SmartKey REST API

This is a set of REST APIs for accessing the Equinix SmartKey powered by Fortanix. This includes APIs for managing accounts, and for performing cryptographic and key management operations. Note that the U.S. API endpoint is api.amer.smartkey.io, the E.U API endpoint is api.eu.smartkey.io, and the U.K. API endpoint is api.uk.smartkey.io.

Watch the video on creating a service.

Access

  1. HTTP Basic Authentication
  2. APIKey KeyParamName:Authorization KeyInQuery:false KeyInHeader:true

Methods

[ Jump to Models ]

Accounts

ApprovalRequests

Apps

Authentication

Child Accounts

Child Account Users

Digest

EncryptionAndDecryption

Groups

Logs

Plugins

SecurityObjects

SignAndVerify

TwoFactorAuthentication

Users

WrappingAndUnwrapping

Accounts

Up  
post /sys/v1/accounts
Create a new account (createAccount)
Create a new account with the specified properties.

Request body

body AccountRequest (required)
Body Parameter — Properties to assign to Account.

Return type

Example data

Content-Type: application/json
{
  "logging_configs" : {
    "key" : {
      "splunk" : {
        "port" : 0,
        "host" : "host",
        "index" : "index",
        "tls" : {
          "mode" : { },
          "validate_hostname" : true,
          "ca" : {
            "ca_set" : "global_roots",
            "pinned" : [ "pinned", "pinned" ]
          }
        },
        "enabled" : true
      },
      "stackdriver" : {
        "log_id" : "log_id",
        "service_account_key" : {
          "private_key_id" : "private_key_id",
          "project_id" : "project_id",
          "client_email" : "client_email",
          "private_key" : "private_key",
          "type" : "type"
        },
        "enabled" : true
      }
    }
  },
  "country" : "country",
  "auth_type" : { },
  "description" : "description",
  "created_at" : "created_at",
  "subscription" : { },
  "enabled" : true,
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "acct_id" : "acct_id",
  "pending_subscription_change_request" : {
    "contact" : "contact",
    "comment" : "comment"
  },
  "phone" : "phone",
  "organization" : "organization",
  "name" : "name",
  "initial_purchase_at" : "initial_purchase_at",
  "notification_pref" : { },
  "state" : { },
  "auth_config" : {
    "password" : {
      "require_2fa" : true,
      "administrators_only" : true
    },
    "saml" : "saml"
  }
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

An account Account

default

Unexpected error Error

Up
delete /sys/v1/accounts/{account-id}
Delete account (deleteAccount)
Remove an account from SmartKey.

Path parameters

account-id (required)
Path Parameter — Account Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
get /sys/v1/accounts/{account-id}
Get a specific account (getAccount)
Look up an account by account ID.

Path parameters

account-id (required)
Path Parameter — Account Identifier

Return type

Example data

Content-Type: application/json
{
  "logging_configs" : {
    "key" : {
      "splunk" : {
        "port" : 0,
        "host" : "host",
        "index" : "index",
        "tls" : {
          "mode" : { },
          "validate_hostname" : true,
          "ca" : {
            "ca_set" : "global_roots",
            "pinned" : [ "pinned", "pinned" ]
          }
        },
        "enabled" : true
      },
      "stackdriver" : {
        "log_id" : "log_id",
        "service_account_key" : {
          "private_key_id" : "private_key_id",
          "project_id" : "project_id",
          "client_email" : "client_email",
          "private_key" : "private_key",
          "type" : "type"
        },
        "enabled" : true
      }
    }
  },
  "country" : "country",
  "auth_type" : { },
  "description" : "description",
  "created_at" : "created_at",
  "subscription" : { },
  "enabled" : true,
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "acct_id" : "acct_id",
  "pending_subscription_change_request" : {
    "contact" : "contact",
    "comment" : "comment"
  },
  "phone" : "phone",
  "organization" : "organization",
  "name" : "name",
  "initial_purchase_at" : "initial_purchase_at",
  "notification_pref" : { },
  "state" : { },
  "auth_config" : {
    "password" : {
      "require_2fa" : true,
      "administrators_only" : true
    },
    "saml" : "saml"
  }
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An account Account

default

Unexpected error Error

Up
get /sys/v1/accounts
Get all accounts (getAccounts)
Get detailed information on all accounts the current user has access to.

Return type

array[Account]

Example data

Content-Type: application/json
[ {
  "logging_configs" : {
    "key" : {
      "splunk" : {
        "port" : 0,
        "host" : "host",
        "index" : "index",
        "tls" : {
          "mode" : { },
          "validate_hostname" : true,
          "ca" : {
            "ca_set" : "global_roots",
            "pinned" : [ "pinned", "pinned" ]
          }
        },
        "enabled" : true
      },
      "stackdriver" : {
        "log_id" : "log_id",
        "service_account_key" : {
          "private_key_id" : "private_key_id",
          "project_id" : "project_id",
          "client_email" : "client_email",
          "private_key" : "private_key",
          "type" : "type"
        },
        "enabled" : true
      }
    }
  },
  "country" : "country",
  "auth_type" : { },
  "description" : "description",
  "created_at" : "created_at",
  "subscription" : { },
  "enabled" : true,
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "acct_id" : "acct_id",
  "pending_subscription_change_request" : {
    "contact" : "contact",
    "comment" : "comment"
  },
  "phone" : "phone",
  "organization" : "organization",
  "name" : "name",
  "initial_purchase_at" : "initial_purchase_at",
  "notification_pref" : { },
  "state" : { },
  "auth_config" : {
    "password" : {
      "require_2fa" : true,
      "administrators_only" : true
    },
    "saml" : "saml"
  }
}, {
  "logging_configs" : {
    "key" : {
      "splunk" : {
        "port" : 0,
        "host" : "host",
        "index" : "index",
        "tls" : {
          "mode" : { },
          "validate_hostname" : true,
          "ca" : {
            "ca_set" : "global_roots",
            "pinned" : [ "pinned", "pinned" ]
          }
        },
        "enabled" : true
      },
      "stackdriver" : {
        "log_id" : "log_id",
        "service_account_key" : {
          "private_key_id" : "private_key_id",
          "project_id" : "project_id",
          "client_email" : "client_email",
          "private_key" : "private_key",
          "type" : "type"
        },
        "enabled" : true
      }
    }
  },
  "country" : "country",
  "auth_type" : { },
  "description" : "description",
  "created_at" : "created_at",
  "subscription" : { },
  "enabled" : true,
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "acct_id" : "acct_id",
  "pending_subscription_change_request" : {
    "contact" : "contact",
    "comment" : "comment"
  },
  "phone" : "phone",
  "organization" : "organization",
  "name" : "name",
  "initial_purchase_at" : "initial_purchase_at",
  "notification_pref" : { },
  "state" : { },
  "auth_config" : {
    "password" : {
      "require_2fa" : true,
      "administrators_only" : true
    },
    "saml" : "saml"
  }
} ]

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An array of accounts

default

Unexpected error Error

Up
patch /sys/v1/accounts/{account-id}
Update account (updateAccount)
Update the properties of an account. Only certain properties may be changed with this API.

Path parameters

account-id (required)
Path Parameter — Account Identifier

Request body

body AccountRequest (required)
Body Parameter — Properties to assign to Account.

Return type

Example data

Content-Type: application/json
{
  "logging_configs" : {
    "key" : {
      "splunk" : {
        "port" : 0,
        "host" : "host",
        "index" : "index",
        "tls" : {
          "mode" : { },
          "validate_hostname" : true,
          "ca" : {
            "ca_set" : "global_roots",
            "pinned" : [ "pinned", "pinned" ]
          }
        },
        "enabled" : true
      },
      "stackdriver" : {
        "log_id" : "log_id",
        "service_account_key" : {
          "private_key_id" : "private_key_id",
          "project_id" : "project_id",
          "client_email" : "client_email",
          "private_key" : "private_key",
          "type" : "type"
        },
        "enabled" : true
      }
    }
  },
  "country" : "country",
  "auth_type" : { },
  "description" : "description",
  "created_at" : "created_at",
  "subscription" : { },
  "enabled" : true,
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "acct_id" : "acct_id",
  "pending_subscription_change_request" : {
    "contact" : "contact",
    "comment" : "comment"
  },
  "phone" : "phone",
  "organization" : "organization",
  "name" : "name",
  "initial_purchase_at" : "initial_purchase_at",
  "notification_pref" : { },
  "state" : { },
  "auth_config" : {
    "password" : {
      "require_2fa" : true,
      "administrators_only" : true
    },
    "saml" : "saml"
  }
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Updated account Account

default

Unexpected error Error

ApprovalRequests

Up
post /sys/v1/approval_requests/{request-id}/approve
Approve a request. (approve)

Path parameters

request-id (required)
Path Parameter — Approval Request Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /sys/v1/approval_requests
Create approval request (createApprovalRequest)

Request body

body ApprovalRequestRequest (required)
Body Parameter — Request to create an approval request.

Return type

Example data

Content-Type: application/json
{
  "requester" : {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  },
  "method" : "method",
  "subjects" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "group" : "group",
    "sobject" : "sobject"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "group" : "group",
    "sobject" : "sobject"
  } ],
  "created_at" : "created_at",
  "approvers" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  } ],
  "description" : "description",
  "body" : "{}",
  "reviewers" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  } ],
  "denier" : {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  },
  "acct_id" : "acct_id",
  "expiry" : "expiry",
  "request_id" : "request_id",
  "operation" : "operation",
  "status" : { }
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created approval request. ApprovalRequest

default

Unexpected error Error

Up
delete /sys/v1/approval_requests/{request-id}
Delete an approval request. (deleteApprovalRequest)

Path parameters

request-id (required)
Path Parameter — Approval Request Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /sys/v1/approval_requests/{request-id}/deny
Deny a request. (deny)

Path parameters

request-id (required)
Path Parameter — Approval Request Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
get /sys/v1/approval_requests/{request-id}
Get an approval request. (getApprovalRequest)
Get the details and status of a particular approval request.

Path parameters

request-id (required)
Path Parameter — Approval Request Identifier

Return type

Example data

Content-Type: application/json
{
  "requester" : {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  },
  "method" : "method",
  "subjects" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "group" : "group",
    "sobject" : "sobject"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "group" : "group",
    "sobject" : "sobject"
  } ],
  "created_at" : "created_at",
  "approvers" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  } ],
  "description" : "description",
  "body" : "{}",
  "reviewers" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  } ],
  "denier" : {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  },
  "acct_id" : "acct_id",
  "expiry" : "expiry",
  "request_id" : "request_id",
  "operation" : "operation",
  "status" : { }
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Details about the specified approval request. ApprovalRequest

default

Unexpected error Error

Up
get /sys/v1/approval_requests
Get all approval requests (getApprovalRequests)

Query parameters

requester (optional)
Query Parameter — Only retrieve approval requests with the specified requester ID
reviewer (optional)
Query Parameter — Only retrieve approval requests with the specified reviewer ID
subject (optional)
Query Parameter — Only retrieve approval requests with the specified subject ID
status (optional)
Query Parameter — Only retrieve approval requests with the specified approval status

Return type

Example data

Content-Type: application/json
[ {
  "requester" : {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  },
  "method" : "method",
  "subjects" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "group" : "group",
    "sobject" : "sobject"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "group" : "group",
    "sobject" : "sobject"
  } ],
  "created_at" : "created_at",
  "approvers" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  } ],
  "description" : "description",
  "body" : "{}",
  "reviewers" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  } ],
  "denier" : {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  },
  "acct_id" : "acct_id",
  "expiry" : "expiry",
  "request_id" : "request_id",
  "operation" : "operation",
  "status" : { }
}, {
  "requester" : {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  },
  "method" : "method",
  "subjects" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "group" : "group",
    "sobject" : "sobject"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "group" : "group",
    "sobject" : "sobject"
  } ],
  "created_at" : "created_at",
  "approvers" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  } ],
  "description" : "description",
  "body" : "{}",
  "reviewers" : [ {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  }, {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  } ],
  "denier" : {
    "app" : "app",
    "plugin" : "plugin",
    "user" : "user"
  },
  "acct_id" : "acct_id",
  "expiry" : "expiry",
  "request_id" : "request_id",
  "operation" : "operation",
  "status" : { }
} ]

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An array of approval requests

default

Unexpected error Error

Up
post /sys/v1/approval_requests/{request-id}/result
Get the result for an approved or failed request. (getResult)

Path parameters

request-id (required)
Path Parameter — Approval Request Identifier

Return type

Example data

Content-Type: application/json
{
  "body" : "{}",
  "status" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Result of an approval request ApprovableResult

default

Unexpected error Error

Apps

Up
post /sys/v1/apps
Create a new application (createApp)
Create a new application with the specified properties.

Request body

body AppRequest (required)
Body Parameter — Properties of application to create

Return type

Example data

Content-Type: application/json
{
  "auth_type" : { },
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "app_type" : "app_type",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "interface" : "interface",
  "default_group" : "default_group",
  "enabled" : true,
  "acct_id" : "acct_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "app_id" : "app_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

An application App

default

Unexpected error Error

Up
delete /sys/v1/apps/{app-id}
Delete application (deleteApp)
Remove an application from SmartKey.

Path parameters

app-id (required)
Path Parameter — Application Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
get /sys/v1/apps/{app-id}
Get a specific application (getApp)
Look up an application by application ID.

Path parameters

app-id (required)
Path Parameter — Application Identifier

Return type

Example data

Content-Type: application/json
{
  "auth_type" : { },
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "app_type" : "app_type",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "interface" : "interface",
  "default_group" : "default_group",
  "enabled" : true,
  "acct_id" : "acct_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "app_id" : "app_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An application App

default

Unexpected error Error

Up
get /sys/v1/apps
Get all applications (getApps)
Get details of all applications the current user has access to.

Query parameters

group_id (optional)
Query Parameter — Only retrieve applications in the specified group.
sort (optional)
Query Parameter — This specifies the property (app_id only, for now) and order (ascending or descending) with which to sort the apps. By default, apps are sorted by app_id in ascending order. The syntax is ":[asc|desc]" (e.g. "app_id:desc") or just "" (ascending order by default).
start (optional)
Query Parameter — If provided, this must be a value of the property specified in sort. Returned apps will begin just above or just below this value (for asc/desc order resp.).
limit (optional)
Query Parameter — Maximum number of apps to return. If not provided, the limit is 100.
offset (optional)
Query Parameter — Number of apps past start to skip.

Return type

array[App]

Example data

Content-Type: application/json
[ {
  "auth_type" : { },
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "app_type" : "app_type",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "interface" : "interface",
  "default_group" : "default_group",
  "enabled" : true,
  "acct_id" : "acct_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "app_id" : "app_id"
}, {
  "auth_type" : { },
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "app_type" : "app_type",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "interface" : "interface",
  "default_group" : "default_group",
  "enabled" : true,
  "acct_id" : "acct_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "app_id" : "app_id"
} ]

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An array of applications

default

Unexpected error Error

Up
get /sys/v1/apps/{app-id}/credential
Get a specific application's credential (getCredential)
Retrieve the authentication credential (API key or certificate) for a particular application. Only users who are an administrator of at least one of the application's groups can retrieve the credential.

Path parameters

app-id (required)
Path Parameter — Application Identifier

Return type

Example data

Content-Type: application/json
{
  "credential" : {
    "certificate" : "certificate",
    "secret" : "secret"
  },
  "app_id" : "app_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An application's credential AppCredentialResponse

default

Unexpected error Error

Up
post /sys/v1/apps/{app-id}/reset_secret
Regenerate API key (regenerateApiKey)
Create a new API key for an application. An application may only have one valid API key at a time, so performing this action will invalidate all old API keys. This does not invalidate existing sessions, so any applications with an existing open session will be able to continue operating with their old session until those sessions expire.

Path parameters

app-id (required)
Path Parameter — Application Identifier

Request body

body AppResetSecretRequest (required)
Body Parameter — Decryption request

Return type

Example data

Content-Type: application/json
{
  "auth_type" : { },
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "app_type" : "app_type",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "interface" : "interface",
  "default_group" : "default_group",
  "enabled" : true,
  "acct_id" : "acct_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "app_id" : "app_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An application App

default

Unexpected error Error

Up
patch /sys/v1/apps/{app-id}
Update an application (updateApp)
Change an application's properties, such as name, description, or group membership.

Path parameters

app-id (required)
Path Parameter — Application Identifier

Request body

body AppRequest (required)
Body Parameter — Properties of application to create

Return type

Example data

Content-Type: application/json
{
  "auth_type" : { },
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "app_type" : "app_type",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "interface" : "interface",
  "default_group" : "default_group",
  "enabled" : true,
  "acct_id" : "acct_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "app_id" : "app_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An application App

default

Unexpected error Error

Authentication

Up
post /sys/v1/session/auth
Create a session for a user or an app (authorize)
Authenticate a user or an app to SmartKey to begin a session. The caller needs to provide a basic authentication token to authenticate to SmartKey. The response body contains a bearer authentication token which needs to be provided by subsequent calls for the duration of the session.

Return type

Example data

Content-Type: application/json
{
  "access_token" : "access_token",
  "entity_id" : "entity_id",
  "expires_in" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Authentication Token AuthResponse

default

Unexpected error Error

Up
get /sys/v1/health
Check whether the server is handling requests (checkHealth)
Returns a 200-class status code if the server is handling requests, or a 500-class status code if the server is having problems.

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success

default

Unexpected error Error

Up
get /sys/v1/version
Get SmartKey version information (getServerVersion)
Returns information about the SmartKey server version and the client API version that it supports.

Return type

Example data

Content-Type: application/json
{
  "fips_level" : 0,
  "server_mode" : { },
  "api_version" : "api_version",
  "version" : "version"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Version information VersionResponse

default

Unexpected error Error

Up
post /sys/v1/session/select_account
Select a user's account to work on (selectAccount)
Select one of user's account to proceed. This is applicable when a user is associated with more than one account. The caller needs to provide a bearer token for the session in the request body.

Request body

body SelectAccountRequest (required)
Body Parameter — Select Account Request

Return type

Example data

Content-Type: application/json
{
  "cookie" : "cookie"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Additional data returned when selecting an account SelectAccountResponse

default

Unexpected error Error

Up
post /sys/v1/session/terminate
Terminate a session (terminate)
Terminate an authenticated session. After this call, the provided bearer authentication token will be invalidated and cannot be used to make any further API calls.

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success

default

Unexpected error Error

Up
post /sys/v1/session/config_2fa/auth
Unlock two factor configuration (unlock2F)
Re-authenticate to unlock two factor configuration. Two factor configuration must be unlocked to enable or disable two factor authentication, add or remove two factor devices, or regenerate recovery codes. The caller needs to provide a bearer token for the session in the request body.

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success

default

Unexpected error Error

Child Accounts

Up
post /sys/v1/accounts/child
Create a new child account (createChildAccount)
Create a new child account with the specified properties.

Request body

body AccountRequest (required)
Body Parameter — Properties to assign to Account.
 

Return type

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

An account Account

default

Unexpected error Error

Up
GET /sys/v1/accounts/{account-id}/child
Get all child accounts of the given account (getChildAccounts)

Get all child accounts of the given account.

Path parameters

account-id (required)
Path Parameter — Account Identifier.
 

Return type

array[Account]

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

array[Account]

default

Unexpected error Error


Child Account Users

Up
post /sys/v1/users/child_account
Create a new users in a child account (createChildAccountUser)
Create a new user in a child account.

Request body

body ChildAccountUserRequest (required)
Body Parameter — Properties to assign to Account.
 

Return type

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A child account user ChildAccountUser

default

Unexpected error Error
 

Up
Get /sys/v1/users/child_account/{user-id}
Get a specific child account user (getChildAccountUser)
Get a specific child account user.

Path parameters

user-id (required)
String — User Identifier.
body (required)
ChildAccountUserRequest — User in child account.

Return type

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

A child account user ChildAccountUser

default

Unexpected error Error
 

Up
Patch /sys/v1/users/child_account/{user-id}
Update a child account user (updateChildAccountUser)
Change a child account users's properties.

Path parameters

user-id (required)
String — User Identifier.

Return type

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

A child account user ChildAccountUser

default

Unexpected error Error

Up
Delete /sys/v1/users/child_account/{user-id}
Completely delete a user in child account (deleteChildAccountUser)

Path parameters

user-id (required)
String — User Identifier.

Return type

Nothing is returned on success.

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
Get /sys/v1/users/child_account/{user-id}/all
Get all users in a child account (getAllChildAccountUsers)
Get all users in a child account.

Path parameters

user-id (required)
String — User Identifier.

Return type

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An array of users in child account array[ChildAccountUser]

default

Unexpected error Error

Digest

Up
post /crypto/v1/digest
This returns the digest of data provided in request body using the algorithm specified in request body. Maximum size of request body supported is 512KB.

Request body

body DigestRequest (required)
Body Parameter — Digest request

Return type

Example data

Content-Type: application/json
{
  "digest" : "digest"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Digest DigestResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/mac
Compute MAC using a key (computeMac)
Compute a cryptographic Message Authentication Code on a message using a symmetric key. The key must have the MACGenerate operation enabled. Asymmetric keys may not be used to generate MACs. They can be used with the sign and verify operations.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body MacGenerateRequest (required)
Body Parameter — MAC generation request

Return type

Example data

Content-Type: application/json
{
  "kid" : "kid",
  "digest" : "digest",
  "mac" : "mac"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

MAC MacGenerateResponse

default

Unexpected error Error

Up
post /crypto/v1/mac
Compute MAC using a key (computeMacEx)
Compute a cryptographic Message Authentication Code on a message using a symmetric key. The key must have the MACGenerate operation enabled. Asymmetric keys may not be used to generate MACs. They can be used with the sign and verify operations.

Request body

body MacGenerateRequestEx (required)
Body Parameter — MAC generation request

Return type

Example data

Content-Type: application/json
{
  "kid" : "kid",
  "digest" : "digest",
  "mac" : "mac"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

MAC MacGenerateResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/macverify
Verify MAC using a key (verifyMac)
The data to be MACed, the algorithm, and a pre-computed MAC are provided in the request body, and the key id is provided in the URL. SmartKey computes the MAC of the data and compares it with the specified MAC, and returns the outcome of the MAC verification in the response body. Maximum size of request body supported is 512KB. Supported digest algorithms are - SHA1, SHA256, SHA384, and SHA512.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body MacVerifyRequest (required)
Body Parameter — MAC Verify request

Return type

Example data

Content-Type: application/json
{
  "result" : true,
  "kid" : "kid"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

MAC MacVerifyResponse

default

Unexpected error Error

Up
post /crypto/v1/macverify
Verify MAC using a key (verifyMacEx)
The data to be MACed, the algorithm, and a pre-computed MAC are provided in the request body, and the key id is provided in the URL. SmartKey computes the MAC of the data and compares it with the specified MAC, and returns the outcome of the MAC verification in the response body. Maximum size of request body supported is 512KB. Supported digest algorithms are - SHA1, SHA256, SHA384, and SHA512.

Request body

body MacVerifyRequestEx (required)
Body Parameter — MAC Verify request

Return type

Example data

Content-Type: application/json
{
  "result" : true,
  "kid" : "kid"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

MAC MacVerifyResponse

default

Unexpected error Error

EncryptionAndDecryption

Up
post /crypto/v1/keys/batch/decrypt
Batch decrypt with one or more keys (batchDecrypt)
The data to be decrypted and the key ids to be used are provided in the request body. The decrypted plain text is returned in the response body. The ordering of the body matches the ordering of the request. An individual status code is returned for each batch item. Maximum size of the entire batch request is 512 KB.

Request body

body BatchDecryptRequest (required)
Body Parameter — Batch decryption request

Return type

Example data

Content-Type: application/json
""

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Array of PlainTexts BatchDecryptResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/batch/encrypt
Batch encrypt with one or more keys (batchEncrypt)
The data to be encrypted and the key ids to be used are provided in the request body. The encrypted cipher text is returned in the response body. The ordering of the body matches the ordering of the request. An individual status code is returned for each batch item. Maximum size of the entire batch request is 512 KB.

Request body

body BatchEncryptRequest (required)
Body Parameter — Batch Encryption request

Return type

Example data

Content-Type: application/json
""

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Array of CipherTexts BatchEncryptResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/decrypt
Decrypt data (decrypt)
Decrypt data using a symmetric or asymmetric key. For symmetric ciphers, mode (specifying the block cipher mode) is a required field.
For GCM and CCM modes, tag_len is a required field.
iv is required for symmetric ciphers and unused for asymmetric ciphers. It must contain the initialization value used when the object was encrypted.
Objects of type opaque, EC, or HMAC may not be used for encryption or decryption.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body DecryptRequest (required)
Body Parameter — Decryption request

Return type

Example data

Content-Type: application/json
{
  "plain" : "plain",
  "kid" : "kid"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

PlainText DecryptResponse

default

Unexpected error Error

Up
post /crypto/v1/decrypt
Decrypt data (decryptEx)
Decrypt data using a symmetric or asymmetric key. For symmetric ciphers, mode (specifying the block cipher mode) is a required field.
For GCM and CCM modes, tag_len is a required field.
iv is required for symmetric ciphers and unused for asymmetric ciphers. It must contain the initialization value used when the object was encrypted.
Objects of type opaque, EC, or HMAC may not be used for encryption or decryption.

Request body

body DecryptRequestEx (required)
Body Parameter — Decryption request

Return type

Example data

Content-Type: application/json
{
  "plain" : "plain",
  "kid" : "kid"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

PlainText DecryptResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/decrypt/final
Conclude multi-part decryption (decryptFinal)
Conclude a multi-part decryption operation. See decrypt/init for details.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body DecryptFinalRequest (required)
Body Parameter — Finish multi-part decryption

Return type

Example data

Content-Type: application/json
{
  "plain" : "plain"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Plaintext DecryptFinalResponse

default

Unexpected error Error

Up
post /crypto/v1/decrypt/final
Conclude multi-part decryption (decryptFinalEx)
Conclude a multi-part decryption operation. See decrypt/init for details.

Request body

body DecryptFinalRequestEx (required)
Body Parameter — Finish multi-part decryption

Return type

Example data

Content-Type: application/json
{
  "plain" : "plain"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Plaintext DecryptFinalResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/decrypt/init
Begin multi-part decryption (decryptInit)
This API is used when decrypting more data than the client wishes to submit in a single request. It supports only symmetric ciphers and only conventional (not AEAD) modes of operation. To perform multi-part decryption, the client makes one request to the init resource, zero or more requests to the update resource, followed by one request to the final resource. The response to init and update requests includes a state field. The state is an opaque data blob that must be supplied unmodified by the client with the subsequent request.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body DecryptInitRequest (required)
Body Parameter — Multi-part decryption initialization request

Return type

Example data

Content-Type: application/json
{
  "kid" : "kid",
  "state" : "state"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Cipher state DecryptInitResponse

default

Unexpected error Error

Up
post /crypto/v1/decrypt/init
Begin multi-part decryption (decryptInitEx)
This API is used when decrypting more data than the client wishes to submit in a single request. It supports only symmetric ciphers and only conventional (not AEAD) modes of operation. To perform multi-part decryption, the client makes one request to the init resource, zero or more requests to the update resource, followed by one request to the final resource. The response to init and update requests includes a state field. The state is an opaque data blob that must be supplied unmodified by the client with the subsequent request.

Request body

body DecryptInitRequestEx (required)
Body Parameter — Multi-part decryption initialization request

Return type

Example data

Content-Type: application/json
{
  "kid" : "kid",
  "state" : "state"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Cipher state DecryptInitResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/decrypt/update
Continue multi-part decryption (decryptUpdate)
Continue a multi-part decryption operation. See decrypt/init for details.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body DecryptUpdateRequest (required)
Body Parameter — Multi-part decryption

Return type

Example data

Content-Type: application/json
{
  "plain" : "plain",
  "state" : "state"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Plaintext and cipher state DecryptUpdateResponse

default

Unexpected error Error

Up
post /crypto/v1/decrypt/update
Continue multi-part decryption (decryptUpdateEx)
Continue a multi-part decryption operation. See decrypt/init for details.

Request body

body DecryptUpdateRequestEx (required)
Body Parameter — Multi-part decryption

Return type

Example data

Content-Type: application/json
{
  "plain" : "plain",
  "state" : "state"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Plaintext and cipher state DecryptUpdateResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/encrypt
Encrypt data (encrypt)
Encrypt data using a symmetric or asymmetric key.
For symmetric ciphers, mode (specifying the block cipher mode) is a required field.
For GCM and CCM modes, tag_len is a required field.
iv is optional for symmetric ciphers and unused for asymmetric ciphers. If provided, it will be used as the cipher initialization value. Length of iv must match the initialization value size for the cipher and mode. If not provided, SmartKey will create a random iv of the correct length for the cipher and mode and return this value in the response.
Objects of type Opaque, EC, or HMAC may not be used for encryption or decryption.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body EncryptRequest (required)
Body Parameter — Encryption request

Return type

Example data

Content-Type: application/json
{
  "cipher" : "cipher",
  "kid" : "kid",
  "tag" : "tag",
  "iv" : "iv"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

CipherText EncryptResponse

default

Unexpected error Error

Up
post /crypto/v1/encrypt
Encrypt data (encryptEx)
Encrypt data using a symmetric or asymmetric key.
For symmetric ciphers, mode (specifying the block cipher mode) is a required field.
For GCM and CCM modes, tag_len is a required field.
iv is optional for symmetric ciphers and unused for asymmetric ciphers. If provided, it will be used as the cipher initialization value. Length of iv must match the initialization value size for the cipher and mode. If not provided, SmartKey will create a random iv of the correct length for the cipher and mode and return this value in the response.
Objects of type Opaque, EC, or HMAC may not be used for encryption or decryption.

Request body

body EncryptRequestEx (required)
Body Parameter — Encryption request

Return type

Example data

Content-Type: application/json
{
  "cipher" : "cipher",
  "kid" : "kid",
  "tag" : "tag",
  "iv" : "iv"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

CipherText EncryptResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/encrypt/final
Conclude multi-part encryption (encryptFinal)
Conclude a multi-part encryption operation. See encrypt/init for details.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body EncryptFinalRequest (required)
Body Parameter — Finish multi-part encryption

Return type

Example data

Content-Type: application/json
{
  "cipher" : "cipher"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Ciphertext EncryptFinalResponse

default

Unexpected error Error

Up
post /crypto/v1/encrypt/final
Conclude multi-part encryption (encryptFinalEx)
Conclude a multi-part encryption operation. See encrypt/init for details.

Request body

body EncryptFinalRequestEx (required)
Body Parameter — Finish multi-part encryption

Return type

Example data

Content-Type: application/json
{
  "cipher" : "cipher"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Ciphertext EncryptFinalResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/encrypt/init
Begin multi-part encryption (encryptInit)
This API is used when encrypting more data than the client wishes to submit in a single request. It supports only symmetric ciphers and only conventional (not AEAD) modes of operation. To perform multi-part encryption, the client makes one request to the init resource, zero or more requests to the update resource, followed by one request to the final resource. The response to init and update requests includes a state field. The state is an opaque data blob that must be supplied unmodified by the client with the subsequent request.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body EncryptInitRequest (required)
Body Parameter — Multi-part encryption initialization request

Return type

Example data

Content-Type: application/json
{
  "kid" : "kid",
  "state" : "state",
  "iv" : "iv"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Cipher state EncryptInitResponse

default

Unexpected error Error

Up
post /crypto/v1/encrypt/init
Begin multi-part encryption (encryptInitEx)
This API is used when encrypting more data than the client wishes to submit in a single request. It supports only symmetric ciphers and only conventional (not AEAD) modes of operation. To perform multi-part encryption, the client makes one request to the init resource, zero or more requests to the update resource, followed by one request to the final resource. The response to init and update requests includes a state field. The state is an opaque data blob that must be supplied unmodified by the client with the subsequent request.

Request body

body EncryptInitRequestEx (required)
Body Parameter — Multi-part encryption initialization request

Return type

Example data

Content-Type: application/json
{
  "kid" : "kid",
  "state" : "state",
  "iv" : "iv"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Cipher state EncryptInitResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/encrypt/update
Continue multi-part encryption (encryptUpdate)
Continue a multi-part encryption operation. See encrypt/init for details.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body EncryptUpdateRequest (required)
Body Parameter — Multi-part encryption

Return type

Example data

Content-Type: application/json
{
  "cipher" : "cipher",
  "state" : "state"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Ciphertext and cipher state EncryptUpdateResponse

default

Unexpected error Error

Up
post /crypto/v1/encrypt/update
Continue multi-part encryption (encryptUpdateEx)
Continue a multi-part encryption operation. See encrypt/init for details.

Request body

body EncryptUpdateRequestEx (required)
Body Parameter — Multi-part encryption

Return type

Example data

Content-Type: application/json
{
  "cipher" : "cipher",
  "state" : "state"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Ciphertext and cipher state EncryptUpdateResponse

default

Unexpected error Error

Groups

Up
post /sys/v1/groups
Create new group (createGroup)
Create a new group with the specified properties.

Request body

body GroupRequest (required)
Body Parameter — Name of group

Return type

Example data

Content-Type: application/json
{
  "acct_id" : "acct_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "group_id" : "group_id",
  "name" : "name",
  "description" : "description",
  "created_at" : "created_at"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A group Group

default

Unexpected error Error

Up
delete /sys/v1/groups/{group-id}
Delete group (deleteGroup)
Remove a group from SmartKey.

Path parameters

group-id (required)
Path Parameter — Group Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
get /sys/v1/groups/{group-id}
Get a specific group (getGroup)
Look up a specific group by group ID.

Path parameters

group-id (required)
Path Parameter — Group Identifier

Return type

Example data

Content-Type: application/json
{
  "acct_id" : "acct_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "group_id" : "group_id",
  "name" : "name",
  "description" : "description",
  "created_at" : "created_at"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

A group Group

default

Unexpected error Error

Up
get /sys/v1/groups
Get all groups (getGroups)
Get detailed information about all groups the authenticated User or authenticated Application belongs to.

Return type

array[Group]

Example data

Content-Type: application/json
[ {
  "acct_id" : "acct_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "group_id" : "group_id",
  "name" : "name",
  "description" : "description",
  "created_at" : "created_at"
}, {
  "acct_id" : "acct_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "group_id" : "group_id",
  "name" : "name",
  "description" : "description",
  "created_at" : "created_at"
} ]

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An array of groups

default

Unexpected error Error

Up
patch /sys/v1/groups/{group-id}
Update group (updateGroup)
Change a group's properties.

Path parameters

group-id (required)
Path Parameter — Group Identifier

Request body

body GroupRequest (required)
Body Parameter — Name of group

Return type

Example data

Content-Type: application/json
{
  "acct_id" : "acct_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "group_id" : "group_id",
  "name" : "name",
  "description" : "description",
  "created_at" : "created_at"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

A group Group

default

Unexpected error Error

Logs

Up
get /sys/v1/logs
Get audit logs (getAuditLogs)
Get audit log entries matching the requested filters.

Query parameters

size (optional)
Query Parameter — Maximum number of entries to return
from (optional)
Query Parameter — For pagination, starting offset
action_type (optional)
Query Parameter — Event action type
actor_type (optional)
Query Parameter — Event actor type
actor_id (optional)
Query Parameter — Actor (User or App) Identifier
object_id (optional)
Query Parameter — Object (User or App) Identifier for event
severity (optional)
Query Parameter — Event severity type
range_from (optional)
Query Parameter — Starting time for search , this is EPOCH value
range_to (optional)
Query Parameter — Ending time for search , this is EPOCH value

Return type

Example data

Content-Type: application/json
{
  "severity" : "severity",
  "acct_id" : "acct_id",
  "actor_type" : "actor_type",
  "action_type" : "action_type",
  "group_ids" : [ "group_ids", "group_ids" ],
  "time" : "time",
  "actor_id" : "actor_id",
  "message" : "message",
  "object_id" : "object_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Audit Log AuditLogResponse

default

Unexpected error Error

Plugins

Up
post /sys/v1/plugins
Create a new plugin (createPlugin)
Create a new plugin with the specified properties.

Request body

body PluginRequest (required)
Body Parameter — Properties of plugin to create

Return type

Example data

Content-Type: application/json
{
  "plugin_id" : "plugin_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "lastupdated_at" : "lastupdated_at",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "source" : {
    "code" : "code",
    "language" : { }
  },
  "default_group" : "default_group",
  "lastrun_at" : "lastrun_at",
  "enabled" : true,
  "acct_id" : "acct_id",
  "name" : "name",
  "plugin_type" : { }
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A plugin Plugin

default

Unexpected error Error

Up
delete /sys/v1/plugins/{plugin-id}
Delete plugin (deletePlugin)
Remove a plugin from SmartKey.

Path parameters

plugin-id (required)
Path Parameter — Plugin Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
get /sys/v1/plugins/{plugin-id}
Get a specific plugin (getPlugin)
Look up plugin by plugin ID.

Path parameters

plugin-id (required)
Path Parameter — Plugin Identifier

Return type

Example data

Content-Type: application/json
{
  "plugin_id" : "plugin_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "lastupdated_at" : "lastupdated_at",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "source" : {
    "code" : "code",
    "language" : { }
  },
  "default_group" : "default_group",
  "lastrun_at" : "lastrun_at",
  "enabled" : true,
  "acct_id" : "acct_id",
  "name" : "name",
  "plugin_type" : { }
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

A plugin Plugin

default

Unexpected error Error

Up
get /sys/v1/plugins
Get all plugins (getPlugins)
Get details of all plugins the current user has access to.

Query parameters

group_id (optional)
Query Parameter — Only retrieve plugins in the specified group.
sort (optional)
Query Parameter — This specifies the property (plugin_id only, for now) and order (ascending or descending) with which to sort the apps. By default, plugins are sorted by plugin_id in ascending order. The syntax is ":[asc|desc]" (e.g. "plugin_id:desc") or just "" (ascending order by default).
start (optional)
Query Parameter — If provided, this must be a value of the property specified in sort. Returned apps will begin just above or just below this value (for asc/desc order resp.).
limit (optional)
Query Parameter — Maximum number of apps to return. If not provided, the limit is 100.
offset (optional)
Query Parameter — Number of apps past start to skip.

Return type

array[Plugin]

Example data

Content-Type: application/json
[ {
  "plugin_id" : "plugin_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "lastupdated_at" : "lastupdated_at",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "source" : {
    "code" : "code",
    "language" : { }
  },
  "default_group" : "default_group",
  "lastrun_at" : "lastrun_at",
  "enabled" : true,
  "acct_id" : "acct_id",
  "name" : "name",
  "plugin_type" : { }
}, {
  "plugin_id" : "plugin_id",
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "lastupdated_at" : "lastupdated_at",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "source" : {
    "code" : "code",
    "language" : { }
  },
  "default_group" : "default_group",
  "lastrun_at" : "lastrun_at",
  "enabled" : true,
  "acct_id" : "acct_id",
  "name" : "name",
  "plugin_type" : { }
} ]

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An array of plugins

default

Unexpected error Error

Up
post /sys/v1/plugins/{plugin-id}
Invoke a plugin (invokePlugin)
Invokes a plugin execution with the provided request body as input to the plugin.

Path parameters

plugin-id (required)
Path Parameter — Plugin Identifier

Request body

body PluginInvokeRequest (required)
Body Parameter — Object to be passed to plugin as input

Return type

Example data

Content-Type: application/json
{ }

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Result object from plugin execution PluginInvokeResponse

default

Unexpected error Error

Up
get /sys/v1/plugins/invoke/{plugin-id}
Invoke a plugin using GET. (sysV1PluginsInvokePluginIdGet)
Invokes a plugin with empty input.

Path parameters

plugin-id (required)
Path Parameter — Plugin Identifier

Return type

Example data

Content-Type: application/json
{ }

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Result object from plugin execution PluginInvokeResponse

default

Unexpected error Error

Up
patch /sys/v1/plugins/{plugin-id}
Update a plugin (updatePlugin)
Change a plugin's properties, such as name, description, code, or group membership.

Path parameters

plugin-id (required)
Path Parameter — Plugin Identifier

Request body

body PluginRequest (required)
Body Parameter — Properties of plugin to create

Return type

Example data

Content-Type: application/json
{
  "auth_type" : { },
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "app_type" : "app_type",
  "description" : "description",
  "groups" : [ "groups", "groups" ],
  "created_at" : "created_at",
  "interface" : "interface",
  "default_group" : "default_group",
  "enabled" : true,
  "acct_id" : "acct_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "app_id" : "app_id"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An application App

default

Unexpected error Error

SecurityObjects

Up
post /crypto/v1/keys/{key-id}/activate
Transitions immediately a security object to Active state (activateSecurityObject)
Trigger the transition of a security object to Active state.

Path parameters

key-id (required)
Path Parameter — kid of security object

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /crypto/v1/agree
Agree on a key from two other keys (agreeKey)
This does a cryptographic key agreement operation between a public and private key. Both keys must have been generated from the same parameters (e.g. the same elliptic curve). Both keys must allow the AGREEKEY operation. The request body contains the requested properties for the new key as well as the mechanism (e.g. Diffie-Hellman) to be used to produce the key material for the new key. The output of this API should not be used directly as a cryptographic key. The target object type should be HMAC or Secret, and a key derivation procedure should be used to derive the actual key material.

Request body

body AgreeKeyRequest (required)
Body Parameter — Template of the agreed-upon security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created security object. KeyObject

default

Unexpected error Error

Up
delete /crypto/v1/keys/{key-id}/private
Remove / Destroy private half of the asymmetric key (deletePrivateKey)
Removes the private portion of an asymmetric key from SmartKey. After this operation is performed, operations that require the private key, such as encryption and generating signatures, may no longer be performed.

Path parameters

key-id (required)
Path Parameter — kid of security object

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
delete /crypto/v1/keys/{key-id}
Delete a security object (deleteSecurityObject)
Delete a specified security object.

Path parameters

key-id (required)
Path Parameter — kid of security object

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/derive
Derive a key from another key (deriveKey)
This derives a key from an existing key and returns the properties of the new key. The request body contains the requested properties for the new as well as the mechanism to be used to produce the key material for the new key.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body DeriveKeyRequest (required)
Body Parameter — Name of security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created security object. KeyObject

default

Unexpected error Error

Up
post /crypto/v1/derive
Derive a key from another key (deriveKeyEx)
This derives a key from an existing key and returns the properties of the new key. The request body contains the requested properties for the new as well as the mechanism to be used to produce the key material for the new key.

Request body

body DeriveKeyRequestEx (required)
Body Parameter — Name of security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created security object. KeyObject

default

Unexpected error Error

Up
post /crypto/v1/keys
Generate a new security object (generateSecurityObject)
Generate a new security object (such as an RSA key pair or an AES key) of the requested size or elliptic curve.
By default, all key operations except for Export that are implemented for that type of key will be enabled. These may be overridden by requesting specific operations in the key creation request.
Objects of type Opaque may not be generated with this API. They must be imported via the importSecurityObject API.

Request body

body SobjectRequest (required)
Body Parameter — Request to create, update, or import security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created security object. KeyObject

default

Unexpected error Error

Up
get /crypto/v1/keys/{key-id}
Get a specific security object (getSecurityObject)
Get the details of a particular security object. The query parameter ?view=value may be used to get the value of an opaque object or certificate directly as raw bytes.

Path parameters

key-id (required)
Path Parameter — kid of security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Details about the specified security object. KeyObject

default

Unexpected error Error

Up
post /crypto/v1/keys/digest
Retrieve the digest (hash) of the value of an exportable security object (getSecurityObjectDigest)

Request body

body ObjectDigestRequest (required)
Body Parameter — Object digest request

Return type

Example data

Content-Type: application/json
{
  "digest" : "digest"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Digest of the value of the specified security object. DigestResponse

default

Unexpected error Error

Up
get /crypto/v1/keys/{key-id}/export
Retrieve the value of an exportable security object (getSecurityObjectValue)
Get the details and value of a particular exportable security object.

Path parameters

key-id (required)
Path Parameter — kid of security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Details and value of the specified security object. KeyObject

default

Unexpected error Error

Up
post /crypto/v1/keys/export
Retrieve the value of an exportable security object (getSecurityObjectValueEx)
Get the details and value of a particular exportable security object.

Request body

body SobjectDescriptor (required)
Body Parameter — Request to export a security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Details and value of the specified security object. KeyObject

default

Unexpected error Error

Up
get /crypto/v1/keys
Get all security objects (getSecurityObjects)
Return detailed information about the security objects stored in Fortanix SmartKey.

Query parameters

name (optional)
Query Parameter — Only retrieve the security object with this name.
group_id (optional)
Query Parameter — Only retrieve security objects in the specified group.
creator (optional)
Query Parameter — Only retrieve security objects created by the user or application with the specified id.
sort (optional)
Query Parameter — This specifies the property (kid or name) and order (ascending or descending) with which to sort the security objects. By default, security objects are sorted by kid in ascending order. The syntax is ":[asc|desc]" (e.g. "kid:desc") or just "" (ascending order by default).
start (optional)
Query Parameter — If provided, this must be a value of the property specified in sort. Returned security objects will begin just above or just below this value (for asc/desc order resp.).
limit (optional)
Query Parameter — Maximum number of security objects to return. If not provided, the limit is 100.
offset (optional)
Query Parameter — Number of security objects past start to skip.

Return type

array[KeyObject]

Example data

Content-Type: application/json
[ {
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}, {
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
} ]

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An array of security objects.

default

Unexpected error Error

Up
put /crypto/v1/keys
Import a security object (importSecurityObject)
Import a security object into SmartKey.
By default, all key operations except that are implemented for that type of key will be enabled. These may be overridden by requesting specific operations in the key import request.
For symmetric and asymmetric keys, value is base64-encoding of the key material in DER format.

Request body

body SobjectRequest (required)
Body Parameter — Request to create, update, or import security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created security object. KeyObject

default

Unexpected error Error

Up
post /crypto/v1/keys/persist
Persist a transient key. (persistSecurityObject)
This API copies a transient key into a persisted security object in SmartKey. If the transient key's origin is "FortanixHSM", the origin of the persisted key will be "Transient". If the transient key's origin is "External", the origin of the persisted key will be "External".

Request body

Body Parameter — Persist transient key request

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

The persisted security object. KeyObject

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/revoke
Transitions immediately a security object to Deactivated or Compromised state (revokeSecurityObject)
Trigger the transition of a security object to Deactivated or Compromised state depending on the RevocationReason Code.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body RevocationReason (required)
Body Parameter — Reason to revoke a security object

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /crypto/v1/keys/rekey
Rotate a key. (rotateSecurityObject)
Rotate an existing security object.

Request body

body SobjectRequest (required)
Body Parameter — Request to create, update, or import security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created security object that replaces the old one. KeyObject

default

Unexpected error Error

Up
patch /crypto/v1/keys/{key-id}
Update a security object (updateSecurityObject)
Update the properties of a security object.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body SobjectRequest (required)
Body Parameter — Request to create, update, or import security object

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Updated security object. KeyObject

default

Unexpected error Error

SignAndVerify

Up
post /crypto/v1/keys/batch/sign
Batch sign with one or more private keys (batchSign)
The data to be signed and the key ids to be used are provided in the request body. The signature is returned in the response body. The ordering of the body matches the ordering of the request. An individual status code is returned for each batch item. Maximum size of the entire batch request is 512 KB.

Request body

body BatchSignRequest (required)
Body Parameter — Batch Sign request

Return type

Example data

Content-Type: application/json
""

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Array of Signatutes BatchSignResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/batch/verify
Batch verify with one or more private keys (batchVerify)
The signature to be verified and the key ids to be used are provided in the request body. The result (true of false) returned in the response body. The ordering of the body matches the ordering of the request. An individual status code is returned for each batch item. Maximum size of the entire batch request is 512 KB.

Request body

body BatchVerifyRequest (required)
Body Parameter — Batch Verify request

Return type

Example data

Content-Type: application/json
""

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Array of verification result BatchVerifyResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/sign
Sign with a private key (sign)
Sign data with a private key. The signing key must be an asymmetric key with the private part present. The sign operation must be enabled for this key. Symmetric keys may not be used to sign data. They can be used with the computeMac and verifyMac methods.
The data must be hashed with a SHA-1 or SHA-2 family hash algorithm.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body SignRequest (required)
Body Parameter — Signature request

Return type

Example data

Content-Type: application/json
{
  "signature" : "signature",
  "kid" : "kid"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Signature SignResponse

default

Unexpected error Error

Up
post /crypto/v1/sign
Sign with a private key (signEx)
Sign data with a private key. The signing key must be an asymmetric key with the private part present. The sign operation must be enabled for this key. Symmetric keys may not be used to sign data. They can be used with the computeMac and verifyMac methods.
The data must be hashed with a SHA-1 or SHA-2 family hash algorithm.

Request body

body SignRequestEx (required)
Body Parameter — Signature request

Return type

Example data

Content-Type: application/json
{
  "signature" : "signature",
  "kid" : "kid"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Signature SignResponse

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/verify
Verify a signature with a key (verify)
Verify a signature with a public key. The verifying key must be an asymmetric key with the verify operation enabled. Symmetric keys may not be used to verify data. They can be used with the computeMac and verifyMac operations.
The signature must have been created with a SHA-1 or SHA-2 family hash algorithm.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body VerifyRequest (required)
Body Parameter — Verification request

Return type

Example data

Content-Type: application/json
{
  "result" : true,
  "kid" : "kid"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Verification VerifyResponse

default

Unexpected error Error

Up
post /crypto/v1/verify
Verify a signature with a key (verifyEx)
Verify a signature with a public key. The verifying key must be an asymmetric key with the verify operation enabled. Symmetric keys may not be used to verify data. They can be used with the computeMac and verifyMac operations.
The signature must have been created with a SHA-1 or SHA-2 family hash algorithm.

Request body

body VerifyRequestEx (required)
Body Parameter — Verification request

Return type

Example data

Content-Type: application/json
{
  "result" : true,
  "kid" : "kid"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Verification VerifyResponse

default

Unexpected error Error

TwoFactorAuthentication

Up
post /sys/v1/session/auth/2fa/recovery_code
Use a backup recovery code to complete authentication (authorizeRecoveryCode)
Complete two factor authentication with a backup recovery code. The caller needs to provide a bearer token for the session in the request body. Each recovery code may only be used once, so users should update their two factor configuration after using this API.

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success

default

Unexpected error Error

Up
post /sys/v1/session/auth/2fa/u2f
Use a U2F key to complete authentication (authorizeU2F)
Complete two factor authentication with a U2F authentication token to authenticate to SmartKey. The response body contains a bearer authentication token which needs to be provided by subsequent calls for the duration of the session.

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success

default

Unexpected error Error

Up
post /sys/v1/users/generate_recovery_code
Generate backup recovery codes for the current user (generateRecoveryCodes)
Generate backup recovery codes that may be used to complete complete two factor authentication. The caller needs to provide a bearer token for the session in the request body. Two factor configuration must be unlocked to use this API.

Return type

Example data

Content-Type: application/json
{
  "recovery_codes" : [ "recovery_codes", "recovery_codes" ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Backup recovery codes for two factor authentication RecoveryCodes

default

Unexpected error Error

Up
post /sys/v1/session/config_2fa/new_challenge
Generate a new challenge for registering a U2F devices (generateU2FChallenge)
Generate a new challenge that may be used to register U2F devices. The caller needs to provide a bearer token for the session in the request body.

Return type

Example data

Content-Type: application/json
{
  "u2f_challenge" : "u2f_challenge",
  "u2f_keys" : [ {
    "keyHandle" : "keyHandle",
    "version" : "version"
  }, {
    "keyHandle" : "keyHandle",
    "version" : "version"
  } ]
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Challenge for registring or authenticating with a U2F two factor device MfaChallenge

default

Unexpected error Error

Up
post /sys/v1/session/config_2fa/terminate
Lock two factor configuration (lock2F)
Lock two factor configuration after completing two factor reconfiguration. The caller needs to provide a bearer token for the session in the request body. If this API is not called, two factor configuration will be locked automatically after ten minutes.

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success

default

Unexpected error Error

Users

Up
post /sys/v1/users/change_password
Change user password (changePassword)

Request body

body PasswordChangeRequest (required)
Body Parameter — Password change request

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /sys/v1/users/{user-id}/confirm_email
Confirms user's email address (confirmEmail)

Path parameters

user-id (required)
Path Parameter — User Identifier

Request body

body ConfirmEmailRequest (required)
Body Parameter — Validate user's email

Return type

Example data

Content-Type: application/json
{
  "user_email" : "user_email"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

User email ConfirmEmailResponse

default

Unexpected error Error

Up
post /sys/v1/users
Create a new user (createUser)
Signs up a new user.

Request body

body SignupRequest (required)
Body Parameter — Email address of user

Return type

Example data

Content-Type: application/json
{
  "user_email" : "user_email",
  "last_logged_in_at" : "last_logged_in_at",
  "email_verified" : true,
  "user_id" : "user_id",
  "account_role" : [ { }, { } ],
  "groups" : { },
  "created_at" : "created_at",
  "state" : { },
  "u2f_devices" : [ {
    "name" : "name"
  }, {
    "name" : "name"
  } ],
  "enabled" : true
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A user User

default

Unexpected error Error

Up
delete /sys/v1/users/{user-id}/account
Removed user's association with an account (deleteUser)

Path parameters

user-id (required)
Path Parameter — User Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
delete /sys/v1/users
Completely delete a user profile from system (deleteUserAccount)
Completely deletes the currently logged in user from the system.

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /sys/v1/users/forgot_password
Initiate password reset sequence for a user (forgotPassword)

Request body

body ForgotPasswordRequest (required)
Body Parameter — Initiate forgot password sequrence

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
get /sys/v1/users/{user-id}
Get a specific user (getUser)

Path parameters

user-id (required)
Path Parameter — User Identifier

Return type

Example data

Content-Type: application/json
{
  "user_email" : "user_email",
  "last_logged_in_at" : "last_logged_in_at",
  "email_verified" : true,
  "user_id" : "user_id",
  "account_role" : [ { }, { } ],
  "groups" : { },
  "created_at" : "created_at",
  "state" : { },
  "u2f_devices" : [ {
    "name" : "name"
  }, {
    "name" : "name"
  } ],
  "enabled" : true
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

A user User

default

Unexpected error Error

Up
get /sys/v1/users/accounts
Get account information for the user (getUserAccount)
Obtain the current user's account information.

Return type

Example data

Content-Type: application/json
{ }

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

A user's accounts and flags for each account UserAccountMap

default

Unexpected error Error

Up
get /sys/v1/users
Get all users (getUsers)

Query parameters

group_id (optional)
Query Parameter — Only retrieve users in the specified group.
sort (optional)
Query Parameter — This specifies the property (user_id only, for now) and order (ascending or descending) with which to sort the users. By default, users are sorted by user_id in ascending order. The syntax is ":[asc|desc]" (e.g. "user_id:desc") or just "" (ascending order by default).
start (optional)
Query Parameter — If provided, this must be a value of the property specified in sort. Returned users will begin just above or just below this value (for asc/desc order resp.).
limit (optional)
Query Parameter — Maximum number of users to return. If not provided, the limit is 100.
offset (optional)
Query Parameter — Number of users past start to skip.

Return type

array[User]

Example data

Content-Type: application/json
[ {
  "user_email" : "user_email",
  "last_logged_in_at" : "last_logged_in_at",
  "email_verified" : true,
  "user_id" : "user_id",
  "account_role" : [ { }, { } ],
  "groups" : { },
  "created_at" : "created_at",
  "state" : { },
  "u2f_devices" : [ {
    "name" : "name"
  }, {
    "name" : "name"
  } ],
  "enabled" : true
}, {
  "user_email" : "user_email",
  "last_logged_in_at" : "last_logged_in_at",
  "email_verified" : true,
  "user_id" : "user_id",
  "account_role" : [ { }, { } ],
  "groups" : { },
  "created_at" : "created_at",
  "state" : { },
  "u2f_devices" : [ {
    "name" : "name"
  }, {
    "name" : "name"
  } ],
  "enabled" : true
} ]

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

An array of users

default

Unexpected error Error

Up
post /sys/v1/users/invite
Invite a user (inviteUser)
Invite an existing user or new user to join an existing account. Only user email is required for invite API

Request body

body UserRequest (required)
Body Parameter — Name of user

Return type

Example data

Content-Type: application/json
{
  "user_email" : "user_email",
  "last_logged_in_at" : "last_logged_in_at",
  "email_verified" : true,
  "user_id" : "user_id",
  "account_role" : [ { }, { } ],
  "groups" : { },
  "created_at" : "created_at",
  "state" : { },
  "u2f_devices" : [ {
    "name" : "name"
  }, {
    "name" : "name"
  } ],
  "enabled" : true
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A user User

default

Unexpected error Error

Up
post /sys/v1/users/process_invite
Process a user's pending account invitations (processInvitations)
Process a user's pending invitations. It does both accepts and rejects.

Request body

body ProcessInviteRequest (required)
Body Parameter — Process account invitation (both accepts and rejects)

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /sys/v1/users/{user-id}/resend_confirm_email
Resend email with link to confirm user's email address (resendConfirmEmail)

Path parameters

user-id (required)
Path Parameter — User Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /sys/v1/users/{user-id}/resend_invite
Resend invite to the user to join a specific account (resendInvitation)

Path parameters

user-id (required)
Path Parameter — User Identifier

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
post /sys/v1/users/{user-id}/reset_password
Reset a user's password (resetPassword)
Resetting a user's password. User must have a valid reset token from forgot password step.

Path parameters

user-id (required)
Path Parameter — User Identifier

Request body

body PasswordResetRequest (required)
Body Parameter — Reset password

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

204

Nothing is returned on success.

default

Unexpected error Error

Up
patch /sys/v1/users/{user-id}
Update user (updateUser)
Change a user's properties.

Path parameters

user-id (required)
Path Parameter — User Identifier

Request body

body UserRequest (required)
Body Parameter — Name of user

Return type

Example data

Content-Type: application/json
{
  "user_email" : "user_email",
  "last_logged_in_at" : "last_logged_in_at",
  "email_verified" : true,
  "user_id" : "user_id",
  "account_role" : [ { }, { } ],
  "groups" : { },
  "created_at" : "created_at",
  "state" : { },
  "u2f_devices" : [ {
    "name" : "name"
  }, {
    "name" : "name"
  } ],
  "enabled" : true
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

A user User

default

Unexpected error Error

Up
post /sys/v1/users/{user-id}/validate_token
Validates password reset token for the user (validatePasswordResetToken)

Path parameters

user-id (required)
Path Parameter — User Identifier

Request body

body ValidateTokenRequest (required)
Body Parameter — Validate token

Return type

Example data

Content-Type: application/json
{
  "user_email" : "user_email"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

User email ValidateTokenResponse

default

Unexpected error Error

WrappingAndUnwrapping

Up
post /crypto/v1/keys/{key-id}/unwrapkey
Unwrap a security object with a key (unwrapKey)
Unwrap (decrypt) a wrapped key and import it into SmartKey. This allows securely importing into SmartKey security objects that were previously wrapped by SmartKey or another key management system. A new security object will be created in SmartKey with the unwrapped data.
The key-id parameter in the URL specifies the key that will be used to unwrap the other security object. This key must have the unwrapkey operation enabled.
The alg and mode parameters specify the encryption algorithm and cipher mode being used by the unwrapping key. The obj_type parameter specifies the object type of the security object being unwrapped. The size or elliptic curve of the object being unwrapped does not need to be specified.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body UnwrapKeyRequest (required)
Body Parameter — Unwrap key request

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created security object. KeyObject

default

Unexpected error Error

Up
post /crypto/v1/unwrapkey
Unwrap a security object with a key (unwrapKeyEx)
Unwrap (decrypt) a wrapped key and import it into SmartKey. This allows securely importing into SmartKey security objects that were previously wrapped by SmartKey or another key management system. A new security object will be created in SmartKey with the unwrapped data.
The key-id parameter in the URL specifies the key that will be used to unwrap the other security object. This key must have the unwrapkey operation enabled.
The alg and mode parameters specify the encryption algorithm and cipher mode being used by the unwrapping key. The obj_type parameter specifies the object type of the security object being unwrapped. The size or elliptic curve of the object being unwrapped does not need to be specified.

Request body

body UnwrapKeyRequestEx (required)
Body Parameter — Unwrap key request

Return type

Example data

Content-Type: application/json
{
  "creator" : {
    "app" : "app",
    "user" : "user"
  },
  "never_exportable" : true,
  "elliptic_curve" : { },
  "kid" : "kid",
  "origin" : { },
  "description" : "description",
  "created_at" : "created_at",
  "custom_metadata" : {
    "key" : "custom_metadata"
  },
  "enabled" : true,
  "transient_key" : "transient_key",
  "pub_key" : "pub_key",
  "acct_id" : "acct_id",
  "group_id" : "group_id",
  "lastused_at" : "lastused_at",
  "name" : "name",
  "key_ops" : [ { }, { } ],
  "obj_type" : { },
  "value" : "value",
  "key_size" : 0
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

201

A newly created security object. KeyObject

default

Unexpected error Error

Up
post /crypto/v1/keys/{key-id}/wrapkey
Wrap a security object with a key (wrapKey)

Wrap (encrypt) an existing security object with a key. This allows keys to be securely exported from SmartKey so they can be later imported into SmartKey or another key management system.
The key-id parameter in the URL specifies the key that will be used to wrap the other security object. The security object being wrapped is specified inside of the request body.
The alg and mode parameters specify the encryption algorithm and cipher mode being used for the wrapping key. The algorithm of the key being wrapped is not provided to this API call.
The key being wrapped must have the export operation enabled. The wrapping key must have the wrapkey operation enabled.
The following wrapping operations are supported:

  • Symmetric keys, HMAC keys, opaque objects, and secret objects may be wrapped with symmetric or asymmetric keys.
  • Asymmetric keys may be wrapped with symmetric keys. Wrapping an asymmetric key with an asymmetric key is not supported.

When wrapping with an asymmetric key, the wrapped object size must fit as plaintext for the wrapping key size and algorithm.

Path parameters

key-id (required)
Path Parameter — kid of security object

Request body

body WrapKeyRequest (required)
Body Parameter — Wrap key request

Return type

Example data

Content-Type: application/json
{
  "wrapped_key" : "wrapped_key",
  "tag" : "tag",
  "iv" : "iv"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Wrapped key value WrapKeyResponse

default

Unexpected error Error

Up
post /crypto/v1/wrapkey
Wrap a security object with a key (wrapKeyEx)

Wrap (encrypt) an existing security object with a key. This allows keys to be securely exported from SmartKey so they can be later imported into SmartKey or another key management system.
The key-id parameter in the URL specifies the key that will be used to wrap the other security object. The security object being wrapped is specified inside of the request body.
The alg and mode parameters specify the encryption algorithm and cipher mode being used for the wrapping key. The algorithm of the key being wrapped is not provided to this API call.
The key being wrapped must have the export operation enabled. The wrapping key must have the wrapkey operation enabled.
The following wrapping operations are supported:

  • Symmetric keys, HMAC keys, opaque objects, and secret objects may be wrapped with symmetric or asymmetric keys.
  • Asymmetric keys may be wrapped with symmetric keys. Wrapping an asymmetric key with an asymmetric key is not supported.

When wrapping with an asymmetric key, the wrapped object size must fit as plaintext for the wrapping key size and algorithm.

Request body

body WrapKeyRequestEx (required)
Body Parameter — Wrap key request

Return type

Example data

Content-Type: application/json
{
  "wrapped_key" : "wrapped_key",
  "tag" : "tag",
  "iv" : "iv"
}

Produces

This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json

Responses

200

Wrapped key value WrapKeyResponse

default

Unexpected error Error

Models

[ Jump to Methods ]
  1. ADDecryptInput -
  2. ADEncryptInput -
  3. Account -
  4. AccountRequest -
  5. AccountState -
  6. AgreeKeyMechanism -
  7. AgreeKeyRequest -
  8. App -
  9. AppAuthType -
  10. AppCredential -
  11. AppCredentialResponse -
  12. AppRequest -
  13. AppResetSecretRequest -
  14. ApprovableResult -
  15. ApprovalRequest -
  16. ApprovalRequestRequest -
  17. ApprovalStatus -
  18. ApprovalSubject -
  19. AuditLogResponse -
  20. AuthConfig -
  21. AuthConfigPassword -
  22. AuthResponse -
  23. AuthType -
  24. BatchDecryptRequest -
  25. BatchDecryptRequest_inner -
  26. BatchDecryptResponse -
  27. BatchDecryptResponse_inner -
  28. BatchEncryptRequest -
  29. BatchEncryptRequest_inner -
  30. BatchEncryptResponse -
  31. BatchEncryptResponse_inner -
  32. BatchSignRequest -
  33. BatchSignResponse -
  34. BatchSignResponse_inner -
  35. BatchVerifyRequest -
  36. BatchVerifyResponse -
  37. BatchVerifyResponse_inner -
  38. CaConfig -
  39. CipherMode -
  40. ChildAccountUser -
  41. ChildAccountUserRequest -
  42. ConfirmEmailRequest -
  43. ConfirmEmailResponse -
  44. CreatorType -
  45. CryptMode -
  46. DecryptFinalRequest -
  47. DecryptFinalRequestEx -
  48. DecryptFinalResponse -
  49. DecryptInitRequest -
  50. DecryptInitRequestEx -
  51. DecryptInitResponse -
  52. DecryptRequest -
  53. DecryptRequestEx -
  54. DecryptResponse -
  55. DecryptUpdateRequest -
  56. DecryptUpdateRequestEx -
  57. DecryptUpdateResponse -
  58. DeriveKeyMechanism -
  59. DeriveKeyRequest -
  60. DeriveKeyRequestEx -
  61. DigestAlgorithm -
  62. DigestRequest -
  63. DigestResponse -
  64. EllipticCurve -
  65. EncryptFinalRequest -
  66. EncryptFinalRequestEx -
  67. EncryptFinalResponse -
  68. EncryptInitRequest -
  69. EncryptInitRequestEx -
  70. EncryptInitResponse -
  71. EncryptRequest -
  72. EncryptRequestEx -
  73. EncryptResponse -
  74. EncryptUpdateRequest -
  75. EncryptUpdateRequestEx -
  76. EncryptUpdateResponse -
  77. Entity -
  78. Error -
  79. ForgotPasswordRequest -
  80. FpeOptions -
  81. GoogleServiceAccountKey -
  82. Group -
  83. GroupRequest -
  84. IVDecryptInput -
  85. IVEncryptInput -
  86. IVEncryptOutput -
  87. KeyObject -
  88. KeyOperations -
  89. Language -
  90. LoggingConfig -
  91. LoggingConfigRequest -
  92. MacGenerateRequest -
  93. MacGenerateRequestEx -
  94. MacGenerateResponse -
  95. MacVerifyRequest -
  96. MacVerifyRequestEx -
  97. MacVerifyResponse -
  98. MfaChallenge -
  99. Mgf -
  100. Mgf_mgf1 -
  101. NotificationPref -
  102. ObjectDigestRequest -
  103. ObjectOrigin -
  104. ObjectType -
  105. PasswordChangeRequest -
  106. PasswordResetRequest -
  107. PersistTransientKeyRequest -
  108. Plugin -
  109. PluginInvokeRequest -
  110. PluginInvokeResponse -
  111. PluginRequest -
  112. PluginSource -
  113. PluginType -
  114. ProcessInviteRequest -
  115. RecoveryCodes -
  116. RevocationReason -
  117. RevocationReasonCode -
  118. RsaEncryptionPadding -
  119. RsaEncryptionPadding_OAEP -
  120. RsaEncryptionPolicy -
  121. RsaEncryptionPolicy_padding -
  122. RsaEncryptionPolicy_padding_OAEP -
  123. RsaEncryptionPolicy_padding_OAEP_mgf1 -
  124. RsaOptions -
  125. RsaSignaturePadding -
  126. RsaSignaturePadding_PSS -
  127. RsaSignaturePolicy -
  128. RsaSignaturePolicy_padding -
  129. SelectAccountRequest -
  130. SelectAccountResponse -
  131. ServerMode -
  132. SignRequest -
  133. SignRequestEx -
  134. SignResponse -
  135. SignatureMode -
  136. SignupRequest -
  137. SobjectDescriptor -
  138. SobjectRequest -
  139. SplunkLoggingConfig -
  140. SplunkLoggingConfigRequest -
  141. StackdriverLoggingConfig -
  142. StackdriverLoggingConfigRequest -
  143. SubscriptionChangeRequest -
  144. SubscriptionType -
  145. TagDecryptInput -
  146. TagEncryptOutput -
  147. TagLenEncryptInput -
  148. TlsConfig -
  149. TlsMode -
  150. U2fAddDeviceRequest -
  151. U2fDelDeviceRequest -
  152. U2fDevice -
  153. U2fKey -
  154. U2fRenameDeviceRequest -
  155. UnwrapKeyRequest -
  156. UnwrapKeyRequestEx -
  157. User -
  158. UserAccountFlags -
  159. UserAccountMap -
  160. UserGroupFlags -
  161. UserGroupMap -
  162. UserRequest -
  163. UserState -
  164. Uuid -
  165. ValidateTokenRequest -
  166. ValidateTokenResponse -
  167. VerifyRequest -
  168. VerifyRequestEx -
  169. VerifyResponse -
  170. VersionResponse -
  171. WrapKeyRequest -
  172. WrapKeyRequestEx -
  173. WrapKeyResponse -

ADDecryptInput - Up

The authenticated data used with this ciphertext and authentication tag. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers.

ADEncryptInput - Up

For symmetric ciphers with cipher mode GCM or CCM, this optionally specifies the authenticated data used by the cipher. This field must not be provided with other cipher modes.

Account - Up

name
String Name of the account. Account names must be unique within an SmartKey instance.
acct_id
String Account ID uniquely identifying this account.
description (optional)
String Description of this account.
organization (optional)
String Organization (e.g. company name) that owns this account
country (optional)
String Main country associated with this account
phone (optional)
String Contact phone number associated with this account
notification_pref (optional)
auth_config (optional)
subscription
state
auth_type
logging_configs (optional)
map[String, LoggingConfig] Map from UUIDs to LoggingConfig objects
enabled (optional)
Boolean Whether this account is enabled. This may only be changed by sysadmins.
created_at (optional)
String When this account was created. format: dateTime
initial_purchase_at (optional)
String When this accout was upgraded a paid subscription. format: dateTime
pending_subscription_change_request (optional)
custom_metadata (optional)
map[String, String] Sysadmin-defined metadata for this account. Stored as key-value pairs. This field is only visible to sysadmin users.

AccountRequest - Up

name (optional)
String Name of the account. Accounts must be unique within an SmartKey instance.
description (optional)
String Account ID uniquely identifying this account.
organization (optional)
String Organization (e.g. company name) that owns this account
country (optional)
String Main country associated with this account
phone (optional)
String Contact phone number associated with this account
notification_pref (optional)
auth_config (optional)
add_logging_configs (optional)
mod_logging_configs (optional)
map[String, LoggingConfigRequest] Map from UUIDs to LoggingConfigRequest objects
del_logging_configs (optional)
pending_subscription_change_request (optional)
enabled (optional)
Boolean Whether this account is enabled. This may only be changed by sysadmins.
subscription (optional)
custom_metadata (optional)
map[String, String] Sysadmin-defined metadata for this account. Stored as key-value pairs. This field may only be used by sysadmin users.

AccountState - Up

State of account.

AgreeKeyMechanism - Up

Mechanism to use for key agreement.

AgreeKeyRequest - Up

private_key
public_key
name
String Name of the agreed-upon key. Key names must be unique within an account. The name is ignored for transient keys and should be the empty string.
group_id (optional)
String Group ID (not name) of the security group that this security object should belong to. The user or application creating this security object must be a member of this group. If no group is specified, the default group for the user or application will be used.
key_size
Integer Key size of the derived key in bits (not bytes). format: int32
key_type
mechanism
enabled (optional)
Boolean Whether the derived key should have cryptographic operations enabled.
description (optional)
String Description for the new key.
key_ops (optional)
array[KeyOperations] Optional array of key operations to be enabled for this security object. If this property is not provided, the SmartKey server will provide a default set of key operations. Note that if you provide an empty array, all key operations will be disabled.
custom_metadata (optional)
map[String, String] User-defined metadata for this key. Stored as key-value pairs.
transient (optional)
Boolean If this is true, SmartKey will derive a transient key.

App - Up

name
String Name of the application. Application names must be unique within an account.
app_id
String Application ID uniquely identifying this application.
auth_type
description (optional)
String Description of this application.
interface (optional)
acct_id
String The account ID of the account that this application belongs to.
groups
array[String] An array of Security Group IDs. The application belongs to each Security Group in this array.
default_group
String The default group of this application. This is the group where security objects will be created by default by this application.
enabled
Boolean Whether this application is enabled.
app_type
String The user-defined type of this application.
creator
created_at
String When this application was created. format: dateTime
lastused_at (optional)
String When this application was last used. format: dateTime

AppAuthType - Up

Authentication type for an application.

AppCredential - Up

Credential for an application.
secret (optional)
certificate (optional)

AppCredentialResponse - Up

app_id
String Uuid format string, example - a41152ed-c26e-4c6e-a8d1-8820e36972c3
credential

AppRequest - Up

name
String Name of this application. Application names must be unique within an account.
description (optional)
String Description of this application.
add_groups
array[String] An array of Security Group IDs to add to this application.
del_groups (optional)
array[String] An array of security group IDs to remove from this application.
default_group
String The default group of this application. This is the group where security objects will be created by default by this application.
enabled (optional)
Boolean Whether this application is enabled
app_type (optional)
String The user-defined type of this application.
credential (optional)
secret_size (optional)
Integer Size in bytes of app's secret. format: int32

AppResetSecretRequest - Up

secret_size (optional)
Integer Size in bytes of app's secret. format: int32

ApprovableResult - Up

status
Integer The HTTP status code for this partial request.
body

ApprovalRequest - Up

request_id
String UUID uniquely identifying this approval request.
requester
created_at
String When this approval request was created. format: dateTime
acct_id
String The account ID of the account that this approval request belongs to.
operation
String Operation URL path, e.g. /crypto/v1/keys, /crypto/v1/groups/<id>.
method
String Method for the operation: POST, PATCH, PUT, DELETE, or GET. Default is POST.
body
approvers
denier
status
reviewers
subjects
description (optional)
String Optional comment about the approval request for the reviewer.
expiry
String When this approval request expires. format: dateTime

ApprovalRequestRequest - Up

operation
String Operation URL path, e.g. /crypto/v1/keys, /crypto/v1/groups/<id>.
method (optional)
String Method for the operation: POST, PATCH, PUT, DELETE, or GET. Default is POST.
body (optional)
description (optional)
String Optional comment about the approval request for the reviewer.

ApprovalStatus - Up

Approval request status.

ApprovalSubject - Up

Identifies an object acted upon by an approval request.
group (optional)
String The ID of the group being acted upon, if the subject is a group.
sobject (optional)
String The ID of the security object being acted upon, if the subject is a security object.
app (optional)
String The ID of the app being acted upon, if the subject is a app.
plugin (optional)
String The ID of the plugin being acted upon, if the subject is a app.

AuditLogResponse - Up

action_type
String Type of action performed.
actor_type
String Type of entity performing action.
message
String Audit log message.
severity
String Severity of audit log message.
time
String Time that action occurred.
object_id
String ID of object acted upon.
actor_id
String ID of entity performing action.
acct_id
String Account ID of the account this audit log applies to.
group_ids

AuthConfig - Up

password (optional)
saml (optional)
String XML metadata for a SAML 2.0 Identity Provider (IdP).

AuthConfigPassword - Up

Configuration for password-based authentication.
require_2fa
Boolean Reserved for future use, must be false.
administrators_only
Boolean Reserved for future use, must be false.

AuthResponse - Up

expires_in
Integer Number of seconds from token issuance that the token will expire.
access_token
String Bearer token to be used to authenticate to other APIs.
entity_id
String The UUID of the entity that was authorized. For users, this will be the user's UUID. For applications, this will be the application's UUID.

AuthType - Up

Type of authentication.

BatchDecryptRequest - Up

BatchDecryptRequest_inner - Up

kid
String Key ID (not name or description) of the key to use to decrypt request.
request

BatchDecryptResponse - Up

BatchDecryptResponse_inner - Up

status
Integer The HTTP status code for this partial request.
error (optional)
String When the status property indicates an error, this contains the error message.
body (optional)

BatchEncryptRequest - Up

BatchEncryptRequest_inner - Up

kid
String Key ID (not name or description) of the key to use to encrypt request.
request

BatchEncryptResponse - Up

BatchEncryptResponse_inner - Up

status
Integer The HTTP status code for this partial request.
error (optional)
String When the status property indicates an error, this contains the error message.
body (optional)

BatchSignRequest - Up

Array of Sign requests to be performed in batch

BatchSignResponse - Up

BatchSignResponse_inner - Up

status
Integer The HTTP status code for this partial request.
error (optional)
String When the status property indicates an error, this contains the error message.
body (optional)

BatchVerifyRequest - Up

Array of Verify requests to be performed in batch

BatchVerifyResponse - Up

BatchVerifyResponse_inner - Up

status
Integer The HTTP status code for this partial request.
error (optional)
String When the status property indicates an error, this contains the error message.
body (optional)

CaConfig - Up

ca_set (optional)
Enum:
global_roots
pinned (optional)
array[byte[]] format: byte

CipherMode - Up

Type of cipher mode, required for symmetric key algorithms.

ChildAccountUser - Up

user_id
String User ID uniquely identifying this user.
user_email
String The User’s email address.
account_role (optional)
UserAccountFlags Flags for users roles and state for an account.
groups
created_at
String When this user was added to account. format: dateTime
last_logged_in_at
String When this user last logged in. format: dateTime

ChildAccountUserRequest - Up

child_acct_id
String Account id of child account
user_email
String User's email address
account_role (optional)
UserAccountFlags Flags for users roles and state for an account.
add_groups (optional)
del_groups (optional)
mod_groups (optional)
enabled
boolean Whether this application is enabled.

ConfirmEmailRequest - Up

confirm_token

ConfirmEmailResponse - Up

user_email

CreatorType - Up

What type of entity created another entity.
app (optional)
String The application ID of the application that created this entity, if this entity was created by an application.
user (optional)
String The user ID of the user who created this entity, if this entity was created by a user.

CryptMode - Up

CipherMode or RsaEncryptionPadding, depending on the encryption algorithm

DecryptFinalRequest - Up

all fields are required
state
byte[] format: byte

DecryptFinalRequestEx - Up

all fields are required
key
state
byte[] format: byte

DecryptFinalResponse - Up

plain
byte[] Decrypted plaintext. format: byte

DecryptInitRequest - Up

all fields are optional
alg (optional)
mode (optional)
iv (optional)
byte[] The initialization value used to encrypt this ciphertext. This field is required for symmetric ciphers, and ignored for asymmetric ciphers. format: byte

DecryptInitRequestEx - Up

key
alg (optional)
mode (optional)
iv (optional)
byte[] The initialization value used to encrypt this ciphertext. This field is required for symmetric ciphers, and ignored for asymmetric ciphers. format: byte

DecryptInitResponse - Up

kid (optional)
state
byte[] format: byte

DecryptRequest - Up

Mode and iv are required fields for symmetric key algorithms and ad and tag are required fields for GCM or CCM modes.
alg (optional)
cipher
byte[] The ciphertext to decrypt. format: byte
mode (optional)
iv (optional)
byte[] The initialization value used to encrypt this ciphertext. This field is required for symmetric ciphers, and ignored for asymmetric ciphers. format: byte
ad (optional)
byte[] The authenticated data used with this ciphertext and authentication tag. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers. format: byte
tag (optional)
byte[] The authentication tag used with this ciphertext and authenticated data. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers. format: byte

DecryptRequestEx - Up

Mode and iv are required fields for symmetric key algorithms and ad and tag are required fields for GCM or CCM modes.
key
alg (optional)
cipher
byte[] The ciphertext to decrypt. format: byte
mode (optional)
iv (optional)
byte[] The initialization value used to encrypt this ciphertext. This field is required for symmetric ciphers, and ignored for asymmetric ciphers. format: byte
ad (optional)
byte[] The authenticated data used with this ciphertext and authentication tag. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers. format: byte
tag (optional)
byte[] The authentication tag used with this ciphertext and authenticated data. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers. format: byte

DecryptResponse - Up

kid (optional)
String The key ID of the key used to decrypt.
plain
byte[] The decrypted plaintext. format: byte

DecryptUpdateRequest - Up

all fields are required
cipher
byte[] Ciphertext to decrypt. format: byte
state
byte[] format: byte

DecryptUpdateRequestEx - Up

all fields are required
key
cipher
byte[] Ciphertext to decrypt. format: byte
state
byte[] format: byte

DecryptUpdateResponse - Up

plain
byte[] Decrypted plaintext. format: byte
state
byte[] format: byte

DeriveKeyMechanism - Up

Encodes the mechanism to be used when deriving a new key from an existing key. Exactly one mechanism should be supplied. Currently, the only supported mechanism is encrypting data to derive the new key. Other mechanisms may be added in the future.
encrypt_data (optional)

DeriveKeyRequest - Up

name
String Name of the derived key. Key names must be unique within an account.
group_id (optional)
String Group ID (not name) of the security group that this security object should belong to. The user or application creating this security object must be a member of this group. If no group is specified, the default group for the user or application will be used.
key_size
Integer Key size of the derived key in bits (not bytes). format: int32
key_type
mechanism
enabled (optional)
Boolean Whether the derived key should have cryptographic operations enabled.
description (optional)
String Description for the new key.
key_ops (optional)
array[KeyOperations] Optional array of key operations to be enabled for this security object. If this property is not provided, the SmartKey server will provide a default set of key operations. Note that if you provide an empty array, all key operations will be disabled.
custom_metadata (optional)
map[String, String] User-defined metadata for this key. Stored as key-value pairs.

DeriveKeyRequestEx - Up

key
name
String Name of the derived key. Key names must be unique within an account.
group_id (optional)
String Group ID (not name) of the security group that this security object should belong to. The user or application creating this security object must be a member of this group. If no group is specified, the default group for the user or application will be used.
key_size
Integer Key size of the derived key in bits (not bytes). format: int32
key_type
mechanism
enabled (optional)
Boolean Whether the derived key should have cryptographic operations enabled.
description (optional)
String Description for the new key.
key_ops (optional)
array[KeyOperations] Optional array of key operations to be enabled for this security object. If this property is not provided, the SmartKey server will provide a default set of key operations. Note that if you provide an empty array, all key operations will be disabled.
custom_metadata (optional)
map[String, String] User-defined metadata for this key. Stored as key-value pairs.
transient (optional)
Boolean If this is true, SmartKey will derive a transient key.

DigestAlgorithm - Up

Message digest algorithm.

DigestRequest - Up

alg
data
byte[] Data to be hashed. format: byte

DigestResponse - Up

digest
byte[] Hash of the data. format: byte

EllipticCurve - Up

Identifies a standardized elliptic curve. Required for operations involving EC keys.

EncryptFinalRequest - Up

all fields are required
state
byte[] format: byte

EncryptFinalRequestEx - Up

all fields are required
key
state
byte[] format: byte

EncryptFinalResponse - Up

cipher
byte[] Encrypted data. format: byte

EncryptInitRequest - Up

alg is required. mode is required for symmetric algorithms.
alg
mode (optional)
iv (optional)
byte[] For symmetric ciphers, this value will be used for the cipher initialization value. If not provided, SmartKey will generate a random iv and return it in the response. If provided, iv length must match the length required by the cipher and mode. format: byte

EncryptInitRequestEx - Up

alg is required. mode is required for symmetric algorithms.
key
alg
mode (optional)
iv (optional)
byte[] For symmetric ciphers, this value will be used for the cipher initialization value. If not provided, SmartKey will generate a random iv and return it in the response. If provided, iv length must match the length required by the cipher and mode. format: byte

EncryptInitResponse - Up

kid (optional)
iv (optional)
byte[] The initialiation value used for symmetric encryption. Not returned for asymmetric ciphers. format: byte
state
byte[] format: byte

EncryptRequest - Up

A request to encrypt data using a symmetric or asymmetric key.
alg
plain
byte[] The plaintext to encrypt. format: byte
mode (optional)
iv (optional)
byte[] For symmetric ciphers, this value will be used for the cipher initialization value. If not provided, SmartKey will generate a random iv and return it in the response. If provided, iv length must match the length required by the cipher and mode. format: byte
ad (optional)
byte[] For symmetric ciphers with cipher mode GCM or CCM, this optionally specifies the authenticated data used by the cipher. This field must not be provided with other cipher modes. format: byte
tag_len (optional)
Integer For symmetric ciphers with cipher mode GCM or CCM, this field specifies the length of the authentication tag to be produced. This field is specified in bits (not bytes). This field is required for symmetric ciphers with cipher mode GCM or CCM. It must not be specified for asymmetric ciphers and symmetric ciphers with other cipher modes. format: int32

EncryptRequestEx - Up

A request to encrypt data using a symmetric or asymmetric key.
key
alg
plain
byte[] The plaintext to encrypt. format: byte
mode (optional)
iv (optional)
byte[] For symmetric ciphers, this value will be used for the cipher initialization value. If not provided, SmartKey will generate a random iv and return it in the response. If provided, iv length must match the length required by the cipher and mode. format: byte
ad (optional)
byte[] For symmetric ciphers with cipher mode GCM or CCM, this optionally specifies the authenticated data used by the cipher. This field must not be provided with other cipher modes. format: byte
tag_len (optional)
Integer For symmetric ciphers with cipher mode GCM or CCM, this field specifies the length of the authentication tag to be produced. This field is specified in bits (not bytes). This field is required for symmetric ciphers with cipher mode GCM or CCM. It must not be specified for asymmetric ciphers and symmetric ciphers with other cipher modes. format: int32

EncryptResponse - Up

kid (optional)
String ID of the key used to perform encryption.
cipher
byte[] The encrypted data. format: byte
iv (optional)
byte[] The initialiation value used for symmetric encryption. Not returned for asymmetric ciphers. format: byte
tag (optional)
byte[] For symmetric ciphers with cipher mode GCM or CCM, the authentication tag produced by the cipher. Its length will match the tag length specified by the encryption request. format: byte

EncryptUpdateRequest - Up

all fields are required
plain
byte[] Plaintext to encrypt. format: byte
state
byte[] format: byte

EncryptUpdateRequestEx - Up

all fields are required
key
plain
byte[] Plaintext to encrypt. format: byte
state
byte[] format: byte

EncryptUpdateResponse - Up

cipher
byte[] Encrypted data. format: byte
state
byte[] format: byte

Entity - Up

An app, user, or plugin ID.
app (optional)
String The application ID of the application that created this entity, if this entity was created by an application.
user (optional)
String The user ID of the user who created this entity, if this entity was created by a user.
plugin (optional)
String The plugin ID of the user who created this entity, if this entity was created by a plugin.

Error - Up

message (optional)

ForgotPasswordRequest - Up

user_email

FpeOptions - Up

FPE-specific options.
radix
Integer The base for input data. format: int32
min_length (optional)
Integer The minimum allowed length for the input data. format: int32
max_length (optional)
Integer The maximum allowed length for the input data. format: int32
preserve (optional)
array[Integer] The list of indices of characters to be preserved while performing encryption/decryption. format: int32
mask (optional)
array[Integer] The list of indices of characters to be masked while performing masked decryption. format: int32
luhn_check (optional)
Boolean Whether encrypted/decrypted data should satisfy LUHN checksum formula.
name (optional)
String The user-friendly name for the data type that represents the input data.

GoogleServiceAccountKey - Up

A Google service account key object. See https://cloud.google.com/video-intelligence/docs/common/auth.
type
String Must be "service_account"
project_id
private_key_id
private_key (optional)
client_email

Group - Up

name (optional)
String Name of the group. Group names must be unique within an account.
group_id (optional)
String Group ID uniquely identifying this group.
description (optional)
String Description of the group.
acct_id (optional)
String Account ID of the account this Group belongs to.
creator (optional)
created_at (optional)
String When this group was created. format: dateTime

GroupRequest - Up

name
String Name of the group. Group names must be unique within an account.
description (optional)
String Description of the group.
acct_id (optional)
String Account ID of the account the new group will belong to.

IVDecryptInput - Up

The initialization value used to encrypt this ciphertext. This field is required for symmetric ciphers, and ignored for asymmetric ciphers.

IVEncryptInput - Up

For symmetric ciphers, this value will be used for the cipher initialization value. If not provided, SmartKey will generate a random iv and return it in the response. If provided, iv length must match the length required by the cipher and mode.

IVEncryptOutput - Up

The initialiation value used for symmetric encryption. Not returned for asymmetric ciphers.

KeyObject - Up

name
String Name of the security object.
description (optional)
String Description of the security object.
key_size (optional)
Integer For objects which are not elliptic curves, this is the size in bits (not bytes) of the object. This field is not returned for elliptic curves. format: int32
elliptic_curve (optional)
acct_id
String Account ID of the account this security object belongs to.
group_id (optional)
String Group ID of the security group that this security object belongs to.
creator
kid (optional)
String Key ID uniquely identifying this security object.
obj_type
key_ops (optional)
array[KeyOperations] Array of key operations enabled for this security object.
custom_metadata (optional)
map[String, String] User-defined metadata for this key. Stored as key-value pairs.
origin
pub_key (optional)
byte[] This field is returned only for asymmetric keys. It contains the public key. format: byte
value (optional)
byte[] This field is returned only for opaque and secret objects. It contains the contents of the object. format: byte
enabled
Boolean Whether this security object has cryptographic operations enabled.
created_at
String When this security object was created. format: dateTime
lastused_at
String When this security object was last used. format: dateTime
transient_key (optional)
String Transient key blob.
never_exportable
Boolean True if this key's operations have never contained EXPORT.

KeyOperations - Up

Operations allowed to be performed by a given key.

Language - Up

Language for plugin code.

LoggingConfig - Up

splunk (optional)
stackdriver (optional)

LoggingConfigRequest - Up

splunk (optional)
stackdriver (optional)

MacGenerateRequest - Up

alg (optional)
data
byte[] Data to compute the MAC of. format: byte

MacGenerateRequestEx - Up

key
alg (optional)
data
byte[] Data to compute the MAC of. format: byte

MacGenerateResponse - Up

kid (optional)
String Key ID of the key used to generate the MAC.
digest (optional)
byte[] The MAC generated for the input data (returned for HMAC operation). format: byte
mac
byte[] The MAC generated for the input data (returned for CMAC operation). format: byte

MacVerifyRequest - Up

alg
data
byte[] The data to verify the MAC of. format: byte
digest (optional)
byte[] The MAC previously computed for the input data. NOTE - this field is deprecated. Instead you should use mac field. format: byte
mac (optional)
byte[] The MAC previously computed for the input data. format: byte

MacVerifyRequestEx - Up

key
alg
data
byte[] The data to verify the MAC of. format: byte
digest (optional)
byte[] The MAC previously computed for the input data. NOTE - this field is deprecated. Instead you should use mac field. format: byte
mac (optional)
byte[] The MAC previously computed for the input data. format: byte

MacVerifyResponse - Up

kid (optional)
String Key ID of the key used to verify the MAC.
result
Boolean True if the MAC successfully verified, and false if it did not.

MfaChallenge - Up

Challenge for registring or authenticating with a U2F two factor device.
u2f_challenge
u2f_keys

Mgf - Up

Specifies the Mask Generating Function (MGF) to use.
mgf1 (optional)

Mgf_mgf1 - Up

Parameters for MGF1.

NotificationPref - Up

Type of notification preference.

ObjectDigestRequest - Up

ObjectOrigin - Up

Where this security object originated.

ObjectType - Up

Type of security object.

PasswordChangeRequest - Up

current_password
new_password

PasswordResetRequest - Up

reset_token
new_password

PersistTransientKeyRequest - Up

name
String Name of the persisted security object. Security object names must be unique within an account.
description (optional)
String Description of the persisted security object.
custom_metadata (optional)
map[String, String] User-defined metadata for the persisted key. Stored as key-value pairs.
enabled (optional)
Boolean Whether the new security object should be enabled. Disabled security objects may not perform cryptographic operations.
key_ops (optional)
array[KeyOperations] Optional array of key operations to be enabled for this security object. If this property is not provided, the SmartKey server will provide a default set of key operations. Note that if you provide an empty array, all key operations will be disabled.
group_id (optional)
String Group ID (not name) of the security group that the persisted security object should belong to. The user or application creating this security object must be a member of this group. If no group is specified, the default group for the user or application will be used.
transient_key
String Transient key blob.

Plugin - Up

name
String Name of the plugin. Plugin names must be unique within an account.
plugin_id
String Plugin ID uniquely identifying this plugin.
description (optional)
String Description of this plugin.
acct_id
String The account ID of the account that this plugin belongs to.
groups
array[String] An array of security group IDs. The plugin belongs to each Security Group in this array.
default_group
String The default group of this plugin. This is the group where security objects will be created by default by this plugin.
source
enabled
Boolean Whether this plugin is enabled.
plugin_type
creator
created_at
String When this plugin was created. format: dateTime
lastrun_at
String When this plugin was last run. format: dateTime
lastupdated_at
String When this plugin was last updated. format: dateTime

PluginInvokeRequest - Up

PluginInvokeResponse - Up

PluginRequest - Up

name
String Name of the plugin. Plugin names must be unique within an account.
description (optional)
String Description of this plugin.
add_groups
array[String] An array of Security Group IDs to add to this plugin.
del_groups (optional)
array[String] An array of security group IDs to remove from this plugin.
default_group
String The default group of this plugin. This is the group where security objects will be created by default by this plugin.
source
enabled (optional)
Boolean Whether this plugin is enabled.
plugin_type (optional)

PluginSource - Up

Plugin code that will be executed in SmartKey.
language
code

PluginType - Up

Type of this plugin.

ProcessInviteRequest - Up

accepts (optional)
rejects (optional)

RecoveryCodes - Up

Backup recovery codes for two factor authentication.
recovery_codes

RevocationReason - Up

code
message (optional)
String Field that is used exclusively for audit trail/logging purposes and MAY contain additional information about why the object was revoked.
compromise_occurance_date (optional)
String An optional field specifying when this security object was compromised. format: dateTime

RevocationReasonCode - Up

Reasons to revoke a security object.

RsaEncryptionPadding - Up

Type of padding to use for RSA encryption. The use of PKCS#1 v1.5 padding is strongly discouraged, because of its susceptibility to Bleichenbacher's attack. The padding specified must adhere to the key's encryption policy, see RsaEncryptionPolicy. If not specified, the default based on the key's policy will be used.
PKCS1_V15 (optional)
Object PKCS#1 v1.5 padding
OAEP (optional)

RsaEncryptionPadding_OAEP - Up

Optimal Asymmetric Encryption Padding (PKCS#1 v2.1)
mgf

RsaEncryptionPolicy - Up

Constraints on RSA encryption parameters. In general, if a constraint is not specified, anything is allowed.
padding (optional)

RsaEncryptionPolicy_padding - Up

PKCS1_V15 (optional)
OAEP (optional)

RsaEncryptionPolicy_padding_OAEP - Up

RsaEncryptionPolicy_padding_OAEP_mgf1 - Up

hash (optional)

RsaOptions - Up

RSA-specific options.
key_size (optional)
Integer Specify on Create only. Returned on Get. Size in bits (not bytes) of the RSA key. format: int32
public_exponent (optional)
Integer Specify on Create only. Public exponent to use for generating the RSA key. format: int32
encryption_policy
array[RsaEncryptionPolicy] Encryption policy for this RSA key. When doing an encryption or key wrapping operation, the policies are evaluated against the specified parameters one by one. If one matches, the operation is allowed. If none match, including if the policy list is empty, the operation is disallowed. Missing optional parameters will have their defaults specified according to the matched policy. The default for new keys is [{"padding":{"OAEP":{}}]. If (part of) a constraint is not specified, anything is allowed for that constraint. To impose no constraints, specify [{}].
signature_policy (optional)
array[RsaSignaturePolicy] Signature policy for this RSA key. When doing a signature operation, the policies are evaluated against the specified parameters one by one. If one matches, the operation is allowed. If none match, including if the policy list is empty, the operation is disallowed. Missing optional parameters will have their defaults specified according to the matched policy. The default for new keys is [{}] (no constraints). If (part of) a constraint is not specified, anything is allowed for that constraint.

RsaSignaturePadding - Up

Type of padding to use for RSA signatures. The padding specified must adhere to the key's signature policy, see RsaSignaturePolicy. If not specified, the default based on the key's policy will be used.
PKCS1_V15 (optional)
Object PKCS#1 v1.5 padding
PSS (optional)

RsaSignaturePadding_PSS - Up

Probabilistic Signature Scheme (PKCS#1 v2.1)
mgf

RsaSignaturePolicy - Up

Constraints on RSA signature parameters. In general, if a constraint is not specified, anything is allowed.
padding (optional)

RsaSignaturePolicy_padding - Up

PKCS1_V15 (optional)
PSS (optional)

SelectAccountRequest - Up

acct_id
String Uuid format string, example - a41152ed-c26e-4c6e-a8d1-8820e36972c3

SelectAccountResponse - Up

cookie (optional)

ServerMode - Up

Server mode.

SignRequest - Up

hash_alg
hash (optional)
byte[] Hash of the data to be signed. Exactly one of hash and data is required. format: byte
data (optional)
byte[] Data to be signed. Exactly one of hash and data is required. To reduce request size and avoid reaching the request size limit, prefer hash. When using Ed25519 keys, a distinction is made between providing the message directly in data and providing a prehashed value in hash. Providing a full message results in an "Ed25519" signature while providing hash results in an "Ed25519ph" signature, which is not compatible. See RFC 8032 for details. format: byte
mode (optional)
deterministic_signature (optional)

SignRequestEx - Up

key
hash_alg
hash (optional)
byte[] Hash of the data to be signed. Exactly one of hash and data is required. format: byte
data (optional)
byte[] Data to be signed. Exactly one of hash and data is required. To reduce request size and avoid reaching the request size limit, prefer hash. format: byte
mode (optional)

SignResponse - Up

kid (optional)
String Key ID of the key used to sign this data.
signature
byte[] Signature of the data's hash. format: byte

SignatureMode - Up

SignupRequest - Up

user_email
String User's email address.
user_password
String The password to assign to this user in SmartKey.
first_name (optional)
last_name (optional)
recaptcha_response

SobjectDescriptor - Up

This uniquely identifies a persisted or transient sobject. Exactly one of kid, name, and transient_key must be present.
kid (optional)
String Key ID uniquely identifying this persisted security object.
name (optional)
String Name of this persisted security object.
transient_key (optional)
String Transient key blob.

SobjectRequest - Up

name
String Name of the security object to create or import. Security object names must be unique within an account.
description (optional)
String Description of the security object to create or import.
key_size (optional)
Integer Size in bits (not bytes) of the security object to create or import. Required for symmetric keys. Deprecated for RSA keys, specify it in RsaOptions instead. format: int32
pub_exponent (optional)
Integer For RSA keys only. Deprecated. Specify in RsaOptions instead. Public exponent to use when generating an RSA key. format: int32
elliptic_curve (optional)
rsa (optional)
fpe (optional)
group_id (optional)
String Group ID (not name) of the security group that this security object should belong to. The user or application creating this security object must be a member of this group. If no group is specified, the default group for the user or application will be used.
obj_type
key_ops (optional)
array[KeyOperations] Optional array of key operations to be enabled for this security object. If this property is not provided, the SmartKey server will provide a default set of key operations. Note that if you provide an empty array, all key operations will be disabled.
custom_metadata (optional)
map[String, String] User-defined metadata for this key. Stored as key-value pairs.
value (optional)
byte[] When importing a security object, this field contains the binary contents to import. When creating a security object, this field is unused. The value of an OPAQUE or CERTIFICATE object is always returned. For other objects, the value is returned only with /crypto/v1/keys/export API (if the object is exportable). format: byte
enabled (optional)
Boolean Whether the new security object should be enabled. Disabled security objects may not perform cryptographic operations.
transient (optional)
Boolean If this is true, SmartKey will create a transient key.
deterministic_signatures (optional)

SplunkLoggingConfig - Up

host
port
index
String The Splunk index that will receive log items
tls
enabled

SplunkLoggingConfigRequest - Up

host (optional)
port (optional)
index (optional)
String The Splunk index that will receive log items
token (optional)
String The Splunk authentication token
tls (optional)
enabled (optional)

StackdriverLoggingConfig - Up

log_id
String The log ID that will recieve the log items (see https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry).
service_account_key
enabled

StackdriverLoggingConfigRequest - Up

log_id (optional)
String The log ID that will recieve the log items (see https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry).
service_account_key (optional)
enabled (optional)

SubscriptionChangeRequest - Up

Describes a request to update subscription.
subscription
contact (optional)
String contact information, e.g. phone number
comment (optional)
String additional comments

SubscriptionType - Up

Type of Subscription.

TagDecryptInput - Up

The authentication tag used with this ciphertext and authenticated data. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers.

TagEncryptOutput - Up

For symmetric ciphers with cipher mode GCM or CCM, the authentication tag produced by the cipher. Its length will match the tag length specified by the encryption request.

TagLenEncryptInput - Up

For symmetric ciphers with cipher mode GCM or CCM, this field specifies the length of the authentication tag to be produced. This field is specified in bits (not bytes). This field is required for symmetric ciphers with cipher mode GCM or CCM. It must not be specified for asymmetric ciphers and symmetric ciphers with other cipher modes.

TlsConfig - Up

mode
validate_hostname (optional)
ca (optional)

TlsMode - Up

TLS mod.

U2fAddDeviceRequest - Up

Description of a U2F device to add for two factor authentication.
name
registrationData
clientData
version

U2fDelDeviceRequest - Up

Request to delete a U2F device.
name

U2fDevice - Up

A U2f device that may be used for second factor authentication.
name

U2fKey - Up

A U2F key that may be used for two factor authentication.
keyHandle
version

U2fRenameDeviceRequest - Up

Request to rename a U2F device.
old_name
new_name

UnwrapKeyRequest - Up

alg
group_id (optional)
String Group ID (not name) of the security group that this security object should belong to. The user or application creating this security object must be a member of this group. If no group is specified, the default group for the user or application will be used.
obj_type
wrapped_key
byte[] A Security Object previously wrapped with another key. format: byte
mode (optional)
iv (optional)
byte[] The initialization value used to encrypt this ciphertext. This field is required for symmetric ciphers, and ignored for asymmetric ciphers. format: byte
ad (optional)
byte[] The authenticated data used with this ciphertext and authentication tag. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers. format: byte
tag (optional)
byte[] The authentication tag used with this ciphertext and authenticated data. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers. format: byte
name
String Name of the security object to unwrap. Security object names must be unique within an account.
description (optional)
String Description of the Security object to unwrap.
key_ops (optional)
array[KeyOperations] Optional array of key operations to be enabled for this security object. If this property is not provided, the SmartKey server will provide a default set of key operations. Note that if you provide an empty array, all key operations will be disabled.
custom_metadata (optional)
map[String, String] User-defined metadata for this key. Stored as key-value pairs.
enabled (optional)
Boolean Whether the new security object should be enabled. Disabled security objects may not perform cryptographic operations.
transient (optional)
Boolean If this is true, SmartKey will unwrap a transient key.
rsa (optional)

UnwrapKeyRequestEx - Up

key
alg
group_id (optional)
String Group ID (not name) of the security group that this security object should belong to. The user or application creating this security object must be a member of this group. If no group is specified, the default group for the user or application will be used.
obj_type
wrapped_key
byte[] A Security Object previously wrapped with another key. format: byte
mode (optional)
iv (optional)
byte[] The initialization value used to encrypt this ciphertext. This field is required for symmetric ciphers, and ignored for asymmetric ciphers. format: byte
ad (optional)
byte[] The authenticated data used with this ciphertext and authentication tag. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers. format: byte
tag (optional)
byte[] The authentication tag used with this ciphertext and authenticated data. This field is required for symmetric ciphers using cipher mode GCM or CCM, and must not be specified for all other ciphers. format: byte
name
String Name of the security object to unwrap. Security object names must be unique within an account.
description (optional)
String Description of the Security object to unwrap.
key_ops (optional)
array[KeyOperations] Optional array of key operations to be enabled for this security object. If this property is not provided, the SmartKey server will provide a default set of key operations. Note that if you provide an empty array, all key operations will be disabled.
custom_metadata (optional)
map[String, String] User-defined metadata for this key. Stored as key-value pairs.
enabled (optional)
Boolean Whether the new security object should be enabled. Disabled security objects may not perform cryptographic operations.
rsa (optional)

User - Up

user_id
String User ID uniquely identifying this user.
user_email
String The User's email address.
state
account_role (optional)
groups
enabled
Boolean Whether this user's account is enabled.
email_verified
Boolean Whether this user's email has been verified.
created_at
String When this user was added to SmartKey. format: dateTime
last_logged_in_at (optional)
String When this user last logged in. format: dateTime
u2f_devices

UserAccountFlags - Up

Flags for users roles and state for an account.

UserAccountMap - Up

A UserAccountMap has keys which are the UUIDs of the accounts that the user belongs to. The value for each key is an array of UserAccountFlags representing the account properties.

UserGroupFlags - Up

Flags for users role for a group.

UserGroupMap - Up

A UserGroupMap has keys which are the UUIDs of the groups that the user belongs to. The value for each key is an array of UserGroupFlags representing the group properties.

UserRequest - Up

user_email
String User's email address.
user_password
String The password to assign to this user in SmartKey.
account_role (optional)
add_groups (optional)
map[String, UserGroupFlags] The user will be added to the specified security groups with the specified roles.
del_groups (optional)
map[String, UserGroupFlags] The user will be removed from the specified security groups.
mod_groups (optional)
map[String, UserGroupFlags] The user's role in the specified groups will be updated to the specified roles.
enabled (optional)
Boolean Whether this application is enabled.
add_u2f_devices (optional)
del_u2f_devices (optional)
rename_u2f_devices (optional)

UserState - Up

State of users.

Uuid - Up

Uuid format string, example - a41152ed-c26e-4c6e-a8d1-8820e36972c3

ValidateTokenRequest - Up

reset_token

ValidateTokenResponse - Up

user_email

VerifyRequest - Up

hash_alg
hash (optional)
byte[] The hash of the data on which the signature is being verified. Exactly one of hash and data is required. format: byte
data (optional)
byte[] The data on which the signature is being verified. Exactly one of hash and data is required. To reduce request size and avoid reaching the request size limit, prefer hash. format: byte
signature
byte[] A signature created with the private key corresponding to this public key. format: byte
mode (optional)

VerifyRequestEx - Up

key
hash_alg
hash (optional)
byte[] The hash of the data on which the signature is being verified. Exactly one of hash and data is required. format: byte
data (optional)
byte[] The data on which the signature is being verified. Exactly one of hash and data is required. To reduce request size and avoid reaching the request size limit, prefer hash. format: byte
signature
byte[] A signature created with the private key corresponding to this public key. format: byte
mode (optional)

VerifyResponse - Up

kid (optional)
String The Key ID of the key used to verify this data.
result
Boolean True if the signature verified and False if it did not.

VersionResponse - Up

version
String The SmartKey server version. This is encoded as major.minor.build. For example, 1.0.25.
api_version
String The API version implemented by this server.
server_mode
fips_level (optional)
Integer FIPS level at which SmartKey in running. If this field is absent, then SmartKey is not running in FIPS compliant mode.

WrapKeyRequest - Up

alg
kid
String The key ID (not name or description) of the key being wrapped.
mode (optional)
iv (optional)
byte[] For symmetric ciphers, this value will be used for the cipher initialization value. If not provided, SmartKey will generate a random iv and return it in the response. If provided, iv length must match the length required by the cipher and mode. format: byte
ad (optional)
byte[] For symmetric ciphers with cipher mode GCM or CCM, this optionally specifies the authenticated data used by the cipher. This field must not be provided with other cipher modes. format: byte
tag_len (optional)
Integer For symmetric ciphers with cipher mode GCM or CCM, this field specifies the length of the authentication tag to be produced. This field is specified in bits (not bytes). This field is required for symmetric ciphers with cipher mode GCM or CCM. It must not be specified for asymmetric ciphers and symmetric ciphers with other cipher modes. format: int32

WrapKeyRequestEx - Up

key
subject
alg
mode (optional)
iv (optional)
byte[] For symmetric ciphers, this value will be used for the cipher initialization value. If not provided, SmartKey will generate a random iv and return it in the response. If provided, iv length must match the length required by the cipher and mode. format: byte
ad (optional)
byte[] For symmetric ciphers with cipher mode GCM or CCM, this optionally specifies the authenticated data used by the cipher. This field must not be provided with other cipher modes. format: byte
tag_len (optional)
Integer For symmetric ciphers with cipher mode GCM or CCM, this field specifies the length of the authentication tag to be produced. This field is specified in bits (not bytes). This field is required for symmetric ciphers with cipher mode GCM or CCM. It must not be specified for asymmetric ciphers and symmetric ciphers with other cipher modes. format: int32

WrapKeyResponse - Up

wrapped_key
byte[] The wrapped key. format: byte
iv (optional)
byte[] The initialiation value used for symmetric encryption. Not returned for asymmetric ciphers. format: byte
tag (optional)
byte[] For symmetric ciphers with cipher mode GCM or CCM, the authentication tag produced by the cipher. Its length will match the tag length specified by the encryption request. format: byte