzE6RTA6NTQ6NEE6QjY6ODU6NkM6MUY6MkE6QkU6QjQ6MTQ6Q0M6NEE6Mjk6M0E6OEE6RTc6QUI6ODg6RDQ6RTg6OEY6QTE6NkI6RTQ6ODQ6N0Y6NUE6RjU6QzU6QjU6RUY6RDQ6REQ6Mjg6Njc6MjE6Qzg6QkU6OUY6Mzk6QzE6MTQ6Mzk6Q0Y6RDA6REIifX0sImNyZWF0ZWRBdCI6IjIwMTktMDMtMTFUMDg6MzM6NDdaIiwidXBkYXRlZEF0IjoiMjAxOS0wMy0xMVQwODozMzo0OFoifQ.OMsru0JgLra358guXW8jMgCgArlkHdeR0m2rbFLl4yIKLNjxt4TUv3q2IpdUKgeOvWsexBb3VT1TZQ7ON6Y3pA"
}

Responses

Status Meaning Description Schema
200 OK successful operation JWS

Get system settings

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/settings',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/settings \
  -H 'Accept: application/json'

GET /api/v1/system/settings

Get UKC system configuration parameters. Returns a list of key-value entries that represent the configuration parameters for the UKC system.

Parameters

Name In Type Required Description
detailed query boolean false detailed

Example responses

200 Response

[
  {
    "key": "string",
    "value": "string",
    "description": "string",
    "type": "BOOLEAN",
    "defaultValue": "string",
    "min": 0,
    "max": 0,
    "unit": "SECONDS"
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [KeyValueEntry] false none [Key value entry]
» key string true none none
» value string true none none
» description string false read-only quorum timeout
» type string false read-only value type
» defaultValue string false read-only default value
» min integer(int32) false read-only minimum value
» max integer(int32) false read-only maximum value
» unit string false read-only unit type

Enumerated Values

Property Value
type BOOLEAN
type TEXT
type INTEGER
type ARRAY
type MAP
type CERTIFICATE
type POLICY
unit SECONDS
unit MINUTES
unit HOURS
unit DAYS
unit MONTHS
unit YEARS
unit CHARACTERS
unit MILLIS

Set system settings

Code samples

const inputBody = 'string';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/system/settings/{settingKey}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/system/settings/{settingKey} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/system/settings/{settingKey}

Sets the value for one or more system configuration parameters.

Body parameter

"string"

Parameters

Name In Type Required Description
settingKey path string true none
body body string false Setting value

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK None
202 Accepted ACCEPTED Job

Get cluster topology

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/topology',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/topology \
  -H 'Accept: application/json'

GET /api/v1/topology

Return the topology in the cluster including servers status.

Parameters

Name In Type Required Description
detailed query boolean false Detailed

Example responses

200 Response

{
  "pairs": [
    {
      "entryPoint": {
        "name": "string",
        "host": "string",
        "role": "ENTRYPOINT",
        "status": "RUNNING",
        "os": "string",
        "cores": 0,
        "cpuLoadPrecents": 0,
        "freeMemMegaBytes": 0,
        "totalMemMegaBytes": 0,
        "version": "string",
        "error": "string",
        "lastStart": "string",
        "requireRestart": "string",
        "alertLevel": "WARN",
        "certificateInfo": {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      },
      "partner": {
        "name": "string",
        "host": "string",
        "role": "ENTRYPOINT",
        "status": "RUNNING",
        "os": "string",
        "cores": 0,
        "cpuLoadPrecents": 0,
        "freeMemMegaBytes": 0,
        "totalMemMegaBytes": 0,
        "version": "string",
        "error": "string",
        "lastStart": "string",
        "requireRestart": "string",
        "alertLevel": "WARN",
        "certificateInfo": {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      }
    }
  ],
  "auxiliaries": [
    {
      "name": "string",
      "host": "string",
      "role": "ENTRYPOINT",
      "status": "RUNNING",
      "os": "string",
      "cores": 0,
      "cpuLoadPrecents": 0,
      "freeMemMegaBytes": 0,
      "totalMemMegaBytes": 0,
      "version": "string",
      "error": "string",
      "lastStart": "string",
      "requireRestart": "string",
      "alertLevel": "WARN",
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    }
  ],
  "triplets": [
    {
      "entryPoint": "string",
      "partner": "string",
      "auxiliary": "string",
      "connected": true
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK Topology

Users

Create a user

Code samples

const inputBody = '{
  "password": "Password1!",
  "name": "john_a",
  "description": "string",
  "role": "user",
  "authType": "STANDARD"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/users',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/users \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/users

Create a new user in a given partition.

Body parameter

{
  "password": "Password1!",
  "name": "john_a",
  "description": "string",
  "role": "user",
  "authType": "STANDARD"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewUser false New User

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
201 Created User created successfully None
202 Accepted ACCEPTED Job
409 Conflict Object already exists None

List partition users

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/users',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/users \
  -H 'Accept: application/json'

GET /api/v1/users

Return a list of all users in a partition.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
limit query integer(int32) false Limit
skip query integer(int32) false skip

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "john_a",
      "partition": "~.codeSign.developers",
      "role": "string",
      "createdAt": "string",
      "lastActivityAt": "string",
      "retries": 0,
      "authType": "STANDARD",
      "isLoginLocked": true
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK UserListResponse

Get user details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/users/{userId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/users/{userId} \
  -H 'Accept: application/json'

GET /api/v1/users/{userId}

Get details of an existing user.

Parameters

Name In Type Required Description
userId path string true User ID to look for
partitionId query string false Partition ID

Example responses

200 Response

{
  "name": "john_a",
  "partition": "~.codeSign.developers",
  "role": "string",
  "createdAt": "string",
  "lastActivityAt": "string",
  "retries": 0,
  "authType": "STANDARD",
  "isLoginLocked": true
}

Responses

Status Meaning Description Schema
200 OK OK User

Delete a user

Code samples


fetch('/api/v1/users/{userId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/users/{userId}

DELETE /api/v1/users/{userId}

Delete a user.

Parameters

Name In Type Required Description
userId path string true User ID
partitionId query string false Partition ID

Responses

Status Meaning Description Schema
200 OK User deleted successfully. None

Reset user password

Code samples

const inputBody = '{
  "password": "Password2!"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/users/{userId}/password',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/users/{userId}/password \
  -H 'Content-Type: application/json'

PUT /api/v1/users/{userId}/password

Reset user password. SO can do it for users in his partition. The root parition SO can do it to SO of any partition.

Body parameter

{
  "password": "Password2!"
}

Parameters

Name In Type Required Description
userId path string true User ID
partitionId query string false Partition ID
body body Password false Password

Responses

Status Meaning Description Schema
200 OK User password reset successfully None
400 Bad Request New password does not comply with password policy rules None

Schemas

Alert

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Properties

Name Type Required Restrictions Description
alertType string false read-only none
alertLevel string false read-only none
title string false read-only none

Enumerated Values

Property Value
alertType CERT_ABOUT_TO_EXPIRE
alertType CERT_EXPIRED
alertType OUT_OF_SYNC
alertType IS_LOCKED
alertType RENEW_REQUIRED
alertType DB_BACKUP_INCONSISTENT
alertType DB_BACKUP_FAILURE
alertType SECRET_ABOUT_TO_EXPIRE
alertType SECRET_EXPIRED
alertType KEY_ROTATION_IS_APPROACHING
alertType KEY_ACTIVATION_IS_APPROACHING
alertType KEY_DEACTIVATION_IS_APPROACHING
alertType RESTART_REQUIRED
alertLevel WARN

AlertsSummary

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Properties

Name Type Required Restrictions Description
category string false read-only none
alertType string false read-only none
alertLevel string false read-only none
counter integer(int32) false read-only none
title string false read-only none

Enumerated Values

Property Value
category CLIENTS
category SYSTEM
category KEYS
category BACKUP
alertType CERT_ABOUT_TO_EXPIRE
alertType CERT_EXPIRED
alertType OUT_OF_SYNC
alertType IS_LOCKED
alertType RENEW_REQUIRED
alertType DB_BACKUP_INCONSISTENT
alertType DB_BACKUP_FAILURE
alertType SECRET_ABOUT_TO_EXPIRE
alertType SECRET_EXPIRED
alertType KEY_ROTATION_IS_APPROACHING
alertType KEY_ACTIVATION_IS_APPROACHING
alertType KEY_DEACTIVATION_IS_APPROACHING
alertType RESTART_REQUIRED
alertLevel WARN

AlternativeNames

{
  "names": [
    "string"
  ],
  "uid": "string",
  "isCritical": true
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
names [string] false none none
uid string true none Extension UID
isCritical boolean true none Is Extension Critical

AuthorityKeyIdentifier

{
  "uid": "string",
  "isCritical": true,
  "keyId": "string",
  "authNames": [
    "string"
  ],
  "serialNumber": "string"
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
uid string true none Extension UID
isCritical boolean true none Is Extension Critical
keyId string false read-only none
authNames [string] false none none
serialNumber string false none none

BasicConstraints

{
  "uid": "string",
  "isCritical": true,
  "pathLen": 0,
  "isCa": true
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
uid string true none Extension UID
isCritical boolean true none Is Extension Critical
pathLen integer(int32) false none none
isCa boolean false none none

CertificateInfo

{
  "id": "my-certificate",
  "uid": "string",
  "sha1Thumbprint": "string",
  "subject": "string",
  "issuer": "string",
  "validFrom": "string",
  "validUntil": "string",
  "version": "V3",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "isCa": true,
  "isSelfSigned": true,
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "signature": "string",
  "alertLevel": "WARN"
}

Certificate public information

Properties

Name Type Required Restrictions Description
id string true none Certificate identifier label
uid string true none none
sha1Thumbprint string true none certificate sha1
subject string true none none
issuer string true none The CA that signed this certificate
validFrom string true none Date of of validity period start for this certificate
validUntil string true none Date of of validity period end for this certificate
version string true none Certificate version
serial string true none Certificate serial number
signatureAlgorithm string true none Signing algorithm used for signing this certificate
isCa boolean true none Determines if this certificate is a CA certificate
isSelfSigned boolean true none Determines if this certificate is a self signed certificate
pkInfo PKInfoType true none Properties of PKI key
basicConstraints BasicConstraints false none Certificate x509 extension
subjectKeyIdentifier SubjectKeyIdentifier false none Certificate x509 extension
authorityKeyIdentifier AuthorityKeyIdentifier false none Certificate x509 extension
subjectAlternativeNames AlternativeNames false none Certificate x509 extension
issuerAlternativeNames AlternativeNames false none Certificate x509 extension
extendedKeyUsage ExtendedKeyUsage false none Certificate x509 extension
signature string true none CA signature value for this certificate
alertLevel string false read-only none

Enumerated Values

Property Value
alertLevel WARN

Client

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

A UKC new client

Properties

Name Type Required Restrictions Description
name string false read-only Client name
partition string false read-only none
createdAt string false none none
activationStatus string false read-only Client activation status
activationType string false read-only Client activation type
lastUpdatedAt string false read-only Last update time for this client record
failedActivationCounter integer(int32) false read-only Number of failed retries to use client activation code
isActivationLocked boolean false read-only none
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
ipRange string false none Client IP range
expiresAt string false none Client secret expiration date
expiration integer(int32) false none Client secret expiration time (ms)
activationCodeValidity integer(int32) false none Client activation code validity in minutes
activationCodeLength integer(int32) false none Client activation code length (digits)
activationCodeExpiration string false none Client activation code expiration date
template string false none Client template
activationCode string false none Client activation code
certificateRenewRequired boolean false none Is client certificate need to be renewed
grantTypes [string] false none Client grant types
certificateInfo CertificateInfo false none Certificate public information
certExpiresAt string false read-only Client certificate expiration date
certificateExpiration integer(int32) false read-only Client certificate validity in minutes
alertLevel string false read-only none
version string false none Client version
secret string false none Client secret

Enumerated Values

Property Value
activationStatus ACTIVATED
activationStatus PENDING
activationStatus LOCKED
activationType CERTIFICATE_REQUEST
activationType ACTIVATION_CODE
activationType CERTIFICATE_DOWNLOAD
activationType EXTERNAL
activationType TEMPLATE
activationType SECRET
activationType EPHEMERAL
activationType PUBLIC_KEY
alertLevel WARN

ClientListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "client-name",
      "partition": "~.codeSign.developers",
      "createdAt": "string",
      "activationStatus": "ACTIVATED",
      "activationType": "CERTIFICATE_REQUEST",
      "lastUpdatedAt": "string",
      "failedActivationCounter": 0,
      "isActivationLocked": true,
      "checkIp": true,
      "allowNat": true,
      "ipRange": "string",
      "expiresAt": "string",
      "expiration": 0,
      "activationCodeValidity": 0,
      "activationCodeLength": 0,
      "activationCodeExpiration": "string",
      "template": "string",
      "activationCode": "string",
      "certificateRenewRequired": true,
      "grantTypes": [
        "CLIENT_CREDENTIALS"
      ],
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      },
      "certExpiresAt": "string",
      "certificateExpiration": 0,
      "alertLevel": "WARN",
      "version": "string",
      "secret": "string"
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [Client] false read-only [A UKC new client]

ClientsUpdates

{
  "checkIp": false,
  "allowNat": false,
  "ipRange": "0.0.0.0/0"
}

Properties

Name Type Required Restrictions Description
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
ipRange string false none Client IP range

DbBackup

{
  "id": "string",
  "state": "IN_PROGRESS",
  "error": "string",
  "date": "string",
  "file": "string",
  "pair hostnames": [
    "string"
  ],
  "version": "string",
  "digest diff": {
    "diffRecords": [
      {
        "sectionDiff": "string",
        "entriesDiff": [
          {
            "object type": "string",
            "digest source": "string",
            "uid": "string",
            "name": "string",
            "partition id": "string",
            "partition name": "string",
            "version": "string",
            "detail": "string"
          }
        ]
      }
    ]
  },
  "alertLevel": "WARN"
}

Properties

Name Type Required Restrictions Description
id string false none none
state string false none none
error string false none none
date string false none none
file string false none none
pair hostnames [string] false none none
version string false none none
digest diff DigestDiff false none none
alertLevel string false read-only none

Enumerated Values

Property Value
state IN_PROGRESS
state PENDING_TEST
state TEST_SUCCESS
state TEST_FAILURE
state MANUAL_TEST
state GENERAL_FAILURE
state INVALID
alertLevel WARN

DbBackupListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "id": "string",
      "state": "IN_PROGRESS",
      "error": "string",
      "date": "string",
      "file": "string",
      "pair hostnames": [
        "string"
      ],
      "version": "string",
      "digest diff": {
        "diffRecords": [
          {
            "sectionDiff": "string",
            "entriesDiff": [
              {
                "object type": "string",
                "digest source": "string",
                "uid": "string",
                "name": "string",
                "partition id": "string",
                "partition name": "string",
                "version": "string",
                "detail": "string"
              }
            ]
          }
        ]
      },
      "alertLevel": "WARN"
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [DbBackup] false read-only none

DiffEntry

{
  "object type": "string",
  "digest source": "string",
  "uid": "string",
  "name": "string",
  "partition id": "string",
  "partition name": "string",
  "version": "string",
  "detail": "string"
}

Properties

Name Type Required Restrictions Description
object type string false none none
digest source string false none none
uid string false none none
name string false none none
partition id string false none none
partition name string false none none
version string false none none
detail string false none none

DiffRecord

{
  "sectionDiff": "string",
  "entriesDiff": [
    {
      "object type": "string",
      "digest source": "string",
      "uid": "string",
      "name": "string",
      "partition id": "string",
      "partition name": "string",
      "version": "string",
      "detail": "string"
    }
  ]
}

Properties

Name Type Required Restrictions Description
sectionDiff string false none none
entriesDiff [DiffEntry] false none none

DigestDiff

{
  "diffRecords": [
    {
      "sectionDiff": "string",
      "entriesDiff": [
        {
          "object type": "string",
          "digest source": "string",
          "uid": "string",
          "name": "string",
          "partition id": "string",
          "partition name": "string",
          "version": "string",
          "detail": "string"
        }
      ]
    }
  ]
}

Properties

Name Type Required Restrictions Description
diffRecords [DiffRecord] false none none

ECCBipKeyInfo

{
  "level": "string",
  "childNumber": 0,
  "hardened": true,
  "chainCode": "string",
  "parentUid": "string",
  "parentFingerprint": 0
}

Properties

Name Type Required Restrictions Description
level string(byte) false read-only Level (0 for master)
childNumber integer(int32) false read-only child number
hardened boolean false read-only True if hardened
chainCode string false read-only BASE64 chain code
parentUid string false read-only the parent uid
parentFingerprint integer(int32) false read-only parent fingerprint (The first 32 bits of the identifier)

ECCKeyInfoType

{
  "curve": "P256",
  "ecPoint": "string",
  "eccBipKeyInfo": {
    "level": "string",
    "childNumber": 0,
    "hardened": true,
    "chainCode": "string",
    "parentUid": "string",
    "parentFingerprint": 0
  }
}

Details of ECC public key

Properties

Name Type Required Restrictions Description
curve string true none none
ecPoint string true none Encoded public key (EC point)
eccBipKeyInfo ECCBipKeyInfo true none none

Enumerated Values

Property Value
curve P256
curve P384
curve P521
curve SECP_256K_1

ExtendedKeyUsage

{
  "keyUsages": [
    "string"
  ],
  "uid": "string",
  "isCritical": true
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
keyUsages [string] false none none
uid string true none Extension UID
isCritical boolean true none Is Extension Critical

JWS

{
  "value": "eyJraWQiOiJpbnRlZ3JpdHkta2V5IiwiYWxnIjoiRVMyNTYifQ.eyJpZCI6InIxIiwidWlkIjoiMHgwMDY0MjczNWJmNDkyNDNiODciLCJvYmplY3RUeXBlIjoiUFJJVkFURV9LRVkiLCJrZXlGb3JtYXQiOnsidHlwZSI6IlJTQSIsInNpemUiOjIwNDh9LCJrZXlQcm9wZXJ0aWVzIjp7InRydXN0ZWQiOmZhbHNlLCJleHBvcnRUeXBlIjoiTk9OX0VYUE9SVEFCTEUiLCJncm91cHMiOlsiZGVmYXVsdCJdfSwibG9jYWwiOnRydWUsImhhc0NlcnRpZmljYXRlIjpmYWxzZSwic3RhdGUiOiJBQ1RJVkUiLCJzeW5jIjp0cnVlLCJyZXF1aXJlQXBwcm92YWwiOmZhbHNlLCJwa0luZm8iOnsicnNhIjp7InB1YmxpY0V4cG9uZW50IjoiNjU1MzciLCJtb2R1bHVzIjoiMDA6QkQ6MTA6MTc6ODI6QkM6M0U6Mjc6MDI6QUQ6RDI6Mjk6REI6ODQ6ODY6MTE6QjY6RDk6REM6MTA6QjU6M0I6QjU6QTM6NzA6OEY6MUU6QUE6Mzk6MkI6Njc6RTE6Nzk6NzM6RDc6QkU6OTA6RDY6REU6QjQ6REM6OUM6RjY6Nzc6MDg6MTA6RkQ6QzE6N0Y6Qzk6M0Y6RDQ6RTk6OTQ6MDM6NjM6Q0E6RDQ6NUI6NEE6MjE6QUU6Qzg6RjE6RkY6OTU6MzY6RDI6RDE6NzI6QUE6M0I6NEY6RUQ6MjA6MzI6RDk6NDc6QzM6NTk6NDI6MDk6NkI6RUU6Rjc6MjA6NUU6NTA6NjM6ODg6NkU6QzY6NzY6RjI6NjA6QUM6MTM6Mzc6MDE6NDM6NkU6Qzc6NDc6MjA6RTc6NjI6MzI6MjI6REQ6NDA6Qjk6MDk6MjI6M0U6RTc6QkY6NDU6MUM6NzY6OTg6QUM6Rjg6RTA6MjU6Qjg6RDY6NDQ6QTQ6RkM6N0I6Qjc6NkQ6RTc6REM6Q0I6OEM6NjU6MTA6RUM6QUE6RTU6Qzg6RUQ6Q0U6NzI6RUE6RDA6MjU6QjQ6OUQ6MkQ6QkI6REY6QjU6NUQ6QjQ6OTA6NUM6MDI6N0U6MEU6N0E6MjQ6QjM6Qzg6Qjg6RTc6QzM6RDg6NEU6ODI6OUE6NUQ6N0M6QkM6Mzk6MDg6MjA6Njg6NDc6NDc6Rjk6NDc6QkU6MzU6NkE6NUQ6NUQ6NkY6MUI6QTM6QjQ6MUY6QjU6Mjg6Njg6QjU6ODI6QkI6RDQ6NkI6RjQ6RTE6MzI6RDA6Qzg6M0I6MDU6QjA6MzE6RTA6NTQ6NEE6QjY6ODU6NkM6MUY6MkE6QkU6QjQ6MTQ6Q0M6NEE6Mjk6M0E6OEE6RTc6QUI6ODg6RDQ6RTg6OEY6QTE6NkI6RTQ6ODQ6N0Y6NUE6RjU6QzU6QjU6RUY6RDQ6REQ6Mjg6Njc6MjE6Qzg6QkU6OUY6Mzk6QzE6MTQ6Mzk6Q0Y6RDA6REIifX0sImNyZWF0ZWRBdCI6IjIwMTktMDMtMTFUMDg6MzM6NDdaIiwidXBkYXRlZEF0IjoiMjAxOS0wMy0xMVQwODozMzo0OFoifQ.OMsru0JgLra358guXW8jMgCgArlkHdeR0m2rbFLl4yIKLNjxt4TUv3q2IpdUKgeOvWsexBb3VT1TZQ7ON6Y3pA"
}

Properties

Name Type Required Restrictions Description
value string false read-only value

Job

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

An asynchrounous job

Properties

Name Type Required Restrictions Description
initiator string false read-only none
id string false read-only none
title string false read-only none
opName string false read-only none
createdAt string false read-only none
expiresAt string false read-only none
opParams [KeyValueEntry] false read-only [Key value entry]
response string false read-only none
approvedBy [string] false read-only none
status string false read-only none
totalRequiredApprovals integer(int32) false read-only none

Enumerated Values

Property Value
status PENDING_APPROVAL
status PENDING_EXECUTION
status DONE
status EXPIRED

KeyValueEntry

{
  "key": "string",
  "value": "string",
  "description": "string",
  "type": "BOOLEAN",
  "defaultValue": "string",
  "min": 0,
  "max": 0,
  "unit": "SECONDS"
}

Key value entry

Properties

Name Type Required Restrictions Description
key string true none none
value string true none none
description string false read-only quorum timeout
type string false read-only value type
defaultValue string false read-only default value
min integer(int32) false read-only minimum value
max integer(int32) false read-only maximum value
unit string false read-only unit type

Enumerated Values

Property Value
type BOOLEAN
type TEXT
type INTEGER
type ARRAY
type MAP
type CERTIFICATE
type POLICY
unit SECONDS
unit MINUTES
unit HOURS
unit DAYS
unit MONTHS
unit YEARS
unit CHARACTERS
unit MILLIS

NewAndExistingPassword

{
  "existingPassword": "string",
  "newPassword": "string"
}

New And Existing Password

Properties

Name Type Required Restrictions Description
existingPassword string true none The existing user password
newPassword string true none The new password

NewClient

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "activationCodeValidity": 20,
  "isTemplate": false,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0",
  "certificateExpiration": 1578240
}

Properties

Name Type Required Restrictions Description
name string true none Client name
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
expiration integer(int32) false none Client expiration in minutes
activationCodeValidity integer(int32) false none Client activation code validity in minutes
isTemplate boolean false none Is client is a template client or not
activationCodeLength integer(int32) false none Client activation code length (digits)
ipRange string false none Client IP range
certificateExpiration integer(int32) false none Client certificate validity in minutes

NewClientWithCertificate

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}

Properties

Name Type Required Restrictions Description
name string true none Client name
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
expiration integer(int32) false none Client expiration in minutes
alternativeNames [string] false none Client alternative names
pfxPassword string false none The new client PFX password
csr string false none The new client Base64 encoded Certificate Request
publicKey string false none The new client Base64 encoded ECC Public Key
certificateExpiration integer(int32) false none Client certificate validity in minutes

NewClientWithSecret

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "ipRange": "0.0.0.0/0",
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}

Properties

Name Type Required Restrictions Description
name string true none Client name
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
expiration integer(int32) false none Client expiration in minutes
ipRange string false none Client IP range
grantTypes [string] false none Client grant types

NewPair

{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}

A UKC pair

Properties

Name Type Required Restrictions Description
entryPoint NewServer true none An UKC New Server
partner NewServer true none An UKC New Server

NewPartition

{
  "name": "string",
  "soPassword": "string",
  "newClient": {
    "name": "client-name",
    "checkIp": false,
    "allowNat": false,
    "expiration": 1578240,
    "alternativeNames": "{client-ip,client-name}",
    "pfxPassword": "string",
    "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
    "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
    "certificateExpiration": 1578240
  },
  "inherit": false,
  "propagate": false,
  "fipsRequirements": "FIPS_NONE",
  "isAllowDefaultClient": false
}

A UKC Partition

Properties

Name Type Required Restrictions Description
name string true none The new partition name
soPassword string true none The new partition SO password
newClient NewClientWithCertificate true none none
inherit boolean false none Inherit root partition settings
propagate boolean false none Support certificate propagation
fipsRequirements string false none The Partition FIPS Requirements
isAllowDefaultClient boolean false none Allow using default client

Enumerated Values

Property Value
fipsRequirements FIPS_MANDATORY
fipsRequirements FIPS_PREFERRED
fipsRequirements FIPS_NONE

NewRole

{
  "name": "role_name",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Properties

Name Type Required Restrictions Description
name string true none role name
managedObjectsPermissions [RolePermission] true none none

NewServer

{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}

An UKC New Server

Properties

Name Type Required Restrictions Description
host string true none The server host
port integer(int32) false none The server port
newServerCertificate NewServerCertificate false none New server certificate data

NewServerCertificate

{
  "certificate": "string",
  "certificateFingerprint": "string",
  "certificateInfo": "string"
}

New server certificate data

Properties

Name Type Required Restrictions Description
certificate string false none The server certificate encoded in base64
certificateFingerprint string false none The server certificate fingerprint
certificateInfo string false none The server certificate info

NewUser

{
  "password": "Password1!",
  "name": "john_a",
  "description": "string",
  "role": "user",
  "authType": "STANDARD"
}

A UKC new user

Properties

Name Type Required Restrictions Description
password string false none The user password
name string true none none
description string false none The user description
role string true none The user role
authType string false none none

Enumerated Values

Property Value
authType STANDARD
authType LDAP

OauthToken

{
  "accessToken": "eyJ...MoQ",
  "tokenType": "bearer",
  "expiresAt": "string",
  "expiresIn": 1000,
  "scope": "user",
  "refreshToken": "eyJ...0N"
}

Oauth Token

Properties

Name Type Required Restrictions Description
accessToken string false none Access Token
tokenType string false none Token type
expiresAt string false none Token expiration date
expiresIn integer(int32) false none The lifetime of the access token, in seconds
scope string false none The provided scope (the user Role)
refreshToken string false none Refresh Token

PKInfoType

{
  "rsa": {
    "publicExponent": "string",
    "modulus": "string"
  },
  "ecc": {
    "curve": "P256",
    "ecPoint": "string",
    "eccBipKeyInfo": {
      "level": "string",
      "childNumber": 0,
      "hardened": true,
      "chainCode": "string",
      "parentUid": "string",
      "parentFingerprint": 0
    }
  }
}

Properties of PKI key

Properties

Name Type Required Restrictions Description
rsa RSAKeyInfoType false none Details of RSA public key
ecc ECCKeyInfoType false none Details of ECC public key

Pair

{
  "entryPoint": {
    "name": "string",
    "host": "string",
    "role": "ENTRYPOINT",
    "status": "RUNNING",
    "os": "string",
    "cores": 0,
    "cpuLoadPrecents": 0,
    "freeMemMegaBytes": 0,
    "totalMemMegaBytes": 0,
    "version": "string",
    "error": "string",
    "lastStart": "string",
    "requireRestart": "string",
    "alertLevel": "WARN",
    "certificateInfo": {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  },
  "partner": {
    "name": "string",
    "host": "string",
    "role": "ENTRYPOINT",
    "status": "RUNNING",
    "os": "string",
    "cores": 0,
    "cpuLoadPrecents": 0,
    "freeMemMegaBytes": 0,
    "totalMemMegaBytes": 0,
    "version": "string",
    "error": "string",
    "lastStart": "string",
    "requireRestart": "string",
    "alertLevel": "WARN",
    "certificateInfo": {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  }
}

A UKC pair

Properties

Name Type Required Restrictions Description
entryPoint Server false none A UKC server
partner Server false none A UKC server

Partition

{
  "checkClientIp": true,
  "name": "root",
  "allowNat": true,
  "allowUserOnlyCryptoOperations": true,
  "clientRetriesLimit": 0,
  "clientRetriesTimeout": 0,
  "creationDate": "string",
  "getjWTLimit": 0,
  "lastUpdate": "string",
  "passwordComplexity": true,
  "passwordLength": 0,
  "quorumOperations": "string",
  "quorumSize": 0,
  "quorumTimeout": 0,
  "supportCertificatePropagation": true,
  "supportPartitionInheritance": true,
  "userRetriesLimit": 0,
  "fipsRequirements": "FIPS_NONE",
  "policy": [
    {
      "type": "RSA",
      "minSize": 0,
      "curves": [
        "P256"
      ],
      "operations": [
        "SIGN"
      ],
      "paddings": [
        "RAW"
      ],
      "hashes": [
        "SHA1"
      ],
      "modes": [
        "ECB"
      ],
      "macs": [
        "GMAC"
      ],
      "exportType": "IN_PLAIN",
      "trusted": true,
      "local": true
    }
  ],
  "jWTExpiration": 0
}

A partitions is used as a logical container for security objects like keys and Certificates

Properties

Name Type Required Restrictions Description
checkClientIp boolean false read-only check clients ip
name string false read-only none
allowNat boolean false read-only True when allowing NAT
allowUserOnlyCryptoOperations boolean false read-only True if user is only allowed to do crypto
clientRetriesLimit integer(int32) false read-only client retries limit
clientRetriesTimeout integer(int32) false read-only client retries timeout
creationDate string false read-only partition creation date
getjWTLimit integer(int32) false read-only JWT usage limit
lastUpdate string false read-only partition last update
passwordComplexity boolean false read-only enforce password complexity
passwordLength integer(int32) false read-only partition allowed password length
quorumOperations string false read-only quorum operations
quorumSize integer(int32) false read-only quorum size
quorumTimeout integer(int32) false read-only quorum timeout
supportCertificatePropagation boolean false read-only True when supporting certificate propagation
supportPartitionInheritance boolean false read-only True when supporting certificate inheritance
userRetriesLimit integer(int32) false read-only user retries limit
fipsRequirements string false none The Partition FIPS Requirements
policy [PartitionPolicyRule] false none The Partition Policy
jWTExpiration integer(int32) false read-only JWT expiration time

Enumerated Values

Property Value
fipsRequirements FIPS_MANDATORY
fipsRequirements FIPS_PREFERRED
fipsRequirements FIPS_NONE

PartitionListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "checkClientIp": true,
      "name": "root",
      "allowNat": true,
      "allowUserOnlyCryptoOperations": true,
      "clientRetriesLimit": 0,
      "clientRetriesTimeout": 0,
      "creationDate": "string",
      "getjWTLimit": 0,
      "lastUpdate": "string",
      "passwordComplexity": true,
      "passwordLength": 0,
      "quorumOperations": "string",
      "quorumSize": 0,
      "quorumTimeout": 0,
      "supportCertificatePropagation": true,
      "supportPartitionInheritance": true,
      "userRetriesLimit": 0,
      "fipsRequirements": "FIPS_NONE",
      "policy": [
        {
          "type": "RSA",
          "minSize": 0,
          "curves": [
            "P256"
          ],
          "operations": [
            "SIGN"
          ],
          "paddings": [
            "RAW"
          ],
          "hashes": [
            "SHA1"
          ],
          "modes": [
            "ECB"
          ],
          "macs": [
            "GMAC"
          ],
          "exportType": "IN_PLAIN",
          "trusted": true,
          "local": true
        }
      ],
      "jWTExpiration": 0
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [Partition] false read-only [A partitions is used as a logical container for security objects like keys and Certificates]

PartitionPolicyRule

{
  "type": "RSA",
  "minSize": 0,
  "curves": [
    "P256"
  ],
  "operations": [
    "SIGN"
  ],
  "paddings": [
    "RAW"
  ],
  "hashes": [
    "SHA1"
  ],
  "modes": [
    "ECB"
  ],
  "macs": [
    "GMAC"
  ],
  "exportType": "IN_PLAIN",
  "trusted": true,
  "local": true
}

Properties

Name Type Required Restrictions Description
type string true none none
minSize integer(int32) false none minimum size
curves [string] false none allowed curves
operations [string] false none allowed operations
paddings [string] false none allowed paddings
hashes [string] false none allowed hashs
modes [string] false none allowed modes
macs [string] false none allowed macs
exportType string false none minimum export type
trusted boolean false none is trusted
local boolean false none is local

Enumerated Values

Property Value
type RSA
type ECC
type AES
type TDES
type HMAC
type SIV
type XTS
type PRF
type PWD
type LIMA
type EDDSA
exportType IN_PLAIN
exportType WRAPPED
exportType WRAPPED_WITH_TRUSTED
exportType NON_EXPORTABLE

Password

{
  "password": "Password2!"
}

A password

Properties

Name Type Required Restrictions Description
password string false none New user password

QuorumStatus

{
  "pendingApproval": 2,
  "pendingExecution": 0
}

Quorum jobs status

Properties

Name Type Required Restrictions Description
pendingApproval integer(int32) false read-only none
pendingExecution integer(int32) false read-only none

RSAKeyInfoType

{
  "publicExponent": "string",
  "modulus": "string"
}

Details of RSA public key

Properties

Name Type Required Restrictions Description
publicExponent string true none HEX encoded exponent
modulus string true none HEX encoded modulus

RandomEntropyBytes

{
  "entropy": "string"
}

Random Entropy Bytes

Properties

Name Type Required Restrictions Description
entropy string true none base64 encoded entropy bytes

RefreshedCertificateClient

{
  "certificateExpiration": 1578240,
  "activationCodeValidity": 20,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0"
}

Properties

Name Type Required Restrictions Description
certificateExpiration integer(int32) false none Client certificate validity in minutes
activationCodeValidity integer(int32) false none Client activation code validity in minutes
activationCodeLength integer(int32) false none Client activation code length (digits)
ipRange string false none Client IP range

RefreshedPublicKeyClient

{
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}"
}

Properties

Name Type Required Restrictions Description
publicKey string true none The new client Base64 encoded ECC Public Key
expiration integer(int32) false none Client certificate validity in minutes
alternativeNames [string] false none Client alternative names

RefreshedSecretClient

{
  "expiration": 1578240,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}

Properties

Name Type Required Restrictions Description
expiration integer(int32) false none Client expiration in minutes
grantTypes [string] false none Client grant types

Role

{
  "name": "role_name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "updatedAt": "string",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

An ekm role

Properties

Name Type Required Restrictions Description
name string false read-only none
partition string false read-only none
createdAt string false read-only none
updatedAt string false read-only none
managedObjectsPermissions [RolePermission] false read-only none

RoleListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "role_name",
      "partition": "~.codeSign.developers",
      "createdAt": "string",
      "updatedAt": "string",
      "managedObjectsPermissions": [
        {
          "objectGroup": "string",
          "operations": [
            "ACTIVATE"
          ]
        }
      ]
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [Role] false read-only [An ekm role]

RolePermission

{
  "objectGroup": "string",
  "operations": [
    "ACTIVATE"
  ]
}

Properties

Name Type Required Restrictions Description
objectGroup string false none none
operations [string] false none none

Server

{
  "name": "string",
  "host": "string",
  "role": "ENTRYPOINT",
  "status": "RUNNING",
  "os": "string",
  "cores": 0,
  "cpuLoadPrecents": 0,
  "freeMemMegaBytes": 0,
  "totalMemMegaBytes": 0,
  "version": "string",
  "error": "string",
  "lastStart": "string",
  "requireRestart": "string",
  "alertLevel": "WARN",
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  }
}

A UKC server

Properties

Name Type Required Restrictions Description
name string false read-only The server name
host string false read-only The server host
role string false read-only The server role
status string false read-only The server status
os string false read-only The server operation system
cores integer(int32) false read-only The server amount of cores
cpuLoadPrecents integer(int32) false read-only The server CPU load
freeMemMegaBytes integer(int32) false read-only The server free Mega Bytes
totalMemMegaBytes integer(int32) false read-only The server total Mega Bytes
version string false read-only The server version
error string false read-only The server status error
lastStart string false read-only The server last starting time
requireRestart string false read-only The server needed to be restarted
alertLevel string false read-only none
certificateInfo CertificateInfo false none Certificate public information

Enumerated Values

Property Value
role ENTRYPOINT
role PARTNER
role AUXILIARY
status RUNNING
status STOPPED
alertLevel WARN

SubjectKeyIdentifier

{
  "uid": "string",
  "isCritical": true,
  "keyId": "string"
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
uid string true none Extension UID
isCritical boolean true none Is Extension Critical
keyId string false read-only none

SystemCertificate

{
  "id": "my-certificate",
  "role": "ROOT_CA",
  "subject": "string",
  "validUntil": "string",
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "version": "V3",
  "alertLevel": "WARN",
  "uid": "string",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "issuer": "string",
  "validFrom": "string",
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "sha1Thumbprint": "string",
  "signature": "string",
  "isCa": true,
  "isSelfSigned": true
}

Certificate public information

Properties

Name Type Required Restrictions Description
id string true none Certificate identifier label
role string false read-only The server certificate role (EP, PARTNER, AUXILIARY, ROOT_CA)
subject string true none none
validUntil string true none Date of of validity period end for this certificate
subjectAlternativeNames AlternativeNames false none Certificate x509 extension
version string true none Certificate version
alertLevel string false read-only none
uid string true none none
serial string true none Certificate serial number
signatureAlgorithm string true none Signing algorithm used for signing this certificate
issuer string true none The CA that signed this certificate
validFrom string true none Date of of validity period start for this certificate
pkInfo PKInfoType true none Properties of PKI key
basicConstraints BasicConstraints false none Certificate x509 extension
subjectKeyIdentifier SubjectKeyIdentifier false none Certificate x509 extension
authorityKeyIdentifier AuthorityKeyIdentifier false none Certificate x509 extension
issuerAlternativeNames AlternativeNames false none Certificate x509 extension
extendedKeyUsage ExtendedKeyUsage false none Certificate x509 extension
sha1Thumbprint string true none certificate sha1
signature string true none CA signature value for this certificate
isCa boolean true none Determines if this certificate is a CA certificate
isSelfSigned boolean true none Determines if this certificate is a self signed certificate

Enumerated Values

Property Value
role ROOT_CA
role ENTRYPOINT
role PARTNER
role AUXILIARY
alertLevel WARN

SystemInfo

{
  "version": "2.0.1",
  "lastActivityAt": "string",
  "allowedOperations": "{Create,Destroy,Sign,...}",
  "allowedPartitions": "{part1, part2, ...}",
  "alerts": [
    {
      "category": "CLIENTS",
      "alertType": "CERT_ABOUT_TO_EXPIRE",
      "alertLevel": "WARN",
      "counter": 0,
      "title": "string"
    }
  ]
}

Include information on UKC server

Properties

Name Type Required Restrictions Description
version string false read-only UKC server version
lastActivityAt string false read-only none
allowedOperations [string] false read-only A list of operation ID's that represent the operations that the current user is allowed to use. Should match the operation ID's as specified in this document
allowedPartitions [string] false read-only the partitions on which the user can contact them
alerts [AlertsSummary] false read-only none

Token

{
  "value": "eyJraWQiOiIweDAwMGNhZGQ5ODZiNWMwYTM5NCIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiJzb0BhenVyZSIsIm9yaWciOiIxMjcuMC4wLjEiLCJpc3MiOiJVTkJPVU5EIiwiaXNfcmVmcmVzaCI6ZmFsc2UsImV4cCI6MTU4MjQ0OTczNSwiaWF0IjoxNTgyNDQ3OTM1LCJqdGkiOiI5YWE0YjhiYi1kMGM4LTQxODEtYjhlMC0zYWQ4ODkzYjg1ZjcifQ.jqwC3O4XuIb678uVsBkWh-bBpvumnEIoFtde-xdBcF9CpUnqC1FURw6dpDeIb9TZvIzXDsjusucwv-JjjYbUYA"
}

Auth Token

Properties

Name Type Required Restrictions Description
value string true none The generated authentication token

Topology

{
  "pairs": [
    {
      "entryPoint": {
        "name": "string",
        "host": "string",
        "role": "ENTRYPOINT",
        "status": "RUNNING",
        "os": "string",
        "cores": 0,
        "cpuLoadPrecents": 0,
        "freeMemMegaBytes": 0,
        "totalMemMegaBytes": 0,
        "version": "string",
        "error": "string",
        "lastStart": "string",
        "requireRestart": "string",
        "alertLevel": "WARN",
        "certificateInfo": {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      },
      "partner": {
        "name": "string",
        "host": "string",
        "role": "ENTRYPOINT",
        "status": "RUNNING",
        "os": "string",
        "cores": 0,
        "cpuLoadPrecents": 0,
        "freeMemMegaBytes": 0,
        "totalMemMegaBytes": 0,
        "version": "string",
        "error": "string",
        "lastStart": "string",
        "requireRestart": "string",
        "alertLevel": "WARN",
        "certificateInfo": {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      }
    }
  ],
  "auxiliaries": [
    {
      "name": "string",
      "host": "string",
      "role": "ENTRYPOINT",
      "status": "RUNNING",
      "os": "string",
      "cores": 0,
      "cpuLoadPrecents": 0,
      "freeMemMegaBytes": 0,
      "totalMemMegaBytes": 0,
      "version": "string",
      "error": "string",
      "lastStart": "string",
      "requireRestart": "string",
      "alertLevel": "WARN",
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    }
  ],
  "triplets": [
    {
      "entryPoint": "string",
      "partner": "string",
      "auxiliary": "string",
      "connected": true
    }
  ]
}

A UKC server topology

Properties

Name Type Required Restrictions Description
pairs [Pair] false read-only Pairs
auxiliaries [Server] false read-only Auxiliaries
triplets [Triplet] false read-only Triplets

Triplet

{
  "entryPoint": "string",
  "partner": "string",
  "auxiliary": "string",
  "connected": true
}

Properties

Name Type Required Restrictions Description
entryPoint string false read-only Entry Point name
partner string false read-only Partner name
auxiliary string false read-only Auxiliary name
connected boolean false read-only Is Triplet connected

UpdatedRole

{
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Properties

Name Type Required Restrictions Description
managedObjectsPermissions [RolePermission] false none none

User

{
  "name": "john_a",
  "partition": "~.codeSign.developers",
  "role": "string",
  "createdAt": "string",
  "lastActivityAt": "string",
  "retries": 0,
  "authType": "STANDARD",
  "isLoginLocked": true
}

A UKC user

Properties

Name Type Required Restrictions Description
name string false read-only none
partition string false read-only none
role string false read-only none
createdAt string false read-only none
lastActivityAt string false read-only none
retries integer(int32) false read-only none
authType string false read-only none
isLoginLocked boolean false read-only none

Enumerated Values

Property Value
authType STANDARD
authType LDAP

UserListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "john_a",
      "partition": "~.codeSign.developers",
      "role": "string",
      "createdAt": "string",
      "lastActivityAt": "string",
      "retries": 0,
      "authType": "STANDARD",
      "isLoginLocked": true
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [User] false read-only [A UKC user]

Recover SO password

Code samples

const inputBody = '{
  "password": "Password2!"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/users/{soId}/recover?partitionId=string',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/users/{soId}/recover?partitionId=string \
  -H 'Content-Type: application/json'

PUT /api/v1/users/{soId}/recover

Recover the SO password. The Root SO can do it for other SOs.

Body parameter

{
  "password": "Password2!"
}

Parameters

Name In Type Required Description
soId path string true So ID
partitionId query string true Partition ID
body body Password false Password

Responses

Status Meaning Description Schema
200 OK So password recovered successfully None
400 Bad Request New password does not comply with password policy rules None

Change user role

Code samples

const inputBody = 'string';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/users/{userId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/users/{userId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/users/{userId}

Change an existing user role.

Body parameter

"string"

Parameters

Name In Type Required Description
userId path string true User ID to look for
partitionId query string false Partition ID
body body string false Role ID

Example responses

200 Response

{
  "name": "john_a",
  "partition": "~.codeSign.developers",
  "role": "string",
  "createdAt": "string",
  "lastActivityAt": "string",
  "retries": 0,
  "authType": "STANDARD",
  "isLoginLocked": true
}

Responses

Status Meaning Description Schema
200 OK OK User