Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

SDK/API

Provisioning API

search

Provisioning API

This section describes how to configure the Provisioning API with the SafeNet IDPrime Virtual (IDPV) Server.

The Provisioning API allows admin to create a token on behalf of users. Admin can access the provisioning API with the API key generated in API Key Management.

Once the provisioning is complete, admin cannot update the token.

Admin can perform following functions of the provisioning API:

  • Create Token - Create blank tokens.

  • Get All Tokens - Get all the virtual token ID(s) list assigned to the given user.

  • Import Certificate - Import certificate in a token. In this version, RSA certificate in pfx file format (2048-bit private key) is supported.

  • Update Token Label - Sets a new name for the token.

Maximum length of a token name is 32 characters.

  • Delete Token - Removes the token.

Once token is deleted, it cannot be recovered.

  • Reset Pin - Admin can update token password and admin password.

  • Get All Certificates - Lists all the certificates available in the token.

  • Complete Provisioning - Admin can mark provisioning complete for a token.

  • Certificate Signing Request - This API generates a Key pair and CSR for the user as given below. Use this generated CSR to generate a certificate through the Certificate Authority (CA). Currently, the following Key and Extended Key ID's are supported:

    • SupportedKeyUsages

    

      [ 1, 8, 16, 32, 64, 128, 32768 ],

    • SupportedExtendedKeyUsageOids

    

      [
  "1.3.6.1.5.5.7.3.1", //server auth -
  "1.3.6.1.5.5.7.3.2", // client auth -
  "1.3.6.1.5.5.7.3.3", //code signing - Easy to test require minimum setup
  "1.3.6.1.5.5.7.3.4", //email protection - Easy to test require minimum setup
  "1.3.6.1.5.5.7.3.5", //ipsecEndSystem
  "1.3.6.1.5.5.7.3.6", //ipsecTunnel
  "1.3.6.1.5.5.7.3.7", //ipsecUser
  "1.3.6.1.5.5.7.3.8", //timeStamping
  "1.3.6.1.5.5.7.3.9", // ocspSigning
  "1.3.6.1.1.1.1.22", //mac address
  "1.3.6.1.4.1.311.20.2.2" //microsoft smartcard logon - Easy to test require minimum setup
  ],

  • Update Certificate - Admin can import the certificate generated by a CA using the CSR generated by Certificate Signing Request API as given above.

  • Get Tenant Exchange Public Key - Returns the tenant exchange public key type, modulus and the exponent for the given tenant.

Provisioning APIs SDK Reference

For detailed information on Provisioning API parameters, refer to the Provisioning APIs (API and SDK Documentation).

Revoke API Keys From Database

This section describes the process to delete the API keys from the database.

Since the API key is not saved as a plain text in the table, it is deleted with the help of tenantId, friendlyName and userID. This can result in the deletion of multiple records from the table. Therefore, as recommended in API Key Management APIs, use a unique keyName (FriendlyName) while creating the API keys.

Deleting API Key from MySQL Server

Perform the following steps to delete the values from MySQL server:

  1. Connect to container using the following command:

    
    docker exec -it <DBServer> bash

    where: DBServer = Name of mysqlDB/MariaDB container

  2. Login into the server with the user having delete permission using the following command:

    
    mysql -u <username> –p

  3. Switch to DB using the following command:

    
    use <dbName>;

    where: dbName = Current IDPV database

  4. Execute the following command:

    
    delete from APIKey where TenantId = <tenantID>' and Name = 'friendlyName' and UserId ='userID';

    where:
    • tenantID: Tenant Identifier (GUID format) used for creating the API key,
    • friendlyName: Friendly name or Alias assigned to the API key,
    • userID: User id whose jwt (Auth header) was used to create API key

Deleting API Key from MariaDB Server

Perform the following steps to delete the values from MySQL server:

  1. Connect to container using the following command:

    
    docker exec -it <DBServer> bash

    where: DBServer = Name of mysqlDB/MariaDB container

  2. Login into the server with the user having delete permission using the following command:

    
    mariadb -u <username> –p

  3. Switch to DB using the following command:

    
    use <dbName>;

    where: dbName = Current IDPV database

  4. Execute the following command:

    
    delete from APIKey where TenantId = <tenantID>' and Name = 'friendlyName' and UserId ='userID';

    where:
    • tenantID: Tenant Identifier (GUID format) used for creating the API key,
    • friendlyName: Friendly name or Alias assigned to the API key,
    • userID: User id whose jwt (Auth header) was used to create API key

Deleting API Key from MSSQL Server

Perform the following steps to delete the values from MSSQL server:

  1. Connect to container and login to the server with the user having delete permission using the following command:

    
    docker exec -it <mssqldb> /opt/mssql-tools/bin/sqlcmd -U <username> -P <password> -S <ipAddress>

    where:
    • mssqldb = Name of MSSQL container
    • ipAdress = IP Address of the Mssql container

  2. Switch to DB using the following commands:

    
    USE <databasename>;
    GO

    where: databasename = Current IDPV database

  3. Execute the following commands:

    
    DELETE from APIKey WHERE TenantId = <tenantID>' and Name = 'friendlyName' and UserId ='userID';
    GO

    where:
    • tenantID = Tenant Identifier (GUID format) used for creating the API key,
    • friendlyName = Friendly name or Alias assigned to the API key,
    • userID = User id whose jwt (Auth header) was used to create API key

Deleting API Key from PostgreSQL Server

Perform the following steps to delete the values from PostgreSQL server:

  1. Connect to container and login to the server with the following command:

    
    docker exec -it <postgressqldb> bash

    where: postgressqldb = Name of PostgreSQL container

  2. Login into the server with the user having delete permission using the following command:

    
    psql -U <username> -W -h <ipAddress>

    where: ipAddress = IP Address of the PostgreSQL container

  3. Switch to DB using the following commands:

    
    \c <databasename>

    where: databasename = Current IDPV database

  4. Execute the following commands:

    
    DELETE from APIKey WHERE TenantId = <tenantID>' and Name = 'friendlyName' and UserId ='userID';
    GO

    where:
    • tenantID = Tenant Identifier (GUID format) used for creating the API key,
    • friendlyName = Friendly name or Alias assigned to the API key,
    • userID = User id whose jwt (Auth header) was used to create API key

Deleting API Key from Oracle Server

Perform the following steps to delete the values from Oracle server:

  1. Connect to container using following command:

    
    docker exec -it <oracledb> bash -c "source /home/oracle/.bashrc; sqlplus /nolog

    where oracledb is the name of the Oracle container

  2. Login into the server with the user having delete permission using the following command:

    
    connect <username>/<password>@<ipaddress>:<port>/<database_name>;

    where ipaddress is the IP Address of the Oracle container

  3. Execute the following commands:

    
    DELETE from APIKey WHERE TenantId = <tenantID>' and Name = 'friendlyName' and UserId ='userID';
    GO

    where:
    • tenantID = Tenant Identifier (GUID format) used for creating the API key,
    • friendlyName = Friendly name or Alias assigned to the API key,
    • userID = User id whose jwt (Auth header) was used to create API key

On this page