DeviceConfig - HTTP API
Table of contents:
Assuming that you have the proper access rights, in order to create a packaging, encryption, or signing task you first need to create a device configuration and reference it when creating the task.
Find more information on what access rights are needed for which operation at S&E Access Control Lists.
This API allows you to manage cryptographic configurations for devices consisting of encryption and signing data i.e. through it you specify how the encryption has to be done.
Create a new device crypto configuration
To be able to use this endpoint you need an ACL rule with action CREATE for DEVICE_CONFIG.
From the DeviceConfigTask API tab open the POST /api/v1/deviceConfig endpoint.
Click Try it out.
Fill in the tenant header in the X-SE-TENANT field.
Fill in the Request body with:
the appropriate subjects with an "id" and "type" value as part of each needed ACL action e.g. APPROVE, USE etc.
Add "GROUP" as "type" when using the IdM role as "id", and "CLIENT" when using the Client ID.
the encryption and signing algorithm with a user-friendly name for each key.
You have the possibility to add multiple encryption and signing keys, but a task will always use the first one added.
if required by the specific algorithm add a reference as a string.
To check whether a specific algorithm requires a reference go through the steps at Get available encryption or signing algorithms.
Click Execute.
A successful response with 201 code will have status CREATED and will return the device configuration information.
It will be useful to copy the configId from the response as it will be needed in other operations.
Keep in mind that for the time being Device configurations cannot be deleted.
Get a device configuration
Open the endpoint to GET /api/v1/deviceConfig/{configId}.
Click Try it out.
Fill in the configId from the response body of your previous call.
Another option would be to get all device configurations via GET /api/v1/deviceConfig.
Fill in the tenant header in the X-SE-TENANT field.
Click Execute.
A successful response with 200 code will return the device configuration information.
Get available encryption or signing algorithms
To be able to use this endpoint you need an ACL rule with action CREATE for DEVICE_CONFIG.
Retrieves information about the supported encryption and signing algorithms and whether they require a reference upon creation or not.
Open one of the following self-explanatory endpoints, depending on whether you need to:
GET /api/v1/deviceConfig/availableEncryptionAlgorithms - get the available signing algorithms.
GET /api/v1/deviceConfig/availableSigningAlgorithms - get the available encryption algorithms.
Click Try it out.
Fill in the tenant header in the X-SE-TENANT field.
Click Execute.
A successful response with 200 code will return the specific algorithm and whether a reference for this algorithm is MANDATORY , OPTIONAL or UNSUPPORTED .
Download the CERT of a signing key from a device configuration
Open the endpoint GET /api/v1/deviceConfig/{configId}/download/certificate/{signingKeyId}.
Click Try it out.
Fill in the configId of the device configuration.
Fill in the signingKeyId.
Fill in the tenant header in the X-SE-TENANT field.
Click Execute.
A successful response with 200 code will return the public CERT and key as a .pem file
Download an encryption key from a device configuration
Open endpoint GET /api/v1/deviceConfig/{configId}/download/encryptionKey/{keyId}
Click Try it out.
Fill in the configId of the device configuration.
Fill in the keyId.
Fill in the tenant header in the X-SE-TENANT field.
Click Execute.
A successful response with 200 code will return the encryption key binary.