Salesforce Cache Only Key Endpoints APIs
CipherTrust Cloud Key Manager (CCKM) can act as a key service for Salesforce Shield Platform Encryption's Cache-Only Key Service. Salesforce fetches keys on demand from CCKM Salesforce Cache-Only Key Endpoints to immediately encrypt and decrypt data. The key material is securely transmitted through an authenticated channel. Salesforce then retains the key in the encrypted key cache until the cache is flushed.
Creating A Salesforce Cache-Only Key Endpoint
Use POST /v1/cckm/sfdc/endpoints/
to create a new Salesforce Cache-Only Key endpoint.
Syntax
curl -k 'https://<IP>/api/v1/cckm/sfdc/endpoints' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "name": "<name-for-endpoint>",\n "url_hostname": "<ciphertrust-manager-base-hostname>",\n "password_authentication": {\n "username": "<user-to-authenticate>",\n "password": "<password-to-authenticate>"\n },\n "organization_id": "<Salesforce-organization-id>"\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
name | string | Desired name for the endpoint. |
url_hostname | string | Base hostname of the CipherTrust Manager. Part of a fully qualified domain name. If you changed the web interface port within CipherTrust Manager from the default port of 443 to another port, ensure to add that same port number when configuring url hostname by specifying the new port number along with the url hostname. For example, example.com:8443. For more information changing the web interface port, refer to Support for Changing the Default Port of Web Interface Setting. |
password_authentication | JSON | Password authentication details for the endpoint. These components make up a Named credential on Salesforce. |
username | string | Username for endpoint requests. |
password | string | Password for endpoint requests. |
organization_id | string | Resource ID of the Salesforce organization where the cache-only key will be created. To get the resource ID of an organization, run the get /v1/cckm/sfdc/organizations API. Refer to Listing Salesforce Organizations for details. |
issuer_id | string | The resource id of the issuer. |
Note
Either issuer_id or password_authentication is required to create endpoints, however, both can't be provided.
Authentication protocol would be OAuth2 in case of issuer_id and password for password_authentication.
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjFkYjgxOWVkLWE4N2MtNDQwMy04ZDZiLWNkYmM1MzE1MDE5YyIsImlhdCI6MTYzMzYzOTAxMiwiZXhwIjoxNjMzNjM5MzEyfQ.BtxVWm96fBRYf-6m1n60d9AOn65VIz0HEvQgdDvgqeU' -H 'Content-Type: application/json' --data-binary $'{\n "name": "nc1",\n "url_hostname": "thales.com",\n "password_authentication": {\n "username": "ncadmin",\n "password": "ncpassword"\n },\n "organization_id": "04f63144-940c-4c4f-8426-111111111111"\n}' --compressed
Example Response
{
"id": "04f63144-940c-4c4f-8426-222222222222",
"uri": "kylo:kylo:cckm:kacls-sfdc:nc1",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-10T00:19:40.321138Z",
"name": "nc1",
"updatedAt": "2021-02-10T00:20:25.036189Z",
"url_hostname": "thales.com",
"url": "https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/",
"organization_id": "04f63144-940c-4c4f-8426-111111111111",
"organization_name": "Thales",
"password_authentication": {
"username": "ncadmin"
}
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Listing all Salesforce Cache-Only Key Endpoints
Use GET /v1/cckm/sfdc/endpoints/
to return a list of Salesforce Cache-Only Key Endpoints. The results can be filtered using the query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/sfdc/endpoints?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Request Query Parameters
Parameter | Type | Description |
---|---|---|
id | string | Resource ID of the endpoint. |
name | string | Name for the endpoint. |
organization_name | string | Name of the Salesforce organization associated with the endpoint. |
organization_id | string | CCKM resource ID of the Salesforce organization associated with the endpoint. |
sfdc_organization_id | string | Salesforce ID of the Salesforce organization associated with the endpoint. |
skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints?skip=0&limit=10' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjFkYjgxOWVkLWE4N2MtNDQwMy04ZDZiLWNkYmM1MzE1MDE5YyIsImlhdCI6MTYzMzYzOTAxMiwiZXhwIjoxNjMzNjM5MzEyfQ.BtxVWm96fBRYf-6m1n60d9AOn65VIz0HEvQgdDvgqeU' --compressed
Example Response
{
"skip": "0,",
"limit": "10,",
"total": "1,",
"resources": [
{
"id": "04f63144-940c-4c4f-8426-222222222222",
"uri": "kylo:kylo:cckm:kacls-sfdc:nc1",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-10T00:19:40.321138Z",
"name": "nc1",
"updatedAt": "2021-02-10T00:20:25.036189Z",
"url_hostname": "thales.com",
"url": "https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/",
"organization_id": "04f63144-940c-4c4f-8426-111111111111",
"organization_name": "Thales",
"password_authentication": {
"username": "ncadmin"
}
}
]
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Get Details for a Salesforce Cache-Only Key Endpoint
Use the GET /v1/cckm/sfdc/endpoints/{id}
API to view the details of a Salesforce Cache-Only Key Endpoint.{id}
is the resource ID of the endpoint.
Syntax
curl -k 'https://<IP>/api/v1/cckm/sfdc/endpoints/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjI4MmFmZTNlLWQyMDgtNGEwZC1iZjc0LTZmYTJmNDdlZTNkOCIsImlhdCI6MTYzMzY0MDQ4NCwiZXhwIjoxNjMzNjQwNzg0fQ.LGf9krD1kA1yLVdur0fIa-TPgzY8TB7JUZIVffm3ZPg' --compressed
Example Response
{
"id": "04f63144-940c-4c4f-8426-222222222222",
"uri": "kylo:kylo:cckm:kacls-sfdc:nc1",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-10T00:19:40.321138Z",
"name": "nc1",
"updatedAt": "2021-02-10T00:20:25.036189Z",
"url_hostname": "thales.com",
"url": "https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/",
"organization_id": "04f63144-940c-4c4f-8426-111111111111",
"organization_name": "Thales",
"password_authentication": {
"username": "ncadmin"
}
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Update a Salesforce Cache-Only Key Endpoint
Use the PATCH /v1/cckm/sfdc/endpoints/{id}
API to update base hostname and authentication details for a Salesforce Cache-Only Key Endpoint.{id}
is the resource ID of the endpoint.
Syntax
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "url_hostname": "<ciphertrust-manager-base-hostname>",\n "password_authentication": {\n "username": "<user-to-authenticate>",\n "password": "<password-to-authenticate>"\n }\n}' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
url_hostname | string | Base hostname of the CipherTrust Manager. Part of a fully qualified domain name. |
password_authentication | JSON | Password authentication details for the endpoint. These components make up a Named credential on Salesforce. |
username | string | Username for endpoint requests. |
password | string | Password for endpoint requests. |
issuer_id | string | The resource id of the issuer. |
Note
- issuer_id can be updated if the authentication protocol is OAuth2.
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjI4MmFmZTNlLWQyMDgtNGEwZC1iZjc0LTZmYTJmNDdlZTNkOCIsImlhdCI6MTYzMzY0MDQ4NCwiZXhwIjoxNjMzNjQwNzg0fQ.LGf9krD1kA1yLVdur0fIa-TPgzY8TB7JUZIVffm3ZPg' -H 'Content-Type: application/json' --data-binary $'{\n "url_hostname": "cckm.thales.com",\n "password_authentication": {\n "username": "updateUser",\n "password": "updatedPwd"\n }\n}' --compressed
Example Response
{
"id": "04f63144-940c-4c4f-8426-222222222222",
"uri": "kylo:kylo:cckm:kacls-sfdc:nc1",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-10T00:19:40.321138Z",
"name": "nc1",
"updatedAt": "2021-02-10T00:20:25.036189Z",
"url_hostname": "cckm.thales.com",
"url": "https://cckm.thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/",
"organization_id": "04f63144-940c-4c4f-8426-111111111111",
"organization_name": "Thales",
"password_authentication": {
"username": "updateUser"
}
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.
Delete a Salesforce Cache-Only Key Endpoint
Use the DELETE /v1/cckm/sfdc/endpoints/{id}
API to delete a Salesforce Cache-Only Key Endpoint.{id}
is the resource ID of the endpoint.
Syntax
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/{id}' -X DELETE -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222' -X DELETE -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjI4MmFmZTNlLWQyMDgtNGEwZC1iZjc0LTZmYTJmNDdlZTNkOCIsImlhdCI6MTYzMzY0MDQ4NCwiZXhwIjoxNjMzNjQwNzg0fQ.LGf9krD1kA1yLVdur0fIa-TPgzY8TB7JUZIVffm3ZPg' --compressed
Example Response
{
"status": 204
}
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.