Updating a KACLS Endpoint
Use the PATCH /v1/cckm/GoogleWorkspaceCSE/endpoints/{id}
API to update details of a KACLS endpoint. The name of an existing endpoint cannot be modified.
Syntax
curl -k '<IP>/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "issuer": "<issuer-id>", "authenticationAud": "<authentication-aud>", "authorizationAud": "<authorization-aud>", "endpoint_url_hostname": "<endpoint_url_hostname>" \n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
id | string | ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints. |
AUTHTOKEN | string | Authorization token. Parameters listed below can be updated. |
authenticationAud | array of strings | List of supported audience for authentication JWT. This is the ID of the third-party identity provider. For example, for Auth0, it is represented by the Client ID . |
authorizationAud | array of strings | List of supported audience for authorization JWT. |
endpoint_url_hostname | string | Hostname and port (<hostname>:<port> ) of the endpoint URL. Enter the fully qualified domain name (FQDN) of the CCKM/CipherTrust Manager. If the port is not specified, 443 is the default port. |
cors | array of strings | List of Cross-Origin Resource Sharing (CORS) to support. |
issuer | array of strings | List of trusted issuer IDs to use with this endpoint. This issuer is managed through the /GoogleWorkspaceCSE/issuers URL.You can change the issuer when updating an endpoint. |
allow_privileged_unwrap (optional) | boolean | Whether to enable privileged-unwrap configuration for this endpoint. Set to true to enable. Default is false . |
allow_rewrap (optional) | boolean | Whether to enable rewrap configuration for this endpoint. Set to true to enable. Default is false . |
allow_guest_access (optional) | boolean | Whether to enable guest access for this KACLS endpoint. Set true to enable. Default is false. |
Note
To perform the key migration, the value of allow_privileged_unwrap
parameter should be true
for the endpoint and the privilegeunwrap configuration must be set. Refer to Updating a Privileged Unwrap Configuration.
Example Request
curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "issuer": [\n "39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",\n "39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"\n ]\n}' --compressed
Example Response
{
"issuer": [
"39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",
"39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"
],
"id": "c1583936-7d03-4e2d-a0ae-3a1ae2d2e200",
"uri": "kylo:kylo:cckm:kacls-endpoint:endpoint-dome",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-22T09:02:04.732625Z",
"name": "endpoint_demo",
"updatedAt": "2021-02-22T09:16:18.704154652Z",
"cors": null,
"authorizationAud": null,
"authenticationAud": [
"1eOtgM5VhW6KTYpy3T4PkiwkLSS5Yqcu"
],
"endpoint_url_hostname": "demo.thalesgwsintegration.net",
"endpoint_url": "https://demo.thalesgwsintegration.net/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200 ",
"kekName": "ks-cc84e97b53e5457cbd6b664174a0f1df57570a3aa4044ee887077203940f1221",
"kekID": "cc84e97b53e5457cbd6b664174a0f1df57570a3aa4044ee887077203940f1221",
"kekVersion": "1",
"meta": null
}
The output shows updated details of the endpoint.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
Refer to HTTP status codes for details.