Get signer with certificate Deprecated
Returns the signer for the tenant including the certificate, if already signed
This operation requires Admin read privileges.
Deprecation
This endpoint has been obsoleted by the transition to allowing multiple signers per tenant, which is now used to
facilitate signer key rotation. Please use GET /v2/tenants/{tenant}/signers/current
for equivalent behavior.
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
Responses
Response samples
- 200
- 401
- 403
- 404
- default
{- "info": {
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenant": "master",
- "name": "string",
- "createdAt": "2019-08-24T14:15:22Z",
- "updatedAt": "2019-08-24T14:15:22Z",
- "generation": 0,
- "state": "ACTIVE"
}, - "certificate": "string"
}
Trigger signer CA creation Deprecated
Trigger creation of a signer key pair and certificate.
This operation requires Admin write privileges.
Deprecation
This endpoint has been obsoleted by the transition to allowing multiple signers per tenant, which is now used to
facilitate signer key rotation. Please use POST /v2/tenants/{tenant}/signers
for equivalent behavior.
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
Request Body schema: application/jsonrequired
Contains the signer's name
name required | string non-empty The signer's name |
Responses
Request samples
- Payload
{- "name": "signer"
}
Response samples
- 202
- 401
- 403
- 409
- default
{- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenant": "master",
- "name": "string",
- "createdAt": "2019-08-24T14:15:22Z",
- "updatedAt": "2019-08-24T14:15:22Z",
- "generation": 0,
- "state": "ACTIVE"
}
Reissue Signer Certificate Deprecated
Allows to reissue the signer for the tenant. The old key is reused for the new certificate.
This operation requires Admin write privileges.
Deprecation
This endpoint has been obsoleted by the transition to allowing multiple signers per tenant, which is now used to
facilitate signer key rotation. Please use POST /v2/tenants/{tenant}/signers/current/renew
for equivalent
behavior.
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
Request Body schema: application/jsonoptional
ignoreNotIssued | boolean Default: false If set to When setting this to |
Responses
Request samples
- Payload
{- "ignoreNotIssued": false
}
Response samples
- 202
- 400
- 401
- 403
- 404
- 412
- default
{- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenant": "master",
- "name": "string",
- "createdAt": "2019-08-24T14:15:22Z",
- "updatedAt": "2019-08-24T14:15:22Z",
- "generation": 0,
- "state": "ACTIVE"
}
Delete signer Deprecated
Allows deleting the signer for the tenant. This can only be done if there are no certificates depending on that signer. As soon as a user or gateway certificate has been requested using that signer, deletion is no longer possible.
This method may be used to remove a signer for which the CA creation failed. It is RECOMMENDED to only run this
operation after checking that the signer certificate is ISSUED
or FAILED
. This can be done by
GET /v1/tenants/{tenantId}/certificates/admin/{signerId}
.
This operation requires Admin write privileges.
Deprecation
This endpoint has been obsoleted by the transition to allowing multiple signers per tenant, which is now used to
facilitate signer key rotation. Please use DELETE /v2/tenants/{tenant}/signers/current
for equivalent
behavior.
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
Responses
Response samples
- 400
- 401
- 403
- 404
- 409
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
List existing tenant signers
Returns signers for the tenant as a paginated list. The page number and page size can be selected using the
page
and page_size
parameters, respectively.
The list may be filtered using a custom filter
string. See the parameter schema below for a detailed
description.
Authorization
This endpoint requires admin read privileges.
Authorizations:
path Parameters
tenant required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
query Parameters
page | integer <int32> >= 1 Default: 1 The page number (1-based) |
page_size | integer <int32> [ 5 .. 100 ] Default: 20 The number of entries per page, must be between 5 and 100 |
filter | string Filter for specific properties of a signer. A filter is a string of the format
There are special operators
Examples:
|
Responses
Response samples
- 200
- 401
- 403
- default
[- {
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenant": "master",
- "name": "string",
- "createdAt": "2019-08-24T14:15:22Z",
- "updatedAt": "2019-08-24T14:15:22Z",
- "generation": 0,
- "state": "ACTIVE"
}
]
Create a new tenant signer
Creates a new signer for the tenant.
This endpoint may be used to create a signer for the first time, i.e. when there are no other signers for the
same tenant. In this case, a fresh ACTIVE
signer is created and enqueued for certificate issuance.
If there's already a signer for the tenant, this endpoint triggers the creation of a new signer,
which will become the ACTIVE
signer for the tenant. For the new signer, a fresh key pair is generated
according to the current signer key generation settings in the service configuration. The previous ACTIVE
signer of the tenant is transitioned into state RETIRED
, where it can still be used for certificate path
validation, but no longer for creating signatures.
Authorization
This endpoint requires admin write privileges.
Authorizations:
path Parameters
tenant required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
Request Body schema: application/jsonoptional
name | string non-empty A readable name for the signer. Can be omitted to use the configured default naming schema |
Responses
Request samples
- Payload
{- "name": "string"
}
Response samples
- 202
- 401
- 403
- default
{- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenant": "master",
- "name": "string",
- "createdAt": "2019-08-24T14:15:22Z",
- "updatedAt": "2019-08-24T14:15:22Z",
- "generation": 0,
- "state": "ACTIVE"
}
Get the specified tenant signer including the certificate
This endpoint returns the specified signer for the tenant.
The signerSpec
may be a Signer ID in the ULID format. In that case, the signer with the given ID is returned
if it belongs to the specified tenant.
Alternatively, signerSpec
may be current
, which returns the latest ACTIVE
signer for the tenant. If there
is no such signer, 404 is returned.
Authorization
This operation can be executed with admin read or AST Client privileges.
Authorizations:
path Parameters
tenant required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
required | Id (string) or string The signer specification. Can be either the signer ID, or the literal string The special value |
Responses
Response samples
- 200
- 401
- 403
- 404
- default
{- "info": {
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenant": "master",
- "name": "string",
- "createdAt": "2019-08-24T14:15:22Z",
- "updatedAt": "2019-08-24T14:15:22Z",
- "generation": 0,
- "state": "ACTIVE"
}, - "certificate": "string"
}
Delete the specified tenant signer and its certificate
This endpoint deletes the specified signer. Note that this is only possible if the signer CA wasn't used yet to
issue any certificate. If certificates have already been issued by the signer, it can only be retired (replaced)
or revoked. Revoking a signer is possible via POST /v2/tenants/{tenant}/signers/{signerSpec}/revoke
. This
makes sure that the signer can be used neither to issue a certificate, nor to perform certificate path
validation. The signer can be replaced via POST /v2/tenants/{tenant}/signers
, which will create a new signer
for the tenant that will be used to issue certificates in the future. The old signer remains available for
certificate path validation.
The signerSpec
may be a Signer ID in the ULID format. In that case, the signer with the given ID is returned
if it belongs to the specified tenant.
Authorization
This endpoint requires admin write privileges.
Authorizations:
path Parameters
tenant required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
required | Id (string) or string The signer specification. Can be either the signer ID, or the literal string The special value |
Responses
Response samples
- 400
- 401
- 403
- 404
- 409
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Get the full chain for the specified tenant signer
This endpoint returns the certificate chain of the specified signer for the tenant. This operation can only be called if the signer's certificate was already issued, otherwise an error will be returned.
The signerSpec
may be a Signer ID in the ULID format. In that case, the chain for the signer with the given ID
is returned if it belongs to the specified tenant.
Alternatively, signerSpec
may be current
, which returns the chain for the latest ACTIVE
signer for the
tenant. If there is no such signer, 404 is returned.
Authorization
This operation can be executed with admin read or AST Client privileges.
Authorizations:
path Parameters
tenant required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
required | Id (string) or string The signer specification. Can be either the signer ID, or the literal string The special value |
Responses
Response samples
- 200
- 400
- 404
- 412
- default
{- "chain": [
- "string"
]
}
Renew the specified tenant signer's certificate
Allows to renew the signer CA for the tenant. The old key is reused for the new certificate.
This endpoint can be called to keep the certificate for a certain signer alive when it is close to expiry. Additionally, it must be called after the Issuer CA has been changed to a certificate with a different key than before.
The signerSpec
may be a Signer ID in the ULID format. In that case, the signer with the given ID is enqueued
for certificate renewal.
Alternatively, signerSpec
may be current
, which renews the latest ACTIVE
signer for the tenant. If there
is no such signer, 404 is returned.
Authorization
This endpoint requires Admin write privileges.
Authorizations:
path Parameters
tenant required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
required | Id (string) or string The signer specification. Can be either the signer ID, or the literal string The special value |
Request Body schema: application/jsonoptional
ignoreNotIssued | boolean Default: false If set to When setting this to |
Responses
Request samples
- Payload
{- "ignoreNotIssued": false
}
Response samples
- 202
- 401
- 403
- 404
- default
{- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenant": "master",
- "name": "string",
- "createdAt": "2019-08-24T14:15:22Z",
- "updatedAt": "2019-08-24T14:15:22Z",
- "generation": 0,
- "state": "ACTIVE"
}
Revoke the specified tenant signer's certificate
Revokes a specific signer's certificate. After this operation completes, the certificate of the signer is erased from the database and the signer can't be used anymore for certificate path validation or signature validation.
This endpoint can be called in the event of key compromise or when an old (probably RETIRED
signer
certificate) needs to be disabled due to security policies.
The signerSpec
may be a Signer ID in the ULID format. In that case, the signer with the given ID is enqueued
for certificate renewal.
Alternatively, signerSpec
may be current
, which renews the latest ACTIVE
signer for the tenant. If there
is no such signer, 404 is returned.
Authorization
This endpoint required admin write privileges.
Authorizations:
path Parameters
tenant required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
required | Id (string) or string The signer specification. Can be either the signer ID, or the literal string The special value |
Responses
Response samples
- 401
- 403
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Get a paginated list of certificates
Returns a paginated list of certificate information.
This operation requires Admin read privileges.
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
query Parameters
page | integer <int32> >= 1 Default: 1 The page number (1-based) |
page_size | integer <int32> [ 5 .. 100 ] Default: 20 The number of entries per page, must be between 5 and 100 |
filter | string Filter for specific properties of a certificate. A filter is a string of the format
There are special operators
Examples:
|
Responses
Response samples
- 200
- 400
- 401
- 403
- default
[- {
- "certRef": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "status": "REQUESTED",
- "signer": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "user": "string",
- "client": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "requestedAt": "2019-08-24T14:15:22Z",
- "issuedAt": "2019-08-24T14:15:22Z",
- "certProfile": "AST_DEVICE"
}
]
Check the status of a certificate request
Checks the status of a previously filed certificate request. If the request reference refers to a known request, the status will be returned. Otherwise, 404 is raised.
This operation requires Admin read privileges.
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
certRef required | string (Id) ^[0-7][0-9A-HJKMNP-TV-Z]{25}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E The request reference obtained when requesting the certificate |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- default
{- "certRef": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "status": "REQUESTED",
- "signer": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "user": "string",
- "client": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "requestedAt": "2019-08-24T14:15:22Z",
- "issuedAt": "2019-08-24T14:15:22Z",
- "certProfile": "AST_DEVICE"
}
Create signed SDK Config
Creates signed SDK Config
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The tenant name (equal to the realm name in IDP) |
Request Body schema: application/jsonrequired
required | Array of Base64 (string) or Base64Url (string) [ 1 .. 50 ] A list of trusted X.509 TLS certificates in base64 or base64url encoding. |
astUrl | string <= 256 characters ^https?://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA... The AST gateway URL |
Array of objects (ServiceEntry) [ 0 .. 50 ] A list of AST services with their respective URLs |
Responses
Request samples
- Payload
{- "tlsBundle": [
- "MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAwWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cPR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdxsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8ZutmNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxgZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaAFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQBgt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6WPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wlikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQzCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BImlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1OyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90IdshCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6ZvMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqXnLRbwHOoq7hHwg=="
], - "astUrl": "string",
}
Response samples
- 200
- 400
- 401
- 403
- 404
- 412
- default
{- "sdkConfig": "string"
}
Get overview information about all linked ASTClients for a given userId and tenantId
Get overview information about all linked ASTClients for a given userId and tenantId. List can be filtered.
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
query Parameters
userId required | string [ 3 .. 255 ] characters Example: userId=123e4567-e89b-12d3-a456-42665544a3f7 An unique Id of a User |
filter | Array of strings[[a-zA-Z]+\s*(=|\!=|\^=|\$=|\*=)\s*(""|[a-zA-Z...] Filter for specific client. This parameter is repeatable and multiple filters will be applied using logical AND. A filter is a string of the form
Examples:
|
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
- default
[- {
- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
- "appName": "Maverick Test Application",
- "appVersion": "0.0.1-pythondemo",
- "appPlatform": "Windows-10-10.0.19043-SP0",
- "risks": "beep-boop",
- "lockState": "NONE",
- "lastLoginAttempt": 1632819559770,
- "loginError": "string",
- "loginOutcome": "Login succeeded",
- "lastActivationAttempt": 1632819559770,
- "activationError": "string",
- "activationOutcome": "User linked successfully",
- "sdkVersion": "0.0.1-test",
- "deviceName": "Laptop-111-test",
- "clientDevice": "Huawei",
- "clientOsVersion": "1.0.0",
- "createdOn": 1632819559770,
- "lockReason": "Locked due incorrect password",
- "locales": [
- "en_GB"
]
}
]
Get a list of userIds for the linked ASTClient
Get a list of userIds linked to ASTClient for the specified astClientId and tenantId
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
query Parameters
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: astClientId=01FH8MDGN9W5C3RXRFNX6G164S An unique Id of a ASTClient in ULID-like format |
Responses
Response samples
- 200
- 400
- 401
- 403
- 500
- default
[- {
- "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
- "mLoA": "none"
}
]
Lock client
Lock client's ability to perform a login operation (for the specified tenantId)
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
Request Body schema: application/jsonrequired
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ An unique Id of a ASTClient in ULID-like format |
lockReason required | string |
Responses
Request samples
- Payload
{- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
- "lockReason": "Locked by admin"
}
Response samples
- 400
- 401
- 403
- 404
- 406
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Unlock client
Unlock client's ability to perform a login operation (by astClientId for the specified tenantId)
Authorizations:
path Parameters
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: 01FH8MDGN9W5C3RXRFNX6G164S An unique Id of a ASTClient in ULID-like format |
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Unlink user Deprecated
Removes the link between the selected user and ASTClient for the specified tenantId
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
Request Body schema: application/jsonrequired
userId required | string [ 3 .. 255 ] characters An unique Id of a User |
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ An unique Id of a ASTClient in ULID-like format |
Responses
Request samples
- Payload
{- "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S"
}
Response samples
- 400
- 401
- 403
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Delete client
Delete client by astClientId for the specified tenantId.
IMPORTANT: Before deleting a client, all existing links must be removed.
See GET /v1/tenants/{tenantId}/users
to find linked users.
See POST/v1/tenants/{tenantId}/unlink
to unlink users.
Authorizations:
path Parameters
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: 01FH8MDGN9W5C3RXRFNX6G164S An unique Id of a ASTClient in ULID-like format |
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
Responses
Response samples
- 400
- 401
- 403
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Delete user data
Delete all user-related resources - clients(if they are not related to any other users), locales, links, etc.
Authorizations:
path Parameters
userId required | string [ 3 .. 255 ] characters Example: 123e4567-e89b-12d3-a456-42665544a3f7 An unique Id of a User |
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
Responses
Response samples
- 400
- 401
- 403
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Information about clients linked to a user
Returns information about linked clients for the given user. List can be filtered.
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
userId required | string [ 3 .. 255 ] characters Example: 123e4567-e89b-12d3-a456-42665544a3f7 An unique Id of a User |
query Parameters
filter | Array of strings[[a-zA-Z]+\s*(=|\!=|\^=|\$=|\*=)\s*(""|[a-zA-Z...] Filter for specific client. This parameter is repeatable and multiple filters will be applied using logical AND. A filter is a string of the form
Examples:
|
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- default
[- {
- "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
- "tenantId": "ks-management",
- "mLoA": "none",
- "linkedOn": 1632819559770,
- "mLoAUpdatedOn": 1632819559770
}
]
Detailed information about a selected ASTClient
Get detailed information about ASTClient by astClientId for the specified tenantId
Authorizations:
path Parameters
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: 01FH8MDGN9W5C3RXRFNX6G164S An unique Id of a ASTClient in ULID-like format |
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 500
- default
{- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
- "appVersion": "0.0.1-pythondemo",
- "risks": "beep-boop",
- "lockState": "NONE",
- "createdOn": 1632819559770,
- "linkedOnOrMloaUpdated": 1632819559770,
- "lastSuccessfulVerification": 1632819559770,
- "lastFailedVerification": 1632819559770,
- "clientDevice": "Huawei",
- "clientOsVersion": "1.0.0",
- "sdkVersion": "0.0.1-test",
- "deviceName": "Laptop-333",
- "lockReason": "Locked due incorrect password"
}
Force disconnect all clients belong to the user
Immediately disconnect user's clients. It will be processed without order and exists events can be lost. If a body of the request is omitted, then it disconnects ALL user's clients.
Here is the list of available actions (see the specification of a body of the request below):
ALL_CLIENTS
- disconnect all user's clientsSPECIFIED_CLIENTS
- disconnect the specified clientsALL_EXCEPT_SPECIFIED_CLIENTS
- disconnect all except the specified clients
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
userId required | string [ 3 .. 255 ] characters Example: 123e4567-e89b-12d3-a456-42665544a3f7 An unique Id of a User |
Request Body schema: application/json
disconnectType | string Default: "ALL_CLIENTS" Enum: "ALL_CLIENTS" "SPECIFIED_CLIENTS" "ALL_EXCEPT_SPECIFIED_CLIENTS" The disconnect action type. |
clientIds | Array of strings[^([0-9A-HJKMNP-TV-Z]{26})$] The list of client IDs. Required for SPECIFIED_CLIENTS and ALL_EXCEPT_SPECIFIED_CLIENTS actions. |
Responses
Request samples
- Payload
{- "disconnectType": "SPECIFIED_CLIENTS",
- "clientIds": [
- "01FH8MDGN9W5C3RXRFNX6G164S"
]
}
Response samples
- 400
- 401
- 403
- 404
- 422
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Unlink user's clients
Unlink user's clients. If a body of the request is omitted, then it unlinks ALL user's clients.
Here is the list of available actions (see the specification of a body of the request below):
ALL_CLIENTS
- unlink all user's clientsSPECIFIED_CLIENTS
- unlink the specified clientsALL_EXCEPT_SPECIFIED_CLIENTS
- unlink all except the specified clients
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management An unique Id of a tenant |
userId required | string [ 3 .. 255 ] characters Example: 123e4567-e89b-12d3-a456-42665544a3f7 An unique Id of a User |
Request Body schema: application/json
unlinkType | string Default: "ALL_CLIENTS" Enum: "ALL_CLIENTS" "SPECIFIED_CLIENTS" "ALL_EXCEPT_SPECIFIED_CLIENTS" The unlink action type. |
clientIds | Array of strings[^([0-9A-HJKMNP-TV-Z]{26})$] The list of client IDs. Required for SPECIFIED_CLIENTS and ALL_EXCEPT_SPECIFIED_CLIENTS actions. |
Responses
Request samples
- Payload
{- "unlinkType": "SPECIFIED_CLIENTS",
- "clientIds": [
- "01FH8MDGN9W5C3RXRFNX6G164S"
]
}
Response samples
- 400
- 401
- 403
- 404
- 422
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
List all properties for user
Get list of all properties without astClientId for specified userId.
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management The id of the tenant |
userId required | string [ 3 .. 255 ] characters Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX3 The id of the user |
query Parameters
page | integer <int32> >= 1 Default: 1 The page number (1-based) |
page_size | integer <int32> [ 5 .. 100 ] Default: 20 The number of entries per page, must be between 5 and 100 |
filter | Array of strings[[a-zA-Z]+\s*(=|\!=|\^=|\$=|\*=)\s*(""|[a-zA-Z...] Filter for specific properties. This parameter is repeatable and multiple filters will be applied using logical AND. A filter is a string of the form
Examples:
Error could be UnknownProperty(if were added properties names for validation, or was not found compatible field extractor) or ParsingError(if some error was found in filter syntax) |
Responses
Response samples
- 200
- 401
- 403
- default
[- {
- "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
- "name": "CardNumber",
- "type": "UTF8STRING",
- "value": "1111-2222-3333-4444",
- "encryption": "NONE",
- "readOnly": "false",
- "notify": "false",
- "inKeystorage": "false",
- "cpFlags": "0",
- "visibility": [
- "CLIENT"
]
}
]
List all properties for user and AST Client
Get list of all properties for specified userId and astClientId.
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management The id of the tenant |
userId required | string [ 3 .. 255 ] characters Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX3 The id of the user |
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX5 The id of the AST Client |
query Parameters
page | integer <int32> >= 1 Default: 1 The page number (1-based) |
page_size | integer <int32> [ 5 .. 100 ] Default: 20 The number of entries per page, must be between 5 and 100 |
filter | Array of strings[[a-zA-Z]+\s*(=|\!=|\^=|\$=|\*=)\s*(""|[a-zA-Z...] Filter for specific properties. This parameter is repeatable and multiple filters will be applied using logical AND. A filter is a string of the form
Examples:
Error could be UnknownProperty(if were added properties names for validation, or was not found compatible field extractor) or ParsingError(if some error was found in filter syntax) |
Responses
Response samples
- 200
- 401
- 403
- default
[- {
- "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
- "name": "CardNumber",
- "type": "UTF8STRING",
- "value": "1111-2222-3333-4444",
- "encryption": "NONE",
- "readOnly": "false",
- "notify": "false",
- "inKeystorage": "false",
- "cpFlags": "0",
- "visibility": [
- "CLIENT"
]
}
]
Create a property by portal
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management The id of the tenant |
Request Body schema: application/jsonrequired
name required | string [ 3 .. 255 ] characters The name of the property |
type required | string Enum: "OCTETSTRING" "INTEGER" "BOOLEAN" "UTF8STRING" "DATE" Information on a accepted type of property's value |
value required | string non-empty a value of a property |
encryption | string Default: "NONE" Enum: "NONE" "SERVER_SIDE_DB" Info that say is the stored value should be encrypted in DB and what the way |
readOnly | boolean Default: false A flag that say is the property readOnly |
notify | boolean Default: false A flag that say is the service notifies changes to the AST Client (e.g. using stream service) |
inKeystorage | boolean Default: false A flag for special protection mode. I.e. property is associated with so called virtual smartcard on the AST Client. |
cpFlags | integer Default: 0 CACHE_POLICY flags determine, how AST Client processes changes. Allowed values are 0 - NO_CACHING, 512 -SYNCHRONIZE_FROM_SDK, 768 - SYNCHRONIZE_FROM_SSMS |
visibility | Array of strings or null Enum: "CLIENT" "INTERNAL" "EXTERNAL" |
userId required | string [ 3 .. 255 ] characters An unique Id of a User |
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ An unique Id of a ASTClient in ULID-like format |
Responses
Request samples
- Payload
{- "name": "CardNumber",
- "type": "UTF8STRING",
- "value": "1111-2222-3333-4444",
- "encryption": "NONE",
- "readOnly": "false",
- "notify": "false",
- "inKeystorage": "false",
- "cpFlags": "0",
- "visibility": [
- "CLIENT"
], - "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S"
}
Response samples
- 201
- 400
- 401
- 403
- 406
- 409
- 500
- default
{- "id": "1ZN1FP8NRQ8NHB7Z1CJRZPDBX1"
}
Info for a specific property by propertyId for portal
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management The id of the tenant |
propertyId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX1 The id of the property to retrieve |
Responses
Response samples
- 200
- 401
- 403
- 404
- default
{- "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S",
- "name": "CardNumber",
- "type": "UTF8STRING",
- "value": "1111-2222-3333-4444",
- "encryption": "NONE",
- "readOnly": "false",
- "notify": "false",
- "inKeystorage": "false",
- "cpFlags": "0",
- "visibility": [
- "CLIENT"
]
}
Delete the property with given propertyId by portal
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management The id of the tenant |
propertyId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX1 The id of the property to retrieve |
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- 500
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Update the property with given propertyId by portal
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management The id of the tenant |
propertyId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX1 The id of the property to retrieve |
Request Body schema: application/jsonrequired
name required | string [ 3 .. 255 ] characters The name of the property |
type required | string Enum: "OCTETSTRING" "INTEGER" "BOOLEAN" "UTF8STRING" "DATE" Information on a accepted type of property's value |
value required | string non-empty a value of a property |
encryption | string Default: "NONE" Enum: "NONE" "SERVER_SIDE_DB" Info that say is the stored value should be encrypted in DB and what the way |
readOnly | boolean Default: false A flag that say is the property readOnly |
notify | boolean Default: false A flag that say is the service notifies changes to the AST Client (e.g. using stream service) |
inKeystorage | boolean Default: false A flag for special protection mode. I.e. property is associated with so called virtual smartcard on the AST Client. |
cpFlags | integer Default: 0 CACHE_POLICY flags determine, how AST Client processes changes. Allowed values are 0 - NO_CACHING, 512 -SYNCHRONIZE_FROM_SDK, 768 - SYNCHRONIZE_FROM_SSMS |
visibility | Array of strings or null Enum: "CLIENT" "INTERNAL" "EXTERNAL" |
userId required | string [ 3 .. 255 ] characters An unique Id of a User |
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ An unique Id of a ASTClient in ULID-like format |
Responses
Request samples
- Payload
{- "name": "CardNumber",
- "type": "UTF8STRING",
- "value": "1111-2222-3333-4444",
- "encryption": "NONE",
- "readOnly": "false",
- "notify": "false",
- "inKeystorage": "false",
- "cpFlags": "0",
- "visibility": [
- "CLIENT"
], - "userId": "123e4567-e89b-12d3-a456-42665544a3f7",
- "astClientId": "01FH8MDGN9W5C3RXRFNX6G164S"
}
Response samples
- 400
- 401
- 403
- 406
- 409
- 500
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Delete a property with given Name by portal
Delete a property by name without AstClientId for the specified userId by authorized portal user.
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management The id of the tenant |
userId required | string [ 3 .. 255 ] characters Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX3 The id of the user |
propertyName required | string [ 3 .. 255 ] characters Example: CardNumber The name of the AST Client Property |
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- 500
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Delete client's property with given Name by portal
Delete a property by name for the specified userId and astClientId by authorized portal user.
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management The id of the tenant |
userId required | string [ 3 .. 255 ] characters Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX3 The id of the user |
astClientId required | string^([0-9A-HJKMNP-TV-Z]{26})$ Example: 1ZN1FP8NRQ8NHB7Z1CJRZPDBX5 The id of the AST Client |
propertyName required | string [ 3 .. 255 ] characters Example: CardNumber The name of the AST Client Property |
Responses
Response samples
- 400
- 401
- 403
- 404
- 406
- 500
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
List Localizable Templates
Returns a paged list of all available templates.
The template list might be filtered for locales by specifying a standard Accept-Language
header. Furthermore, template names can be filtered using the filter
query parameter.
path Parameters
tenantId required | string non-empty The tenant scope |
query Parameters
page | integer <int32> >= 1 Default: 1 The page number (1-based) |
page_size | integer <int32> [ 2 .. 100 ] Default: 20 The number of entries per page, must be between 5 and 100 |
filter | string^(\*|\*\*|[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*... Default: "**" A template name filter, consisting of a simple glob-like syntax. It may include literal
matching, single component wildcards Wildcards are not allowed to directly follow or precede a literal matcher. Example:
|
header Parameters
Accept-Language | string^((\*|([a-zA-Z]{1,8}))((?<!\*)-([A-Z0-9]{1,8}... Default: * Example: de-DE,en;q=0.7 A header specifying the acceptable locales for the answer. |
Responses
Response samples
- 200
- 400
- default
[- {
- "key": "string",
- "defaultLocale": "de-DE",
- "locales": [
- "de-DE"
]
}
]
Create a New Template
Creates a new template. Requires that a template with the given name doesn't exist yet.
The template definition may already include localized variants for any number of additional locales, but must at least contain a template for the default locale.
Authorizations:
path Parameters
tenantId required | string non-empty The tenant scope |
Request Body schema: application/jsonrequired
The template definition
key required | string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$ A template identifier Must start with a letter, followed by any number of letters, digits, - or _. Optionally, a dot followed by another template identifier might be added. |
defaultContent required | string (TemplateContent) non-empty The template content |
Array of objects |
Responses
Request samples
- Payload
{- "key": "string",
- "defaultContent": "string",
- "locales": [
- {
- "locale": "de-DE",
- "content": "string"
}
]
}
Response samples
- 400
- 401
- 403
- 409
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Retrieve Template Content
Retrieves the content of the given template. The desired locale may be passed in terms of
standard Accept-Language
header. If no such header is sent, the default locale is
returned.
path Parameters
tenantId required | string non-empty The tenant scope |
templateKey required | string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$ The template's key |
header Parameters
Accept-Language | string^((\*|([a-zA-Z]{1,8}))((?<!\*)-([A-Z0-9]{1,8}... Default: * Example: de-DE,en;q=0.7 A header specifying the acceptable locales for the answer. |
Responses
Response samples
- 200
- 400
- 404
- 406
- default
{- "key": "string",
- "locale": "de-DE",
- "content": "string"
}
Update Template
Updates an existing template. This offers the option to update the default content, update any existing locale's content, or add new locales.
Authorizations:
path Parameters
tenantId required | string non-empty The tenant scope |
templateKey required | string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$ The template's key |
Request Body schema: application/jsonrequired
The template patch
defaultContent | string (TemplateContent) non-empty The template content |
Array of objects |
Responses
Request samples
- Payload
{- "defaultContent": "string",
- "locales": [
- {
- "locale": "de-DE",
- "content": "string"
}
]
}
Response samples
- 400
- 401
- 403
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Delete Template
Deletes an existing template altogether. All locales and the template itself are removed.
Authorizations:
path Parameters
tenantId required | string non-empty The tenant scope |
templateKey required | string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$ The template's key |
Responses
Response samples
- 400
- 401
- 403
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Update Template for Locale
Updates the given locale for an existing template. The locale will be added if it didn't exist before.
Authorizations:
path Parameters
tenantId required | string non-empty The tenant scope |
templateKey required | string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$ The template's key |
locale required | string (LanguageTag) ^(((en-GB-oed|i-ami|i-bnn|i-default|i-enochia... Example: de-DE The template's locale to target |
Request Body schema: application/jsonrequired
The template patch
content required | string (TemplateContent) non-empty The template content |
Responses
Request samples
- Payload
{- "content": "string"
}
Response samples
- 400
- 401
- 403
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Delete Template for Locale
Deletes the given locale for a template. If the locale doesn't exist, this operation does nothing.
Authorizations:
path Parameters
tenantId required | string non-empty The tenant scope |
templateKey required | string (TemplateKey) <= 1024 characters ^[a-zA-Z]+[\w\-]*(\.[a-zA-Z]+[\w\-]*)*$ The template's key |
locale required | string (LanguageTag) ^(((en-GB-oed|i-ami|i-bnn|i-default|i-enochia... Example: de-DE The template's locale to target |
Responses
Response samples
- 400
- 401
- 403
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Start a TMS
Start a TMS (transaction flow) for a specific user.
Freshness of Authentication
The user can be forced to enter his credentials again in order to be able to view/process the TMS by setting
requireFreshnessOfAuthentication
to any non-negative value. The semantics are as follows:
requiresFreshnessOfAuthentication == -1
- no fresh authentication is requiredrequiresFreshnessOfAuthentication ~= 0..2
- the user always needs to do a fresh authenticationrequiresFreshnessOfAuthentication > 2
- the user needs to enter his credentials if the last authentication is more than that many seconds older than the retrieval time of the TMS (fieldretrievedAt
in the TMS status)
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The ID of the tenant to use |
Request Body schema: application/jsonrequired
Contains all parameters required to start the transaction
userId required | string non-empty The of the user to start a TMS for |
required | object (MessageData) The message data to be displayed to the user |
object (AppFilter) An optional filter to send the TMS only to clients with a specific app | |
astClientIds | Array of strings (Id) non-empty [^[0-7][0-9A-HJKMNP-TV-Z]{25}$] An optional client filter to send the TMS only to specific clients of the user |
retrievalTimeout | integer <int32> >= 1 Default: 300 The number of seconds the client is allowed to take for retrieving the TMS message. |
tmsTimeout | integer <int32> >= 1 Default: 600 The number of seconds the TMS is allowed to take for completion after retrieval. |
requireExplicitAuthentication | boolean Default: false Whether the TMS result must be submitted with an specifically authenticated token. This requires a specific scope in the access token that can be configured in the service configuration. |
requireFreshnessOfAuthentication | integer <int32> >= -1 Default: -1 Requires the user to authenticate within a certain time to be able to respond to the TMS. This
authentication includes presenting credentials (e.g. the password) to the IDP. If this field is set to Setting this to |
object (PushSpec) An optional, customizable push notification payload. It allows to specify a custom push notification Push Notification Title:
Push Notification Body:
Both fields can also be set to To disable sending push for this TMS or DM, set | |
auditMessage | any An optional message that is written to auditing |
Responses
Request samples
- Payload
{- "userId": "string",
- "tmsData": {
- "text": "string",
- "external": false,
- "data": { }
}, - "appFilter": {
- "name": "string",
- "platform": "string"
}, - "astClientIds": [
- "01F6MJ6J1AA8HWB7G6XRJB709E"
], - "retrievalTimeout": 300,
- "tmsTimeout": 600,
- "requireExplicitAuthentication": false,
- "requireFreshnessOfAuthentication": -1,
- "push": {
- "skip": false,
- "title": {
- "text": "You have a new message"
}, - "body": {
- "text": "You have a new message"
}
}, - "auditMessage": null
}
Response samples
- 202
- 400
- 401
- 403
- default
{- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "status": "STARTED",
- "startedAt": "2019-08-24T14:15:22Z",
- "retrievedAt": "2019-08-24T14:15:22Z",
- "completedAt": "2019-08-24T14:15:22Z",
- "retrievalTimeout": 0,
- "tmsTimeout": 0,
- "userId": "string",
- "appFilter": {
- "name": "string",
- "platform": "string"
}, - "astClientIds": [
- "01F6MJ6J1AA8HWB7G6XRJB709E"
]
}
Cancel an Ongoing TMS
Requests to cancel a running TMS. This operation will fail if the TMS is already complete.
A TMS is complete if it is in ACCEPTED
, REJECTED
, TIMEOUT
or CANCELLED
state.
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The ID of the tenant to use |
tmsId required | string (Id) ^[0-7][0-9A-HJKMNP-TV-Z]{25}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E The ID of the TMS |
Responses
Response samples
- 400
- 401
- 403
- 404
- 412
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Get TMS Status
Retrieve the status of a TMS
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The ID of the tenant to use |
tmsId required | string (Id) ^[0-7][0-9A-HJKMNP-TV-Z]{25}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E The ID of the TMS |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- default
{- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "status": "STARTED",
- "startedAt": "2019-08-24T14:15:22Z",
- "retrievedAt": "2019-08-24T14:15:22Z",
- "completedAt": "2019-08-24T14:15:22Z",
- "retrievalTimeout": 0,
- "tmsTimeout": 0,
- "userId": "string",
- "appFilter": {
- "name": "string",
- "platform": "string"
}, - "astClientIds": [
- "01F6MJ6J1AA8HWB7G6XRJB709E"
]
}
Get TMS Result
Retrieve the result of a completed TMS
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The ID of the tenant to use |
tmsId required | string (Id) ^[0-7][0-9A-HJKMNP-TV-Z]{25}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E The ID of the TMS |
Responses
Response samples
- 200
- 400
- 401
- 403
- 404
- 412
- default
{- "info": {
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "status": "STARTED",
- "startedAt": "2019-08-24T14:15:22Z",
- "retrievedAt": "2019-08-24T14:15:22Z",
- "completedAt": "2019-08-24T14:15:22Z",
- "retrievalTimeout": 0,
- "tmsTimeout": 0,
- "userId": "string",
- "appFilter": {
- "name": "string",
- "platform": "string"
}, - "astClientIds": [
- "01F6MJ6J1AA8HWB7G6XRJB709E"
]
}, - "completedBy": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "signedData": "string",
- "failureReason": {
- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
}
Send a Display Message
Send a display message to a specific user.
Authorizations:
path Parameters
tenantId required | string (Tenant) [ 1 .. 255 ] characters Example: master The ID of the tenant to use |
Request Body schema: application/jsonrequired
Contains all parameters required to start the transaction
userId required | string non-empty The of the user to start a TMS for |
required | object (MessageData) The message data to be displayed to the user |
object (AppFilter) An optional filter to send the TMS only to clients with a specific app | |
astClientIds | Array of strings (Id) non-empty [^[0-7][0-9A-HJKMNP-TV-Z]{25}$] An optional client filter to send the TMS only to specific clients of the user |
displayMessageTimeout | integer <int32> >= 1 Default: 600 The number of seconds the display message is available for clients to retrieve |
object (PushSpec) An optional, customizable push notification payload. It allows to specify a custom push notification Push Notification Title:
Push Notification Body:
Both fields can also be set to To disable sending push for this TMS or DM, set | |
auditMessage | any An optional message that is written to auditing |
Responses
Request samples
- Payload
{- "userId": "string",
- "displayMessageData": {
- "text": "string",
- "external": false,
- "data": { }
}, - "appFilter": {
- "name": "string",
- "platform": "string"
}, - "astClientIds": [
- "01F6MJ6J1AA8HWB7G6XRJB709E"
], - "displayMessageTimeout": 600,
- "push": {
- "skip": false,
- "title": {
- "text": "You have a new message"
}, - "body": {
- "text": "You have a new message"
}
}, - "auditMessage": null
}
Response samples
- 202
- 400
- 401
- 403
- 404
- default
{- "id": "01F6MJ6J1AA8HWB7G6XRJB709E"
}
List all architectures according to given platform name
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
platformName required | string [ 3 .. 10 ] characters Example: Android Name of a App platform to retrieve architectures |
Responses
Response samples
- 200
- 401
- 500
- default
[- {
- "architectureName": "string"
}
]
List all versions using pagination
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
query Parameters
page | integer <int32> [ 1 .. 21474837 ] Default: 1 Number of the requested page, starting at 1 |
pageSize | integer <int32> [ 1 .. 100 ] Default: 20 Number of items per page, maximum is 100. |
appName | string [ 1 .. 32 ] characters Example: appName=Payment application Name of an App |
platform | string >= 3 characters Example: platform=Android Platform name of an App |
versionLock | boolean Lock state of a Version |
isCheckIntegrity | boolean isCheckIntegrity flag of a version |
versionStr | string Example: versionStr=1.2.3 String representation of a Version number. |
textSearch | string String parameter to search for a text on app version properties like App Name, Platform, version. TextSearch filter will be applied to the property whose filter is not explicitly set in the request query parameter. For example, if appName query parameter is set to Super App and TextSearch is with Mac, then it will return all app versions whose appName is SuperApp and platform or versionStr contains Mac. |
isTextSearch | boolean Deprecated Default: false Boolean parameter that indicates to perform text search.
Default |
Responses
Response samples
- 200
- 401
- 500
- default
{- "data": [
- {
- "architectureIntegrities": [
- {
- "isRegistered": true,
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "versionId": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "architecture": "string"
}
], - "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenantId": "vertx",
- "version": "1108101562371",
- "sdkVersion": "1.2.333",
- "appName": "string",
- "platform": "string",
- "versionStr": "1.2.3",
- "registerUserId": "string",
- "versionLock": true,
- "isCheckIntegrity": true
}
], - "totalCount": 0
}
Create a version
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
Request Body schema: application/jsonrequired
appName required | string [ 3 .. 255 ] characters Name of an App. |
platform required | string [ 1 .. 100 ] characters Platform name of an App version. |
versionStr required | string^\d+\.\d+\.\d+$ String representation of a version number. |
registerUserId required | string [ 1 .. 255 ] characters an Id of a user, by which app version can be registered (in case of default 'registrationUser' registration policy). |
versionLock | boolean Lock flag of a Version. |
isCheckIntegrity | boolean Check Integrity flag of a Version. |
Responses
Request samples
- Payload
{- "appName": "string",
- "platform": "string",
- "versionStr": "1.2.3",
- "registerUserId": "string",
- "versionLock": true,
- "isCheckIntegrity": true
}
Response samples
- 401
- 500
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Hierarchical representation of app-version and its properties using pagination
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
query Parameters
page | integer <int32> [ 1 .. 21474837 ] Default: 1 Number of the requested page, starting at 1 |
pageSize | integer <int32> [ 1 .. 100 ] Default: 20 Number of items per page, maximum is 100. |
appName | string [ 1 .. 32 ] characters Example: appName=Payment application Name of an App. Also, possible to search for appName which contains given search text, using |
platform | string [ 3 .. 10 ] characters Example: platform=Android Platform name of an App. Also, possible to search for platform name which contains given search text, using |
versionLock | boolean Lock state of a Version |
isCheckIntegrity | boolean isCheckIntegrity flag of a version |
versionStr | string^%{0,1}\d+\.*\d*\.*\d*%{0,1}$ Example: versionStr=%1.2.3% String representation of a Version number. Also, possible to search for version which contains given search text, using |
Responses
Response samples
- 200
- 401
- 500
- default
{- "apps": [
- {
- "appName": "string",
- "platforms": [
- {
- "platformId": 0,
- "platformName": "string",
- "versions": [
- {
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "versionStr": "1.2.3",
- "versionLock": true,
- "isCheckIntegrity": true,
- "registerState": [
- "string"
]
}
]
}
]
}
]
}
List distinct version numbers using pagination
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
query Parameters
page | integer <int32> [ 1 .. 21474837 ] Default: 1 Number of the requested page, starting at 1 |
pageSize | integer <int32> [ 1 .. 100 ] Default: 20 Number of items per page, maximum is 100. |
appName | string [ 1 .. 32 ] characters Example: appName=Payment application Name of an App. Also, possible to search for appName which contains given search text, using |
platform | string [ 3 .. 10 ] characters Example: platform=Android Platform name of an App. Also, possible to search for platform name which contains given search text, using |
versionLock | boolean Lock state of a Version |
isCheckIntegrity | boolean isCheckIntegrity flag of a version |
versionStr | string^%{0,1}\d+\.*\d*\.*\d*%{0,1}$ Example: versionStr=%1.2.3% String representation of a Version number. Also, possible to search for version which contains given search text, using |
orderByVersion | string Enum: "asc" "desc" Example: orderByVersion=asc Parameter to specify the result list should be sorted by version number using ascending or descending order. |
Responses
Response samples
- 200
- 401
- 500
- default
{- "versions": [
- "1.2.3"
]
}
Info for a specific version
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
versionId required | string^[0-9A-Za-z]{26}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E ID of a Version |
Responses
Response samples
- 200
- 401
- default
{- "architectureIntegrities": [
- {
- "isRegistered": true,
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "versionId": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "architecture": "string"
}
], - "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenantId": "vertx",
- "version": "1108101562371",
- "sdkVersion": "1.2.333",
- "appName": "string",
- "platform": "string",
- "versionStr": "1.2.3",
- "registerUserId": "string",
- "versionLock": true,
- "isCheckIntegrity": true
}
Update a version
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
versionId required | string^[0-9A-Za-z]{26}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E ID of a Version |
Request Body schema: application/jsonrequired
appName required | string [ 3 .. 255 ] characters Name of an App. |
platform required | string [ 1 .. 100 ] characters Platform name of an App version. |
versionStr required | string^\d+\.\d+\.\d+$ String representation of a version number. |
registerUserId required | string [ 1 .. 255 ] characters an Id of a user, by which app version can be registered (in case of default 'registrationUser' registration policy). |
versionLock | boolean Lock flag of a Version. |
isCheckIntegrity | boolean Check Integrity flag of a Version. |
Responses
Request samples
- Payload
{- "appName": "string",
- "platform": "string",
- "versionStr": "1.2.3",
- "registerUserId": "string",
- "versionLock": true,
- "isCheckIntegrity": true
}
Response samples
- 401
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
delete specific version
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
versionId required | string^[0-9A-Za-z]{26}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E ID of a Version |
Responses
Response samples
- 401
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
lock/unlock specific version
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
versionId required | string^[0-9A-Za-z]{26}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E ID of a Version |
Request Body schema: application/jsonrequired
versionLock required | boolean Locked flag of a Version. |
Responses
Request samples
- Payload
{- "versionLock": true
}
Response samples
- 200
- 401
- default
{- "architectureIntegrities": [
- {
- "isRegistered": true,
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "versionId": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "architecture": "string"
}
], - "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "tenantId": "vertx",
- "version": "1108101562371",
- "sdkVersion": "1.2.333",
- "appName": "string",
- "platform": "string",
- "versionStr": "1.2.3",
- "registerUserId": "string",
- "versionLock": true,
- "isCheckIntegrity": true
}
Delete App Registration
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
versionId required | string^[0-9A-Za-z]{26}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E ID of a Version |
query Parameters
architectureName | string [ 3 .. 10 ] characters Example: architectureName=x86 Architecture Name of an App |
Responses
Response samples
- 401
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Get list of registered architectures
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
versionId required | string^[0-9A-Za-z]{26}$ Example: 01F6MJ6J1AA8HWB7G6XRJB709E ID of a Version |
Responses
Response samples
- 200
- 401
- default
[- {
- "isRegistered": true,
- "id": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "versionId": "01F6MJ6J1AA8HWB7G6XRJB709E",
- "architecture": "string"
}
]
Get a list of Apps
Get a list of Apps
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
query Parameters
page | integer <int32> [ 1 .. 21474837 ] Default: 1 Number of the requested page, starting at 1 |
pageSize | integer <int32> [ 1 .. 100 ] Default: 20 Number of items per page, maximum is 100. |
appName | string [ 1 .. 32 ] characters Example: appName=Payment application Name of an App |
Responses
Response samples
- 200
- 400
- 401
- 403
- 500
- default
{- "tenantId": "ks-management",
- "appName": "Maverick Payment",
- "pushNotificationConfig": {
- "categories": [
- "chat"
], - "androidApiKey": "string",
- "iosApnsCertificate": "string",
- "iosApnsPrivateKey": "string",
- "iosBundleId": "string",
- "iosIsDevelopment": true,
- "hpkClientId": "string",
- "hpkClientSecret": "string",
- "fcmServiceAccountJSON": "eyAiY2xpZW50X2lkIjogImNsaWVudC1pZCIsICJjbGllbnRfc2VjcmV0IjogInNlY3JldCJ9"
}
}
Save App configuration with app-name and optionally push notification config
Save App configuration with app-name and optionally push notification config
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
appName required | string [ 1 .. 32 ] characters Example: Payment application Name of an App |
Request Body schema: application/jsonrequired
categories required | Array of strings (PushCategories) non-empty unique Items Enum: "chat" "payment" "tms" |
androidApiKey | string or null |
iosApnsCertificate | string or null This field is MANDATORY if any of |
iosApnsPrivateKey | string or null This field is MANDATORY if any of |
iosBundleId | string or null This field is MANDATORY if any of |
iosIsDevelopment | boolean or null This field is MANDATORY if any of |
hpkClientId | string or null This field is MANDATORY if |
hpkClientSecret | string or null This field is MANDATORY if |
fcmServiceAccountJSON | string or null JSON file provided by Google in Base64-encoded string. |
Responses
Request samples
- Payload
{- "categories": [
- "chat"
], - "androidApiKey": "string",
- "iosApnsCertificate": "string",
- "iosApnsPrivateKey": "string",
- "iosBundleId": "string",
- "iosIsDevelopment": true,
- "hpkClientId": "string",
- "hpkClientSecret": "string",
- "fcmServiceAccountJSON": "eyAiY2xpZW50X2lkIjogImNsaWVudC1pZCIsICJjbGllbnRfc2VjcmV0IjogInNlY3JldCJ9"
}
Response samples
- 400
- 401
- 403
- 404
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Update App configuration
Update App configuration
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
appName required | string [ 1 .. 32 ] characters Example: Payment application Name of an App |
Request Body schema: application/jsonrequired
categories required | Array of strings (PushCategories) non-empty unique Items Enum: "chat" "payment" "tms" |
androidApiKey | string or null |
iosApnsCertificate | string or null This field is MANDATORY if any of |
iosApnsPrivateKey | string or null This field is MANDATORY if any of |
iosBundleId | string or null This field is MANDATORY if any of |
iosIsDevelopment | boolean or null This field is MANDATORY if any of |
hpkClientId | string or null This field is MANDATORY if |
hpkClientSecret | string or null This field is MANDATORY if |
fcmServiceAccountJSON | string or null JSON file provided by Google in Base64-encoded string. |
Responses
Request samples
- Payload
{- "categories": [
- "chat"
], - "androidApiKey": "string",
- "iosApnsCertificate": "string",
- "iosApnsPrivateKey": "string",
- "iosBundleId": "string",
- "iosIsDevelopment": true,
- "hpkClientId": "string",
- "hpkClientSecret": "string",
- "fcmServiceAccountJSON": "eyAiY2xpZW50X2lkIjogImNsaWVudC1pZCIsICJjbGllbnRfc2VjcmV0IjogInNlY3JldCJ9"
}
Response samples
- 400
- 401
- 403
- 404
- 500
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
Get App for given app-name
Get App for given app-name
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
appName required | string [ 1 .. 32 ] characters Example: Payment application Name of an App |
Responses
Response samples
- 200
- 400
- 401
- 403
- 500
- default
{- "tenantId": "ks-management",
- "appName": "Maverick Payment",
- "pushNotificationConfig": {
- "categories": [
- "chat"
], - "androidApiKey": "string",
- "iosApnsCertificate": "string",
- "iosApnsPrivateKey": "string",
- "iosBundleId": "string",
- "iosIsDevelopment": true,
- "hpkClientId": "string",
- "hpkClientSecret": "string",
- "fcmServiceAccountJSON": "eyAiY2xpZW50X2lkIjogImNsaWVudC1pZCIsICJjbGllbnRfc2VjcmV0IjogInNlY3JldCJ9"
}
}
Delete App for given app-name, also delete related versions
Delete App for given app-name, also delete related versions
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
appName required | string [ 1 .. 32 ] characters Example: Payment application Name of an App |
Responses
Response samples
- 400
- 401
- 403
- 404
- 500
- default
{- "message": "Some error message",
- "code": "402",
- "subsystem": 519
}
List Apps with it's latest version information using pagination
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
query Parameters
page | integer <int32> [ 1 .. 21474837 ] Default: 1 Number of the requested page, starting at 1 |
pageSize | integer <int32> [ 1 .. 100 ] Default: 20 Number of items per page, maximum is 100. |
appName | string [ 1 .. 32 ] characters Example: appName=Payment application Name of an App |
platform | string >= 3 characters Example: platform=Android Platform name of an App |
category | Array of strings <= 3 items Example: category=chat Array of App Push Notifications Categories |
credential | Array of strings <= 3 items Example: credential=apns Array of App Push Notifications Credentials |
textSearch | string String parameter to search for a text on app version properties like App Name, Platform, version, app categories, app credential types. TextSearch filter will be applied to the property whose filter is not explicitly set in the request query parameter. For example, if appName query parameter is set to Super App and TextSearch is with Mac, then it will return all app versions whose appName is SuperApp and (platform or versionStr or app categories or app credential types) contains Mac. |
isTextSearch | boolean Deprecated Default: false Boolean parameter that indicates to perform text search.
Default |
Responses
Response samples
- 200
- 401
- default
{- "data": [
- {
- "appName": "string",
- "pushNotificationConfig": {
- "categories": [
- "chat"
], - "credentials": [
- "APNS"
]
}, - "platforms": [
- {
- "name": "string",
- "latestVersion": "1.2.3",
- "latestVersionId": "01F6MJ6J1AA8HWB7G6XRJB709E"
}
]
}
], - "totalCount": 0
}
Gets a list of policies by tenant
Authorizations:
path Parameters
tenantId required | string [ 3 .. 255 ] characters Example: ks-management ID of a Tenant |
Responses
Response samples
- 200
- 401
- 500
- default
[- {
- "name": "string",
- "assignments": [
- {
- "id": 1,
- "policyName": "string",
- "appName": "string",
- "platform": "Android",
- "architectureName": "x86"
}
], - "type": "quorum",
- "parameters": {
- "quorumSize": 1,
- "totalRequiredVotes": 1
}
}
]