Overview

In addition to the long-standing Luna shell, administrators now have the ability to use a representational state transfer application programming interface — REST-ful API — to configure and query the appliance.

The REST API's advantage is its lightweight architecture. It is a simple mechanism that allows communication between SafeNet Network HSMs, servers, and applications. The REST API uses verb requests to retrieve, create, update, delete, and send data, as shown in Connections facilitated by REST API.

The REST API client allows the user to perform these tasks all in one place, and serves as an organized demo application that helps users understand how the REST API works. It can be used as an alternate reference tool to the more comprehensive REST API Command Reference guide. It is particularly useful in program writing, as the REST architecture automates some of the manual work that had to be done in the Luna shell.

REST API Architecture

Figure 1: Connections facilitated by REST API

The function of the REST API is to facilitate communications between different appliances, servers, and applications. The REST API client allows users to do this all from one place and automates some of the manual work that had to be done when implementing the same operations in the Luna shell.

Secure Model

The REST API uses security protocols to ensure protection from malicious attacks while communicating sensitive information.

An open source cryptography library, OpenSSL, is used to implement SSL (Secure Sockets Layer) and TLS (Transport Security Layer) protocols to protect your data. SSL certificates are signed so that you can verify their source. Access to the REST API's operations is controlled through role-based authentication, to ensure that only authorized personnel can perform potentially destructive operations. Additionally, PKI authentication acts as a trusted party that validates the identity of individuals, computers, and other machines.

Data entry is limited. Early validation safeguards the server against the entry of rogue data. Likewise, the number of ciphers that can be entered is limited to prevent non-secure ciphers from intruding.