NAV Navigation
JavaScript Shell

UKC REST API v2.0.2007

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

The Unbound Key Control Administration API allows managing 'Unbound Key Control' configuration and objects.

UKC API Overview

Authentication Types

Most UKC API operations require an authorization context and user permissions. Users are identified by an authentication token attached to the request headers.

Basic Authentication

UKC supports the basic authentication scheme. The "Basic" HTTP authentication scheme is defined in RFC 7617, which transmits credentials as user/password pairs, encoded using base64 in the HTTP Authorization header.

The user ID can include the required partition in the format:

username@partitionId:password

Note: If any of the above strings include the '%' character, it must be replaced with '%25'. Otherwise, you will receive "Authentication format error".

For example, instead of my-name@my-partition:my-pa%%word

use

my-name@my-partition:my-pa%25%25word

For further reference see: https://en.wikipedia.org/wiki/Percent-encoding

Authentication Token

The system can authenticate the user with a generated authentication token, which is valid for a limited time. This token eliminates the need to transmit the username/password on every request. See GET /authToken for more information.

Authentication with a Certificate

The client can authenticate with the UKC using a client certificate. This method can be useful to either add another layer of security or when you do not desire to use a username and password.

Authentication Failure (unauthorized)

If an operation is unauthorized, an HTTP 401 status code is returned with the WWW-Authenticate header.

Partitioning

UKC objects are organized into partitions. Partitioning allows namespacing and access control to objects by configuring users with roles per partition.

The objects contained in a partition are:

Users, Clients, Keys, Certificates, Secrets and other partitions

Permissions

Any partition can have many users who can access its objects.

A partition user can have one of two security roles:

Root Partition

The default built-in partition for an UKC cluster is called root and is created automatically when setting up a new UKC cluster.

Partition Hierarchy

Default Partition Context

For every request the default partition is the home partition of the connected user.

For example:

Object Path

Object IDs

Many operations require an object ID as part of the resource URI. Object ids can be one of:

Quorum

The UKC can be configured to require quorum approval for certain operations. In case the operation you are executing requires it, the http result would be 202 (ACCEPTED) and a quorum job object.

Use the jobs API in order to manage approvals for different jobs.

Common Errors

Any API call can result in one of the following general HTTP codes:

Email: Contact Web: Contact

Authorization

Authentication

Get OAuth authentication token

Code samples

const inputBody = '{
  "grantType": "string",
  "username": "string",
  "password": "string",
  "token": "string",
  "assertion": "string"
}';
const headers = {
  'Content-Type':'application/x-www-form-urlencoded',
  'Accept':'application/json'

};

fetch('/api/v1/token',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/token \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -H 'Accept: application/json'

POST /api/v1/token

Returns an OAuth authentication token which can be used in future calls for authentication.

Body parameter

grantType: string
username: string
password: string
token: string
assertion: string

Parameters

Name In Type Required Description
body body object false none
» grantType body string true none
» username body string false none
» password body string false none
» token body string false none
» assertion body string false none

Example responses

200 Response

{
  "accessToken": "eyJ...MoQ",
  "tokenType": "bearer",
  "expiresAt": "string",
  "expiresIn": 1000,
  "scope": "user",
  "refreshToken": "eyJ...0N"
}

Responses

Status Meaning Description Schema
200 OK OK OauthToken
401 Unauthorized Authentication failure, the system could not verify the user name and password passed in the request header None

Revoke all tokens for a user

Code samples

const inputBody = '{
  "token": "string"
}';
const headers = {
  'Content-Type':'application/x-www-form-urlencoded'

};

fetch('/api/v1/token/revoke',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/token/revoke \
  -H 'Content-Type: application/x-www-form-urlencoded'

POST /api/v1/token/revoke

Revoke all tokens related to given authentication.

Body parameter

token: string

Parameters

Name In Type Required Description
body body object false none
» token body string true none

Responses

Status Meaning Description Schema
200 OK OK None
401 Unauthorized Authentication failure, the system could not verify the user name and password passed in the request header None

Get token

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/authToken',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/authToken \
  -H 'Accept: application/json'

GET /api/v1/authToken

Returns an authentication token which can be used in future calls for authentication. The user credentials are provided in the HTTP headers

Example responses

200 Response

{
  "value": "eyJraWQiOiIweDAwMGNhZGQ5ODZiNWMwYTM5NCIsImFsZyI6IkVTMjU2In0.eyJzdWIiOiJzb0BhenVyZSIsIm9yaWciOiIxMjcuMC4wLjEiLCJpc3MiOiJVTkJPVU5EIiwiaXNfcmVmcmVzaCI6ZmFsc2UsImV4cCI6MTU4MjQ0OTczNSwiaWF0IjoxNTgyNDQ3OTM1LCJqdGkiOiI5YWE0YjhiYi1kMGM4LTQxODEtYjhlMC0zYWQ4ODkzYjg1ZjcifQ.jqwC3O4XuIb678uVsBkWh-bBpvumnEIoFtde-xdBcF9CpUnqC1FURw6dpDeIb9TZvIzXDsjusucwv-JjjYbUYA"
}

Responses

Status Meaning Description Schema
200 OK OK Token
401 Unauthorized Authentication failure, the system could not verify the user name and password passed in the request header None

Revoke token

Code samples


fetch('/api/v1/authToken',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/authToken

DELETE /api/v1/authToken

Invalidates an authentication token

Responses

Status Meaning Description Schema
200 OK OK None
401 Unauthorized Authentication failure, the system could not verify the user name and password passed in the request header None

Change password

Code samples

const inputBody = '{
  "existingPassword": "string",
  "newPassword": "string"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/me/password',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/me/password \
  -H 'Content-Type: application/json'

PUT /api/v1/me/password

Change the password for the current user. The current user credentials are provided in the HTTP headers. Could be either password or JWT token.

Body parameter

{
  "existingPassword": "string",
  "newPassword": "string"
}

Parameters

Name In Type Required Description
body body NewAndExistingPassword false New and existing password

Responses

Status Meaning Description Schema
201 Created Password changed successfully None
400 Bad Request New password does not comply with password policy rules None

Backup

Backup database

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/backup',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/backup \
  -H 'Accept: application/json'

POST /api/v1/backup

Perform a database backup

Example responses

200 Response

{
  "id": "string",
  "state": "IN_PROGRESS",
  "error": "string",
  "date": "string",
  "file": "string",
  "pairHostnames": [
    "string"
  ],
  "version": "string",
  "digestDiff": {
    "diffRecords": [
      {
        "sectionDiff": "string",
        "entriesDiff": [
          {
            "objectType": "string",
            "digestSource": "string",
            "uid": "string",
            "name": "string",
            "partitionId": "string",
            "partitionName": "string",
            "version": "string",
            "detail": "string",
            "object type": "string",
            "digest source": "string",
            "partition id": "string",
            "partition name": "string"
          }
        ]
      }
    ]
  },
  "alertLevel": "WARN"
}

Responses

Status Meaning Description Schema
200 OK Backup request received DbBackup

List backups

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/backup',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/backup \
  -H 'Accept: */*'

GET /api/v1/backup

List all backup items

Parameters

Name In Type Required Description
from query string false from
to query string false to
limit query integer(int32) false Limit
skip query integer(int32) false skip

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK OK DbBackupListResponse

Get backup information

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/backup/{backupId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/backup/{backupId} \
  -H 'Accept: */*'

GET /api/v1/backup/{backupId}

Get database backup information

Parameters

Name In Type Required Description
backupId path string true Backup ID

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK OK DbBackup

Delete backup

Code samples


fetch('/api/v1/backup/{backupId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/backup/{backupId}

DELETE /api/v1/backup/{backupId}

Delete a backup record in the database.

Parameters

Name In Type Required Description
backupId path string true Backup ID

Responses

Status Meaning Description Schema
200 OK OK None

Get backup alerts summary

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/backup/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/backup/alerts \
  -H 'Accept: application/json'

GET /api/v1/backup/alerts

Get backup alerts summary

Example responses

200 Response

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK AlertsSummary

Check for backup alert

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/backup/{backupId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/backup/{backupId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/backup/{backupId}/alerts

Get alerts from a backup. Returns an alert if backup digest test fails.

Parameters

Name In Type Required Description
backupId path string true Backup ID

Example responses

200 Response

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Alert

Clients

Create a client

Code samples

const inputBody = '{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "activationCodeValidity": 20,
  "isTemplate": false,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0",
  "certificateExpiration": 1578240
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/clients \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/clients

Creates a new client and returns the activation code.

Body parameter

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "activationCodeValidity": 20,
  "isTemplate": false,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0",
  "certificateExpiration": 1578240
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewClient false New Client

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Client
201 Created New client created successfully Client
202 Accepted ACCEPTED Job
409 Conflict Object already exists None

Create client with certificate (JSON)

Code samples

const inputBody = '{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'

};

fetch('/api/v1/clients/with-cert',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/clients/with-cert \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'

POST /api/v1/clients/with-cert

Creates a new client and returns the certificate. It uses CSR or public key material in JSON format.

Body parameter

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewClientWithCertificate false New Client

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK successful operation string
201 Created New client created successfully None
202 Accepted ACCEPTED None
409 Conflict Object already exists None

Create client with certificate (DER)

Code samples

const inputBody = '{
  "file": "string",
  "newClientWithCertificate": "string"
}';
const headers = {
  'Content-Type':'multipart/form-data',
  'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'

};

fetch('/api/v1/clients/with-cert-file',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/clients/with-cert-file \
  -H 'Content-Type: multipart/form-data' \
  -H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'

POST /api/v1/clients/with-cert-file

Creates a new client and returns the certificate. It uses FS description of the certificate.

Body parameter

file: string
newClientWithCertificate: string

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body object false none
» file body string(binary) true key file
» newClientWithCertificate body string false the new client

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK successful operation string
201 Created New client created successfully None
202 Accepted ACCEPTED None
409 Conflict Object already exists None

Create a client with secret

Code samples

const inputBody = '{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "ipRange": "0.0.0.0/0",
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/with-secret',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/clients/with-secret \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/clients/with-secret

Creates a new client and returns the secret.

Body parameter

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "ipRange": "0.0.0.0/0",
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewClientWithSecret false New Client

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Client
201 Created New client created successfully None
202 Accepted ACCEPTED None
409 Conflict Object already exists None

List clients

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/clients \
  -H 'Accept: application/json'

GET /api/v1/clients

Return a list of clients.

Parameters

Name In Type Required Description
partitionId query string false none
limit query integer(int32) false Limit
skip query integer(int32) false skip
detailed query boolean false Detailed
template query string false Template

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "client-name",
      "partition": "~.codeSign.developers",
      "createdAt": "string",
      "activationStatus": "ACTIVATED",
      "activationType": "CERTIFICATE_REQUEST",
      "lastUpdatedAt": "string",
      "failedActivationCounter": 0,
      "isActivationLocked": true,
      "checkIp": true,
      "allowNat": true,
      "ipRange": "string",
      "expiresAt": "string",
      "expiration": 0,
      "activationCodeValidity": 0,
      "activationCodeLength": 0,
      "activationCodeExpiration": "string",
      "template": "string",
      "activationCode": "string",
      "certificateRenewRequired": true,
      "grantTypes": [
        "CLIENT_CREDENTIALS"
      ],
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      },
      "certExpiresAt": "string",
      "certificateExpiration": 0,
      "alertLevel": "WARN",
      "version": "string",
      "secret": "string"
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK ClientListResponse

Get client details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/clients/{clientId} \
  -H 'Accept: application/json'

GET /api/v1/clients/{clientId}

Return details of a client.

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
detailed query boolean false Detailed

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Client

Update client details

Code samples

const inputBody = '{
  "checkIp": false,
  "allowNat": false,
  "ipRange": "0.0.0.0/0"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/clients/{clientId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/clients/{clientId}

Update client properties.

Body parameter

{
  "checkIp": false,
  "allowNat": false,
  "ipRange": "0.0.0.0/0"
}

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
body body ClientsUpdates false Clients updates

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK Client Updated successfully. Client
202 Accepted ACCEPTED Job

Delete a client

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/clients/{clientId} \
  -H 'Accept: application/json'

DELETE /api/v1/clients/{clientId}

Delete the specified client.

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK Client deleted successfully. None
202 Accepted ACCEPTED Job

Refresh activation code

Code samples

const inputBody = '{
  "certificateExpiration": 1578240,
  "activationCodeValidity": 20,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}/activation-code',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/activation-code \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/clients/{clientId}/activation-code

Refresh the client's activation code.

Body parameter

{
  "certificateExpiration": 1578240,
  "activationCodeValidity": 20,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0"
}

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
body body RefreshedCertificateClient false Refreshed values

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK Activation code Refreshed successfully. Client
202 Accepted ACCEPTED Job

Refresh client public key

Code samples

const inputBody = '{
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}/publicKey',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/publicKey \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/clients/{clientId}/publicKey

Refresh client public key.

Body parameter

{
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}"
}

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
body body RefreshedPublicKeyClient false Refreshed values

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK Secret Refreshed successfully. Client
202 Accepted ACCEPTED Job

Refresh client secret

Code samples

const inputBody = '{
  "expiration": 1578240,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}/secret',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/clients/{clientId}/secret \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/clients/{clientId}/secret

Refresh client secret

Body parameter

{
  "expiration": 1578240,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID
body body RefreshedSecretClient false Refreshed values

Example responses

200 Response

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

Responses

Status Meaning Description Schema
200 OK Secret Refreshed successfully. Client
202 Accepted ACCEPTED Job

Get client alert summary

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/clients/alerts \
  -H 'Accept: application/json'

GET /api/v1/clients/alerts

Get a summary of the client alerts.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK AlertsSummary

Get alerts for a specific client

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/clients/{clientId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/clients/{clientId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/clients/{clientId}/alerts

Return the alerts for a specific client.

Parameters

Name In Type Required Description
clientId path string true Client ID
partitionId query string false Partition ID

Example responses

200 Response

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Alert

General

Get system information

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/info',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/info \
  -H 'Accept: application/json'

GET /api/v1/info

Return system information, including version and supported capabilities. If authentication is provided, it returns the allowed operations.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

{
  "version": "2.0.1",
  "lastActivityAt": "string",
  "allowedOperations": "{Create,Destroy,Sign,...}",
  "allowedPartitions": "{part1, part2, ...}",
  "alerts": [
    {
      "category": "CLIENTS",
      "alertType": "CERT_ABOUT_TO_EXPIRE",
      "alertLevel": "WARN",
      "counter": 0,
      "title": "string"
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK SystemInfo

Check UKC health

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/health',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/health \
  -H 'Accept: */*'

GET /api/v1/health

Return health status of the UKC system and determine if it is usable. As long as the HTTP return code is OK, the system is usable.

Parameters

Name In Type Required Description
pairOnly query boolean false pairOnly
timeout query integer(int32) false Timeout

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK OK string

Check pair health

Code samples


fetch('/api/v1/pair/health',
{
  method: 'GET'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/pair/health

GET /api/v1/pair/health

Return health status of the UKC pair and determine if it is usable

Parameters

Name In Type Required Description
timeout query integer(int32) false Timeout

Responses

Status Meaning Description Schema
200 OK OK None

Get server certificate

Code samples


const headers = {
  'Accept':'application/x-x509-user-cert,application/json'

};

fetch('/api/v1/self.cer',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/self.cer \
  -H 'Accept: application/x-x509-user-cert,application/json'

GET /api/v1/self.cer

Download this specific server certificate. It is used for registering new servers.

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK OK string

Get root certificate

Code samples


const headers = {
  'Accept':'application/x-pkcs7-certificates,application/json'

};

fetch('/api/v1/server-ca.p7b',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/server-ca.p7b \
  -H 'Accept: application/x-pkcs7-certificates,application/json'

GET /api/v1/server-ca.p7b

Download the root CA certificate of UKC.

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK OK string

Get root CA certificates

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/trust',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/trust \
  -H 'Accept: application/json'

GET /api/v1/trust

Get all root CA certificates.

Parameters

Name In Type Required Description
detailed query boolean false Detailed

Example responses

200 Response

{
  "id": "my-certificate",
  "role": "ROOT_CA",
  "subject": "string",
  "validUntil": "string",
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "version": "V3",
  "alertLevel": "WARN",
  "uid": "string",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "issuer": "string",
  "validFrom": "string",
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "sha1Thumbprint": "string",
  "signature": "string",
  "isCa": true,
  "isSelfSigned": true
}

Responses

Status Meaning Description Schema
200 OK OK SystemCertificate

Generate random bytes

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/random',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/random \
  -H 'Accept: application/json'

GET /api/v1/random

Get random bytes from the UKC server. By default it returns 32 bytes, unless size is specified. The UKC random number generator is combined from different entropy sources of the different servers in the UKC cluster

Parameters

Name In Type Required Description
size query integer(int32) false Size (in bytes) of random bytes to return

Example responses

200 Response

{
  "entropy": "string"
}

Responses

Status Meaning Description Schema
200 OK OK RandomEntropyBytes

Add entropy bytes

Code samples

const inputBody = '{
  "entropy": "string"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/random/entropy-bytes',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/random/entropy-bytes \
  -H 'Content-Type: application/json'

PUT /api/v1/random/entropy-bytes

Add random bytes to the UKC entropy source. Different clients can add entropy to the server. Collecting entropy from the clients can enhance the strength of the UKC random number generator. This function only adds entropy, i.e. if the provided value has no entropy, it does not harm the generator quality.

Body parameter

{
  "entropy": "string"
}

Parameters

Name In Type Required Description
body body RandomEntropyBytes false Random bytes

Responses

Status Meaning Description Schema
200 OK OK None

Servers

Add UKC server pair (Step 1)

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/servers/new/pair?ep_host=string&partner_host=string',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/servers/new/pair?ep_host=string&partner_host=string \
  -H 'Accept: application/json'

GET /api/v1/servers/new/pair

Get the crypto server pair certificates for the server candidates. This endpoint can be used to verify that you are adding the correct servers.

Parameters

Name In Type Required Description
ep_host query string true Entry point host
ep_port query integer(int32) false Entry point port
partner_host query string true Partner host
partner_port query integer(int32) false Partner port

Example responses

200 Response

{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}

Responses

Status Meaning Description Schema
200 OK OK NewPair

Add UKC server pair (Step 2)

Code samples

const inputBody = '{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/servers/new/pair',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/servers/new/pair \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/servers/new/pair

Add a new UKC server pair. You can optionally use Add UKC server pair (Step 1) to verify the servers before adding them.

Body parameter

{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}

Parameters

Name In Type Required Description
force query boolean false Force
body body NewPair false New pair

Example responses

200 Response

{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}

Responses

Status Meaning Description Schema
200 OK successful operation NewPair
201 Created Pair added successfully NewPair

Add auxiliary server (Step 1)

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/servers/new/auxiliary?host=string',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/servers/new/auxiliary?host=string \
  -H 'Accept: application/json'

GET /api/v1/servers/new/auxiliary

Get the auxiliary server certificate for the candidate. You can use this endpoint to verify the server before adding it.

Parameters

Name In Type Required Description
host query string true Auxiliary host
port query integer(int32) false Auxiliary port

Example responses

200 Response

{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}

Responses

Status Meaning Description Schema
200 OK OK NewServer

Add auxiliary server (Step 2)

Code samples

const inputBody = '{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/servers/new/auxiliary',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/servers/new/auxiliary \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/servers/new/auxiliary

Add a new auxiliary server. You can optionally use Add auxiliary server (Step 1) to verify the server before adding it.

Body parameter

{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}

Parameters

Name In Type Required Description
force query boolean false Force
body body NewServer false the new auxiliary

Example responses

200 Response

{
  "host": "ip or fqdn",
  "port": 8443,
  "newServerCertificate": {
    "certificate": "string",
    "certificateFingerprint": "string",
    "certificateInfo": "string"
  }
}

Responses

Status Meaning Description Schema
200 OK successful operation NewServer
201 Created Auxiliary server added successfully NewServer

Get server details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/servers/{serverId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/servers/{serverId} \
  -H 'Accept: application/json'

GET /api/v1/servers/{serverId}

Get detailed server information.

Parameters

Name In Type Required Description
serverId path string true The identifier of the server is it's url (escaped)
detailed query boolean false Detailed

Example responses

200 Response

{
  "name": "string",
  "host": "string",
  "role": "ENTRYPOINT",
  "status": "RUNNING",
  "os": "string",
  "cores": 0,
  "cpuLoadPrecents": 0,
  "freeMemMegaBytes": 0,
  "totalMemMegaBytes": 0,
  "version": "string",
  "error": "string",
  "lastStart": "string",
  "requireRestart": "string",
  "alertLevel": "WARN",
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  }
}

Responses

Status Meaning Description Schema
200 OK OK Server

Delete server

Code samples


fetch('/api/v1/servers/{serverId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/servers/{serverId}

DELETE /api/v1/servers/{serverId}

Removes an auxiliary server or server pair from UKC cluster. A server pair is treated as one unit, identified by the host of its Entry Point server.

Parameters

Name In Type Required Description
serverId path string true The identifier of the server is it's url. In case of server pair, this should be the host of the EntryPoint server

Responses

Status Meaning Description Schema
200 OK Server deleted None

Get server alerts

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/servers/{serverId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/servers/{serverId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/servers/{serverId}/alerts

Get server alerts.

Parameters

Name In Type Required Description
serverId path string true The identifier of the server is it's url (escaped)

Example responses

200 Response

{
  "name": "string",
  "host": "string",
  "role": "ENTRYPOINT",
  "status": "RUNNING",
  "os": "string",
  "cores": 0,
  "cpuLoadPrecents": 0,
  "freeMemMegaBytes": 0,
  "totalMemMegaBytes": 0,
  "version": "string",
  "error": "string",
  "lastStart": "string",
  "requireRestart": "string",
  "alertLevel": "WARN",
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  }
}

Responses

Status Meaning Description Schema
200 OK OK Server

Jobs

List pending jobs

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/quorum',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/jobs/quorum \
  -H 'Accept: application/json'

GET /api/v1/jobs/quorum

Get a list of the pending quorum jobs.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

[
  {
    "initiator": "so@root",
    "id": "389323ee-3588-416e-94bd-f93ca815762e",
    "title": "string",
    "opName": "PARTITION_CONFIG_SET ",
    "createdAt": "string",
    "expiresAt": "string",
    "opParams": [
      {
        "key": "string",
        "value": "string",
        "description": "string",
        "type": "BOOLEAN",
        "defaultValue": "string",
        "min": 0,
        "max": 0,
        "unit": "SECONDS"
      }
    ],
    "response": "string",
    "approvedBy": [
      "string"
    ],
    "status": "PENDING_APPROVAL",
    "totalRequiredApprovals": 0
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [Job] false none [An asynchrounous job]
» initiator string false read-only none
» id string false read-only none
» title string false read-only none
» opName string false read-only none
» createdAt string false read-only none
» expiresAt string false read-only none
» opParams [KeyValueEntry] false read-only [Key value entry]
»» key string true none none
»» value string true none none
»» description string false read-only quorum timeout
»» type string false read-only value type
»» defaultValue string false read-only default value
»» min integer(int32) false read-only minimum value
»» max integer(int32) false read-only maximum value
»» unit string false read-only unit type
» response string false read-only none
» approvedBy [string] false read-only none
» status string false read-only none
» totalRequiredApprovals integer(int32) false read-only none

Enumerated Values

Property Value
type BOOLEAN
type TEXT
type INTEGER
type ARRAY
type MAP
type CERTIFICATE
type POLICY
unit SECONDS
unit MINUTES
unit HOURS
unit DAYS
unit MONTHS
unit YEARS
unit CHARACTERS
unit MILLIS
status PENDING_APPROVAL
status PENDING_EXECUTION
status DONE
status EXPIRED

Get job status

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/my/status',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/jobs/my/status \
  -H 'Accept: application/json'

GET /api/v1/jobs/my/status

Get the status of pending quorum requests.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

{
  "pendingApproval": 2,
  "pendingExecution": 0
}

Responses

Status Meaning Description Schema
200 OK successful operation QuorumStatus

Get job data

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/{jobId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/jobs/{jobId} \
  -H 'Accept: application/json'

GET /api/v1/jobs/{jobId}

Get job data for a specific job.

Parameters

Name In Type Required Description
jobId path string true Job ID
partitionId query string false Partition ID

Example responses

200 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK Job

Approve a job

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/{jobId}/approve',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/jobs/{jobId}/approve \
  -H 'Accept: application/json'

POST /api/v1/jobs/{jobId}/approve

Approve a pending quorum job.

Parameters

Name In Type Required Description
jobId path string true Job ID
partitionId query string false Partition ID

Example responses

200 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK Job

Execute a job

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/jobs/{jobId}/execute',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/jobs/{jobId}/execute \
  -H 'Accept: application/json'

POST /api/v1/jobs/{jobId}/execute

Execute an approved quorum job.

Parameters

Name In Type Required Description
jobId path string true Job ID
partitionId query string false Partition ID

Example responses

200 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK Job

Delete a job

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/jobs/{jobId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/jobs/{jobId} \
  -H 'Accept: */*'

DELETE /api/v1/jobs/{jobId}

Delete a specific job.

Parameters

Name In Type Required Description
jobId path string true Job ID
partitionId query string false Partition ID

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK OK Job

Partitions

Create a new partition

Code samples

const inputBody = '{
  "name": "string",
  "soPassword": "string",
  "newClient": {
    "name": "client-name",
    "checkIp": false,
    "allowNat": false,
    "expiration": 1578240,
    "alternativeNames": "{client-ip,client-name}",
    "pfxPassword": "string",
    "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
    "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
    "certificateExpiration": 1578240
  },
  "inherit": false,
  "propagate": false,
  "fipsRequirements": "FIPS_NONE",
  "isAllowDefaultClient": false,
  "allowKeystores": false
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'

};

fetch('/api/v1/partitions',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/partitions \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'

POST /api/v1/partitions

Create a new logical partition. It can optionally create a default client certificate for the new partition.

Body parameter

{
  "name": "string",
  "soPassword": "string",
  "newClient": {
    "name": "client-name",
    "checkIp": false,
    "allowNat": false,
    "expiration": 1578240,
    "alternativeNames": "{client-ip,client-name}",
    "pfxPassword": "string",
    "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
    "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
    "certificateExpiration": 1578240
  },
  "inherit": false,
  "propagate": false,
  "fipsRequirements": "FIPS_NONE",
  "isAllowDefaultClient": false,
  "allowKeystores": false
}

Parameters

Name In Type Required Description
body body NewPartition false The new partition

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK successful operation string
201 Created Partition created successfully. If initial client was specified, the response will include the generated PFX in Base64 encoded DER format None
409 Conflict Object already exists None

List partitions

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/partitions',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/partitions \
  -H 'Accept: application/json'

GET /api/v1/partitions

Get a list of partitions.

Parameters

Name In Type Required Description
limit query integer(int32) false Limit
skip query integer(int32) false skip

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "checkClientIp": true,
      "name": "root",
      "allowNat": true,
      "allowUserOnlyCryptoOperations": true,
      "clientRetriesLimit": 0,
      "clientRetriesTimeout": 0,
      "creationDate": "string",
      "getjWTLimit": 0,
      "lastUpdate": "string",
      "passwordComplexity": true,
      "passwordLength": 0,
      "quorumOperations": "string",
      "quorumSize": 0,
      "quorumTimeout": 0,
      "supportCertificatePropagation": true,
      "supportPartitionInheritance": true,
      "userRetriesLimit": 0,
      "fipsRequirements": "FIPS_NONE",
      "policy": [
        {
          "type": "RSA",
          "minSize": 0,
          "curves": [
            "P256"
          ],
          "operations": [
            "SIGN"
          ],
          "paddings": [
            "RAW"
          ],
          "hashes": [
            "SHA1"
          ],
          "modes": [
            "ECB"
          ],
          "macs": [
            "GMAC"
          ],
          "exportType": "IN_PLAIN",
          "trusted": true,
          "local": true
        }
      ],
      "allowKeystores": false,
      "jWTExpiration": 0
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK PartitionListResponse

Get partition information

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/partitions/{partitionId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/partitions/{partitionId} \
  -H 'Accept: application/json'

GET /api/v1/partitions/{partitionId}

Get partition information.

Parameters

Name In Type Required Description
partitionId path string true Partition Id

Example responses

200 Response

{
  "checkClientIp": true,
  "name": "root",
  "allowNat": true,
  "allowUserOnlyCryptoOperations": true,
  "clientRetriesLimit": 0,
  "clientRetriesTimeout": 0,
  "creationDate": "string",
  "getjWTLimit": 0,
  "lastUpdate": "string",
  "passwordComplexity": true,
  "passwordLength": 0,
  "quorumOperations": "string",
  "quorumSize": 0,
  "quorumTimeout": 0,
  "supportCertificatePropagation": true,
  "supportPartitionInheritance": true,
  "userRetriesLimit": 0,
  "fipsRequirements": "FIPS_NONE",
  "policy": [
    {
      "type": "RSA",
      "minSize": 0,
      "curves": [
        "P256"
      ],
      "operations": [
        "SIGN"
      ],
      "paddings": [
        "RAW"
      ],
      "hashes": [
        "SHA1"
      ],
      "modes": [
        "ECB"
      ],
      "macs": [
        "GMAC"
      ],
      "exportType": "IN_PLAIN",
      "trusted": true,
      "local": true
    }
  ],
  "allowKeystores": false,
  "jWTExpiration": 0
}

Responses

Status Meaning Description Schema
200 OK OK Partition

List partition settings

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/partitions/{partitionId}/settings',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/partitions/{partitionId}/settings \
  -H 'Accept: application/json'

GET /api/v1/partitions/{partitionId}/settings

Get a list of configuration parameters for a partition.

Parameters

Name In Type Required Description
partitionId path string true Partition Id/name of the target partition. Can be "default" to use the default partition for the current autneticated user.
detailed query boolean false Detailed
signed query boolean false Signed

Example responses

200 Response

[
  {
    "key": "string",
    "value": "string",
    "description": "string",
    "type": "BOOLEAN",
    "defaultValue": "string",
    "min": 0,
    "max": 0,
    "unit": "SECONDS"
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [KeyValueEntry] false none [Key value entry]
» key string true none none
» value string true none none
» description string false read-only quorum timeout
» type string false read-only value type
» defaultValue string false read-only default value
» min integer(int32) false read-only minimum value
» max integer(int32) false read-only maximum value
» unit string false read-only unit type

Enumerated Values

Property Value
type BOOLEAN
type TEXT
type INTEGER
type ARRAY
type MAP
type CERTIFICATE
type POLICY
unit SECONDS
unit MINUTES
unit HOURS
unit DAYS
unit MONTHS
unit YEARS
unit CHARACTERS
unit MILLIS

Update partition settings

Code samples

const inputBody = 'string';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/partitions/{partitionId}/settings/{settingKey}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/partitions/{partitionId}/settings/{settingKey} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/partitions/{partitionId}/settings/{settingKey}

Use this method to change one or more settings for the partition.

Body parameter

"string"

Parameters

Name In Type Required Description
partitionId path string true none
settingKey path string true none
body body string false Setting value

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK None
202 Accepted ACCEPTED Job

Delete partition

Code samples


fetch('/api/v1/partitions/{partitionId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/partitions/{partitionId}

DELETE /api/v1/partitions/{partitionId}

Deletes a partition. The partition must not contain any keys or clients in order to be deleted.

Parameters

Name In Type Required Description
partitionId path string true The Id of the partition to delete. The partition name can be used as the ID

Responses

Status Meaning Description Schema
200 OK Partition deleted successfully None

Recover partition

Code samples

const inputBody = '{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json,application/x-pkcs12,application/x-x509-user-cert'

};

fetch('/api/v1/partitions/{partitionId}/recover',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/partitions/{partitionId}/recover \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json,application/x-pkcs12,application/x-x509-user-cert'

PUT /api/v1/partitions/{partitionId}/recover

Recover partition.

Body parameter

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}

Parameters

Name In Type Required Description
partitionId path string true Partition Id
body body NewClientWithCertificate false The recovered partition new client

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK Partition recovered successfully string
409 Conflict Object already exists None

Roles

Create a new role

Code samples

const inputBody = '{
  "name": "role_name",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/roles',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/roles \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/roles

Create a new role in a given partition.

Body parameter

{
  "name": "role_name",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewRole false New Role

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
201 Created Role created successfully None
202 Accepted ACCEPTED Job
409 Conflict Role already exists None

List partition roles

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/roles',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/roles \
  -H 'Accept: application/json'

GET /api/v1/roles

Return a list of all roles in a partition.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
limit query integer(int32) false Limit
skip query integer(int32) false skip
detailed query boolean false Detailed

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "role_name",
      "partition": "~.codeSign.developers",
      "createdAt": "string",
      "updatedAt": "string",
      "managedObjectsPermissions": [
        {
          "objectGroup": "string",
          "operations": [
            "ACTIVATE"
          ]
        }
      ]
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK RoleListResponse

Get role details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/roles/{roleId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/roles/{roleId} \
  -H 'Accept: application/json'

GET /api/v1/roles/{roleId}

Get details of an existing role.

Parameters

Name In Type Required Description
roleId path string true Role ID to look for
partitionId query string false Partition ID
detailed query boolean false Detailed

Example responses

200 Response

{
  "name": "role_name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "updatedAt": "string",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK Role

Update a role

Code samples

const inputBody = '{
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/roles/{roleId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/roles/{roleId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/roles/{roleId}

Update a role.

Body parameter

{
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Parameters

Name In Type Required Description
roleId path string true Role ID
partitionId query string false Partition ID
body body UpdatedRole false Role updates

Example responses

200 Response

{
  "name": "role_name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "updatedAt": "string",
  "managedObjectsPermissions": [
    {
      "objectGroup": "string",
      "operations": [
        "ACTIVATE"
      ]
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK Client Updated successfully. Role
202 Accepted ACCEPTED Job

Delete a role

Code samples


fetch('/api/v1/roles/{roleId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/roles/{roleId}

DELETE /api/v1/roles/{roleId}

Deletes a role.

Parameters

Name In Type Required Description
roleId path string true Role ID
partitionId query string false Partition ID

Responses

Status Meaning Description Schema
200 OK Role deleted successfully. None

System

Get signed logs

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/signlogs',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/signlogs \
  -H 'Accept: application/json'

GET /api/v1/system/signlogs

Return signed logs (compressed) from the UKC engine.

Parameters

Name In Type Required Description
from query string false from
to query string false to
period query string false period

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK OK string

Get all system certificates

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/certificates',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/certificates \
  -H 'Accept: application/json'

GET /api/v1/system/certificates

Get the UKC servers and root CA certificates.

Parameters

Name In Type Required Description
detailed query boolean false Detailed

Example responses

200 Response

{
  "id": "my-certificate",
  "role": "ROOT_CA",
  "subject": "string",
  "validUntil": "string",
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "version": "V3",
  "alertLevel": "WARN",
  "uid": "string",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "issuer": "string",
  "validFrom": "string",
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "sha1Thumbprint": "string",
  "signature": "string",
  "isCa": true,
  "isSelfSigned": true
}

Responses

Status Meaning Description Schema
200 OK OK SystemCertificate

Get specific certificate

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/certificates/{certificateId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/certificates/{certificateId} \
  -H 'Accept: application/json'

GET /api/v1/system/certificates/{certificateId}

Get specific system certificate.

Parameters

Name In Type Required Description
certificateId path string true Certificate ID
detailed query boolean false Detailed

Example responses

200 Response

{
  "id": "my-certificate",
  "role": "ROOT_CA",
  "subject": "string",
  "validUntil": "string",
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "version": "V3",
  "alertLevel": "WARN",
  "uid": "string",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "issuer": "string",
  "validFrom": "string",
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "sha1Thumbprint": "string",
  "signature": "string",
  "isCa": true,
  "isSelfSigned": true
}

Responses

Status Meaning Description Schema
200 OK OK SystemCertificate

Get certificate alerts

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/certificates/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/certificates/alerts \
  -H 'Accept: application/json'

GET /api/v1/system/certificates/alerts

Get alerts associated with the servers and root CA certificates.

Example responses

200 Response

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK AlertsSummary

Get specific certificate alert

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/certificates/{certificateId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/certificates/{certificateId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/system/certificates/{certificateId}/alerts

Get specific system certificate alert.

Parameters

Name In Type Required Description
certificateId path string true Certificate ID

Example responses

200 Response

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Alert

Get integrity key

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/keys/{keyId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/keys/{keyId} \
  -H 'Accept: application/json'

GET /api/v1/system/keys/{keyId}

Get a root CA key signed with JWS.

Parameters

Name In Type Required Description
keyId path string true Key ID

Example responses

200 Response

{
  "value": "eyJraWQiOiJpbnRlZ3JpdHkta2V5IiwiYWxnIjoiRVMyNTYifQ.eyJpZCI6InIxIiwidWlkIjoiMHgwMDY0MjczNWJmNDkyNDNiODciLCJvYmplY3RUeXBlIjoiUFJJVkFURV9LRVkiLCJrZXlGb3JtYXQiOnsidHlwZSI6IlJTQSIsInNpemUiOjIwNDh9LCJrZXlQcm9wZXJ0aWVzIjp7InRydXN0ZWQiOmZhbHNlLCJleHBvcnRUeXBlIjoiTk9OX0VYUE9SVEFCTEUiLCJncm91cHMiOlsiZGVmYXVsdCJdfSwibG9jYWwiOnRydWUsImhhc0NlcnRpZmljYXRlIjpmYWxzZSwic3RhdGUiOiJBQ1RJVkUiLCJzeW5jIjp0cnVlLCJyZXF1aXJlQXBwcm92YWwiOmZhbHNlLCJwa0luZm8iOnsicnNhIjp7InB1YmxpY0V4cG9uZW50IjoiNjU1MzciLCJtb2R1bHVzIjoiMDA6QkQ6MTA6MTc6ODI6QkM6M0U6Mjc6MDI6QUQ6RDI6Mjk6REI6ODQ6ODY6MTE6QjY6RDk6REM6MTA6QjU6M0I6QjU6QTM6NzA6OEY6MUU6QUE6Mzk6MkI6Njc6RTE6Nzk6NzM6RDc6QkU6OTA6RDY6REU6QjQ6REM6OUM6RjY6Nzc6MDg6MTA6RkQ6QzE6N0Y6Qzk6M0Y6RDQ6RTk6OTQ6MDM6NjM6Q0E6RDQ6NUI6NEE6MjE6QUU6Qzg6RjE6RkY6OTU6MzY6RDI6RDE6NzI6QUE6M0I6NEY6RUQ6MjA6MzI6RDk6NDc6QzM6NTk6NDI6MDk6NkI6RUU6Rjc6MjA6NUU6NTA6NjM6ODg6NkU6QzY6NzY6RjI6NjA6QUM6MTM6Mzc6MDE6NDM6NkU6Qzc6NDc6MjA6RTc6NjI6MzI6MjI6REQ6NDA6Qjk6MDk6MjI6M0U6RTc6QkY6NDU6MUM6NzY6OTg6QUM6Rjg6RTA6MjU6Qjg6RDY6NDQ6QTQ6RkM6N0I6Qjc6NkQ6RTc6REM6Q0I6OEM6NjU6MTA6RUM6QUE6RTU6Qzg6RUQ6Q0U6NzI6RUE6RDA6MjU6QjQ6OUQ6MkQ6QkI6REY6QjU6NUQ6QjQ6OTA6NUM6MDI6N0U6MEU6N0E6MjQ6QjM6Qzg6Qjg6RTc6QzM6RDg6NEU6ODI6OUE6NUQ6N0M6QkM6Mzk6MDg6MjA6Njg6NDc6NDc6Rjk6NDc6QkU6MzU6NkE6NUQ6NUQ6NkY6MUI6QTM6QjQ6MUY6QjU6Mjg6Njg6QjU6ODI6QkI6RDQ6NkI6RjQ6RTE6MzI6RDA6Qzg6M0I6MDU6QjA6MzE6RTA6NTQ6NEE6QjY6ODU6NkM6MUY6MkE6QkU6QjQ6MTQ6Q0M6NEE6Mjk6M0E6OEE6RTc6QUI6ODg6RDQ6RTg6OEY6QTE6NkI6RTQ6ODQ6N0Y6NUE6RjU6QzU6QjU6RUY6RDQ6REQ6Mjg6Njc6MjE6Qzg6QkU6OUY6Mzk6QzE6MTQ6Mzk6Q0Y6RDA6REIifX0sImNyZWF0ZWRBdCI6IjIwMTktMDMtMTFUMDg6MzM6NDdaIiwidXBkYXRlZEF0IjoiMjAxOS0wMy0xMVQwODozMzo0OFoifQ.OMsru0JgLra358guXW8jMgCgArlkHdeR0m2rbFLl4yIKLNjxt4TUv3q2IpdUKgeOvWsexBb3VT1TZQ7ON6Y3pA"
}

Responses

Status Meaning Description Schema
200 OK successful operation JWS

Get system settings

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/system/settings',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/system/settings \
  -H 'Accept: application/json'

GET /api/v1/system/settings

Get UKC system configuration parameters. Returns a list of key-value entries that represent the configuration parameters for the UKC system.

Parameters

Name In Type Required Description
detailed query boolean false detailed

Example responses

200 Response

[
  {
    "key": "string",
    "value": "string",
    "description": "string",
    "type": "BOOLEAN",
    "defaultValue": "string",
    "min": 0,
    "max": 0,
    "unit": "SECONDS"
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [KeyValueEntry] false none [Key value entry]
» key string true none none
» value string true none none
» description string false read-only quorum timeout
» type string false read-only value type
» defaultValue string false read-only default value
» min integer(int32) false read-only minimum value
» max integer(int32) false read-only maximum value
» unit string false read-only unit type

Enumerated Values

Property Value
type BOOLEAN
type TEXT
type INTEGER
type ARRAY
type MAP
type CERTIFICATE
type POLICY
unit SECONDS
unit MINUTES
unit HOURS
unit DAYS
unit MONTHS
unit YEARS
unit CHARACTERS
unit MILLIS

Set system settings

Code samples

const inputBody = 'string';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/system/settings/{settingKey}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/system/settings/{settingKey} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/system/settings/{settingKey}

Sets the value for one or more system configuration parameters.

Body parameter

"string"

Parameters

Name In Type Required Description
settingKey path string true none
body body string false Setting value

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
200 OK OK None
202 Accepted ACCEPTED Job

Get cluster topology

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/topology',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/topology \
  -H 'Accept: application/json'

GET /api/v1/topology

Return the topology in the cluster including servers status.

Parameters

Name In Type Required Description
detailed query boolean false Detailed

Example responses

200 Response

{
  "pairs": [
    {
      "entryPoint": {
        "name": "string",
        "host": "string",
        "role": "ENTRYPOINT",
        "status": "RUNNING",
        "os": "string",
        "cores": 0,
        "cpuLoadPrecents": 0,
        "freeMemMegaBytes": 0,
        "totalMemMegaBytes": 0,
        "version": "string",
        "error": "string",
        "lastStart": "string",
        "requireRestart": "string",
        "alertLevel": "WARN",
        "certificateInfo": {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      },
      "partner": {
        "name": "string",
        "host": "string",
        "role": "ENTRYPOINT",
        "status": "RUNNING",
        "os": "string",
        "cores": 0,
        "cpuLoadPrecents": 0,
        "freeMemMegaBytes": 0,
        "totalMemMegaBytes": 0,
        "version": "string",
        "error": "string",
        "lastStart": "string",
        "requireRestart": "string",
        "alertLevel": "WARN",
        "certificateInfo": {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      }
    }
  ],
  "auxiliaries": [
    {
      "name": "string",
      "host": "string",
      "role": "ENTRYPOINT",
      "status": "RUNNING",
      "os": "string",
      "cores": 0,
      "cpuLoadPrecents": 0,
      "freeMemMegaBytes": 0,
      "totalMemMegaBytes": 0,
      "version": "string",
      "error": "string",
      "lastStart": "string",
      "requireRestart": "string",
      "alertLevel": "WARN",
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    }
  ],
  "triplets": [
    {
      "entryPoint": "string",
      "partner": "string",
      "auxiliary": "string",
      "connected": true
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK Topology

Keystores

Create a new keystore

Code samples

const inputBody = '{
  "name": "string",
  "description": "string",
  "accessKeyId": "string",
  "secretKey": "string",
  "params": {
    "property1": {},
    "property2": {}
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keyStores',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keyStores \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keyStores

Create a new keystore.

Body parameter

{
  "name": "string",
  "description": "string",
  "accessKeyId": "string",
  "secretKey": "string",
  "params": {
    "property1": {},
    "property2": {}
  }
}

Parameters

Name In Type Required Description
body body NewKeyStore false New Keystore

Example responses

201 Response

{
  "name": "string",
  "description": "string",
  "params": {
    "property1": {},
    "property2": {}
  },
  "endpoints": [
    {
      "url": "string",
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    }
  ],
  "status": {
    "keyStoreCode": "STOPPED",
    "message": "string"
  }
}

Responses

Status Meaning Description Schema
201 Created Keystore created successfully KeyStore
202 Accepted ACCEPTED Job
409 Conflict Keystore already exists None

List external keystores

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keyStores',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keyStores \
  -H 'Accept: application/json'

GET /api/v1/keyStores

Return a list of all external keystores.

Parameters

Name In Type Required Description
limit query integer(int32) false Limit
skip query integer(int32) false skip
detailed query boolean false Detailed
partitionId query string false Partition ID

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "string",
      "description": "string",
      "params": {
        "property1": {},
        "property2": {}
      },
      "endpoints": [
        {
          "url": "string",
          "certificateInfo": {
            "id": "my-certificate",
            "uid": "string",
            "sha1Thumbprint": "string",
            "subject": "string",
            "issuer": "string",
            "validFrom": "string",
            "validUntil": "string",
            "version": "V3",
            "serial": "185fb61e97f55b19",
            "signatureAlgorithm": "sha256RSA",
            "isCa": true,
            "isSelfSigned": true,
            "pkInfo": {
              "rsa": {
                "publicExponent": "string",
                "modulus": "string"
              },
              "ecc": {
                "curve": "P256",
                "ecPoint": "string",
                "eccBipKeyInfo": {
                  "level": "string",
                  "childNumber": 0,
                  "hardened": true,
                  "chainCode": "string",
                  "parentUid": "string",
                  "parentFingerprint": 0
                }
              }
            },
            "basicConstraints": {
              "uid": "string",
              "isCritical": true,
              "pathLen": 0,
              "isCa": true
            },
            "subjectKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string"
            },
            "authorityKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string",
              "authNames": [
                "string"
              ],
              "serialNumber": "string"
            },
            "subjectAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "issuerAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "extendedKeyUsage": {
              "keyUsages": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "signature": "string",
            "alertLevel": "WARN"
          }
        }
      ],
      "status": {
        "keyStoreCode": "STOPPED",
        "message": "string"
      }
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK KeystoreListResponse

List keys from a keystore

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keyStores/{keystoreId}/keys',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keyStores/{keystoreId}/keys \
  -H 'Accept: application/json'

GET /api/v1/keyStores/{keystoreId}/keys

Return a list of keys from a keystore.

Parameters

Name In Type Required Description
keystoreId path string true Keystore ID
detailed query boolean false Detailed
partitionId query string false Partition ID

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "id": "my-key",
      "uid": "0x00d78d6a396072e9a0",
      "isExternal": true,
      "objectType": "CERTIFICATE",
      "keyFormat": {
        "type": "RSA",
        "size": "for RSA : {2048,3072,4096}",
        "curve": "P256",
        "offlineKeyParams": {
          "backup": "string",
          "paillierKey": "string",
          "paillierKeys": [
            "string"
          ]
        }
      },
      "keyProperties": {
        "description": "string",
        "supportedOperations": [
          "SIGN"
        ],
        "trusted": false,
        "keyRotationInterval": 0,
        "exportType": "IN_PLAIN",
        "groups": [
          "string"
        ]
      },
      "local": true,
      "hasCertificate": true,
      "certificateOnly": true,
      "state": "PREACTIVE",
      "isEnabled": true,
      "sync": true,
      "isFips": true,
      "requireApproval": true,
      "prev": "string",
      "next": "string",
      "nextKeyRotationTime": "string",
      "applicationInfos": [
        {
          "nameSpace": "string",
          "data": {
            "property1": {},
            "property2": {}
          }
        }
      ],
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "chain": [
        {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      ],
      "chains": [
        [
          {
            "id": "my-certificate",
            "uid": "string",
            "sha1Thumbprint": "string",
            "subject": "string",
            "issuer": "string",
            "validFrom": "string",
            "validUntil": "string",
            "version": "V3",
            "serial": "185fb61e97f55b19",
            "signatureAlgorithm": "sha256RSA",
            "isCa": true,
            "isSelfSigned": true,
            "pkInfo": {
              "rsa": {
                "publicExponent": "string",
                "modulus": "string"
              },
              "ecc": {
                "curve": "P256",
                "ecPoint": "string",
                "eccBipKeyInfo": {
                  "level": "string",
                  "childNumber": 0,
                  "hardened": true,
                  "chainCode": "string",
                  "parentUid": "string",
                  "parentFingerprint": 0
                }
              }
            },
            "basicConstraints": {
              "uid": "string",
              "isCritical": true,
              "pathLen": 0,
              "isCa": true
            },
            "subjectKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string"
            },
            "authorityKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string",
              "authNames": [
                "string"
              ],
              "serialNumber": "string"
            },
            "subjectAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "issuerAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "extendedKeyUsage": {
              "keyUsages": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "signature": "string",
            "alertLevel": "WARN"
          }
        ]
      ],
      "createdAt": "string",
      "updatedAt": "string",
      "activationDate": "string",
      "deactivationDate": "string",
      "compromiseDate": "string",
      "compromiseOccurrenceDate": "string",
      "keyStoreProperties": {
        "keyStoreName": "string",
        "keyStoreObjectId": "string",
        "byok": true
      },
      "alertLevel": "WARN",
      "deactivationInfo": {
        "revocationReason": "string",
        "message": "string"
      },
      "getdestroyDate": "string"
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK KeyInfoListResponse

Response Headers

Status Header Type Format Description
200 X-total-count integer int32 total amount of keys

Get keystore details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keyStores/{keystoreId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keyStores/{keystoreId} \
  -H 'Accept: application/json'

GET /api/v1/keyStores/{keystoreId}

Get details of an existing keystore.

Parameters

Name In Type Required Description
keystoreId path string true Keystore ID to look for
detailed query boolean false Detailed
partitionId query string false Partition ID

Example responses

200 Response

{
  "name": "string",
  "description": "string",
  "params": {
    "property1": {},
    "property2": {}
  },
  "endpoints": [
    {
      "url": "string",
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    }
  ],
  "status": {
    "keyStoreCode": "STOPPED",
    "message": "string"
  }
}

Responses

Status Meaning Description Schema
200 OK OK KeyStore

Update a keystore

Code samples

const inputBody = '{
  "description": "string",
  "accessKeyId": "string",
  "secretKey": "string",
  "params": {
    "property1": {},
    "property2": {}
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keyStores/{keystoreId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/keyStores/{keystoreId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/keyStores/{keystoreId}

Update a keystore.

Body parameter

{
  "description": "string",
  "accessKeyId": "string",
  "secretKey": "string",
  "params": {
    "property1": {},
    "property2": {}
  }
}

Parameters

Name In Type Required Description
keystoreId path string true Keystore ID
body body KeyStoreUpdates false Keystore updates

Example responses

200 Response

{
  "name": "string",
  "description": "string",
  "params": {
    "property1": {},
    "property2": {}
  },
  "endpoints": [
    {
      "url": "string",
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    }
  ],
  "status": {
    "keyStoreCode": "STOPPED",
    "message": "string"
  }
}

Responses

Status Meaning Description Schema
200 OK KeyStore Updated successfully. KeyStore
202 Accepted ACCEPTED Job

Delete a keystore

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keyStores/{keystoreId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/keyStores/{keystoreId} \
  -H 'Accept: application/json'

DELETE /api/v1/keyStores/{keystoreId}

Delete a keystore.

Parameters

Name In Type Required Description
keystoreId path string true Keystore ID

Example responses

200 Response

{
  "name": "string",
  "description": "string",
  "params": {
    "property1": {},
    "property2": {}
  },
  "endpoints": [
    {
      "url": "string",
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    }
  ],
  "status": {
    "keyStoreCode": "STOPPED",
    "message": "string"
  }
}

Responses

Status Meaning Description Schema
200 OK Key store registered successfully KeyStore
202 Accepted ACCEPTED Job

Users

Create a user

Code samples

const inputBody = '{
  "password": "Password1!",
  "name": "john_a",
  "description": "string",
  "role": "user",
  "authType": "STANDARD"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/users',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/users \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/users

Create a new user in a given partition.

Body parameter

{
  "password": "Password1!",
  "name": "john_a",
  "description": "string",
  "role": "user",
  "authType": "STANDARD"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewUser false New User

Example responses

202 Response

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

Responses

Status Meaning Description Schema
201 Created User created successfully None
202 Accepted ACCEPTED Job
409 Conflict Object already exists None

List partition users

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/users',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/users \
  -H 'Accept: application/json'

GET /api/v1/users

Return a list of all users in a partition.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
limit query integer(int32) false Limit
skip query integer(int32) false skip

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "john_a",
      "partition": "~.codeSign.developers",
      "role": "string",
      "createdAt": "string",
      "lastActivityAt": "string",
      "retries": 0,
      "authType": "STANDARD",
      "lastUpdateAt": "string",
      "lastPasswordUpdated": "string",
      "isLoginLocked": true
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK UserListResponse

Get user details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/users/{userId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/users/{userId} \
  -H 'Accept: application/json'

GET /api/v1/users/{userId}

Get details of an existing user.

Parameters

Name In Type Required Description
userId path string true User ID to look for
partitionId query string false Partition ID

Example responses

200 Response

{
  "name": "john_a",
  "partition": "~.codeSign.developers",
  "role": "string",
  "createdAt": "string",
  "lastActivityAt": "string",
  "retries": 0,
  "authType": "STANDARD",
  "lastUpdateAt": "string",
  "lastPasswordUpdated": "string",
  "isLoginLocked": true
}

Responses

Status Meaning Description Schema
200 OK OK User

Delete a user

Code samples


fetch('/api/v1/users/{userId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/users/{userId}

DELETE /api/v1/users/{userId}

Delete a user.

Parameters

Name In Type Required Description
userId path string true User ID
partitionId query string false Partition ID

Responses

Status Meaning Description Schema
200 OK User deleted successfully. None

Reset user password

Code samples

const inputBody = '{
  "password": "Password2!"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/users/{userId}/password',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/users/{userId}/password \
  -H 'Content-Type: application/json'

PUT /api/v1/users/{userId}/password

Reset user password. SO can do it for users in his partition. The root parition SO can do it to SO of any partition.

Body parameter

{
  "password": "Password2!"
}

Parameters

Name In Type Required Description
userId path string true User ID
partitionId query string false Partition ID
body body Password false Password

Responses

Status Meaning Description Schema
200 OK User password reset successfully None
400 Bad Request New password does not comply with password policy rules None

Recover SO password

Code samples

const inputBody = '{
  "password": "Password2!"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/users/{soId}/recover?partitionId=string',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/users/{soId}/recover?partitionId=string \
  -H 'Content-Type: application/json'

PUT /api/v1/users/{soId}/recover

Recover the SO password. The Root SO can do it for other SOs.

Body parameter

{
  "password": "Password2!"
}

Parameters

Name In Type Required Description
soId path string true So ID
partitionId query string true Partition ID
body body Password false Password

Responses

Status Meaning Description Schema
200 OK So password recovered successfully None
400 Bad Request New password does not comply with password policy rules None

Change user role

Code samples

const inputBody = 'string';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/users/{userId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/users/{userId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/users/{userId}

Change an existing user role.

Body parameter

"string"

Parameters

Name In Type Required Description
userId path string true User ID to look for
partitionId query string false Partition ID
body body string false Role ID

Example responses

200 Response

{
  "name": "john_a",
  "partition": "~.codeSign.developers",
  "role": "string",
  "createdAt": "string",
  "lastActivityAt": "string",
  "retries": 0,
  "authType": "STANDARD",
  "lastUpdateAt": "string",
  "lastPasswordUpdated": "string",
  "isLoginLocked": true
}

Responses

Status Meaning Description Schema
200 OK OK User

Keys

Generate key

Code samples

const inputBody = '{
  "keyId": "string",
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "activate": true,
  "activationDate": 0,
  "deactivationDate": 0,
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/generate',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/generate \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/generate

Generate a new asymmetric or symmetric key. The key format is provided as a parameter.

For example, to create a 256-bit AES symmetric key, use the parameters:
{
   "keyId":"AES-KEY",
   "keyFormat": {
       "type": "AES", "size": "256"
   }
}

The keyFormat type can be: RSA, ECC, AES, TDES, HMAC, SIV, XTS, PRF, PWD, LIMA, or EDDSA

Body parameter

{
  "keyId": "string",
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "activate": true,
  "activationDate": 0,
  "deactivationDate": 0,
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  }
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewGeneratedKey false The new key

Example responses

201 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}

Responses

Status Meaning Description Schema
201 Created Key generated successfully KeyInfo
409 Conflict Object already exist KeyInfo

Import key

Code samples

const inputBody = '{
  "file": "string",
  "id": "string",
  "idEncoding": "string",
  "password": "string",
  "description": "string",
  "usage": "string",
  "exportType": "string",
  "trusted": true,
  "groups": "string",
  "keyOnly": true,
  "isSymmetric": true,
  "symmetricKeyType": "string",
  "testMode": true,
  "keyRotationInterval": 0,
  "activate": true,
  "activationDate": "string",
  "deactivationDate": "string"
}';
const headers = {
  'Content-Type':'multipart/form-data',
  'Accept':'application/json'

};

fetch('/api/v1/keys',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys \
  -H 'Content-Type: multipart/form-data' \
  -H 'Accept: application/json'

POST /api/v1/keys

Import a key based on the given file.

Body parameter

file: string
id: string
idEncoding: string
password: string
description: string
usage: string
exportType: string
trusted: true
groups: string
keyOnly: true
isSymmetric: true
symmetricKeyType: string
testMode: true
keyRotationInterval: 0
activate: true
activationDate: string
deactivationDate: string

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body object false none
» file body string(binary) true key file
» id body string true key id
» idEncoding body string false key id encoding
» password body string false password for the file if required
» description body string false key description
» usage body string false key usage
» exportType body string false Export Type
» trusted body boolean false trusted (yes or no)
» groups body string false List of groups
» keyOnly body boolean false import only key (no chain)
» isSymmetric body boolean false is key is symmetric
» symmetricKeyType body string false the symmetric key type
» testMode body boolean false get key info without importing
» keyRotationInterval body integer false key rotation interval (days)
» activate body boolean false activate the key
» activationDate body string false Activation Date
» deactivationDate body string false Deactivation Date

Example responses

201 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}

Responses

Status Meaning Description Schema
201 Created Key generated successfully KeyInfo
409 Conflict Object already exist None

List keys

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keys \
  -H 'Accept: application/json'

GET /api/v1/keys

Return a list of keys.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
limit query integer(int32) false Limit
skip query integer(int32) false skip
id query string false Key id
type query string false Key type
exportType query string false exportType
trusted query boolean false Is Trusted
groups query array[string] false Groups
state query string false Key state
isEnabled query boolean false Is Enabled
showDestroyed query boolean false Include destroyed objects
detailed query boolean false Detailed

Enumerated Values

Parameter Value
type RSA
type ECC
type AES
type TDES
type HMAC
type SIV
type XTS
type PRF
type PWD
type LIMA
type EDDSA
type TOTSSeed
exportType IN_PLAIN
exportType WRAPPED
exportType WRAPPED_WITH_TRUSTED
exportType NON_EXPORTABLE
state PREACTIVE
state ACTIVE
state DEACTIVATED
state COMPROMISED
state DESTROYED
state DESTROYED_COMPROMISED

Example responses

200 Response

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "id": "my-key",
      "uid": "0x00d78d6a396072e9a0",
      "isExternal": true,
      "objectType": "CERTIFICATE",
      "keyFormat": {
        "type": "RSA",
        "size": "for RSA : {2048,3072,4096}",
        "curve": "P256",
        "offlineKeyParams": {
          "backup": "string",
          "paillierKey": "string",
          "paillierKeys": [
            "string"
          ]
        }
      },
      "keyProperties": {
        "description": "string",
        "supportedOperations": [
          "SIGN"
        ],
        "trusted": false,
        "keyRotationInterval": 0,
        "exportType": "IN_PLAIN",
        "groups": [
          "string"
        ]
      },
      "local": true,
      "hasCertificate": true,
      "certificateOnly": true,
      "state": "PREACTIVE",
      "isEnabled": true,
      "sync": true,
      "isFips": true,
      "requireApproval": true,
      "prev": "string",
      "next": "string",
      "nextKeyRotationTime": "string",
      "applicationInfos": [
        {
          "nameSpace": "string",
          "data": {
            "property1": {},
            "property2": {}
          }
        }
      ],
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "chain": [
        {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      ],
      "chains": [
        [
          {
            "id": "my-certificate",
            "uid": "string",
            "sha1Thumbprint": "string",
            "subject": "string",
            "issuer": "string",
            "validFrom": "string",
            "validUntil": "string",
            "version": "V3",
            "serial": "185fb61e97f55b19",
            "signatureAlgorithm": "sha256RSA",
            "isCa": true,
            "isSelfSigned": true,
            "pkInfo": {
              "rsa": {
                "publicExponent": "string",
                "modulus": "string"
              },
              "ecc": {
                "curve": "P256",
                "ecPoint": "string",
                "eccBipKeyInfo": {
                  "level": "string",
                  "childNumber": 0,
                  "hardened": true,
                  "chainCode": "string",
                  "parentUid": "string",
                  "parentFingerprint": 0
                }
              }
            },
            "basicConstraints": {
              "uid": "string",
              "isCritical": true,
              "pathLen": 0,
              "isCa": true
            },
            "subjectKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string"
            },
            "authorityKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string",
              "authNames": [
                "string"
              ],
              "serialNumber": "string"
            },
            "subjectAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "issuerAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "extendedKeyUsage": {
              "keyUsages": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "signature": "string",
            "alertLevel": "WARN"
          }
        ]
      ],
      "createdAt": "string",
      "updatedAt": "string",
      "activationDate": "string",
      "deactivationDate": "string",
      "compromiseDate": "string",
      "compromiseOccurrenceDate": "string",
      "keyStoreProperties": {
        "keyStoreName": "string",
        "keyStoreObjectId": "string",
        "byok": true
      },
      "alertLevel": "WARN",
      "deactivationInfo": {
        "revocationReason": "string",
        "message": "string"
      },
      "getdestroyDate": "string"
    }
  ]
}

Responses

Status Meaning Description Schema
200 OK OK KeyInfoListResponse

Response Headers

Status Header Type Format Description
200 X-total-count integer int32 total amount of keys

Get key details

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keys/{keyId} \
  -H 'Accept: application/json'

GET /api/v1/keys/{keyId}

Get detailed key information.

Parameters

Name In Type Required Description
keyId path string true Key ID to look for
partitionId query string false Partition ID
detailed query boolean false Detailed
signed query boolean false Signed

Example responses

200 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}

Responses

Status Meaning Description Schema
200 OK OK KeyInfo

Get key material

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/value',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keys/{keyId}/value \
  -H 'Accept: application/json'

GET /api/v1/keys/{keyId}/value

Return the key material for an asymmetric key or exportable symmetric key.

You can request the asymmetric key in PFX or PEM format and symmetric keys in raw format.

Parameters

Name In Type Required Description
keyId path string true Key ID to look for
partitionId query string false Partition ID
password query string false Password

Example responses

200 Response

{
  "keyData": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Key

Get public key

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/public',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keys/{keyId}/public \
  -H 'Accept: application/json'

GET /api/v1/keys/{keyId}/public

Return the public details of a key.

Parameters

Name In Type Required Description
keyId path string true Key ID to look for
partitionId query string false Partition ID
obfuscate query boolean false Add obfuscated private key as part of the encoded data, relevant only for PKI keys.
totsIndex query integer(int32) false Index to the relevant derived public key, relevant only for TOTS keys.
totsNOF query integer(int32) false Number of fragments, relevant only for TOTS keys.
challengeResponse query string false Challenge response for TOTS offline mode
paillierKey query string false Paillier public key for TOTS offline mode

Example responses

200 Response

{
  "keyData": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Key

Get key groups

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/groups',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keys/groups \
  -H 'Accept: application/json'

GET /api/v1/keys/groups

Get key groups.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
operations query array[string] false Operations

Enumerated Values

Parameter Value
operations ACTIVATE
operations ADD_ATTRIBUTE
operations CREATE
operations CREATE_KEY_PAIR
operations DECRYPT
operations DELETE_ATTRIBUTE
operations DERIVE_KEY
operations DESTROY
operations DELETE
operations DY_DERIVE
operations DY_GET_KEY_MATERIAL
operations DY_GET_SECRET_DATA
operations DY_UPDATE_DATA
operations ENCRYPT
operations MAC
operations MAC_VERIFY
operations MODIFY_ATTRIBUTE
operations REGISTER
operations REKEY
operations REKEY_KEY_PAIR
operations REVOKE
operations SIGN
operations SIGNATURE_VERIFY
operations DY_ENABLE
operations DY_TOKENIZE
operations DY_DETOKENIZE
operations LINK
operations RELINK
operations UNLINK

Example responses

200 Response

[
  "string"
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Enable a key

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/enable',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/enable \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/enable

Enable a specific key.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key ID to enable

Example responses

200 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}

Responses

Status Meaning Description Schema
200 OK OK KeyInfo

Disable a key

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/disable',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/disable \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/disable

Disable a specific key.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key ID to enable/disable

Example responses

200 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}

Responses

Status Meaning Description Schema
200 OK OK KeyInfo

Update a key

Code samples

const inputBody = '{
  "id": "string",
  "description": "string",
  "groups": [
    "string"
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/keys/{keyId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/keys/{keyId}

Update an existing key.

Body parameter

{
  "id": "string",
  "description": "string",
  "groups": [
    "string"
  ]
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
includeCert query boolean false Include Cert
keyId path string true Key id
body body KeyUpdates false Key updates

Example responses

200 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}

Responses

Status Meaning Description Schema
200 OK OK KeyInfo

Activate a key

Code samples


fetch('/api/v1/keys/{keyId}/activate',
{
  method: 'POST'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/activate

POST /api/v1/keys/{keyId}/activate

Activate the specified key.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
includeCert query boolean false Include Cert
keyId path string true Key ID to activate

Responses

Status Meaning Description Schema
200 OK OK None

Revoke a key

Code samples

const inputBody = '{
  "message": "string",
  "reason": "UNSPECIFIED",
  "compromiseOccurrenceDate": 0
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/keys/{keyId}/revoke',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/revoke \
  -H 'Content-Type: application/json'

POST /api/v1/keys/{keyId}/revoke

Revoke the specified key.

Body parameter

{
  "message": "string",
  "reason": "UNSPECIFIED",
  "compromiseOccurrenceDate": 0
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key ID to activate
includeCert query boolean false Include Cert
body body RevokeParams false Revocation parameters

Responses

Status Meaning Description Schema
200 OK OK None

Renew a key

Code samples


const headers = {
  'Accept':'*/*'

};

fetch('/api/v1/keys/{keyId}/rekey',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/rekey \
  -H 'Accept: */*'

POST /api/v1/keys/{keyId}/rekey

Create a new key with the same parameters as the existing one. The new key inherits the current key ID and a link is created between the two keys.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyRotationInterval query integer(int32) false key rotation interval
keyStateOffset query integer(int32) false key state offset
keyId path string true The key to move. This could be either a key UID or label.

Example responses

200 Response

Responses

Status Meaning Description Schema
200 OK successful operation KeyInfo
201 Created OK. Key renewed successfully. KeyInfo

Destroy a key

Code samples


fetch('/api/v1/keys/{keyId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/keys/{keyId}

DELETE /api/v1/keys/{keyId}

Delete the specified key.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key ID to delete
fullDelete query boolean false Delete object completely

Responses

Status Meaning Description Schema
200 OK OK None

Get alerts summary for keys

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keys/alerts \
  -H 'Accept: application/json'

GET /api/v1/keys/alerts

Get the alerts summary for keys.

Parameters

Name In Type Required Description
partitionId query string false Partition ID

Example responses

200 Response

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK AlertsSummary

Get alerts for a specific key

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/alerts',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keys/{keyId}/alerts \
  -H 'Accept: application/json'

GET /api/v1/keys/{keyId}/alerts

Return the alerts for a specific key.

Parameters

Name In Type Required Description
keyId path string true Key ID to look for
partitionId query string false Partition ID

Example responses

200 Response

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Alert

Get key operations

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/permissions',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/keys/{keyId}/permissions \
  -H 'Accept: application/json'

GET /api/v1/keys/{keyId}/permissions

Return specific allowed operations on a key for a specific key UID.

Parameters

Name In Type Required Description
keyId path string true Key ID to look for
partitionId query string false Partition ID

Example responses

200 Response

[
  "ACTIVATE"
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Code samples

const inputBody = '{
  "keyStoreName": "string",
  "keyStoreObjectId": "string",
  "activate": true,
  "groups": [
    "string"
  ],
  "keyRotationInterval": 0,
  "activationDate": 0,
  "deactivationDate": 0
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/link',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/link \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/link

Link an existing KeyStore key

Body parameter

{
  "keyStoreName": "string",
  "keyStoreObjectId": "string",
  "activate": true,
  "groups": [
    "string"
  ],
  "keyRotationInterval": 0,
  "activationDate": 0,
  "deactivationDate": 0
}
Name In Type Required Description
partitionId query string false Partition ID
body body NewLinkedKey false Keystore Object Uid

Example responses

201 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}
Status Meaning Description Schema
201 Created Key linked successfully KeyInfo
409 Conflict Object already linked KeyInfo

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/reLink',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/reLink \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/reLink

Relink a specific key.

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key ID to unLink

Example responses

200 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}
Status Meaning Description Schema
200 OK OK KeyInfo

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/unLink',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/unLink \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/unLink

Unlink a specific key.

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key ID to unLink

Example responses

200 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}
Status Meaning Description Schema
200 OK OK KeyInfo

Cryptography

Encrypt clear text

Code samples

const inputBody = '{
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "clearText": "string",
  "dataEncoding": "PLAIN"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/encrypt',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/encrypt \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/encrypt

Encrypt clear text into cipher text with an existing key. Parameters allow selecting padding mode and encryption mode. If key type is asymmetric, encryption is done exactly as encryption with a certificate. If key type is symmetric, only simple mode is supported.

Body parameter

{
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "clearText": "string",
  "dataEncoding": "PLAIN"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Id of the Key used for encryption
body body EncryptData false Data to encrypt

Example responses

200 Response

{
  "cipherTextBase64": "string",
  "ivBase64": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Cipher

Encrypt multiple values

Code samples

const inputBody = '{
  "clearTextItems": [
    "string"
  ],
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/encryptx',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/encryptx \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/encryptx

Encryption is done using the key. Parameters allow selecting padding mode and encryption mode. If key type is asymmetric, encryption is done exactly as encryption with a certificate. If key type is symmetric, only simple mode is supported.

Body parameter

{
  "clearTextItems": [
    "string"
  ],
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  }
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key used for encryption
body body Encryptx false Object containing a list of plaintexts that you want to encrypt.

Example responses

200 Response

[
  {
    "cipherTextBase64": "string",
    "ivBase64": "string"
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [Cipher] false none [Includes encrypted data]
» cipherTextBase64 string true none base64 encoded encrypted data
» ivBase64 string false none base64 encoded Initialize Vector

Decrypt a value

Code samples

const inputBody = '{
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "cipher": {
    "cipherTextBase64": "string",
    "ivBase64": "string"
  },
  "outputEncoding": "PLAIN"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/decrypt',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/decrypt \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/decrypt

Decrypt a value using the key. The same parameters for encryption are supported for decryption, as well as both simple and unseal mode. For a symmetric key, only simple mode is supported. If decryption fails with the latest key version, the previous version (if it exists) is used, etc.

Body parameter

{
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "cipher": {
    "cipherTextBase64": "string",
    "ivBase64": "string"
  },
  "outputEncoding": "PLAIN"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true The key used for decryption
body body DecryptData false Data to decrypt

Example responses

200 Response

{
  "clearText": "string"
}

Responses

Status Meaning Description Schema
200 OK OK. Returns clear text encoded according to request parameters ClearText
400 Bad Request Authentication encryption failure None

Decrypt multiple values

Code samples

const inputBody = '{
  "encrypted": [
    {
      "cipherTextBase64": "string",
      "ivBase64": "string"
    }
  ],
  "params": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "outputEncoding": "PLAIN"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/decryptx',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/decryptx \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/decryptx

Decryption is done using the key. The same parameters for encryption are supported for decryption, as well as both simple and unseal mode. For a symmetric key, only simple mode is supported. If decryption fails with the latest key version, the previous version (if it exists) is used, etc.

Body parameter

{
  "encrypted": [
    {
      "cipherTextBase64": "string",
      "ivBase64": "string"
    }
  ],
  "params": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "outputEncoding": "PLAIN"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true The key used for decryption
body body Decryptx false Object containing a list of ciphertexts that you want to decrypt.

Example responses

200 Response

[
  {
    "clearText": "string"
  }
]

Responses

Status Meaning Description Schema
200 OK Array of decrypted values with requested encoding Inline
400 Bad Request Authentication encryption failure None

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [ClearText] false none none
» clearText string false none none

Seal clear text

Code samples

const inputBody = '{
  "clearText": "string",
  "dataEncoding": "PLAIN"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/seal',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/seal \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/seal

Seal clear text into cipher text with an existing key. Encryption is done exactly as encryption with a certificate.

Body parameter

{
  "clearText": "string",
  "dataEncoding": "PLAIN"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Id of the Key used for encryption
body body SealData false Data to seal

Example responses

200 Response

{
  "value": "string"
}

Responses

Status Meaning Description Schema
200 OK OK SealedCipher

Unseal a value

Code samples

const inputBody = '{
  "cipher": {
    "value": "string"
  },
  "outputEncoding": "PLAIN"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/unseal',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/unseal \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/unseal

Unseal a value using the key. The same parameters for encryption are supported for decryption, as well as both simple and unseal mode. For a symmetric key, only simple mode is supported. If decryption fails with the latest key version, the previous version (if it exists) is used, etc.

Body parameter

{
  "cipher": {
    "value": "string"
  },
  "outputEncoding": "PLAIN"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true The key used for decryption
body body UnSealData false Data to un-seal

Example responses

200 Response

{
  "clearText": "string"
}

Responses

Status Meaning Description Schema
200 OK OK. Returns clear text encoded according to request parameters ClearText
400 Bad Request Authentication encryption failure None

Wrap and export key

Code samples

const inputBody = '{
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "wrappedKeyId": "string"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/wrap',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/wrap \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/wrap

Wrap and export a key with an existing key.

Body parameter

{
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "wrappedKeyId": "string"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key used for wrapping
body body WrapData false Wrap data

Example responses

200 Response

{
  "cipherTextBase64": "string",
  "ivBase64": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Cipher

Derive a new key

Code samples

const inputBody = '{
  "data": "string",
  "dataEncoding": "PLAIN",
  "size": 0
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/derive-key',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/derive-key \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/derive-key

Derive a new key and return it without storing it.

Body parameter

{
  "data": "string",
  "dataEncoding": "PLAIN",
  "size": 0
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true The key used for derive
body body DeriveKeyData false Derivation data

Example responses

200 Response

{
  "keyData": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Key
201 Created New key derived successfully Key

Derive and store a new key

Code samples

const inputBody = '{
  "newGeneratedKey": {
    "keyId": "string",
    "keyProperties": {
      "description": "string",
      "supportedOperations": [
        "SIGN"
      ],
      "trusted": false,
      "keyRotationInterval": 0,
      "exportType": "IN_PLAIN",
      "groups": [
        "string"
      ]
    },
    "keyStoreProperties": {
      "keyStoreName": "string",
      "keyStoreObjectId": "string",
      "byok": true
    },
    "activate": true,
    "activationDate": 0,
    "deactivationDate": 0,
    "keyFormat": {
      "type": "RSA",
      "size": "for RSA : {2048,3072,4096}",
      "curve": "P256",
      "offlineKeyParams": {
        "paillierKey": "string",
        "paillierKeys": [
          "string"
        ]
      }
    }
  },
  "derivationMode": "CONCAT",
  "hash": "SHA1",
  "bipDerivationParams": {
    "childNumber": 0,
    "hardened": true
  },
  "concatDerivationParams": {
    "data": "string",
    "isPrefix": true
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/derive',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/derive \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/derive

Derive a new key and store it in UKC.

Body parameter

{
  "newGeneratedKey": {
    "keyId": "string",
    "keyProperties": {
      "description": "string",
      "supportedOperations": [
        "SIGN"
      ],
      "trusted": false,
      "keyRotationInterval": 0,
      "exportType": "IN_PLAIN",
      "groups": [
        "string"
      ]
    },
    "keyStoreProperties": {
      "keyStoreName": "string",
      "keyStoreObjectId": "string",
      "byok": true
    },
    "activate": true,
    "activationDate": 0,
    "deactivationDate": 0,
    "keyFormat": {
      "type": "RSA",
      "size": "for RSA : {2048,3072,4096}",
      "curve": "P256",
      "offlineKeyParams": {
        "paillierKey": "string",
        "paillierKeys": [
          "string"
        ]
      }
    }
  },
  "derivationMode": "CONCAT",
  "hash": "SHA1",
  "bipDerivationParams": {
    "childNumber": 0,
    "hardened": true
  },
  "concatDerivationParams": {
    "data": "string",
    "isPrefix": true
  }
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true The key used for derive
body body DeriveData false Derivation data

Example responses

200 Response

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation KeyInfo
201 Created New key derived successfully KeyInfo

Unwrap and import key

Code samples

const inputBody = '{
  "newGeneratedKey": {
    "keyId": "string",
    "keyProperties": {
      "description": "string",
      "supportedOperations": [
        "SIGN"
      ],
      "trusted": false,
      "keyRotationInterval": 0,
      "exportType": "IN_PLAIN",
      "groups": [
        "string"
      ]
    },
    "keyStoreProperties": {
      "keyStoreName": "string",
      "keyStoreObjectId": "string",
      "byok": true
    },
    "activate": true,
    "activationDate": 0,
    "deactivationDate": 0,
    "keyFormat": {
      "type": "RSA",
      "size": "for RSA : {2048,3072,4096}",
      "curve": "P256",
      "offlineKeyParams": {
        "paillierKey": "string",
        "paillierKeys": [
          "string"
        ]
      }
    }
  },
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "keyData": "string"
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/keys/{keyId}/unwrap',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/unwrap \
  -H 'Content-Type: application/json'

POST /api/v1/keys/{keyId}/unwrap

Unwrap and import a new key.

Body parameter

{
  "newGeneratedKey": {
    "keyId": "string",
    "keyProperties": {
      "description": "string",
      "supportedOperations": [
        "SIGN"
      ],
      "trusted": false,
      "keyRotationInterval": 0,
      "exportType": "IN_PLAIN",
      "groups": [
        "string"
      ]
    },
    "keyStoreProperties": {
      "keyStoreName": "string",
      "keyStoreObjectId": "string",
      "byok": true
    },
    "activate": true,
    "activationDate": 0,
    "deactivationDate": 0,
    "keyFormat": {
      "type": "RSA",
      "size": "for RSA : {2048,3072,4096}",
      "curve": "P256",
      "offlineKeyParams": {
        "paillierKey": "string",
        "paillierKeys": [
          "string"
        ]
      }
    }
  },
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "keyData": "string"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true The key used for unwrapping
body body UnwrapData false UnWrap Data

Responses

Status Meaning Description Schema
201 Created New key created added successfully None
400 Bad Request Authentication encryption failure None
409 Conflict Key with this ID already exist None

Create MAC for a message

Code samples

const inputBody = '{
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "GMAC",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 0
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/mac',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/mac \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/mac

Generate a Message Authentication Code (MAC) for a message. MAC mode is provided as a parameter.

Note the following for the parameters in the body:

Body parameter

{
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "GMAC",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 0
  }
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key used for MAC
body body MACSignData false Mac Data

Example responses

200 Response

{
  "mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
  "ivBase64": "string"
}

Responses

Status Meaning Description Schema
200 OK OK. Returns the generated Message Authentication Code Mac

Verify MAC

Code samples

const inputBody = '{
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "GMAC",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 0
  },
  "mac": {
    "mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
    "ivBase64": "string"
  }
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/keys/{keyId}/macVerify',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/macVerify \
  -H 'Content-Type: application/json'

POST /api/v1/keys/{keyId}/macVerify

Verifies a MAC value. Supports the same parameters as the MAC option.

Body parameter

{
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "GMAC",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 0
  },
  "mac": {
    "mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
    "ivBase64": "string"
  }
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key used for verification
body body MACVerifyData false Mac Verify Data

Responses

Status Meaning Description Schema
200 OK OK. Verified Successfully None
400 Bad Request Verification failed None

Sign a message

Code samples

const inputBody = '{
  "paillierKey": "string",
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "doHash": true,
  "ecdsaMode": "ECDSA",
  "totsSignData": {
    "challengeResponse": "string",
    "totsParams": {
      "index": 0,
      "nof": 1
    }
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/sign',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/sign \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/sign

Hash and sign a given message. If requested, it can also assume the input is a hash value and just sign it. Different modes are supported as parameters and the output can be either a raw signature or PKCS7, based on request.

Body parameter

{
  "paillierKey": "string",
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "doHash": true,
  "ecdsaMode": "ECDSA",
  "totsSignData": {
    "challengeResponse": "string",
    "totsParams": {
      "index": 0,
      "nof": 1
    }
  }
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key used for signing
body body SignData false Data that needs to be signed.

Example responses

200 Response

{
  "signature": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q="
}

Responses

Status Meaning Description Schema
200 OK OK Signature

Verify a signature

Code samples

const inputBody = '{
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "doHash": true,
  "signature": {
    "signature": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q="
  }
}';
const headers = {
  'Content-Type':'application/json'

};

fetch('/api/v1/keys/{keyId}/verify',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/verify \
  -H 'Content-Type: application/json'

POST /api/v1/keys/{keyId}/verify

Verifies a signature value. Supports the same parameters as the sign option.

Body parameter

{
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "doHash": true,
  "signature": {
    "signature": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzIGRmIGFzZGZhIHNkZmFzZGZhc2Q="
  }
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Certificate used for verification
body body VerifyData false Data with a signature that needs to be verified.

Responses

Status Meaning Description Schema
200 OK OK. Signature verified successfully None
400 Bad Request Verification failed None

Generate TOTS offline challenge

Code samples

const inputBody = '{
  "paillierKey": "string",
  "message": "string",
  "dataEncoding": "PLAIN",
  "totsParams": {
    "index": 0,
    "nof": 1
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/challenge',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/challenge \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/challenge

Generate TOTS challenge for getPublic and TOTS sign operations. Relevant for TOTS offline keys

Body parameter

{
  "paillierKey": "string",
  "message": "string",
  "dataEncoding": "PLAIN",
  "totsParams": {
    "index": 0,
    "nof": 1
  }
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key used for signing
body body TOTSChallengeData false Data used to generate TOTS challenge

Example responses

200 Response

{
  "value": "example"
}

Responses

Status Meaning Description Schema
200 OK OK Challenge

Tokenize data

Code samples

const inputBody = '{
  "value": "string",
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string",
  "maxSize": 40
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/tokenize',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/tokenize \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/tokenize

Encrypt clear text into cipher text with an existing key.

Body parameter

{
  "value": "string",
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string",
  "maxSize": 40
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Id of the Key used for tokenization
body body TokenizeData false Data to tokenize

Example responses

200 Response

{
  "uid": "string",
  "tweak": "string",
  "value": "string"
}

Responses

Status Meaning Description Schema
200 OK OK TokenizeResponse

Tokenize multiple values

Code samples

const inputBody = '{
  "valueItems": [
    "string"
  ],
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string",
  "maxSize": 40
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/tokenizex',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/tokenizex \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/tokenizex

Tokenization is done using the key.

Body parameter

{
  "valueItems": [
    "string"
  ],
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string",
  "maxSize": 40
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Key used for tokenization
body body TokenizeX false Object containing a list of plaintext that you want to tokenize.

Example responses

200 Response

[
  {
    "uid": "string",
    "tweak": "string",
    "value": "string"
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [TokenizeResponse] false none none
» uid string true none none
» tweak string true none none
» value string true none none

Detokenize data

Code samples

const inputBody = '{
  "value": "string",
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/detokenize',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/detokenize \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/detokenize

Encrypt clear text into cipher text with an existing key.

Body parameter

{
  "value": "string",
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true Id of the Key used for detokenization
body body DetokenizeData false Data to detokenize

Example responses

200 Response

{
  "uid": "string",
  "tweak": "string",
  "value": "string"
}

Responses

Status Meaning Description Schema
200 OK OK DetokenizeResponse

Detokenize multiple values

Code samples

const inputBody = '{
  "valueItems": [
    "string"
  ],
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/keys/{keyId}/detokenizex',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/keys/{keyId}/detokenizex \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/keys/{keyId}/detokenizex

Detokenize is done using the key.

Body parameter

{
  "valueItems": [
    "string"
  ],
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
keyId path string true The key used for decryption
body body DeTokenizeX false Object containing a list of plaintext that you want to detokeinze.

Example responses

200 Response

[
  {
    "uid": "string",
    "tweak": "string",
    "value": "string"
  }
]

Responses

Status Meaning Description Schema
200 OK Array of decrypted values with requested encoding Inline
400 Bad Request Authentication encryption failure None

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [DetokenizeResponse] false none none
» uid string true none none
» tweak string true none none
» value string true none none

Secrets

Create secret (application/octet-stream)

Code samples

const inputBody = '{
  "newSecret": "string",
  "id": "string",
  "description": "string",
  "groups": "string"
}';
const headers = {
  'Content-Type':'multipart/form-data',
  'Accept':'application/json'

};

fetch('/api/v1/secrets/file',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/secrets/file \
  -H 'Content-Type: multipart/form-data' \
  -H 'Accept: application/json'

POST /api/v1/secrets/file

Import a secret from a file

Body parameter

newSecret: string
id: string
description: string
groups: string

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body object false none
» newSecret body string(binary) true Secret data
» id body string true Secret ID
» description body string false Key description
» groups body string false List of groups

Example responses

200 Response

{
  "id": "mySecret1",
  "description": "string",
  "uid": "0x00d78d6a396072e9a0",
  "groups": [
    "string"
  ],
  "createdAt": "string",
  "updatedAt": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Secret
201 Created OK Secret
409 Conflict Secret with this ID already exist None

Create secret (text/plain)

Code samples

const inputBody = '{
  "id": "mySecret1",
  "description": "string",
  "groups": [
    "string"
  ],
  "data": "My secret data"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/secrets/text',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/secrets/text \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/secrets/text

Add new secret data with label

Body parameter

{
  "id": "mySecret1",
  "description": "string",
  "groups": [
    "string"
  ],
  "data": "My secret data"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
body body NewSecret false newSecret

Example responses

200 Response

{
  "id": "mySecret1",
  "description": "string",
  "uid": "0x00d78d6a396072e9a0",
  "groups": [
    "string"
  ],
  "createdAt": "string",
  "updatedAt": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Secret
201 Created OK Secret
409 Conflict Secret with this ID already exist None

Generate a new secret

Code samples

const inputBody = '{
  "id": "mySecret1",
  "description": "string",
  "groups": [
    "string"
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/secrets/generate',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X POST /api/v1/secrets/generate \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST /api/v1/secrets/generate

Add new secret data with label

Body parameter

{
  "id": "mySecret1",
  "description": "string",
  "groups": [
    "string"
  ]
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
complexity query boolean false complexity
length query integer(int32) false length
body body NewGeneratedSecret false newSecret

Example responses

200 Response

{
  "id": "mySecret1",
  "description": "string",
  "uid": "0x00d78d6a396072e9a0",
  "groups": [
    "string"
  ],
  "createdAt": "string",
  "updatedAt": "string"
}

Responses

Status Meaning Description Schema
200 OK successful operation Secret
201 Created OK Secret
409 Conflict Secret with this ID already exists None

List secrets

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/secrets',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/secrets \
  -H 'Accept: application/json'

GET /api/v1/secrets

Return a list of all secrets in a partition

Parameters

Name In Type Required Description
id query string false Key id
partitionId query string false Partition ID
limit query integer(int32) false Limit
skip query integer(int32) false skip
groups query array[string] false Groups

Example responses

200 Response

[
  {
    "totalItems": 0,
    "limit": 0,
    "skip": 0,
    "items": [
      {
        "id": "mySecret1",
        "description": "string",
        "uid": "0x00d78d6a396072e9a0",
        "groups": [
          "string"
        ],
        "createdAt": "string",
        "updatedAt": "string"
      }
    ]
  }
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Status Code 200

Name Type Required Restrictions Description
anonymous [SecretListResponse] false none none
» totalItems integer(int32) false read-only none
» limit integer(int32) false read-only none
» skip integer(int32) false read-only none
» items [Secret] false read-only none
»» id string true none An identifier/label for the secret data
»» description string false read-only The secret description
»» uid string false read-only Secret identifier
»» groups [string] false none Secret groups
»» createdAt string false read-only Creation date
»» updatedAt string false read-only Last update date

Get secret metadata

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/secrets/{secretId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/secrets/{secretId} \
  -H 'Accept: application/json'

GET /api/v1/secrets/{secretId}

Return the metadata for an existing secret

Parameters

Name In Type Required Description
partitionId query string false Partition ID
secretId path string true Secret ID to look for

Example responses

200 Response

{
  "id": "mySecret1",
  "description": "string",
  "uid": "0x00d78d6a396072e9a0",
  "groups": [
    "string"
  ],
  "createdAt": "string",
  "updatedAt": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Secret

Get secret (application/octet-stream)

Code samples


const headers = {
  'Accept':'application/json,application/octet-stream'

};

fetch('/api/v1/secrets/{secretId}/file',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/secrets/{secretId}/file \
  -H 'Accept: application/json,application/octet-stream'

GET /api/v1/secrets/{secretId}/file

Gets the value of a secret from a file.

Parameters

Name In Type Required Description
partitionId query string false Partition ID
secretId path string true Secret ID to look for

Example responses

200 Response

"string"

Responses

Status Meaning Description Schema
200 OK OK string

Get secret (text/plain)

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/secrets/{secretId}/text',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/secrets/{secretId}/text \
  -H 'Accept: application/json'

GET /api/v1/secrets/{secretId}/text

Gets the value of a secret from a text string

Parameters

Name In Type Required Description
partitionId query string false Partition ID
secretId path string true Secret ID to look for

Example responses

200 Response

"string"
"string"

Responses

Status Meaning Description Schema
200 OK OK string

Get secret groups

Code samples


const headers = {
  'Accept':'application/json'

};

fetch('/api/v1/secrets/groups',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X GET /api/v1/secrets/groups \
  -H 'Accept: application/json'

GET /api/v1/secrets/groups

Get groups for secrets

Parameters

Name In Type Required Description
partitionId query string false Partition ID
operations query array[string] false Operations

Enumerated Values

Parameter Value
operations ACTIVATE
operations ADD_ATTRIBUTE
operations CREATE
operations CREATE_KEY_PAIR
operations DECRYPT
operations DELETE_ATTRIBUTE
operations DERIVE_KEY
operations DESTROY
operations DELETE
operations DY_DERIVE
operations DY_GET_KEY_MATERIAL
operations DY_GET_SECRET_DATA
operations DY_UPDATE_DATA
operations ENCRYPT
operations MAC
operations MAC_VERIFY
operations MODIFY_ATTRIBUTE
operations REGISTER
operations REKEY
operations REKEY_KEY_PAIR
operations REVOKE
operations SIGN
operations SIGNATURE_VERIFY
operations DY_ENABLE
operations DY_TOKENIZE
operations DY_DETOKENIZE
operations LINK
operations RELINK
operations UNLINK

Example responses

200 Response

[
  "string"
]

Responses

Status Meaning Description Schema
200 OK OK Inline

Response Schema

Update secret (application/octet-stream)

Code samples

const inputBody = '{
  "newSecret": "string"
}';
const headers = {
  'Content-Type':'multipart/form-data',
  'Accept':'application/json'

};

fetch('/api/v1/secrets/{secretId}/file',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/secrets/{secretId}/file \
  -H 'Content-Type: multipart/form-data' \
  -H 'Accept: application/json'

PUT /api/v1/secrets/{secretId}/file

Update existing secret

Body parameter

newSecret: string

Parameters

Name In Type Required Description
partitionId query string false Partition ID
secretId path string true Secret ID
body body object false none
» newSecret body string(binary) true secret data

Example responses

200 Response

{
  "id": "mySecret1",
  "description": "string",
  "uid": "0x00d78d6a396072e9a0",
  "groups": [
    "string"
  ],
  "createdAt": "string",
  "updatedAt": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Secret

Update secret (text/plain)

Code samples

const inputBody = '{
  "data": "My secret data"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/secrets/{secretId}/text',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/secrets/{secretId}/text \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/secrets/{secretId}/text

Update existing secret

Body parameter

{
  "data": "My secret data"
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
secretId path string true Secret ID
body body UpdatedSecret false updatedSecret

Example responses

200 Response

{
  "id": "mySecret1",
  "description": "string",
  "uid": "0x00d78d6a396072e9a0",
  "groups": [
    "string"
  ],
  "createdAt": "string",
  "updatedAt": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Secret

Update secret details

Code samples

const inputBody = '{
  "id": "string",
  "description": "string",
  "groups": [
    "string"
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('/api/v1/secrets/{secretId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X PUT /api/v1/secrets/{secretId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT /api/v1/secrets/{secretId}

Update existing secret details

Body parameter

{
  "id": "string",
  "description": "string",
  "groups": [
    "string"
  ]
}

Parameters

Name In Type Required Description
partitionId query string false Partition ID
secretId path string true Secret ID
body body SecretUpdates false Secret updates

Example responses

200 Response

{
  "id": "mySecret1",
  "description": "string",
  "uid": "0x00d78d6a396072e9a0",
  "groups": [
    "string"
  ],
  "createdAt": "string",
  "updatedAt": "string"
}

Responses

Status Meaning Description Schema
200 OK OK Secret

Delete a secret

Code samples


fetch('/api/v1/secrets/{secretId}',
{
  method: 'DELETE'

})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

# You can also use wget
curl -X DELETE /api/v1/secrets/{secretId}

DELETE /api/v1/secrets/{secretId}

Deletes a secret by its label/ID

Parameters

Name In Type Required Description
partitionId query string false Partition ID
secretId path string true Secret ID to delete

Responses

Status Meaning Description Schema
200 OK OK None

Schemas

Aad

{
  "value": "string",
  "encoding": "PLAIN"
}

Properties

Name Type Required Restrictions Description
value string true none Additional Authentication Data
encoding string false none Authentication data encoding

Enumerated Values

Property Value
encoding PLAIN
encoding BASE64
encoding HEX

Alert

{
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "title": "string"
}

Properties

Name Type Required Restrictions Description
alertType string false read-only none
alertLevel string false read-only none
title string false read-only none

Enumerated Values

Property Value
alertType CERT_ABOUT_TO_EXPIRE
alertType CERT_EXPIRED
alertType OUT_OF_SYNC
alertType IS_LOCKED
alertType RENEW_REQUIRED
alertType DB_BACKUP_INCONSISTENT
alertType DB_BACKUP_FAILURE
alertType SECRET_ABOUT_TO_EXPIRE
alertType SECRET_EXPIRED
alertType KEY_ROTATION_IS_APPROACHING
alertType KEY_ACTIVATION_IS_APPROACHING
alertType KEY_DEACTIVATION_IS_APPROACHING
alertType RESTART_REQUIRED
alertLevel WARN

AlertsSummary

{
  "category": "CLIENTS",
  "alertType": "CERT_ABOUT_TO_EXPIRE",
  "alertLevel": "WARN",
  "counter": 0,
  "title": "string"
}

Properties

Name Type Required Restrictions Description
category string false read-only none
alertType string false read-only none
alertLevel string false read-only none
counter integer(int32) false read-only none
title string false read-only none

Enumerated Values

Property Value
category CLIENTS
category SYSTEM
category KEYS
category BACKUP
alertType CERT_ABOUT_TO_EXPIRE
alertType CERT_EXPIRED
alertType OUT_OF_SYNC
alertType IS_LOCKED
alertType RENEW_REQUIRED
alertType DB_BACKUP_INCONSISTENT
alertType DB_BACKUP_FAILURE
alertType SECRET_ABOUT_TO_EXPIRE
alertType SECRET_EXPIRED
alertType KEY_ROTATION_IS_APPROACHING
alertType KEY_ACTIVATION_IS_APPROACHING
alertType KEY_DEACTIVATION_IS_APPROACHING
alertType RESTART_REQUIRED
alertLevel WARN

AlternativeNames

{
  "names": [
    "string"
  ],
  "uid": "string",
  "isCritical": true
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
names [string] false none none
uid string true none Extension UID
isCritical boolean true none Is Extension Critical

ApplicationInfo

{
  "nameSpace": "string",
  "data": {
    "property1": {},
    "property2": {}
  }
}

Properties

Name Type Required Restrictions Description
nameSpace string false none none
data object false none none
» additionalProperties object false none none

AsymmetricCryptoParams

{
  "padding": {
    "type": "RAW",
    "pss": {
      "mgf": "SHA1",
      "saltSize": 0
    },
    "oaep": {
      "mgf": "SHA1",
      "label": {
        "value": "string",
        "encoding": "PLAIN"
      }
    }
  },
  "hash": "SHA1"
}

Properties

Name Type Required Restrictions Description
padding Padding false none Crypto operation padding type
hash string false none the hash type

Enumerated Values

Property Value
hash SHA1
hash SHA256
hash SHA384
hash SHA512

AuthorityKeyIdentifier

{
  "uid": "string",
  "isCritical": true,
  "keyId": "string",
  "authNames": [
    "string"
  ],
  "serialNumber": "string"
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
uid string true none Extension UID
isCritical boolean true none Is Extension Critical
keyId string false read-only none
authNames [string] false none none
serialNumber string false none none

BasicConstraints

{
  "uid": "string",
  "isCritical": true,
  "pathLen": 0,
  "isCa": true
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
uid string true none Extension UID
isCritical boolean true none Is Extension Critical
pathLen integer(int32) false none none
isCa boolean false none none

BipDerivationParams

{
  "childNumber": 0,
  "hardened": true
}

Properties

Name Type Required Restrictions Description
childNumber integer(int32) true none child number
hardened boolean true none True if hardened

CertificateInfo

{
  "id": "my-certificate",
  "uid": "string",
  "sha1Thumbprint": "string",
  "subject": "string",
  "issuer": "string",
  "validFrom": "string",
  "validUntil": "string",
  "version": "V3",
  "serial": "185fb61e97f55b19",
  "signatureAlgorithm": "sha256RSA",
  "isCa": true,
  "isSelfSigned": true,
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "basicConstraints": {
    "uid": "string",
    "isCritical": true,
    "pathLen": 0,
    "isCa": true
  },
  "subjectKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string"
  },
  "authorityKeyIdentifier": {
    "uid": "string",
    "isCritical": true,
    "keyId": "string",
    "authNames": [
      "string"
    ],
    "serialNumber": "string"
  },
  "subjectAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "issuerAlternativeNames": {
    "names": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "extendedKeyUsage": {
    "keyUsages": [
      "string"
    ],
    "uid": "string",
    "isCritical": true
  },
  "signature": "string",
  "alertLevel": "WARN"
}

Certificate public information

Properties

Name Type Required Restrictions Description
id string true none Certificate identifier label
uid string true none none
sha1Thumbprint string true none certificate sha1
subject string true none none
issuer string true none The CA that signed this certificate
validFrom string true none Date of of validity period start for this certificate
validUntil string true none Date of of validity period end for this certificate
version string true none Certificate version
serial string true none Certificate serial number
signatureAlgorithm string true none Signing algorithm used for signing this certificate
isCa boolean true none Determines if this certificate is a CA certificate
isSelfSigned boolean true none Determines if this certificate is a self signed certificate
pkInfo PKInfoType true none Properties of PKI key
basicConstraints BasicConstraints false none Certificate x509 extension
subjectKeyIdentifier SubjectKeyIdentifier false none Certificate x509 extension
authorityKeyIdentifier AuthorityKeyIdentifier false none Certificate x509 extension
subjectAlternativeNames AlternativeNames false none Certificate x509 extension
issuerAlternativeNames AlternativeNames false none Certificate x509 extension
extendedKeyUsage ExtendedKeyUsage false none Certificate x509 extension
signature string true none CA signature value for this certificate
alertLevel string false read-only none

Enumerated Values

Property Value
alertLevel WARN

CertificateRequest

{
  "subject": "string",
  "keyType": "RSA",
  "size": 0,
  "curve": "P256",
  "validity": 365,
  "extensions": {
    "uid": "string",
    "isCritical": true
  }
}

Certificate request information

Properties

Name Type Required Restrictions Description
subject string true none none
keyType string false none none
size integer(int32) false none none
curve string false none none
validity integer(int32) false none Certificate validity period in days
extensions X509v3extensionType false none Certificate x509 extension

Enumerated Values

Property Value
keyType RSA
keyType ECC
curve P256
curve P384
curve P521
curve SECP_256K_1

Challenge

{
  "value": "example"
}

Challenge

Properties

Name Type Required Restrictions Description
value string true none Challenge to be solved by client

Cipher

{
  "cipherTextBase64": "string",
  "ivBase64": "string"
}

Includes encrypted data

Properties

Name Type Required Restrictions Description
cipherTextBase64 string true none base64 encoded encrypted data
ivBase64 string false none base64 encoded Initialize Vector

ClearText

{
  "clearText": "string"
}

Properties

Name Type Required Restrictions Description
clearText string false none none

Client

{
  "name": "client-name",
  "partition": "~.codeSign.developers",
  "createdAt": "string",
  "activationStatus": "ACTIVATED",
  "activationType": "CERTIFICATE_REQUEST",
  "lastUpdatedAt": "string",
  "failedActivationCounter": 0,
  "isActivationLocked": true,
  "checkIp": true,
  "allowNat": true,
  "ipRange": "string",
  "expiresAt": "string",
  "expiration": 0,
  "activationCodeValidity": 0,
  "activationCodeLength": 0,
  "activationCodeExpiration": "string",
  "template": "string",
  "activationCode": "string",
  "certificateRenewRequired": true,
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ],
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  },
  "certExpiresAt": "string",
  "certificateExpiration": 0,
  "alertLevel": "WARN",
  "version": "string",
  "secret": "string"
}

A UKC new client

Properties

Name Type Required Restrictions Description
name string false read-only Client name
partition string false read-only none
createdAt string false none none
activationStatus string false read-only Client activation status
activationType string false read-only Client activation type
lastUpdatedAt string false read-only Last update time for this client record
failedActivationCounter integer(int32) false read-only Number of failed retries to use client activation code
isActivationLocked boolean false read-only none
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
ipRange string false none Client IP range
expiresAt string false none Client secret expiration date
expiration integer(int32) false none Client secret expiration time (ms)
activationCodeValidity integer(int32) false none Client activation code validity in minutes
activationCodeLength integer(int32) false none Client activation code length (digits)
activationCodeExpiration string false none Client activation code expiration date
template string false none Client template
activationCode string false none Client activation code
certificateRenewRequired boolean false none Is client certificate need to be renewed
grantTypes [string] false none Client grant types
certificateInfo CertificateInfo false none Certificate public information
certExpiresAt string false read-only Client certificate expiration date
certificateExpiration integer(int32) false read-only Client certificate validity in minutes
alertLevel string false read-only none
version string false none Client version
secret string false none Client secret

Enumerated Values

Property Value
activationStatus ACTIVATED
activationStatus PENDING
activationStatus LOCKED
activationType CERTIFICATE_REQUEST
activationType ACTIVATION_CODE
activationType CERTIFICATE_DOWNLOAD
activationType EXTERNAL
activationType TEMPLATE
activationType SECRET
activationType EPHEMERAL
activationType PUBLIC_KEY
alertLevel WARN

ClientListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "client-name",
      "partition": "~.codeSign.developers",
      "createdAt": "string",
      "activationStatus": "ACTIVATED",
      "activationType": "CERTIFICATE_REQUEST",
      "lastUpdatedAt": "string",
      "failedActivationCounter": 0,
      "isActivationLocked": true,
      "checkIp": true,
      "allowNat": true,
      "ipRange": "string",
      "expiresAt": "string",
      "expiration": 0,
      "activationCodeValidity": 0,
      "activationCodeLength": 0,
      "activationCodeExpiration": "string",
      "template": "string",
      "activationCode": "string",
      "certificateRenewRequired": true,
      "grantTypes": [
        "CLIENT_CREDENTIALS"
      ],
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      },
      "certExpiresAt": "string",
      "certificateExpiration": 0,
      "alertLevel": "WARN",
      "version": "string",
      "secret": "string"
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [Client] false read-only [A UKC new client]

ClientsUpdates

{
  "checkIp": false,
  "allowNat": false,
  "ipRange": "0.0.0.0/0"
}

Properties

Name Type Required Restrictions Description
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
ipRange string false none Client IP range

ConcatDerivationParams

{
  "data": "string",
  "isPrefix": true
}

Properties

Name Type Required Restrictions Description
data string true none Derivation data
isPrefix boolean false none True for prefix, false for suffix

DbBackup

{
  "id": "string",
  "state": "IN_PROGRESS",
  "error": "string",
  "date": "string",
  "file": "string",
  "pairHostnames": [
    "string"
  ],
  "version": "string",
  "digestDiff": {
    "diffRecords": [
      {
        "sectionDiff": "string",
        "entriesDiff": [
          {
            "objectType": "string",
            "digestSource": "string",
            "uid": "string",
            "name": "string",
            "partitionId": "string",
            "partitionName": "string",
            "version": "string",
            "detail": "string",
            "object type": "string",
            "digest source": "string",
            "partition id": "string",
            "partition name": "string"
          }
        ]
      }
    ]
  },
  "alertLevel": "WARN"
}

Properties

Name Type Required Restrictions Description
id string false none none
state string false none none
error string false none none
date string false none none
file string false none none
pairHostnames [string] false none none
version string false none none
digestDiff DigestDiff false none none
alertLevel string false read-only none

Enumerated Values

Property Value
state IN_PROGRESS
state PENDING_TEST
state TEST_SUCCESS
state TEST_FAILURE
state MANUAL_TEST
state GENERAL_FAILURE
state INVALID
alertLevel WARN

DbBackupListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "id": "string",
      "state": "IN_PROGRESS",
      "error": "string",
      "date": "string",
      "file": "string",
      "pairHostnames": [
        "string"
      ],
      "version": "string",
      "digestDiff": {
        "diffRecords": [
          {
            "sectionDiff": "string",
            "entriesDiff": [
              {
                "objectType": "string",
                "digestSource": "string",
                "uid": "string",
                "name": "string",
                "partitionId": "string",
                "partitionName": "string",
                "version": "string",
                "detail": "string",
                "object type": "string",
                "digest source": "string",
                "partition id": "string",
                "partition name": "string"
              }
            ]
          }
        ]
      },
      "alertLevel": "WARN"
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [DbBackup] false read-only none

DeTokenizeX

{
  "valueItems": [
    "string"
  ],
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string"
}

Properties

Name Type Required Restrictions Description
valueItems [string] true none Array of value items to tokenize
tweak string true none The operation parameters
dataType string true none The operation parameters
format string false none Format parameter

Enumerated Values

Property Value
dataType EMAIL
dataType SSN
dataType CREDIT_CARD
dataType US_PHONE
dataType STRING
dataType BOOLEAN
dataType SHORT
dataType INTEGER
dataType LONG
dataType FLOAT
dataType DOUBLE
dataType DECIMAL
dataType DATE
dataType TIME
dataType TIMESTAMP
dataType TOKEN

DeactivationInfo

{
  "revocationReason": "string",
  "message": "string"
}

Deactivated key info

Properties

Name Type Required Restrictions Description
revocationReason string false none none
message string false none none

DecryptData

{
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "cipher": {
    "cipherTextBase64": "string",
    "ivBase64": "string"
  },
  "outputEncoding": "PLAIN"
}

Input for a decrypt operation

Properties

Name Type Required Restrictions Description
aSymmetricParams AsymmetricCryptoParams false none none
symmetricParams SymmetricCryptoParams false none none
cipher Cipher true none Includes encrypted data
outputEncoding string false none the decrypted result encoding

Enumerated Values

Property Value
outputEncoding PLAIN
outputEncoding BASE64
outputEncoding HEX

Decryptx

{
  "encrypted": [
    {
      "cipherTextBase64": "string",
      "ivBase64": "string"
    }
  ],
  "params": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "outputEncoding": "PLAIN"
}

Input for multi decrypt operation

Properties

Name Type Required Restrictions Description
encrypted [Cipher] true none [Includes encrypted data]
params SymmetricCryptoParams false none none
outputEncoding string false none none

Enumerated Values

Property Value
outputEncoding PLAIN
outputEncoding BASE64
outputEncoding HEX

DeriveData

{
  "newGeneratedKey": {
    "keyId": "string",
    "keyIdEncoding": "PLAIN",
    "keyProperties": {
      "description": "string",
      "supportedOperations": [
        "SIGN"
      ],
      "trusted": false,
      "keyRotationInterval": 0,
      "exportType": "IN_PLAIN",
      "groups": [
        "string"
      ]
    },
    "keyStoreProperties": {
      "keyStoreName": "string",
      "keyStoreObjectId": "string",
      "byok": true
    },
    "activate": true,
    "activationDate": 0,
    "deactivationDate": 0,
    "keyFormat": {
      "type": "RSA",
      "size": "for RSA : {2048,3072,4096}",
      "curve": "P256",
      "offlineKeyParams": {
        "backup": "string",
        "paillierKey": "string",
        "paillierKeys": [
          "string"
        ]
      }
    }
  },
  "derivationMode": "CONCAT",
  "hash": "SHA1",
  "bipDerivationParams": {
    "childNumber": 0,
    "hardened": true
  },
  "concatDerivationParams": {
    "data": "string",
    "isPrefix": true
  }
}

Input for a derive operation

Properties

Name Type Required Restrictions Description
newGeneratedKey NewGeneratedKey true none none
derivationMode string true none Derivation Mode
hash string false none Hash algorithm
bipDerivationParams BipDerivationParams false none none
concatDerivationParams ConcatDerivationParams false none none

Enumerated Values

Property Value
derivationMode CONCAT
derivationMode HASH
derivationMode BIP
derivationMode EDDSA
hash SHA1
hash SHA256
hash SHA384
hash SHA512

DeriveKeyData

{
  "data": "string",
  "dataEncoding": "PLAIN",
  "size": 0
}

Properties

Name Type Required Restrictions Description
data string true none data
dataEncoding string false none data encoding
size integer(int32) false none key size

Enumerated Values

Property Value
dataEncoding PLAIN
dataEncoding BASE64
dataEncoding HEX

DetokenizeData

{
  "value": "string",
  "tweak": "string",
  "dataType": "EMAIL",
  "format": "string"
}

Properties

Name Type Required Restrictions Description
value string true none Value parameter
tweak string true none The operation parameters
dataType string true none The operation parameters
format string false none Format parameter

Enumerated Values

Property Value
dataType EMAIL
dataType SSN
dataType CREDIT_CARD
dataType US_PHONE
dataType STRING
dataType BOOLEAN
dataType SHORT
dataType INTEGER
dataType LONG
dataType FLOAT
dataType DOUBLE
dataType DECIMAL
dataType DATE
dataType TIME
dataType TIMESTAMP
dataType TOKEN

DetokenizeResponse

{
  "uid": "string",
  "tweak": "string",
  "value": "string"
}

Properties

Name Type Required Restrictions Description
uid string true none none
tweak string true none none
value string true none none

DiffEntry

{
  "objectType": "string",
  "digestSource": "string",
  "uid": "string",
  "name": "string",
  "partitionId": "string",
  "partitionName": "string",
  "version": "string",
  "detail": "string",
  "object type": "string",
  "digest source": "string",
  "partition id": "string",
  "partition name": "string"
}

Properties

Name Type Required Restrictions Description
objectType string false none none
digestSource string false none none
uid string false none none
name string false none none
partitionId string false none none
partitionName string false none none
version string false none none
detail string false none none
object type string false none none
digest source string false none none
partition id string false none none
partition name string false none none

DiffRecord

{
  "sectionDiff": "string",
  "entriesDiff": [
    {
      "objectType": "string",
      "digestSource": "string",
      "uid": "string",
      "name": "string",
      "partitionId": "string",
      "partitionName": "string",
      "version": "string",
      "detail": "string",
      "object type": "string",
      "digest source": "string",
      "partition id": "string",
      "partition name": "string"
    }
  ]
}

Properties

Name Type Required Restrictions Description
sectionDiff string false none none
entriesDiff [DiffEntry] false none none

DigestDiff

{
  "diffRecords": [
    {
      "sectionDiff": "string",
      "entriesDiff": [
        {
          "objectType": "string",
          "digestSource": "string",
          "uid": "string",
          "name": "string",
          "partitionId": "string",
          "partitionName": "string",
          "version": "string",
          "detail": "string",
          "object type": "string",
          "digest source": "string",
          "partition id": "string",
          "partition name": "string"
        }
      ]
    }
  ]
}

Properties

Name Type Required Restrictions Description
diffRecords [DiffRecord] false none none

ECCBipKeyInfo

{
  "level": "string",
  "childNumber": 0,
  "hardened": true,
  "chainCode": "string",
  "parentUid": "string",
  "parentFingerprint": 0
}

Properties

Name Type Required Restrictions Description
level string(byte) false read-only Level (0 for master)
childNumber integer(int32) false read-only child number
hardened boolean false read-only True if hardened
chainCode string false read-only BASE64 chain code
parentUid string false read-only the parent uid
parentFingerprint integer(int32) false read-only parent fingerprint (The first 32 bits of the identifier)

ECCKeyInfoType

{
  "curve": "P256",
  "ecPoint": "string",
  "eccBipKeyInfo": {
    "level": "string",
    "childNumber": 0,
    "hardened": true,
    "chainCode": "string",
    "parentUid": "string",
    "parentFingerprint": 0
  }
}

Details of ECC public key

Properties

Name Type Required Restrictions Description
curve string true none none
ecPoint string true none Encoded public key (EC point)
eccBipKeyInfo ECCBipKeyInfo true none none

Enumerated Values

Property Value
curve P256
curve P384
curve P521
curve SECP_256K_1

EncryptData

{
  "aSymmetricParams": {
    "padding": {
      "type": "RAW",
      "pss": {
        "mgf": "SHA1",
        "saltSize": 0
      },
      "oaep": {
        "mgf": "SHA1",
        "label": {
          "value": "string",
          "encoding": "PLAIN"
        }
      }
    },
    "hash": "SHA1"
  },
  "symmetricParams": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  },
  "clearText": "string",
  "dataEncoding": "PLAIN"
}

Input for encryption

Properties

Name Type Required Restrictions Description
aSymmetricParams AsymmetricCryptoParams false none none
symmetricParams SymmetricCryptoParams false none none
clearText string true none data to encrypt
dataEncoding string false none the input data encoding

Enumerated Values

Property Value
dataEncoding PLAIN
dataEncoding BASE64
dataEncoding HEX

Encryptx

{
  "clearTextItems": [
    "string"
  ],
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "ECB",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "aad": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 16
  }
}

Input for encryption of multiple values

Properties

Name Type Required Restrictions Description
clearTextItems [string] true none Array of clearText items to encrypt
dataEncoding string false none none
params SymmetricCryptoParams false none none

Enumerated Values

Property Value
dataEncoding PLAIN
dataEncoding BASE64
dataEncoding HEX

ExportedCertificate

{
  "certData": "string"
}

Properties

Name Type Required Restrictions Description
certData string false none none

ExtendedKeyUsage

{
  "keyUsages": [
    "string"
  ],
  "uid": "string",
  "isCritical": true
}

Certificate x509 extension

Properties

Name Type Required Restrictions Description
keyUsages [string] false none none
uid string true none Extension UID
isCritical boolean true none Is Extension Critical

Iv

{
  "value": "string",
  "encoding": "PLAIN"
}

Properties

Name Type Required Restrictions Description
value string true none Externally provided IV
encoding string false none none

Enumerated Values

Property Value
encoding PLAIN
encoding BASE64
encoding HEX

JWS

{
  "value": "eyJraWQiOiJpbnRlZ3JpdHkta2V5IiwiYWxnIjoiRVMyNTYifQ.eyJpZCI6InIxIiwidWlkIjoiMHgwMDY0MjczNWJmNDkyNDNiODciLCJvYmplY3RUeXBlIjoiUFJJVkFURV9LRVkiLCJrZXlGb3JtYXQiOnsidHlwZSI6IlJTQSIsInNpemUiOjIwNDh9LCJrZXlQcm9wZXJ0aWVzIjp7InRydXN0ZWQiOmZhbHNlLCJleHBvcnRUeXBlIjoiTk9OX0VYUE9SVEFCTEUiLCJncm91cHMiOlsiZGVmYXVsdCJdfSwibG9jYWwiOnRydWUsImhhc0NlcnRpZmljYXRlIjpmYWxzZSwic3RhdGUiOiJBQ1RJVkUiLCJzeW5jIjp0cnVlLCJyZXF1aXJlQXBwcm92YWwiOmZhbHNlLCJwa0luZm8iOnsicnNhIjp7InB1YmxpY0V4cG9uZW50IjoiNjU1MzciLCJtb2R1bHVzIjoiMDA6QkQ6MTA6MTc6ODI6QkM6M0U6Mjc6MDI6QUQ6RDI6Mjk6REI6ODQ6ODY6MTE6QjY6RDk6REM6MTA6QjU6M0I6QjU6QTM6NzA6OEY6MUU6QUE6Mzk6MkI6Njc6RTE6Nzk6NzM6RDc6QkU6OTA6RDY6REU6QjQ6REM6OUM6RjY6Nzc6MDg6MTA6RkQ6QzE6N0Y6Qzk6M0Y6RDQ6RTk6OTQ6MDM6NjM6Q0E6RDQ6NUI6NEE6MjE6QUU6Qzg6RjE6RkY6OTU6MzY6RDI6RDE6NzI6QUE6M0I6NEY6RUQ6MjA6MzI6RDk6NDc6QzM6NTk6NDI6MDk6NkI6RUU6Rjc6MjA6NUU6NTA6NjM6ODg6NkU6QzY6NzY6RjI6NjA6QUM6MTM6Mzc6MDE6NDM6NkU6Qzc6NDc6MjA6RTc6NjI6MzI6MjI6REQ6NDA6Qjk6MDk6MjI6M0U6RTc6QkY6NDU6MUM6NzY6OTg6QUM6Rjg6RTA6MjU6Qjg6RDY6NDQ6QTQ6RkM6N0I6Qjc6NkQ6RTc6REM6Q0I6OEM6NjU6MTA6RUM6QUE6RTU6Qzg6RUQ6Q0U6NzI6RUE6RDA6MjU6QjQ6OUQ6MkQ6QkI6REY6QjU6NUQ6QjQ6OTA6NUM6MDI6N0U6MEU6N0E6MjQ6QjM6Qzg6Qjg6RTc6QzM6RDg6NEU6ODI6OUE6NUQ6N0M6QkM6Mzk6MDg6MjA6Njg6NDc6NDc6Rjk6NDc6QkU6MzU6NkE6NUQ6NUQ6NkY6MUI6QTM6QjQ6MUY6QjU6Mjg6Njg6QjU6ODI6QkI6RDQ6NkI6RjQ6RTE6MzI6RDA6Qzg6M0I6MDU6QjA6MzE6RTA6NTQ6NEE6QjY6ODU6NkM6MUY6MkE6QkU6QjQ6MTQ6Q0M6NEE6Mjk6M0E6OEE6RTc6QUI6ODg6RDQ6RTg6OEY6QTE6NkI6RTQ6ODQ6N0Y6NUE6RjU6QzU6QjU6RUY6RDQ6REQ6Mjg6Njc6MjE6Qzg6QkU6OUY6Mzk6QzE6MTQ6Mzk6Q0Y6RDA6REIifX0sImNyZWF0ZWRBdCI6IjIwMTktMDMtMTFUMDg6MzM6NDdaIiwidXBkYXRlZEF0IjoiMjAxOS0wMy0xMVQwODozMzo0OFoifQ.OMsru0JgLra358guXW8jMgCgArlkHdeR0m2rbFLl4yIKLNjxt4TUv3q2IpdUKgeOvWsexBb3VT1TZQ7ON6Y3pA"
}

Properties

Name Type Required Restrictions Description
value string false read-only value

Job

{
  "initiator": "so@root",
  "id": "389323ee-3588-416e-94bd-f93ca815762e",
  "title": "string",
  "opName": "PARTITION_CONFIG_SET ",
  "createdAt": "string",
  "expiresAt": "string",
  "opParams": [
    {
      "key": "string",
      "value": "string",
      "description": "string",
      "type": "BOOLEAN",
      "defaultValue": "string",
      "min": 0,
      "max": 0,
      "unit": "SECONDS"
    }
  ],
  "response": "string",
  "approvedBy": [
    "string"
  ],
  "status": "PENDING_APPROVAL",
  "totalRequiredApprovals": 0
}

An asynchrounous job

Properties

Name Type Required Restrictions Description
initiator string false read-only none
id string false read-only none
title string false read-only none
opName string false read-only none
createdAt string false read-only none
expiresAt string false read-only none
opParams [KeyValueEntry] false read-only [Key value entry]
response string false read-only none
approvedBy [string] false read-only none
status string false read-only none
totalRequiredApprovals integer(int32) false read-only none

Enumerated Values

Property Value
status PENDING_APPROVAL
status PENDING_EXECUTION
status DONE
status EXPIRED

Key

{
  "keyData": "string"
}

Properties

Name Type Required Restrictions Description
keyData string false none base64 encoded key data

KeyFormat

{
  "type": "RSA",
  "size": "for RSA : {2048,3072,4096}",
  "curve": "P256",
  "offlineKeyParams": {
    "backup": "string",
    "paillierKey": "string",
    "paillierKeys": [
      "string"
    ]
  }
}

Properties

Name Type Required Restrictions Description
type string true none key type
size integer(int32) false none key size
curve string false none Required for ecliptic curve
offlineKeyParams OfflineKeyParams false none none

Enumerated Values

Property Value
type RSA
type ECC
type AES
type TDES
type HMAC
type SIV
type XTS
type PRF
type PWD
type LIMA
type EDDSA
type TOTSSeed
curve P256
curve P384
curve P521
curve SECP_256K_1

KeyInfo

{
  "id": "my-key",
  "uid": "0x00d78d6a396072e9a0",
  "isExternal": true,
  "objectType": "CERTIFICATE",
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  },
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "local": true,
  "hasCertificate": true,
  "certificateOnly": true,
  "state": "PREACTIVE",
  "isEnabled": true,
  "sync": true,
  "isFips": true,
  "requireApproval": true,
  "prev": "string",
  "next": "string",
  "nextKeyRotationTime": "string",
  "applicationInfos": [
    {
      "nameSpace": "string",
      "data": {
        "property1": {},
        "property2": {}
      }
    }
  ],
  "pkInfo": {
    "rsa": {
      "publicExponent": "string",
      "modulus": "string"
    },
    "ecc": {
      "curve": "P256",
      "ecPoint": "string",
      "eccBipKeyInfo": {
        "level": "string",
        "childNumber": 0,
        "hardened": true,
        "chainCode": "string",
        "parentUid": "string",
        "parentFingerprint": 0
      }
    }
  },
  "chain": [
    {
      "id": "my-certificate",
      "uid": "string",
      "sha1Thumbprint": "string",
      "subject": "string",
      "issuer": "string",
      "validFrom": "string",
      "validUntil": "string",
      "version": "V3",
      "serial": "185fb61e97f55b19",
      "signatureAlgorithm": "sha256RSA",
      "isCa": true,
      "isSelfSigned": true,
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "basicConstraints": {
        "uid": "string",
        "isCritical": true,
        "pathLen": 0,
        "isCa": true
      },
      "subjectKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string"
      },
      "authorityKeyIdentifier": {
        "uid": "string",
        "isCritical": true,
        "keyId": "string",
        "authNames": [
          "string"
        ],
        "serialNumber": "string"
      },
      "subjectAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "issuerAlternativeNames": {
        "names": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "extendedKeyUsage": {
        "keyUsages": [
          "string"
        ],
        "uid": "string",
        "isCritical": true
      },
      "signature": "string",
      "alertLevel": "WARN"
    }
  ],
  "chains": [
    [
      {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    ]
  ],
  "createdAt": "string",
  "updatedAt": "string",
  "activationDate": "string",
  "deactivationDate": "string",
  "compromiseDate": "string",
  "compromiseOccurrenceDate": "string",
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "alertLevel": "WARN",
  "deactivationInfo": {
    "revocationReason": "string",
    "message": "string"
  },
  "getdestroyDate": "string"
}

Key object details

Properties

Name Type Required Restrictions Description
id string false read-only key identifier label
uid string false read-only key identifier
isExternal boolean false read-only Is key is external
objectType string false read-only object type
keyFormat KeyFormat false none none
keyProperties KeyProperties false none none
local boolean false read-only True if this key was created inside UKC, false when imported
hasCertificate boolean false read-only True if this key has a matching certificate in UKC
certificateOnly boolean false read-only True if this certificate does not have a matching certificate in UKC
state string false read-only none
isEnabled boolean false read-only none
sync boolean false read-only This key is synchronized in within the UKC pair
isFips boolean false read-only This key created in FIPS mode
requireApproval boolean false read-only This key is requires partner approval for sign operations
prev string false read-only Does the key have previous key (created by Rekey operation)
next string false read-only Does the key have next key (created by Rekey operation)
nextKeyRotationTime string false read-only Next key rotation time
applicationInfos [ApplicationInfo] false read-only Application infos
pkInfo PKInfoType false none Properties of PKI key
chain [CertificateInfo] false read-only Private key (RSA/ECC) information
chains [array] false read-only Key chains
createdAt string false read-only Creation date
updatedAt string false read-only Last update date
activationDate string false read-only Activation date
deactivationDate string false read-only Deactivation date
compromiseDate string false read-only Compromise date
compromiseOccurrenceDate string false read-only Compromise occurrence date
keyStoreProperties KeyStoreProperties false none none
alertLevel string false read-only none
deactivationInfo DeactivationInfo false none Deactivated key info
getdestroyDate string false read-only Destroy date

Enumerated Values

Property Value
objectType CERTIFICATE
objectType PRIVATE_KEY
objectType SYMMETRIC
objectType PUBLIC_KEY
objectType SECRET_DATA
state PREACTIVE
state ACTIVE
state DEACTIVATED
state COMPROMISED
state DESTROYED
state DESTROYED_COMPROMISED
alertLevel WARN

KeyInfoListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "id": "my-key",
      "uid": "0x00d78d6a396072e9a0",
      "isExternal": true,
      "objectType": "CERTIFICATE",
      "keyFormat": {
        "type": "RSA",
        "size": "for RSA : {2048,3072,4096}",
        "curve": "P256",
        "offlineKeyParams": {
          "backup": "string",
          "paillierKey": "string",
          "paillierKeys": [
            "string"
          ]
        }
      },
      "keyProperties": {
        "description": "string",
        "supportedOperations": [
          "SIGN"
        ],
        "trusted": false,
        "keyRotationInterval": 0,
        "exportType": "IN_PLAIN",
        "groups": [
          "string"
        ]
      },
      "local": true,
      "hasCertificate": true,
      "certificateOnly": true,
      "state": "PREACTIVE",
      "isEnabled": true,
      "sync": true,
      "isFips": true,
      "requireApproval": true,
      "prev": "string",
      "next": "string",
      "nextKeyRotationTime": "string",
      "applicationInfos": [
        {
          "nameSpace": "string",
          "data": {
            "property1": {},
            "property2": {}
          }
        }
      ],
      "pkInfo": {
        "rsa": {
          "publicExponent": "string",
          "modulus": "string"
        },
        "ecc": {
          "curve": "P256",
          "ecPoint": "string",
          "eccBipKeyInfo": {
            "level": "string",
            "childNumber": 0,
            "hardened": true,
            "chainCode": "string",
            "parentUid": "string",
            "parentFingerprint": 0
          }
        }
      },
      "chain": [
        {
          "id": "my-certificate",
          "uid": "string",
          "sha1Thumbprint": "string",
          "subject": "string",
          "issuer": "string",
          "validFrom": "string",
          "validUntil": "string",
          "version": "V3",
          "serial": "185fb61e97f55b19",
          "signatureAlgorithm": "sha256RSA",
          "isCa": true,
          "isSelfSigned": true,
          "pkInfo": {
            "rsa": {
              "publicExponent": "string",
              "modulus": "string"
            },
            "ecc": {
              "curve": "P256",
              "ecPoint": "string",
              "eccBipKeyInfo": {
                "level": "string",
                "childNumber": 0,
                "hardened": true,
                "chainCode": "string",
                "parentUid": "string",
                "parentFingerprint": 0
              }
            }
          },
          "basicConstraints": {
            "uid": "string",
            "isCritical": true,
            "pathLen": 0,
            "isCa": true
          },
          "subjectKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string"
          },
          "authorityKeyIdentifier": {
            "uid": "string",
            "isCritical": true,
            "keyId": "string",
            "authNames": [
              "string"
            ],
            "serialNumber": "string"
          },
          "subjectAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "issuerAlternativeNames": {
            "names": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "extendedKeyUsage": {
            "keyUsages": [
              "string"
            ],
            "uid": "string",
            "isCritical": true
          },
          "signature": "string",
          "alertLevel": "WARN"
        }
      ],
      "chains": [
        [
          {
            "id": "my-certificate",
            "uid": "string",
            "sha1Thumbprint": "string",
            "subject": "string",
            "issuer": "string",
            "validFrom": "string",
            "validUntil": "string",
            "version": "V3",
            "serial": "185fb61e97f55b19",
            "signatureAlgorithm": "sha256RSA",
            "isCa": true,
            "isSelfSigned": true,
            "pkInfo": {
              "rsa": {
                "publicExponent": "string",
                "modulus": "string"
              },
              "ecc": {
                "curve": "P256",
                "ecPoint": "string",
                "eccBipKeyInfo": {
                  "level": "string",
                  "childNumber": 0,
                  "hardened": true,
                  "chainCode": "string",
                  "parentUid": "string",
                  "parentFingerprint": 0
                }
              }
            },
            "basicConstraints": {
              "uid": "string",
              "isCritical": true,
              "pathLen": 0,
              "isCa": true
            },
            "subjectKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string"
            },
            "authorityKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string",
              "authNames": [
                "string"
              ],
              "serialNumber": "string"
            },
            "subjectAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "issuerAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "extendedKeyUsage": {
              "keyUsages": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "signature": "string",
            "alertLevel": "WARN"
          }
        ]
      ],
      "createdAt": "string",
      "updatedAt": "string",
      "activationDate": "string",
      "deactivationDate": "string",
      "compromiseDate": "string",
      "compromiseOccurrenceDate": "string",
      "keyStoreProperties": {
        "keyStoreName": "string",
        "keyStoreObjectId": "string",
        "byok": true
      },
      "alertLevel": "WARN",
      "deactivationInfo": {
        "revocationReason": "string",
        "message": "string"
      },
      "getdestroyDate": "string"
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [KeyInfo] false read-only [Key object details]

KeyProperties

{
  "description": "string",
  "supportedOperations": [
    "SIGN"
  ],
  "trusted": false,
  "keyRotationInterval": 0,
  "exportType": "IN_PLAIN",
  "groups": [
    "string"
  ]
}

Properties

Name Type Required Restrictions Description
description string false none Description for the key
supportedOperations [string] false none Key supported operations
trusted boolean false none True if the key is trusted
keyRotationInterval integer(int32) false none Key rotation interval
exportType string false none The default value is IN_PLAIN for certificates and public keys. Otherwise, the default is NOT_EXPORTABLE.
groups [string] false none Key groups

Enumerated Values

Property Value
exportType IN_PLAIN
exportType WRAPPED
exportType WRAPPED_WITH_TRUSTED
exportType NON_EXPORTABLE

KeyStore

{
  "name": "string",
  "description": "string",
  "params": {
    "property1": {},
    "property2": {}
  },
  "endpoints": [
    {
      "url": "string",
      "certificateInfo": {
        "id": "my-certificate",
        "uid": "string",
        "sha1Thumbprint": "string",
        "subject": "string",
        "issuer": "string",
        "validFrom": "string",
        "validUntil": "string",
        "version": "V3",
        "serial": "185fb61e97f55b19",
        "signatureAlgorithm": "sha256RSA",
        "isCa": true,
        "isSelfSigned": true,
        "pkInfo": {
          "rsa": {
            "publicExponent": "string",
            "modulus": "string"
          },
          "ecc": {
            "curve": "P256",
            "ecPoint": "string",
            "eccBipKeyInfo": {
              "level": "string",
              "childNumber": 0,
              "hardened": true,
              "chainCode": "string",
              "parentUid": "string",
              "parentFingerprint": 0
            }
          }
        },
        "basicConstraints": {
          "uid": "string",
          "isCritical": true,
          "pathLen": 0,
          "isCa": true
        },
        "subjectKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string"
        },
        "authorityKeyIdentifier": {
          "uid": "string",
          "isCritical": true,
          "keyId": "string",
          "authNames": [
            "string"
          ],
          "serialNumber": "string"
        },
        "subjectAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "issuerAlternativeNames": {
          "names": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "extendedKeyUsage": {
          "keyUsages": [
            "string"
          ],
          "uid": "string",
          "isCritical": true
        },
        "signature": "string",
        "alertLevel": "WARN"
      }
    }
  ],
  "status": {
    "keyStoreCode": "STOPPED",
    "message": "string"
  }
}

Properties

Name Type Required Restrictions Description
name string false none Key store name
description string false none Key store description
params object false none Key store params
» additionalProperties object false none none
endpoints [KeyStoreEndpoint] false none Key store endpoints
status KeyStoreStatus false none none

KeyStoreEndpoint

{
  "url": "string",
  "certificateInfo": {
    "id": "my-certificate",
    "uid": "string",
    "sha1Thumbprint": "string",
    "subject": "string",
    "issuer": "string",
    "validFrom": "string",
    "validUntil": "string",
    "version": "V3",
    "serial": "185fb61e97f55b19",
    "signatureAlgorithm": "sha256RSA",
    "isCa": true,
    "isSelfSigned": true,
    "pkInfo": {
      "rsa": {
        "publicExponent": "string",
        "modulus": "string"
      },
      "ecc": {
        "curve": "P256",
        "ecPoint": "string",
        "eccBipKeyInfo": {
          "level": "string",
          "childNumber": 0,
          "hardened": true,
          "chainCode": "string",
          "parentUid": "string",
          "parentFingerprint": 0
        }
      }
    },
    "basicConstraints": {
      "uid": "string",
      "isCritical": true,
      "pathLen": 0,
      "isCa": true
    },
    "subjectKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string"
    },
    "authorityKeyIdentifier": {
      "uid": "string",
      "isCritical": true,
      "keyId": "string",
      "authNames": [
        "string"
      ],
      "serialNumber": "string"
    },
    "subjectAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "issuerAlternativeNames": {
      "names": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "extendedKeyUsage": {
      "keyUsages": [
        "string"
      ],
      "uid": "string",
      "isCritical": true
    },
    "signature": "string",
    "alertLevel": "WARN"
  }
}

Properties

Name Type Required Restrictions Description
url string false none Endpoint url
certificateInfo CertificateInfo false none Certificate public information

KeyStoreProperties

{
  "keyStoreName": "string",
  "keyStoreObjectId": "string",
  "byok": true
}

Properties

Name Type Required Restrictions Description
keyStoreName string true none Key store ID
keyStoreObjectId string false none Key store Object ID
byok boolean false none Is Byok

KeyStoreStatus

{
  "keyStoreCode": "STOPPED",
  "message": "string"
}

Properties

Name Type Required Restrictions Description
keyStoreCode string false none none
message string false none none

Enumerated Values

Property Value
keyStoreCode STOPPED
keyStoreCode UNREGISTERED
keyStoreCode RUNNING

KeyStoreUpdates

{
  "description": "string",
  "accessKeyId": "string",
  "secretKey": "string",
  "params": {
    "property1": {},
    "property2": {}
  }
}

Properties

Name Type Required Restrictions Description
description string false none description
accessKeyId string false none accessKeyId
secretKey string false none secretKey
params object false none params
» additionalProperties object false none none

KeyUpdates

{
  "id": "string",
  "description": "string",
  "groups": [
    "string"
  ],
  "activationDate": 0,
  "deactivationDate": 0
}

Properties

Name Type Required Restrictions Description
id string false none Key ID
description string false none Key description
groups [string] false none Key groups
activationDate integer(int64) false read-only Activation date
deactivationDate integer(int64) false read-only Deactivation date

KeyValueEntry

{
  "key": "string",
  "value": "string",
  "description": "string",
  "type": "BOOLEAN",
  "defaultValue": "string",
  "min": 0,
  "max": 0,
  "unit": "SECONDS"
}

Key value entry

Properties

Name Type Required Restrictions Description
key string true none none
value string true none none
description string false read-only quorum timeout
type string false read-only value type
defaultValue string false read-only default value
min integer(int32) false read-only minimum value
max integer(int32) false read-only maximum value
unit string false read-only unit type

Enumerated Values

Property Value
type BOOLEAN
type TEXT
type INTEGER
type ARRAY
type MAP
type CERTIFICATE
type POLICY
unit SECONDS
unit MINUTES
unit HOURS
unit DAYS
unit MONTHS
unit YEARS
unit CHARACTERS
unit MILLIS

KeystoreListResponse

{
  "totalItems": 0,
  "limit": 0,
  "skip": 0,
  "items": [
    {
      "name": "string",
      "description": "string",
      "params": {
        "property1": {},
        "property2": {}
      },
      "endpoints": [
        {
          "url": "string",
          "certificateInfo": {
            "id": "my-certificate",
            "uid": "string",
            "sha1Thumbprint": "string",
            "subject": "string",
            "issuer": "string",
            "validFrom": "string",
            "validUntil": "string",
            "version": "V3",
            "serial": "185fb61e97f55b19",
            "signatureAlgorithm": "sha256RSA",
            "isCa": true,
            "isSelfSigned": true,
            "pkInfo": {
              "rsa": {
                "publicExponent": "string",
                "modulus": "string"
              },
              "ecc": {
                "curve": "P256",
                "ecPoint": "string",
                "eccBipKeyInfo": {
                  "level": "string",
                  "childNumber": 0,
                  "hardened": true,
                  "chainCode": "string",
                  "parentUid": "string",
                  "parentFingerprint": 0
                }
              }
            },
            "basicConstraints": {
              "uid": "string",
              "isCritical": true,
              "pathLen": 0,
              "isCa": true
            },
            "subjectKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string"
            },
            "authorityKeyIdentifier": {
              "uid": "string",
              "isCritical": true,
              "keyId": "string",
              "authNames": [
                "string"
              ],
              "serialNumber": "string"
            },
            "subjectAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "issuerAlternativeNames": {
              "names": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "extendedKeyUsage": {
              "keyUsages": [
                "string"
              ],
              "uid": "string",
              "isCritical": true
            },
            "signature": "string",
            "alertLevel": "WARN"
          }
        }
      ],
      "status": {
        "keyStoreCode": "STOPPED",
        "message": "string"
      }
    }
  ]
}

Properties

Name Type Required Restrictions Description
totalItems integer(int32) false read-only none
limit integer(int32) false read-only none
skip integer(int32) false read-only none
items [KeyStore] false read-only none

Label

{
  "value": "string",
  "encoding": "PLAIN"
}

Properties

Name Type Required Restrictions Description
value string true none none
encoding string false none none

Enumerated Values

Property Value
encoding PLAIN
encoding BASE64
encoding HEX

MACSignData

{
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "GMAC",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 0
  }
}

Input for MAC operation

Properties

Name Type Required Restrictions Description
data string true none data
dataEncoding string false none data encoding
params MacCryptoParams false none none

Enumerated Values

Property Value
dataEncoding PLAIN
dataEncoding BASE64
dataEncoding HEX

MACVerifyData

{
  "data": "string",
  "dataEncoding": "PLAIN",
  "params": {
    "mode": "GMAC",
    "iv": {
      "value": "string",
      "encoding": "PLAIN"
    },
    "tagLength": 0
  },
  "mac": {
    "mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
    "ivBase64": "string"
  }
}

Includes data used for MAC verification

Properties

Name Type Required Restrictions Description
data string true none data
dataEncoding string false none data encoding
params MacCryptoParams false none none
mac Mac true none none

Enumerated Values

Property Value
dataEncoding PLAIN
dataEncoding BASE64
dataEncoding HEX

Mac

{
  "mac": "c2Rmc2FkZmFzZGZhIHNkZmFzZGZzMjM0MjM0MzQyIGRmIGFzZGZhIDMz",
  "ivBase64": "string"
}

Properties

Name Type Required Restrictions Description
mac string false none none
ivBase64 string false none base64 encoded Initialize Vector

MacCryptoParams

{
  "mode": "GMAC",
  "iv": {
    "value": "string",
    "encoding": "PLAIN"
  },
  "tagLength": 0
}

Properties

Name Type Required Restrictions Description
mode string false none Mode of operation
iv Iv false none none
tagLength integer(int32) false none none

Enumerated Values

Property Value
mode GMAC
mode CMAC
mode X919_3DES_MAC
mode HMAC_SHA1
mode HMAC_SHA256
mode HMAC_SHA384
mode HMAC_SHA512

NewAndExistingPassword

{
  "existingPassword": "string",
  "newPassword": "string"
}

New And Existing Password

Properties

Name Type Required Restrictions Description
existingPassword string true none The existing user password
newPassword string true none The new password

NewCertificate

{
  "id": "string",
  "partition": "~.departmentA",
  "data": "string",
  "password": "string",
  "importCa": true
}

Properties

Name Type Required Restrictions Description
id string true none The ID (also denoted name/label/alias) for the certificate
partition string true none the parent partition for the certificate
data string true none base64 encoded certificate data, all standard formats are supported, format is automatically detected
password string false none Used if format is password protected
importCa boolean false none Import CA certificate if exists in input data

NewCertificateRequest

{
  "certId": "mycertificate",
  "request": {
    "subject": "string",
    "keyType": "RSA",
    "size": 0,
    "curve": "P256",
    "validity": 365,
    "extensions": {
      "uid": "string",
      "isCritical": true
    }
  }
}

Properties

Name Type Required Restrictions Description
certId string false none The ID for the new certificate
request CertificateRequest false none Certificate request information

NewClient

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "activationCodeValidity": 20,
  "isTemplate": false,
  "activationCodeLength": 10,
  "ipRange": "0.0.0.0/0",
  "certificateExpiration": 1578240
}

Properties

Name Type Required Restrictions Description
name string true none Client name
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
expiration integer(int32) false none Client expiration in minutes
activationCodeValidity integer(int32) false none Client activation code validity in minutes
isTemplate boolean false none Is client is a template client or not
activationCodeLength integer(int32) false none Client activation code length (digits)
ipRange string false none Client IP range
certificateExpiration integer(int32) false none Client certificate validity in minutes

NewClientWithCertificate

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "alternativeNames": "{client-ip,client-name}",
  "pfxPassword": "string",
  "csr": "MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh\nMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMR8w\nHQYDVQQLExZJbmZvcm1hdGlvbiBUZWNobm9sb2d5MRcwFQYDVQQDEw53d3cuZ29v\nZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApZtYJCHJ4VpVXHfV\nIlstQTlO4qC03hjX+ZkPyvdYd1Q4+qbAeTwXmCUKYHThVRd5aXSqlPzyIBwieMZr\nWFlRQddZ1IzXAlVRDWwAo60KecqeAXnnUK+5fXoTI/UgWshre8tJ+x/TMHaQKR/J\ncIWPhqaQhsJuzZbvAdGA80BLxdMCAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4GBAIhl\n4PvFq+e7ipARgI5ZM+GZx6mpCz44DTo0JkwfRDf+BtrsaC0q68eTf2XhYOsq4fkH\nQ0uA0aVog3f5iJxCa3Hp5gxbJQ6zV6kJ0TEsuaaOhEko9sdpCoPOnRBm2i/XRD2D\n6iNh8f8z0ShGsFqjDgFHyF3o+lUyj+UC6H1QW7bn",
  "publicKey": "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQMDMgAE+Y+qPqI3geo2hQH8eK7Rn+YWG09T\nejZ5QFoj9fmxFrUyYhFap6XmTdJtEi8myBmW",
  "certificateExpiration": 1578240
}

Properties

Name Type Required Restrictions Description
name string true none Client name
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
expiration integer(int32) false none Client expiration in minutes
alternativeNames [string] false none Client alternative names
pfxPassword string false none The new client PFX password
csr string false none The new client Base64 encoded Certificate Request
publicKey string false none The new client Base64 encoded ECC Public Key
certificateExpiration integer(int32) false none Client certificate validity in minutes

NewClientWithSecret

{
  "name": "client-name",
  "checkIp": false,
  "allowNat": false,
  "expiration": 1578240,
  "ipRange": "0.0.0.0/0",
  "grantTypes": [
    "CLIENT_CREDENTIALS"
  ]
}

Properties

Name Type Required Restrictions Description
name string true none Client name
checkIp boolean false none Enforce client ip verification
allowNat boolean false none Allow client use NAT
expiration integer(int32) false none Client expiration in minutes
ipRange string false none Client IP range
grantTypes [string] false none Client grant types

NewGeneratedKey

{
  "keyId": "string",
  "keyIdEncoding": "PLAIN",
  "keyProperties": {
    "description": "string",
    "supportedOperations": [
      "SIGN"
    ],
    "trusted": false,
    "keyRotationInterval": 0,
    "exportType": "IN_PLAIN",
    "groups": [
      "string"
    ]
  },
  "keyStoreProperties": {
    "keyStoreName": "string",
    "keyStoreObjectId": "string",
    "byok": true
  },
  "activate": true,
  "activationDate": 0,
  "deactivationDate": 0,
  "keyFormat": {
    "type": "RSA",
    "size": "for RSA : {2048,3072,4096}",
    "curve": "P256",
    "offlineKeyParams": {
      "backup": "string",
      "paillierKey": "string",
      "paillierKeys": [
        "string"
      ]
    }
  }
}

Properties

Name Type Required Restrictions Description
keyId string true none An ID for the new key
keyIdEncoding string false read-only Encoding for the new key ID
keyProperties KeyProperties false none none
keyStoreProperties KeyStoreProperties false none none
activate boolean false none Activate the key
activationDate integer(int64) false none Activation date
deactivationDate integer(int64) false none Deactivation date
keyFormat KeyFormat true none none

Enumerated Values

Property Value
keyIdEncoding PLAIN
keyIdEncoding BASE64
keyIdEncoding HEX

NewGeneratedSecret

{
  "id": "mySecret1",
  "description": "string",
  "groups": [
    "string"
  ]
}

Properties

Name Type Required Restrictions Description
id string true none An identifier/label for the secret data
description string false none The secret description
groups [string] false none Secret groups

NewKeyStore

{
  "name": "string",
  "description": "string",
  "accessKeyId": "string",
  "secretKey": "string",
  "params": {
    "property1": {},
    "property2": {}
  }
}

Properties

Name Type Required Restrictions Description
name string true none Key store name
description string false none Key store description
accessKeyId string true none Key store accessKeyId
secretKey string true none Key store secretKey
params object true none Key store params
» additionalProperties object false none none

NewLinkedKey

{
  "keyStoreName": "string",
  "keyStoreObjectId": "string",
  "activate": true,
  "groups": [
    "string"
  ],
  "keyRotationInterval": 0,
  "activationDate": 0,
  "deactivationDate": 0
}

Properties

Name Type Required Restrictions Description
keyStoreName string true none Key store ID
keyStoreObjectId string true none Key store Object ID
activate boolean false none Activate the key
groups [string] false none Key groups
keyRotationInterval integer(int32) false none Key rotation interval
activationDate integer(int64) false none Activation date
deactivationDate integer(int64) false none Deactivation date

NewPair

{
  "entryPoint": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  },
  "partner": {
    "host": "ip or fqdn",
    "port": 8443,
    "newServerCertificate": {
      "certificate": "string",
      "certificateFingerprint": "string",
      "certificateInfo": "string"
    }
  }
}

A UKC pair

Properties

Name Type Required Restrictions Description
entryPoint NewServer true none An UKC New Server
partner NewServer true none An UKC New Server

NewPartition

{
  "name": "string",
  "soPassword": "string",
  "newClient": {
    "name": "client-name",
    "checkIp": false,
    "allowNat": false,
    "expiration": 1578240,
    "alternativeNames": "{client-ip,client-name}",
    "pfxPass