Skip to main content

AST Services (3.0.3)

Download OpenAPI specification:Download

License: Commercial

Certificate Authority

Get signer with certificate Deprecated

Returns the signer for the tenant including the certificate, if already signed

This operation requires Admin read privileges.

Deprecation

This endpoint has been obsoleted by the transition to allowing multiple signers per tenant, which is now used to facilitate signer key rotation. Please use GET /v2/tenants/{tenant}/signers/current for equivalent behavior.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

Responses

Response samples

Content type
application/json
{
  • "info": {
    },
  • "certificate": "string"
}

Trigger signer CA creation Deprecated

Trigger creation of a signer key pair and certificate.

This operation requires Admin write privileges.

Deprecation

This endpoint has been obsoleted by the transition to allowing multiple signers per tenant, which is now used to facilitate signer key rotation. Please use POST /v2/tenants/{tenant}/signers for equivalent behavior.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

Request Body schema: application/json
required

Contains the signer's name

name
required
string non-empty

The signer's name

Responses

Request samples

Content type
application/json
{
  • "name": "signer"
}

Response samples

Content type
application/json
{
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "tenant": "master",
  • "name": "string",
  • "createdAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "generation": 0,
  • "state": "ACTIVE"
}

Reissue Signer Certificate Deprecated

Allows to reissue the signer for the tenant. The old key is reused for the new certificate.

This operation requires Admin write privileges.

Deprecation

This endpoint has been obsoleted by the transition to allowing multiple signers per tenant, which is now used to facilitate signer key rotation. Please use POST /v2/tenants/{tenant}/signers/current/renew for equivalent behavior.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

Request Body schema: application/json
optional
ignoreNotIssued
boolean
Default: false

If set to false (the default), the request will fail if the signer CA was not yet issued.

When setting this to true, the request will only fail, if there is a CSR for that signer currently enqueued. If the CA was already issued or the issuance failed, the a new CSR will be enqueued.

Responses

Request samples

Content type
application/json
{
  • "ignoreNotIssued": false
}

Response samples

Content type
application/json
{
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "tenant": "master",
  • "name": "string",
  • "createdAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "generation": 0,
  • "state": "ACTIVE"
}

Delete signer Deprecated

Allows deleting the signer for the tenant. This can only be done if there are no certificates depending on that signer. As soon as a user or gateway certificate has been requested using that signer, deletion is no longer possible.

This method may be used to remove a signer for which the CA creation failed. It is RECOMMENDED to only run this operation after checking that the signer certificate is ISSUED or FAILED. This can be done by GET /v1/tenants/{tenantId}/certificates/admin/{signerId}.

This operation requires Admin write privileges.

Deprecation

This endpoint has been obsoleted by the transition to allowing multiple signers per tenant, which is now used to facilitate signer key rotation. Please use DELETE /v2/tenants/{tenant}/signers/current for equivalent behavior.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

List existing tenant signers

Returns signers for the tenant as a paginated list. The page number and page size can be selected using the page and page_size parameters, respectively.

The list may be filtered using a custom filter string. See the parameter schema below for a detailed description.

Authorization

This endpoint requires admin read privileges.

Authorizations:
BearerAuth
path Parameters
tenant
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

query Parameters
page
integer <int32> >= 1
Default: 1

The page number (1-based)

page_size
integer <int32> [ 5 .. 100 ]
Default: 20

The number of entries per page, must be between 5 and 100

filter
string

Filter for specific properties of a signer.

A filter is a string of the format <property name><ws?><operator><ws?><value><ws?><flags?> where <ws?> denotes optional whitespace. You can also arrange several conditions using <ws+><logicalOperator><ws+>. To change the priority of logical operators, you can use several nested <bracket>

<property name> is one of the following properties of a property of signers:

  • name
  • id
  • createdAt
  • updatedAt
  • generation
  • state

<operator> can be one of the following operators known from CSS attribute selectors:

  • = - is equal to
  • != - is not equal to
  • <> - is not equal to
  • ^= - starts with
  • $= - ends with
  • *= - contains
  • > - greater than
  • >= - greater than or equal to
  • < - less than
  • <= - less than or equal to
  • like - sql like(_ - any one character, % - zero, one or multiple characters)
  • in - equal to any value in a list
  • !in - not equal to all values in a list

There are special operators in and !in to test set membership/non-membership. The can be used with a comma-separated list of values enclosed in curly braces, such as <property name> in {value1, value2, "quoted value"}.

<value> is a string consisting of a-z, A-Z, 0-9, -, _, %, . or '<any character except to \'>', `<any character except to \`>`, "<any character except to \">" null is a reserved name expressing a null value.

<flags> is an optionally joined list of characters enclosed in square braces and may contain the following flags:

  • [i] | [I] - perform all matching case-insensitive

<logicalOperator> can be one of several aliases for or and and operators:

  • or | OR | || - logical or operator
  • and | AND | && - logical and operator

<bracket> - can be one of:

  • ( - left bracket
  • ) - right bracket

Examples:

  • name^=SignerA- selects all signers whose names begin with SignerA- (case-sensitive)
  • name ^= SignerA- [i] selects all signers whose names begin with SignerA- (case-insensitive). name^=SignerA-[i] is an equivalent representation.
  • name="" selects all signers whose names are empty
  • (name="test t" && id=a1) or (id*=b and name*='kate r') select all entities where name = "test t" and id = "a1" or where name contains "kate r" and id contains "b"

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new tenant signer

Creates a new signer for the tenant.

This endpoint may be used to create a signer for the first time, i.e. when there are no other signers for the same tenant. In this case, a fresh ACTIVE signer is created and enqueued for certificate issuance.

If there's already a signer for the tenant, this endpoint triggers the creation of a new signer, which will become the ACTIVE signer for the tenant. For the new signer, a fresh key pair is generated according to the current signer key generation settings in the service configuration. The previous ACTIVE signer of the tenant is transitioned into state RETIRED, where it can still be used for certificate path validation, but no longer for creating signatures.

Authorization

This endpoint requires admin write privileges.

Authorizations:
BearerAuth
path Parameters
tenant
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

Request Body schema: application/json
optional
name
string non-empty

A readable name for the signer. Can be omitted to use the configured default naming schema

Responses

Request samples

Content type
application/json
{
  • "name": "string"
}

Response samples

Content type
application/json
{
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "tenant": "master",
  • "name": "string",
  • "createdAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "generation": 0,
  • "state": "ACTIVE"
}

Get the specified tenant signer including the certificate

This endpoint returns the specified signer for the tenant.

The signerSpec may be a Signer ID in the ULID format. In that case, the signer with the given ID is returned if it belongs to the specified tenant.

Alternatively, signerSpec may be current, which returns the latest ACTIVE signer for the tenant. If there is no such signer, 404 is returned.

Authorization

This operation can be executed with admin read or AST Client privileges.

Authorizations:
BearerAuth
path Parameters
tenant
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

required
Id (string) or string

The signer specification. Can be either the signer ID, or the literal string current.

The special value current refers to the most recently created signer in ACTIVE state.

Responses

Response samples

Content type
application/json
{
  • "info": {
    },
  • "certificate": "string"
}

Delete the specified tenant signer and its certificate

This endpoint deletes the specified signer. Note that this is only possible if the signer CA wasn't used yet to issue any certificate. If certificates have already been issued by the signer, it can only be retired (replaced) or revoked. Revoking a signer is possible via POST /v2/tenants/{tenant}/signers/{signerSpec}/revoke. This makes sure that the signer can be used neither to issue a certificate, nor to perform certificate path validation. The signer can be replaced via POST /v2/tenants/{tenant}/signers, which will create a new signer for the tenant that will be used to issue certificates in the future. The old signer remains available for certificate path validation.

The signerSpec may be a Signer ID in the ULID format. In that case, the signer with the given ID is returned if it belongs to the specified tenant.

Authorization

This endpoint requires admin write privileges.

Authorizations:
BearerAuth
path Parameters
tenant
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

required
Id (string) or string

The signer specification. Can be either the signer ID, or the literal string current.

The special value current refers to the most recently created signer in ACTIVE state.

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Get the full chain for the specified tenant signer

This endpoint returns the certificate chain of the specified signer for the tenant. This operation can only be called if the signer's certificate was already issued, otherwise an error will be returned.

The signerSpec may be a Signer ID in the ULID format. In that case, the chain for the signer with the given ID is returned if it belongs to the specified tenant.

Alternatively, signerSpec may be current, which returns the chain for the latest ACTIVE signer for the tenant. If there is no such signer, 404 is returned.

Authorization

This operation can be executed with admin read or AST Client privileges.

Authorizations:
BearerAuth
path Parameters
tenant
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

required
Id (string) or string

The signer specification. Can be either the signer ID, or the literal string current.

The special value current refers to the most recently created signer in ACTIVE state.

Responses

Response samples

Content type
application/json
{
  • "chain": [
    ]
}

Renew the specified tenant signer's certificate

Allows to renew the signer CA for the tenant. The old key is reused for the new certificate.

This endpoint can be called to keep the certificate for a certain signer alive when it is close to expiry. Additionally, it must be called after the Issuer CA has been changed to a certificate with a different key than before.

The signerSpec may be a Signer ID in the ULID format. In that case, the signer with the given ID is enqueued for certificate renewal.

Alternatively, signerSpec may be current, which renews the latest ACTIVE signer for the tenant. If there is no such signer, 404 is returned.

Authorization

This endpoint requires Admin write privileges.

Authorizations:
BearerAuth
path Parameters
tenant
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

required
Id (string) or string

The signer specification. Can be either the signer ID, or the literal string current.

The special value current refers to the most recently created signer in ACTIVE state.

Request Body schema: application/json
optional
ignoreNotIssued
boolean
Default: false

If set to false (the default), the request will fail if the signer CA was not yet issued.

When setting this to true, the request will only fail, if there is a CSR for that signer currently enqueued. If the CA was already issued or the issuance failed, the a new CSR will be enqueued.

Responses

Request samples

Content type
application/json
{
  • "ignoreNotIssued": false
}

Response samples

Content type
application/json
{
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "tenant": "master",
  • "name": "string",
  • "createdAt": "2019-08-24T14:15:22Z",
  • "updatedAt": "2019-08-24T14:15:22Z",
  • "generation": 0,
  • "state": "ACTIVE"
}

Revoke the specified tenant signer's certificate

Revokes a specific signer's certificate. After this operation completes, the certificate of the signer is erased from the database and the signer can't be used anymore for certificate path validation or signature validation.

This endpoint can be called in the event of key compromise or when an old (probably RETIRED signer certificate) needs to be disabled due to security policies.

The signerSpec may be a Signer ID in the ULID format. In that case, the signer with the given ID is enqueued for certificate renewal.

Alternatively, signerSpec may be current, which renews the latest ACTIVE signer for the tenant. If there is no such signer, 404 is returned.

Authorization

This endpoint required admin write privileges.

Authorizations:
BearerAuth
path Parameters
tenant
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

required
Id (string) or string

The signer specification. Can be either the signer ID, or the literal string current.

The special value current refers to the most recently created signer in ACTIVE state.

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Get a paginated list of certificates

Returns a paginated list of certificate information.

This operation requires Admin read privileges.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

query Parameters
page
integer <int32> >= 1
Default: 1

The page number (1-based)

page_size
integer <int32> [ 5 .. 100 ]
Default: 20

The number of entries per page, must be between 5 and 100

filter
string

Filter for specific properties of a certificate.

A filter is a string of the format <property name><ws?><operator><ws?><value><ws?><flags?> where <ws?> denotes optional whitespace. You can also arrange several conditions using <ws+><logicalOperator><ws+>. To change the priority of logical operators, you can use several nested <bracket>

<property name> is one of the following properties of certificates:

  • certRef
  • status
  • user
  • client
  • profile

<operator> can be one of the following operators known from CSS attribute selectors:

  • = - is equal to
  • != - is not equal to
  • <> - is not equal to
  • ^= - starts with
  • $= - ends with
  • *= - contains
  • > - greater than
  • >= - greater than or equal to
  • < - less than
  • <= - less than or equal to
  • like - sql like(_ - any one character, % - zero, one or multiple characters)
  • in - equal to any value in a list
  • !in - not equal to all values in a list

There are special operators in and !in to test set membership/non-membership. The can be used with a comma-separated list of values enclosed in curly braces, such as <property name> in {value1, value2, "quoted value"}.

<value> is a string consisting of a-z, A-Z, 0-9, -, _, %, . or '<any character except to \'>', `<any character except to \`>`, "<any character except to \">" null is a reserved name expressing a null value.

<flags> is an optionally joined list of characters enclosed in square braces and may contain the following flags:

  • [i] | [I] - perform all matching case-insensitive

<logicalOperator> can be one of several aliases for or and and operators:

  • or | OR | || - logical or operator
  • and | AND | && - logical and operator

<bracket> - can be one of:

  • ( - left bracket
  • ) - right bracket

Examples:

  • user=cb9f4b9c-5ebd-44e0-a9c6-806ef49483c1 selects all certificate requested by user cb9f4b9c-5ebd-44e0-a9c6-806ef49483c1` (case-sensitive)
  • profile in { AST_DEVICE, SIGNATURE } selects all certificates with a the AST_DEVICE or SIGNATURE profile
  • profile !in { AST_DEVICE, SIGNATURE } selects all certificates with a different profile from AST_DEVICE or SIGNATURE

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Check the status of a certificate request

Checks the status of a previously filed certificate request. If the request reference refers to a known request, the status will be returned. Otherwise, 404 is raised.

This operation requires Admin read privileges.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

certRef
required
string (Id) ^[0-7][0-9A-HJKMNP-TV-Z]{25}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

The request reference obtained when requesting the certificate

Responses

Response samples

Content type
application/json
{
  • "certRef": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "status": "REQUESTED",
  • "signer": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "user": "string",
  • "client": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "requestedAt": "2019-08-24T14:15:22Z",
  • "issuedAt": "2019-08-24T14:15:22Z",
  • "certProfile": "AST_DEVICE"
}

Create signed SDK Config

Creates signed SDK Config

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The tenant name (equal to the realm name in IDP)

Request Body schema: application/json
required
required
Array of Base64 (string) or Base64Url (string) [ 1 .. 50 ]

A list of trusted X.509 TLS certificates in base64 or base64url encoding.

astUrl
string <= 256 characters ^https?://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA...

The AST gateway URL

Array of objects (ServiceEntry) [ 0 .. 50 ]

A list of AST services with their respective URLs

Responses

Request samples

Content type
application/json
{
  • "tlsBundle": [
    ],
  • "astUrl": "string",
  • "services": []
}

Response samples

Content type
application/json
{
  • "sdkConfig": "string"
}

Client Management

Get overview information about all linked ASTClients for a given userId and tenantId

Get overview information about all linked ASTClients for a given userId and tenantId. List can be filtered.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

query Parameters
userId
required
string [ 3 .. 255 ] characters
Example: userId=123e4567-e89b-12d3-a456-42665544a3f7

An unique Id of a User

filter
Array of strings[[a-zA-Z]+\s*(=|\!=|\^=|\$=|\*=)\s*(""|[a-zA-Z...]

Filter for specific client.

This parameter is repeatable and multiple filters will be applied using logical AND.

A filter is a string of the form <field><ws?><operator><ws?><value><ws?><flags?> where <ws?> denotes optional whitespace.

<field> one of the field of AST Client specified below:

  • appName
  • astClientId
  • appPlatform
  • sdkVersion
  • appVersion
  • lockState - the value of it can be one of the following: NONE, LOCKED, UNLOCKED

<operator> can be one of the following operators known from CSS attribute selectors:

  • = - is equal to
  • != - is not equal to
  • <> - is not equal to
  • ^= - starts with
  • $= - ends with
  • *= - contains
  • > - greater than
  • >= - greater than or equal to
  • < - less than
  • <= - less than or equal to
  • like - sql like(_ - any one character, % - zero, one or multiple characters)
  • in - equal to any value in a list
  • !in - not equal to all values in a list

<value> is a string consisting of a-z, A-Z, 0-9, - and _ or '<any character except to \'>', `<any character except to \`>`, "<any character except to \">"

  • null | NULL without any quotes could be used only with = and != operators. It used to check entity for null value

<flags> is an optionally joined list of characters enclosed in square braces and may contain the following flags:

  • [i] | [I] - perform all matching case-insensitive

<logicalOperator> can be one of several aliases for or and and operators:

  • or | OR | || - logical or operator
  • and | AND | && - logical and operator

<bracket> - can be one of:

  • ( - left bracket
  • ) - right bracket

Examples:

  • name^=EntityA- selects all entities whose names begin with EntityA- (case-sensitive)
  • name ^= EntityA- [i] selects all entities whose names begin with EntityA- (case-insensitive). name^=EntityA-[i] is an equivalent representation
  • name="" selects all entities whose names are empty
  • (name="test t" && id=a1) or (id*=b and name*='kate r') select all entities where the name = "test t" and id = "a1" or where name contains "kate r" and id contains "b"
  • name=null select all entities where the name is null
  • name like "_ntony %" select all entities where the name starts with any one character, continues with ntony and ends with any string. For Example Antony Jakson
  • name > mike[i] select all entities where the name greater than mike by characters(case-insensitive)
  • id >= 5 select all entities where the id >= 5
  • name in {Mike, Rafael} select all entities where the name equal Mike or Rafael
  • name !in {'addison monroe', 'briley brinkley'} [i] select all entities where the name not equal Addison Monroe and Briley Brinkley (case-insensitive)
  • id <= 345.456 select all entities where the id <= 345.456
  • id in { 4, 5, 3.2 } select all entities where the id equal 4, 5 or 3.2

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get a list of userIds for the linked ASTClient

Get a list of userIds linked to ASTClient for the specified astClientId and tenantId

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

query Parameters
astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: astClientId=01FH8MDGN9W5C3RXRFNX6G164S

An unique Id of a ASTClient in ULID-like format

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Lock client

Lock client's ability to perform a login operation (for the specified tenantId)

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

Request Body schema: application/json
required
astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$

An unique Id of a ASTClient in ULID-like format

lockReason
required
string

Responses

Request samples

Content type
application/json
{
  • "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
  • "lockReason": "Locked by admin"
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Unlock client

Unlock client's ability to perform a login operation (by astClientId for the specified tenantId)

Authorizations:
BearerAuth
path Parameters
astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: 01FH8MDGN9W5C3RXRFNX6G164S

An unique Id of a ASTClient in ULID-like format

tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Unlink user

Removes the link between the selected user and ASTClient for the specified tenantId

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

Request Body schema: application/json
required
userId
required
string [ 3 .. 255 ] characters

An unique Id of a User

astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$

An unique Id of a ASTClient in ULID-like format

Responses

Request samples

Content type
application/json
{
  • "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
  • "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S"
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Delete client

Delete client by astClientId for the specified tenantId.

IMPORTANT: Before deleting a client, all existing links must be removed.

See GET /v1/tenants/{tenantId}/users to find linked users.

See POST/v1/tenants/{tenantId}/unlink to unlink users.

Authorizations:
BearerAuth
path Parameters
astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: 01FH8MDGN9W5C3RXRFNX6G164S

An unique Id of a ASTClient in ULID-like format

tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Delete user data

Delete all user-related resources - clients(if they are not related to any other users), locales, links, etc.

Authorizations:
BearerAuth
path Parameters
userId
required
string [ 3 .. 255 ] characters
Example: 123e4567-e89b-12d3-a456-42665544a3f7

An unique Id of a User

tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Detailed information about a selected ASTClient

Get detailed information about ASTClient by astClientId for the specified tenantId

Authorizations:
BearerAuth
path Parameters
astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: 01FH8MDGN9W5C3RXRFNX6G164S

An unique Id of a ASTClient in ULID-like format

tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

Responses

Response samples

Content type
application/json
{
  • "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
  • "appVersion": "0.0.1-pythondemo",
  • "risks": "beep-boop",
  • "lockState": "NONE",
  • "createdOn": 1632819559770,
  • "linkedOnOrMloaUpdated": 1632819559770,
  • "lastSuccessfulVerification": 1632819559770,
  • "lastFailedVerification": 1632819559770,
  • "clientDevice": "Huawei",
  • "clientOsVersion": "1.0.0",
  • "sdkVersion": "0.0.1-test",
  • "deviceName": "Laptop-333",
  • "lockReason": "Locked due incorrect password"
}

Force disconnect all clients belong to the user

Immediately disconnect all user's clients. It will be processed without order and exists events can be lost.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

An unique Id of a tenant

userId
required
string [ 3 .. 255 ] characters
Example: 123e4567-e89b-12d3-a456-42665544a3f7

An unique Id of a User

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Client Properties

List all properties for user

Get list of all properties without astClientId for specified userId.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

The id of the tenant

userId
required
string [ 3 .. 255 ] characters
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX3

The id of the user

query Parameters
page
integer <int32> >= 1
Default: 1

The page number (1-based)

page_size
integer <int32> [ 5 .. 100 ]
Default: 20

The number of entries per page, must be between 5 and 100

filter
Array of strings[[a-zA-Z]+\s*(=|\!=|\^=|\$=|\*=)\s*(""|[a-zA-Z...]

Filter for specific properties.

This parameter is repeatable and multiple filters will be applied using logical AND.

A filter is a string of the form <property name><ws?><operator><ws?><value><ws?><flags?> where <ws?> denotes optional whitespace. You can also arrange several conditions using <ws+><logicalOperator><ws+>. To change the priority of logical operators, you can use several nested <bracket>

<property name> is the name of a Property field of AST Client:

  • name
  • id
  • value

<operator> can be one of the following operators known from CSS attribute selectors:

  • = - is equal to
  • != - is not equal to
  • <> - is not equal to
  • ^= - starts with
  • $= - ends with
  • *= - contains
  • > - greater than
  • >= - greater than or equal to
  • < - less than
  • <= - less than or equal to
  • like - sql like(_ - any one character, % - zero, one or multiple characters)
  • in - equal to any value in a list
  • !in - not equal to all values in a list

<value> is a string consisting of a-z, A-Z, 0-9, -, _, % or '<any character except single quote(')>', `<any character except back quote(`)>`, "<any character except double quotes(")>"

  • null | NULL without any quotes could be used with = and != operators to check entity for null value

<flags> is an optional joined list of characters enclosed in square braces and may contain the following flags:

  • [i] | [I] - perform all matching case-insensitive

<logicalOperator> can be one of several aliases for or and and operators:

  • or | OR | || - logical or operator
  • and | AND | && - logical and operator

<bracket> - can be one of:

  • ( - left bracket
  • ) - right bracket

Examples:

  • name^=EntityA- selects all entities whose names begin with EntityA- (case-sensitive)
  • name ^= EntityA- [i] selects all entities whose names begin with EntityA- (case-insensitive). name^=EntityA-[i] is an equivalent representation
  • name="" selects all entities whose names are empty
  • (name="test t" && id=a1) or (id*=b and name*='kate r') select all entities where the name = "test t" and id = "a1" or where name contains "kate r" and id contains "b"
  • name=null select all entities where the name is null
  • name like "_ntony %" select all entities where the name starts with any one character, continues with ntony and ends with any string. For Example Antony Jakson
  • name > mike[i] select all entities where the name greater than mike by characters(case-insensitive)
  • id >= 5 select all entities where the id >= 5
  • name in {Mike, Rafael} select all entities where the name equal Mike or Rafael
  • name !in {'addison monroe', 'briley brinkley'} [i] select all entities where the name not equal Addison Monroe and Briley Brinkley (case-insensitive)
  • id <= 345.456 select all entities where the id <= 345.456
  • id in { 4, 5, 3.2 } select all entities where the id equal 4, 5 or 3.2

Error could be UnknownProperty(if were added properties names for validation, or was not found compatible field extractor) or ParsingError(if some error was found in filter syntax)

Responses

Response samples

Content type
application/json
[
  • {
    }
]

List all properties for user and AST Client

Get list of all properties for specified userId and astClientId.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

The id of the tenant

userId
required
string [ 3 .. 255 ] characters
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX3

The id of the user

astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX5

The id of the AST Client

query Parameters
page
integer <int32> >= 1
Default: 1

The page number (1-based)

page_size
integer <int32> [ 5 .. 100 ]
Default: 20

The number of entries per page, must be between 5 and 100

filter
Array of strings[[a-zA-Z]+\s*(=|\!=|\^=|\$=|\*=)\s*(""|[a-zA-Z...]

Filter for specific properties.

This parameter is repeatable and multiple filters will be applied using logical AND.

A filter is a string of the form <property name><ws?><operator><ws?><value><ws?><flags?> where <ws?> denotes optional whitespace. You can also arrange several conditions using <ws+><logicalOperator><ws+>. To change the priority of logical operators, you can use several nested <bracket>

<property name> is the name of a Property field of AST Client:

  • name
  • id
  • value

<operator> can be one of the following operators known from CSS attribute selectors:

  • = - is equal to
  • != - is not equal to
  • <> - is not equal to
  • ^= - starts with
  • $= - ends with
  • *= - contains
  • > - greater than
  • >= - greater than or equal to
  • < - less than
  • <= - less than or equal to
  • like - sql like(_ - any one character, % - zero, one or multiple characters)
  • in - equal to any value in a list
  • !in - not equal to all values in a list

<value> is a string consisting of a-z, A-Z, 0-9, -, _, % or '<any character except single quote(')>', `<any character except back quote(`)>`, "<any character except double quotes(")>"

  • null | NULL without any quotes could be used with = and != operators to check entity for null value

<flags> is an optional joined list of characters enclosed in square braces and may contain the following flags:

  • [i] | [I] - perform all matching case-insensitive

<logicalOperator> can be one of several aliases for or and and operators:

  • or | OR | || - logical or operator
  • and | AND | && - logical and operator

<bracket> - can be one of:

  • ( - left bracket
  • ) - right bracket

Examples:

  • name^=EntityA- selects all entities whose names begin with EntityA- (case-sensitive)
  • name ^= EntityA- [i] selects all entities whose names begin with EntityA- (case-insensitive). name^=EntityA-[i] is an equivalent representation
  • name="" selects all entities whose names are empty
  • (name="test t" && id=a1) or (id*=b and name*='kate r') select all entities where the name = "test t" and id = "a1" or where name contains "kate r" and id contains "b"
  • name=null select all entities where the name is null
  • name like "_ntony %" select all entities where the name starts with any one character, continues with ntony and ends with any string. For Example Antony Jakson
  • name > mike[i] select all entities where the name greater than mike by characters(case-insensitive)
  • id >= 5 select all entities where the id >= 5
  • name in {Mike, Rafael} select all entities where the name equal Mike or Rafael
  • name !in {'addison monroe', 'briley brinkley'} [i] select all entities where the name not equal Addison Monroe and Briley Brinkley (case-insensitive)
  • id <= 345.456 select all entities where the id <= 345.456
  • id in { 4, 5, 3.2 } select all entities where the id equal 4, 5 or 3.2

Error could be UnknownProperty(if were added properties names for validation, or was not found compatible field extractor) or ParsingError(if some error was found in filter syntax)

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a property by portal

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

The id of the tenant

Request Body schema: application/json
required
name
required
string [ 3 .. 255 ] characters

The name of the property

type
required
string
Enum: "OCTETSTRING" "INTEGER" "BOOLEAN" "UTF8STRING" "DATE"

Information on a accepted type of property's value

value
required
string non-empty

a value of a property

encryption
string
Default: "NONE"
Enum: "NONE" "SERVER_SIDE_DB"

Info that say is the stored value should be encrypted in DB and what the way

readOnly
boolean
Default: false

A flag that say is the property readOnly

notify
boolean
Default: false

A flag that say is the service notifies changes to the AST Client (e.g. using stream service)

inKeystorage
boolean
Default: false

A flag for special protection mode. I.e. property is associated with so called virtual smartcard on the AST Client.

cpFlags
integer
Default: 0

CACHE_POLICY flags determine, how AST Client processes changes. Allowed values are 0 - NO_CACHING, 512 -SYNCHRONIZE_FROM_SDK, 768 - SYNCHRONIZE_FROM_SSMS

visibility
Array of strings or null
Enum: "CLIENT" "INTERNAL" "EXTERNAL"
userId
required
string [ 3 .. 255 ] characters

An unique Id of a User

astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$

An unique Id of a ASTClient in ULID-like format

Responses

Request samples

Content type
application/json
{
  • "name": "CardNumber",
  • "type": "UTF8STRING",
  • "value": "1111-2222-3333-4444",
  • "encryption": "NONE",
  • "readOnly": "false",
  • "notify": "false",
  • "inKeystorage": "false",
  • "cpFlags": "0",
  • "visibility": [
    ],
  • "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
  • "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S"
}

Response samples

Content type
application/json
{
  • "id": "1ZN1FP8NRQ8NHB7Z1CJRZPDBX1"
}

Info for a specific property by propertyId for portal

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

The id of the tenant

propertyId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX1

The id of the property to retrieve

Responses

Response samples

Content type
application/json
{
  • "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
  • "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
  • "name": "CardNumber",
  • "type": "UTF8STRING",
  • "value": "1111-2222-3333-4444",
  • "encryption": "NONE",
  • "readOnly": "false",
  • "notify": "false",
  • "inKeystorage": "false",
  • "cpFlags": "0",
  • "visibility": [
    ]
}

Delete the property with given propertyId by portal

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

The id of the tenant

propertyId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX1

The id of the property to retrieve

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Update the property with given propertyId by portal

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

The id of the tenant

propertyId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX1

The id of the property to retrieve

Request Body schema: application/json
required
name
required
string [ 3 .. 255 ] characters

The name of the property

type
required
string
Enum: "OCTETSTRING" "INTEGER" "BOOLEAN" "UTF8STRING" "DATE"

Information on a accepted type of property's value

value
required
string non-empty

a value of a property

encryption
string
Default: "NONE"
Enum: "NONE" "SERVER_SIDE_DB"

Info that say is the stored value should be encrypted in DB and what the way

readOnly
boolean
Default: false

A flag that say is the property readOnly

notify
boolean
Default: false

A flag that say is the service notifies changes to the AST Client (e.g. using stream service)

inKeystorage
boolean
Default: false

A flag for special protection mode. I.e. property is associated with so called virtual smartcard on the AST Client.

cpFlags
integer
Default: 0

CACHE_POLICY flags determine, how AST Client processes changes. Allowed values are 0 - NO_CACHING, 512 -SYNCHRONIZE_FROM_SDK, 768 - SYNCHRONIZE_FROM_SSMS

visibility
Array of strings or null
Enum: "CLIENT" "INTERNAL" "EXTERNAL"
userId
required
string [ 3 .. 255 ] characters

An unique Id of a User

astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$

An unique Id of a ASTClient in ULID-like format

Responses

Request samples

Content type
application/json
{
  • "name": "CardNumber",
  • "type": "UTF8STRING",
  • "value": "1111-2222-3333-4444",
  • "encryption": "NONE",
  • "readOnly": "false",
  • "notify": "false",
  • "inKeystorage": "false",
  • "cpFlags": "0",
  • "visibility": [
    ],
  • "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
  • "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S"
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Delete a property with given Name by portal

Delete a property by name without AstClientId for the specified userId by authorized portal user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

The id of the tenant

userId
required
string [ 3 .. 255 ] characters
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX3

The id of the user

propertyName
required
string [ 3 .. 255 ] characters
Example: CardNumber

The name of the AST Client Property

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Delete client's property with given Name by portal

Delete a property by name for the specified userId and astClientId by authorized portal user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

The id of the tenant

userId
required
string [ 3 .. 255 ] characters
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX3

The id of the user

astClientId
required
string^([0-9A-HJKMNP-TV-Z]{26})$
Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX5

The id of the AST Client

propertyName
required
string [ 3 .. 255 ] characters
Example: CardNumber

The name of the AST Client Property

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Localization

List Localizable Templates

Returns a paged list of all available templates.

The template list might be filtered for locales by specifying a standard Accept-Language header. Furthermore, template names can be filtered using the filter query parameter.

path Parameters
tenantId
required
string non-empty

The tenant scope

query Parameters
page
integer <int32> >= 1
Default: 1

The page number (1-based)

page_size
integer <int32> [ 2 .. 100 ]
Default: 20

The number of entries per page, must be between 5 and 100

filter
string^(\*|\*\*|[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*...
Default: "**"

A template name filter, consisting of a simple glob-like syntax. It may include literal matching, single component wildcards * and multi component wildcards **.

Wildcards are not allowed to directly follow or precede a literal matcher.

Example:

  • template.key matches only template.key (literally)
  • template.* matches template.keyA, template.keyB, template.otherKey, etc.
  • template.*.item matches template.keyA.item, template.keyB.item, template.otherKey.item, etc.
  • template.** matches template.keyA, template.keyB, template.subkey.keyA, template.any.subpath.matches.the.filter, etc.
  • template.**.item matches template.keyA.item, template.keyB.item, template.subkey.keyA.item, template.any.subpath.matches.the.filter.item, etc.
  • template.key* is not allowed
  • template.key** is not allowed
  • *template is not allowed
  • **template is not allowed
  • ** matches everything
  • * matches all template names without a dot
header Parameters
Accept-Language
string^((\*|([a-zA-Z]{1,8}))((?<!\*)-([A-Z0-9]{1,8}...
Default: *
Example: de-DE,en;q=0.7

A header specifying the acceptable locales for the answer.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a New Template

Creates a new template. Requires that a template with the given name doesn't exist yet.

The template definition may already include localized variants for any number of additional locales, but must at least contain a template for the default locale.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string non-empty

The tenant scope

Request Body schema: application/json
required

The template definition

key
required
string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$

A template identifier

Must start with a letter, followed by any number of letters, digits, - or _. Optionally, a dot followed by another template identifier might be added.

defaultContent
required
string (TemplateContent) non-empty

The template content

Array of objects

Responses

Request samples

Content type
application/json
{
  • "key": "string",
  • "defaultContent": "string",
  • "locales": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Retrieve Template Content

Retrieves the content of the given template. The desired locale may be passed in terms of standard Accept-Language header. If no such header is sent, the default locale is returned.

path Parameters
tenantId
required
string non-empty

The tenant scope

templateKey
required
string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$

The template's key

header Parameters
Accept-Language
string^((\*|([a-zA-Z]{1,8}))((?<!\*)-([A-Z0-9]{1,8}...
Default: *
Example: de-DE,en;q=0.7

A header specifying the acceptable locales for the answer.

Responses

Response samples

Content type
application/json
{
  • "key": "string",
  • "locale": "de-DE",
  • "content": "string"
}

Update Template

Updates an existing template. This offers the option to update the default content, update any existing locale's content, or add new locales.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string non-empty

The tenant scope

templateKey
required
string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$

The template's key

Request Body schema: application/json
required

The template patch

defaultContent
string (TemplateContent) non-empty

The template content

Array of objects

Responses

Request samples

Content type
application/json
{
  • "defaultContent": "string",
  • "locales": [
    ]
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Delete Template

Deletes an existing template altogether. All locales and the template itself are removed.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string non-empty

The tenant scope

templateKey
required
string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$

The template's key

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Update Template for Locale

Updates the given locale for an existing template. The locale will be added if it didn't exist before.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string non-empty

The tenant scope

templateKey
required
string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$

The template's key

locale
required
string (LanguageTag) ^(((en-GB-oed|i-ami|i-bnn|i-default|i-enochia...
Example: de-DE

The template's locale to target

Request Body schema: application/json
required

The template patch

content
required
string (TemplateContent) non-empty

The template content

Responses

Request samples

Content type
application/json
{
  • "content": "string"
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Delete Template for Locale

Deletes the given locale for a template. If the locale doesn't exist, this operation does nothing.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string non-empty

The tenant scope

templateKey
required
string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$

The template's key

locale
required
string (LanguageTag) ^(((en-GB-oed|i-ami|i-bnn|i-default|i-enochia...
Example: de-DE

The template's locale to target

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Message Sign

Start a TMS

Start a TMS (transaction flow) for a specific user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The ID of the tenant to use

Request Body schema: application/json
required

Contains all parameters required to start the transaction

userId
required
string non-empty

The of the user to start a TMS for

required
object (MessageData)

The message data to be displayed to the user

object (AppFilter)

An optional filter to send the TMS only to clients with a specific app

astClientIds
Array of strings (Id) non-empty [^[0-7][0-9A-HJKMNP-TV-Z]{25}$]

An optional client filter to send the TMS only to specific clients of the user

retrievalTimeout
integer <int32> >= 1
Default: 300

The number of seconds the client is allowed to take for retrieving the TMS message.

tmsTimeout
integer <int32> >= 1
Default: 600

The number of seconds the TMS is allowed to take for completion after retrieval.

requireExplicitAuthentication
boolean
Default: false

Whether the TMS result must be submitted with an specifically authenticated token.

This requires a specific scope in the access token that can be configured in the service configuration.

requireFreshnessOfAuthentication
integer <int32> >= -1
Default: -1

The maximum age in seconds the access token may have when submitting the TMS result. Can be set to -1 to omit this requirement.

object (PushSpec)

An optional, customizable push notification payload. It allows to specify a custom push notification title and body. Both fields are optional. If they are omitted, TMS will send the following:

Push Notification Title:

  • On a new TMS: com.kobil.ast.tms.newTms.title
  • On a new DM: com.kobil.ast.tms.newDm.title

Push Notification Body:

  • On a new TMS: com.kobil.ast.tms.newTms.body
  • On a new DM: com.kobil.ast.tms.newDm.body

Both fields can also be set to null to indicate that the push message does not have a title or body.

To disable sending push for this TMS or DM, set skip to true (default: false). In that case, title and body will be ignored, if set.

auditMessage
any

An optional message that is written to auditing

Responses

Request samples

Content type
application/json
{
  • "userId": "string",
  • "tmsData": {
    },
  • "appFilter": {
    },
  • "astClientIds": [
    ],
  • "retrievalTimeout": 300,
  • "tmsTimeout": 600,
  • "requireExplicitAuthentication": false,
  • "requireFreshnessOfAuthentication": -1,
  • "push": {
    },
  • "auditMessage": null
}

Response samples

Content type
application/json
{
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "status": "STARTED",
  • "startedAt": "2019-08-24T14:15:22Z",
  • "retrievedAt": "2019-08-24T14:15:22Z",
  • "completedAt": "2019-08-24T14:15:22Z",
  • "retrievalTimeout": 0,
  • "tmsTimeout": 0,
  • "userId": "string",
  • "appFilter": {
    },
  • "astClientIds": [
    ]
}

Cancel an Ongoing TMS

Requests to cancel a running TMS. This operation will fail if the TMS is already complete. A TMS is complete if it is in ACCEPTED, REJECTED, TIMEOUT or CANCELLED state.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The ID of the tenant to use

tmsId
required
string (Id) ^[0-7][0-9A-HJKMNP-TV-Z]{25}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

The ID of the TMS

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Get TMS Status

Retrieve the status of a TMS

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The ID of the tenant to use

tmsId
required
string (Id) ^[0-7][0-9A-HJKMNP-TV-Z]{25}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

The ID of the TMS

Responses

Response samples

Content type
application/json
{
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "status": "STARTED",
  • "startedAt": "2019-08-24T14:15:22Z",
  • "retrievedAt": "2019-08-24T14:15:22Z",
  • "completedAt": "2019-08-24T14:15:22Z",
  • "retrievalTimeout": 0,
  • "tmsTimeout": 0,
  • "userId": "string",
  • "appFilter": {
    },
  • "astClientIds": [
    ]
}

Get TMS Result

Retrieve the result of a completed TMS

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The ID of the tenant to use

tmsId
required
string (Id) ^[0-7][0-9A-HJKMNP-TV-Z]{25}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

The ID of the TMS

Responses

Response samples

Content type
application/json
{
  • "info": {
    },
  • "completedBy": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "signedData": "string",
  • "failureReason": {
    }
}

Send a Display Message

Send a display message to a specific user.

Authorizations:
BearerAuth
path Parameters
tenantId
required
string (Tenant) [ 1 .. 255 ] characters
Example: master

The ID of the tenant to use

Request Body schema: application/json
required

Contains all parameters required to start the transaction

userId
required
string non-empty

The of the user to start a TMS for

required
object (MessageData)

The message data to be displayed to the user

object (AppFilter)

An optional filter to send the TMS only to clients with a specific app

astClientIds
Array of strings (Id) non-empty [^[0-7][0-9A-HJKMNP-TV-Z]{25}$]

An optional client filter to send the TMS only to specific clients of the user

displayMessageTimeout
integer <int32> >= 1
Default: 600

The number of seconds the display message is available for clients to retrieve

object (PushSpec)

An optional, customizable push notification payload. It allows to specify a custom push notification title and body. Both fields are optional. If they are omitted, TMS will send the following:

Push Notification Title:

  • On a new TMS: com.kobil.ast.tms.newTms.title
  • On a new DM: com.kobil.ast.tms.newDm.title

Push Notification Body:

  • On a new TMS: com.kobil.ast.tms.newTms.body
  • On a new DM: com.kobil.ast.tms.newDm.body

Both fields can also be set to null to indicate that the push message does not have a title or body.

To disable sending push for this TMS or DM, set skip to true (default: false). In that case, title and body will be ignored, if set.

auditMessage
any

An optional message that is written to auditing

Responses

Request samples

Content type
application/json
{
  • "userId": "string",
  • "displayMessageData": {
    },
  • "appFilter": {
    },
  • "astClientIds": [
    ],
  • "displayMessageTimeout": 600,
  • "push": {
    },
  • "auditMessage": null
}

Response samples

Content type
application/json
{
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E"
}

Version

List all platforms

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

Responses

Response samples

Content type
application/json
[
  • {
    }
]

List all architectures according to given platform name

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

platformName
required
string [ 3 .. 10 ] characters
Example: Android

Name of a App platform to retrieve architectures

Responses

Response samples

Content type
application/json
[
  • {
    }
]

List all versions using pagination

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

query Parameters
page
integer <int32> [ 1 .. 21474837 ]
Default: 1

Number of the requested page, starting at 1

pageSize
integer <int32> [ 1 .. 100 ]
Default: 20

Number of items per page, maximum is 100.

appName
string [ 1 .. 32 ] characters
Example: appName=Payment application

Name of an App

platform
string >= 3 characters
Example: platform=Android

Platform name of an App

versionLock
boolean

Lock state of a Version

isCheckIntegrity
boolean

isCheckIntegrity flag of a version

versionStr
string
Example: versionStr=1.2.3

String representation of a Version number.

textSearch
string

String parameter to search for a text on app version properties like App Name, Platform, version. TextSearch filter will be applied to the property whose filter is not explicitly set in the request query parameter. For example, if appName query parameter is set to Super App and TextSearch is with Mac, then it will return all app versions whose appName is SuperApp and platform or versionStr contains Mac.

isTextSearch
boolean
Deprecated
Default: false

Boolean parameter that indicates to perform text search. Default isTextSearch query parameter is false which means that this mode is disabled and it returns the versions which matches all given search criteria. If isTextSearch query parameter is set to true, all search criteria of type string must be non-empty and their value must be identical. This query parameter is used to perform text search on all search criteria of type string (like app name, platform name, versionStr, app categories, app credential types, etc). For example: to search for chat text on versions, provide all search criteria of type string with value chat and isTextSearch parameter to true. It returns versions who contain given search text chat in app name OR platform name OR versionStr OR app categories OR app credential. All additional non-string search criteria like version lock, isCheckIntegrity will be applied as usual (with AND condition).

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "totalCount": 0
}

Create a version

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

Request Body schema: application/json
required
appName
required
string [ 3 .. 255 ] characters

Name of an App.

platform
required
string [ 1 .. 100 ] characters

Platform name of an App version.

versionStr
required
string^\d+\.\d+\.\d+$

String representation of a version number.

registerUserId
required
string [ 1 .. 255 ] characters

an Id of a user, by which app version can be registered (in case of default 'registrationUser' registration policy).

versionLock
boolean

Lock flag of a Version.

isCheckIntegrity
boolean

Check Integrity flag of a Version.

Responses

Request samples

Content type
application/json
{
  • "appName": "string",
  • "platform": "string",
  • "versionStr": "1.2.3",
  • "registerUserId": "string",
  • "versionLock": true,
  • "isCheckIntegrity": true
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Hierarchical representation of app-version and its properties using pagination

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

query Parameters
page
integer <int32> [ 1 .. 21474837 ]
Default: 1

Number of the requested page, starting at 1

pageSize
integer <int32> [ 1 .. 100 ]
Default: 20

Number of items per page, maximum is 100.

appName
string [ 1 .. 32 ] characters
Example: appName=Payment application

Name of an App. Also, possible to search for appName which contains given search text, using % character, e.g. Pay% return all versions whose appName start with Pay.

platform
string [ 3 .. 10 ] characters
Example: platform=Android

Platform name of an App. Also, possible to search for platform name which contains given search text, using % character, e.g. AND% return all versions whose platform name start with AND.

versionLock
boolean

Lock state of a Version

isCheckIntegrity
boolean

isCheckIntegrity flag of a version

versionStr
string^%{0,1}\d+\.*\d*\.*\d*%{0,1}$
Example: versionStr=%1.2.3%

String representation of a Version number. Also, possible to search for version which contains given search text, using % character, e.g. 1.0% return all versions which start with 1.0.

Responses

Response samples

Content type
application/json
{
  • "apps": [
    ]
}

List distinct version numbers using pagination

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

query Parameters
page
integer <int32> [ 1 .. 21474837 ]
Default: 1

Number of the requested page, starting at 1

pageSize
integer <int32> [ 1 .. 100 ]
Default: 20

Number of items per page, maximum is 100.

appName
string [ 1 .. 32 ] characters
Example: appName=Payment application

Name of an App. Also, possible to search for appName which contains given search text, using % character, e.g. Pay% return all versions whose appName start with Pay.

platform
string [ 3 .. 10 ] characters
Example: platform=Android

Platform name of an App. Also, possible to search for platform name which contains given search text, using % character, e.g. AND% return all versions whose platform name start with AND.

versionLock
boolean

Lock state of a Version

isCheckIntegrity
boolean

isCheckIntegrity flag of a version

versionStr
string^%{0,1}\d+\.*\d*\.*\d*%{0,1}$
Example: versionStr=%1.2.3%

String representation of a Version number. Also, possible to search for version which contains given search text, using % character, e.g. 1.0% return all versions which start with 1.0.

orderByVersion
string
Enum: "asc" "desc"
Example: orderByVersion=asc

Parameter to specify the result list should be sorted by version number using ascending or descending order.

Responses

Response samples

Content type
application/json
{
  • "versions": [
    ]
}

Info for a specific version

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

versionId
required
string^[0-9A-Za-z]{26}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

ID of a Version

Responses

Response samples

Content type
application/json
{
  • "architectureIntegrities": [
    ],
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "tenantId": "vertx",
  • "version": "1108101562371",
  • "sdkVersion": "1.2.333",
  • "appName": "string",
  • "platform": "string",
  • "versionStr": "1.2.3",
  • "registerUserId": "string",
  • "versionLock": true,
  • "isCheckIntegrity": true
}

Update a version

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

versionId
required
string^[0-9A-Za-z]{26}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

ID of a Version

Request Body schema: application/json
required
appName
required
string [ 3 .. 255 ] characters

Name of an App.

platform
required
string [ 1 .. 100 ] characters

Platform name of an App version.

versionStr
required
string^\d+\.\d+\.\d+$

String representation of a version number.

registerUserId
required
string [ 1 .. 255 ] characters

an Id of a user, by which app version can be registered (in case of default 'registrationUser' registration policy).

versionLock
boolean

Lock flag of a Version.

isCheckIntegrity
boolean

Check Integrity flag of a Version.

Responses

Request samples

Content type
application/json
{
  • "appName": "string",
  • "platform": "string",
  • "versionStr": "1.2.3",
  • "registerUserId": "string",
  • "versionLock": true,
  • "isCheckIntegrity": true
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

delete specific version

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

versionId
required
string^[0-9A-Za-z]{26}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

ID of a Version

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

lock/unlock specific version

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

versionId
required
string^[0-9A-Za-z]{26}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

ID of a Version

Request Body schema: application/json
required
versionLock
required
boolean

Locked flag of a Version.

Responses

Request samples

Content type
application/json
{
  • "versionLock": true
}

Response samples

Content type
application/json
{
  • "architectureIntegrities": [
    ],
  • "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
  • "tenantId": "vertx",
  • "version": "1108101562371",
  • "sdkVersion": "1.2.333",
  • "appName": "string",
  • "platform": "string",
  • "versionStr": "1.2.3",
  • "registerUserId": "string",
  • "versionLock": true,
  • "isCheckIntegrity": true
}

Delete App Registration

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

versionId
required
string^[0-9A-Za-z]{26}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

ID of a Version

query Parameters
architectureName
string [ 3 .. 10 ] characters
Example: architectureName=x86

Architecture Name of an App

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Get list of registered architectures

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

versionId
required
string^[0-9A-Za-z]{26}$
Example: 01F6MJ6J1AA8HWB7G6XRJB709E

ID of a Version

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get a list of Apps

Get a list of Apps

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

query Parameters
page
integer <int32> [ 1 .. 21474837 ]
Default: 1

Number of the requested page, starting at 1

pageSize
integer <int32> [ 1 .. 100 ]
Default: 20

Number of items per page, maximum is 100.

appName
string [ 1 .. 32 ] characters
Example: appName=Payment application

Name of an App

Responses

Response samples

Content type
application/json
{
  • "tenantId": "ks-management",
  • "appName": "Maverick Payment",
  • "pushNotificationConfig": {
    }
}

Save App configuration with app-name and optionally push notification config

Save App configuration with app-name and optionally push notification config

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

appName
required
string [ 1 .. 32 ] characters
Example: Payment application

Name of an App

Request Body schema: application/json
required
categories
required
Array of strings (PushCategories) non-empty unique
Items Enum: "chat" "payment" "tms"
androidApiKey
string or null
iosApnsCertificate
string or null

This field is MANDATORY if any of iosApnsPrivateKey, iosBundleId, iosIsDevelopment fields is/are present.

iosApnsPrivateKey
string or null

This field is MANDATORY if any of iosApnsCertificate, iosBundleId, iosIsDevelopment fields is/are present.

iosBundleId
string or null

This field is MANDATORY if any of iosApnsCertificate, iosApnsPrivateKey, iosIsDevelopment fields is/are present.

iosIsDevelopment
boolean or null

This field is MANDATORY if any of iosApnsCertificate, iosApnsPrivateKey, iosBundleId fields is/are present.

hpkClientId
string or null

This field is MANDATORY if hpkClientSecret field is present.

hpkClientSecret
string or null

This field is MANDATORY if hpkClientId field is present.

fcmServiceAccountJSON
string or null

JSON file provided by Google in Base64-encoded string.

Responses

Request samples

Content type
application/json
{
  • "categories": [
    ],
  • "androidApiKey": "string",
  • "iosApnsCertificate": "string",
  • "iosApnsPrivateKey": "string",
  • "iosBundleId": "string",
  • "iosIsDevelopment": true,
  • "hpkClientId": "string",
  • "hpkClientSecret": "string",
  • "fcmServiceAccountJSON": "eyAiY2xpZW50X2lkIjogImNsaWVudC1pZCIsICJjbGllbnRfc2VjcmV0IjogInNlY3JldCJ9"
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Update App configuration

Update App configuration

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

appName
required
string [ 1 .. 32 ] characters
Example: Payment application

Name of an App

Request Body schema: application/json
required
categories
required
Array of strings (PushCategories) non-empty unique
Items Enum: "chat" "payment" "tms"
androidApiKey
string or null
iosApnsCertificate
string or null

This field is MANDATORY if any of iosApnsPrivateKey, iosBundleId, iosIsDevelopment fields is/are present.

iosApnsPrivateKey
string or null

This field is MANDATORY if any of iosApnsCertificate, iosBundleId, iosIsDevelopment fields is/are present.

iosBundleId
string or null

This field is MANDATORY if any of iosApnsCertificate, iosApnsPrivateKey, iosIsDevelopment fields is/are present.

iosIsDevelopment
boolean or null

This field is MANDATORY if any of iosApnsCertificate, iosApnsPrivateKey, iosBundleId fields is/are present.

hpkClientId
string or null

This field is MANDATORY if hpkClientSecret field is present.

hpkClientSecret
string or null

This field is MANDATORY if hpkClientId field is present.

fcmServiceAccountJSON
string or null

JSON file provided by Google in Base64-encoded string.

Responses

Request samples

Content type
application/json
{
  • "categories": [
    ],
  • "androidApiKey": "string",
  • "iosApnsCertificate": "string",
  • "iosApnsPrivateKey": "string",
  • "iosBundleId": "string",
  • "iosIsDevelopment": true,
  • "hpkClientId": "string",
  • "hpkClientSecret": "string",
  • "fcmServiceAccountJSON": "eyAiY2xpZW50X2lkIjogImNsaWVudC1pZCIsICJjbGllbnRfc2VjcmV0IjogInNlY3JldCJ9"
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Get App for given app-name

Get App for given app-name

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

appName
required
string [ 1 .. 32 ] characters
Example: Payment application

Name of an App

Responses

Response samples

Content type
application/json
{
  • "tenantId": "ks-management",
  • "appName": "Maverick Payment",
  • "pushNotificationConfig": {
    }
}

Delete App for given app-name, also delete related versions

Delete App for given app-name, also delete related versions

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

appName
required
string [ 1 .. 32 ] characters
Example: Payment application

Name of an App

Responses

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

List Apps with it's latest version information using pagination

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

query Parameters
page
integer <int32> [ 1 .. 21474837 ]
Default: 1

Number of the requested page, starting at 1

pageSize
integer <int32> [ 1 .. 100 ]
Default: 20

Number of items per page, maximum is 100.

appName
string [ 1 .. 32 ] characters
Example: appName=Payment application

Name of an App

platform
string >= 3 characters
Example: platform=Android

Platform name of an App

category
Array of strings <= 3 items
Example: category=chat

Array of App Push Notifications Categories

credential
Array of strings <= 3 items
Example: credential=apns

Array of App Push Notifications Credentials

textSearch
string

String parameter to search for a text on app version properties like App Name, Platform, version, app categories, app credential types. TextSearch filter will be applied to the property whose filter is not explicitly set in the request query parameter. For example, if appName query parameter is set to Super App and TextSearch is with Mac, then it will return all app versions whose appName is SuperApp and (platform or versionStr or app categories or app credential types) contains Mac.

isTextSearch
boolean
Deprecated
Default: false

Boolean parameter that indicates to perform text search. Default isTextSearch query parameter is false which means that this mode is disabled and it returns the versions which matches all given search criteria. If isTextSearch query parameter is set to true, all search criteria of type string must be non-empty and their value must be identical. This query parameter is used to perform text search on all search criteria of type string (like app name, platform name, app categories, app credential types, etc). For example: to search for chat text on versions, provide all search criteria of type string with value chat and isTextSearch parameter to true. It returns versions who contain given search text chat in app name OR platform name OR app categories OR app credential. All additional non-string search criteria like version lock, isCheckIntegrity will be applied as usual with AND condition.

Responses

Response samples

Content type
application/json
{
  • "data": [
    ],
  • "totalCount": 0
}

Gets a list of policies by tenant

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Gets a specific policy details

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

policyName
required
string [ 1 .. 50 ] characters
Example: Quorum policy 100

Name of a Policy

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "assignments": [
    ],
  • "type": "quorum",
  • "parameters": {
    }
}

Creates a new policy

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

policyName
required
string [ 1 .. 50 ] characters
Example: Quorum policy 100

Name of a Policy

Request Body schema: application/json
required
type
required
string
Enum: "quorum" "registrationUser"

policy type

object

additional parameters object

Responses

Request samples

Content type
application/json
{
  • "type": "quorum",
  • "parameters": {
    }
}

Response samples

Content type
application/json
{
  • "message": "Some error message",
  • "code": "402",
  • "subsystem": 519
}

Updates a policy

Authorizations:
BearerAuth
path Parameters
tenantId
required
string [ 3 .. 255 ] characters
Example: ks-management

ID of a Tenant

policyName
required
string [ 1 .. 50 ] characters
Example: Quorum policy 100

Name of a Policy

Request Body schema: application/json
required
type
required
string
Enum: "quorum" "registrationUser"

policy type

object

additional parameters object

Responses

Request samples

Content type
application/json
{
  • "type": "quorum",
  • "parameters": {
    }
}

Response samples