Updating a KACLS Endpoint

Use the PATCH /v1/cckm/GoogleWorkspaceCSE/endpoints/{id} API to update details of a KACLS endpoint. The name of an existing endpoint cannot be modified.

Syntax

curl -k '<IP>/api/v1/cckm/GoogleWorkspaceCSE/endpoints/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "issuer": "<issuer-id>", "authenticationAud": "<authentication-aud>", "authorizationAud": "<authorization-aud>", "endpoint_url_hostname": "<endpoint_url_hostname>" \n}' --compressed

Request Parameters

Parameter	Type	Description
id	string	ID of the endpoint. To find out the ID of an endpoint, refer to Viewing KACLS Endpoints.
AUTHTOKEN	string	Authorization token. Parameters listed below can be updated.
authenticationAud	array of strings	List of supported audience for authentication JWT. This is the ID of the third-party identity provider. For example, for Auth0, it is represented by the `Client ID`.
authorizationAud	array of strings	List of supported audience for authorization JWT.
endpoint_url_hostname	string	Hostname and port (`<hostname>:<port>`) of the endpoint URL. Enter the fully qualified domain name (FQDN) of the CCKM/CipherTrust Manager. If the port is not specified, `443` is the default port.
cors	array of strings	List of Cross-Origin Resource Sharing (CORS) to support.
issuer	array of strings	List of trusted issuer IDs to use with this endpoint. This issuer is managed through the `/GoogleWorkspaceCSE/issuers` URL. You can change the issuer when updating an endpoint.
allow_privileged_unwrap (optional)	boolean	Whether to enable privileged-unwrap configuration for this endpoint. Set to `true` to enable. Default is `false`.
allow_rewrap (optional)	boolean	Whether to enable rewrap configuration for this endpoint. Set to `true` to enable. Default is `false`.
allow_guest_access (optional)	boolean	Whether to enable guest access for this KACLS endpoint. Set true to enable. Default is false.

Note

To perform the key migration, the value of allow_privileged_unwrap parameter should be true for the endpoint and the privilegeunwrap configuration must be set. Refer to Updating a Privileged Unwrap Configuration.

Example Request

curl -k 'https://127.0.0.1/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n  "issuer": [\n  "39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",\n  "39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"\n  ]\n}' --compressed

Example Response

{
    "issuer": [
        "39a9e91b-7a95-4fbf-bf79-30930eeb1d2c",
        "39a9e91b-7a95-4fbf-bf79-30930eeb1d2d"
        ],
    "id": "c1583936-7d03-4e2d-a0ae-3a1ae2d2e200",
    "uri": "kylo:kylo:cckm:kacls-endpoint:endpoint-dome",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2021-02-22T09:02:04.732625Z",
    "name": "endpoint_demo",
    "updatedAt": "2021-02-22T09:16:18.704154652Z",
    "cors": null,
    "authorizationAud": null,
    "authenticationAud": [
        "1eOtgM5VhW6KTYpy3T4PkiwkLSS5Yqcu"
    ],
    "endpoint_url_hostname": "demo.thalesgwsintegration.net",
    "endpoint_url": "https://demo.thalesgwsintegration.net/api/v1/cckm/GoogleWorkspaceCSE/endpoints/c1583936-7d03-4e2d-a0ae-3a1ae2d2e200 ",
    "kekName": "ks-cc84e97b53e5457cbd6b664174a0f1df57570a3aa4044ee887077203940f1221",
    "kekID": "cc84e97b53e5457cbd6b664174a0f1df57570a3aa4044ee887077203940f1221",
    "kekVersion": "1",
    "meta": null
}

The output shows updated details of the endpoint.

Response Codes

Response Code	Description
2xx	Success
4xx	Client errors

Refer to HTTP status codes for details.

Updating a KACLS Endpoint

Syntax

Request Parameters

Example Request

Example Response

Response Codes

On this page

Suggest A Change