REST API  17
REST API for Luna Network HSMs
PUT /api/lunasa/hsms/{hsmid}/partitions/{partitionid}/roles/{roleid}

PUT /api/lunasa/hsms/{hsmid}/partitions/{partitionid}/roles/{roleid}

Initializes the partition role.

Parameters

hsmid

The serial number of the HSM of interest.

Use: Required

JSON Schema: 

   Object
   type: integer
   format: int64
   minimum: 1
   maximum: 9999999999

partitionid

The identifier of the partition of interest.

Use: Required

JSON Schema: 

   Object
   type: integer
   format: int64
   minimum: 1000000
   maximum: 99999999999999999

roleid

The identifier of the role of interest.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 32
   pattern: ^[a-zA-Z0-9_.-]*$

defaultChallenge

Indicates whether to create the partition role with a default challenge. If you create a password-based partition, set "defaultChallenge" to false. defaultChallenge is ignored when used on CO and CU roles if the partition type is PPSO. You must use another REST resource to set a secondary authentication default challenge on a PPSO partition role. See POST /api/lunasa/hsms/{hsmid}/partitions/{partitionid}/roles/{roleid}/actions/{actionid}

Use: Not Required

JSON Schema: 

   Object
   type: boolean
         false = do not use a default challenge
         true = use a default challenge

password

The password to be used to authenticate for the role. Optional in case of PED-based partition.

Use: Not Required

JSON Schema: 

   Object
   type: string
   format: password
   minLength: 8
   maxLength: 255
   pattern: ^([a-zA-Z0-9_!#$%'()*+,./:=? @[]^{}~-]*)$

ped

Optional for both of Password and PED based HSM with default value "0". Only applicable for PED-based HSM.

Use: Not Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 1
   pattern: ^(?:$|0|1)$

Responses

204

Success

Location

"Location" is the URL to the role and is returned in the server response. You can use "Location" to form a PATCH resource to change the role password or to form a GET resource to query the role.

see PATCH /api/lunasa/hsms/{hsmid}/partitions/{partitionid}/roles/{roleid}
see GET /api/lunasa/hsms/{hsmid}/partitions/{partitionid}/roles/{roleid}


For PED-based partitions, "Location" is the URL to the task spawned to initialize the partition role.

400

FRAMEWORK_BAD_REQUEST

Returned when the input data does not conform to the required validation schema.

404

HSM, partition or role does not exist.

Example Request for initializing role for ped-based HSM

   PUT
   https://1.2.3.4:8443/api/lunasa/hsms/154704/partitions/273087011784/roles/co
   { }

Example Request for initializing role for password-based HSM

   PUT
   https://1.2.3.4:8443/api/lunasa/hsms/154704/partitions/273087011784/roles/co
   {"defaultChallenge": false, "password": "Test@123" }

Example Result

{
password-based partition:
{'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json', 'Location': '/api/lunasa/hsms/154704/partitions/273087011784/roles/cu', 'Content-Length': '2', 'Access-Control-Allow-Credentials': 'true'}

PED-based partition:
{'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json', 'Location': '/tasks/0', 'Content-Length': '712', 'Access-Control-Allow-Credentials': 'true'}
}

REST API for Luna Network HSMs " Reference Guide
007-013322-007 Rev. A Copyright 2026  Thales. All rights reserved.