REST API

Client Credentials Management service API documentation version v1

{schema}://{host}/api/{version}

  • schema: required (one of http, https - default: http)
  • host: required (string - default: localhost)
  • version: required (v1)

Basic credentials

Operations on client basic credentials.

/basic-credentials get post

get /basic-credentials

Returns a list of basic client credentials in the scope of the requested tenant.

Secured by OAuth 2.0 with scopes:
  • tenant:basic-credentials:read on tenant-system resource

CCM supports OAuth 2.0 for authenticating most API requests.

HTTP status code 200

Body

Media type: application/json

Type: array of BasicCredentials

Items: BasicCredentials

  • state: required (one of Active, Inactive, Suspended, Revoked)

    Client credentials state.

    • `Active` - The credentials are valid for use. They have been used at least once.
    • `Inactive` - The credentials are valid for use. They have not been used by any client yet.
    • `Suspended` - The credentials are suspended and cannot be used now.
    • `Revoked` - The credentials are no longer usable.

  • username: required (string)

    Tenant-wide unique username (login).

  • id: required (string)

    Unique identifier of the basic credentials.

  • createdDate: required (datetime)

    Credentials creation time and date in ISO 8601 format.

  • updatedDate: required (datetime)

    Last time when the credentials were updates in ISO 8601 format.

  • lastUseDate: (datetime)

    Last time when the credentials were used for authentication.

Example:

[
  {
    "username": "UserA",
    "id": "br7si8mg10l7an82que0",
    "state": "Inactive",
    "createdDate": "2020-03-01T12:47:02.247462Z",
    "updatedDate": "2020-04-17T12:00:01.311853Z"
  },
  {
    "username": "UserB",
    "id": "br7si8mg10l7an82queg",
    "state": "Active",
    "createdDate": "2020-04-02T12:47:02.247941Z",
    "updatedDate": "2020-04-12T13:00:01.311934Z",
    "lastUseDate": "2020-06-16T16:01:07.090941Z"
  },
  {
    "username": "UserC",
    "id": "br7si8mg10l7an82quf0",
    "state": "Suspended",
    "createdDate": "2020-05-03T12:47:02.247752Z",
    "updatedDate": "2020-05-12T12:00:01.311835Z",
    "lastUseDate": "2020-06-16T16:01:07.090941Z"
  }
]

Secured by OAuth 2.0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

post /basic-credentials

Creates new basic credentials.

Secured by OAuth 2.0 with scopes:
  • tenant:basic-credentials:create

CCM supports OAuth 2.0 for authenticating most API requests.

Body

Media type: application/json

Type: object

Properties

  • username: (string)

    Tenant-wide unique username (login). Up to 255 ASCII symbols long (except of : and @ symbols, which are not allowed). It is not recommended to use any Personally Identifiable Information (PII) in a username. If a username is not specified, (a silly) one is auto-generated from over 2 million combinations and returned in the successful response.

  • password: (string)

    Password matching the given username. Must consist of up to 72 ASCII symbols. If not specified, one is auto-generated and returned in the successful response.

Examples:

Specific credentials:

{
  "username": "UserA",
  "password": "123"
}

Autogenerated credentials:

{}

HTTP status code 201

Credentials created successfully.

Body

Media type: application/json

Type: object

Properties

  • state: required (one of Active, Inactive, Suspended, Revoked)

    Client credentials state.

    • `Active` - The credentials are valid for use. They have been used at least once.
    • `Inactive` - The credentials are valid for use. They have not been used by any client yet.
    • `Suspended` - The credentials are suspended and cannot be used now.
    • `Revoked` - The credentials are no longer usable.

  • username: required (string)

    Tenant-wide unique username (login).

  • id: required (string)

    Unique identifier of the basic credentials.

  • createdDate: required (datetime)

    Credentials creation time and date in ISO 8601 format.

  • updatedDate: required (datetime)

    Last time when the credentials were updates in ISO 8601 format.

  • lastUseDate: (datetime)

    Last time when the credentials were used for authentication.

  • password: required (string)

    Password matching the given credentials.

Example:

{
  "username": "reasonable-kangaroo",
  "password": "deta7IWaHohNo4Uunoorei7OIk3OC3Ot",
  "id": "bg7si8mg10l7an82que0",
  "state": "Inactive",
  "createdDate": "2020-03-01T12:47:02.247962Z",
  "updatedDate": "2020-04-17T12:00:01.311923Z"
}

HTTP status code 400

Username or password is not valid.

HTTP status code 409

Basic credentials with such username already registered.

Secured by OAuth 2.0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

/basic-credentials/{id}/state patch

patch /basic-credentials/{id}/state

Updates credentials state. CCM maintains a credentials state machine summarized in the service documentation. Only transitions from/to specified states are permitted.

Secured by OAuth 2.0 with scopes:
  • tenant:basic-credentials:update

CCM supports OAuth 2.0 for authenticating most API requests.

URI Parameters

  • id: required (string)

    Unique identifier of the basic credentials.

    Example:

    efh63sad72g0sggo3s5a

Body

Media type: application/json

Type: object

Properties

  • state: required (one of Active, Suspended, Revoked)

    Desired new client credentials state.

    • `Active` - The credentials are valid for use. They have been used at least once.
    • `Suspended` - The credentials are suspended and cannot be used now.
    • `Revoked` - The credentials are no longer usable.

Example:

{
  "state": "Suspended"
}

HTTP status code 204

Successfully updated credentials status.

HTTP status code 400

Invalid request.

Body

Media type: application/json

Type: object

Properties

  • message: required (string)

    Detailed error description.

HTTP status code 404

The requested basic credentials are not found or the querying user is denied access.

Body

Media type: application/json

Type: object

Properties

  • message: required (string)

    Detailed error description.

Secured by OAuth 2.0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

/basic-credentials/{id}/password patch

patch /basic-credentials/{id}/password

Resets basic credentials password.

Secured by OAuth 2.0 with scopes:
  • tenant:basic-credentials:update

CCM supports OAuth 2.0 for authenticating most API requests.

URI Parameters

  • id: required (string)

    Unique identifier of the basic credentials.

    Example:

    efh63sad72g0sggo3s5a

Body

Media type: application/json

Type: object

Properties

  • password: (string)

    New password. Must consist of up to 72 ASCII symbols. If not specified, one is auto-generated and returned in the successful response.

Example:

{
  "password": "mQ8jSA3Cywbs7cLJ"
}

HTTP status code 200

Password is successfully reset.

Body

Media type: application/json

Type: object

Properties

  • password: required (string)

    Password matching the given credentials.

Example:

{
  "password": "mQ8jSA3Cywbs7cLJ"
}

HTTP status code 400

Password is not valid.

Body

Media type: application/json

Type: object

Properties

  • message: required (string)

    Detailed error description.

Secured by OAuth 2.0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

X.509 credentials

Operations on client X.509 credentials.

/x509-credentials get post

get /x509-credentials

Returns a list of client X.509 credentials in the scope of the requested tenant.

Secured by OAuth 2.0 with scopes:
  • tenant:x509-credentials:read on tenant-system resource

CCM supports OAuth 2.0 for authenticating most API requests.

HTTP status code 200

Body

Media type: application/json

Type: array of X509Credentials

Items: X509Credentials

  • state: required (one of Active, Inactive, Suspended, Revoked)

    Client credentials state.

    • `Active` - The credentials are valid for use. They have been used at least once.
    • `Inactive` - The credentials are valid for use. They have not been used by any client yet.
    • `Suspended` - The credentials are suspended and cannot be used now.
    • `Revoked` - The credentials are no longer usable.

  • id: required (string)

    Unique identifier of the certificate.

  • serialNumber: required (string)

    Certificate serial number, base 16 encoded.

  • commonName: required (string)

    Certificate Common Name (CN).

  • invalidAfter: required (datetime)

    The time and date past which the certificate is no longer valid in ISO 8601 format.

  • createdDate: required (datetime)

    Certificate creation time and date in ISO 8601 format.

  • updatedDate: required (datetime)

    Last time when the certificate was updates in ISO 8601 format.

  • lastUseDate: (datetime)

    Last time when the certificate was used for authentication in ISO 8601 format.

Example:

[
  {
    "id": "bg7si8mg10l7an82que0",
    "state": "Inactive",
    "serialNumber": "39:dd:2e:90:b7:23:1f:8d:d3:7d:31:c5:1b:da:84:d0:5b:65:31:58",
    "commonName": "silver-advice",
    "invalidAfter": "2025-07-01T12:48:09.247962Z",
    "createdDate": "2020-03-01T12:47:02.247962Z",
    "updatedDate": "2020-04-17T12:00:01.311923Z"
  },
  {
    "id": "bg7si8mg10l7an82quh4",
    "state": "Active",
    "serialNumber": "65:c2:27:50:4e:d1:55:3f:42:db:77:44:40:f8:63:d1:f8:11:31:9c",
    "commonName": "silver-advice",
    "invalidAfter": "2025-07-01T12:48:09.247962Z",
    "createdDate": "2020-03-01T12:47:02.247962Z",
    "updatedDate": "2020-04-17T12:00:01.311923Z",
    "lastUseDate": "2020-06-16T16:01:07.090941Z"
  },
  {
    "id": "bg7si8mg10l7an82quk2",
    "state": "Suspended",
    "serialNumber": "71:3b:6c:1c:62:d1:f7:dd:c5:0c:17:40:0e:69:72:68:a2:7f:ea:42",
    "commonName": "silent-kangaroo",
    "invalidAfter": "2025-07-01T12:48:09.247962Z",
    "createdDate": "2020-03-01T12:47:02.247962Z",
    "updatedDate": "2020-04-17T12:00:01.311923Z",
    "lastUseDate": "2020-06-16T16:01:07.090941Z"
  }
]

Secured by OAuth 2.0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.

post /x509-credentials

Issue a client X.509 credentials in the scope of the requested tenant.

Secured by OAuth 2.0 with scopes:
  • tenant:x509-credentials:create on tenant-system resource

CCM supports OAuth 2.0 for authenticating most API requests.

Body

Media type: application/json

Type: object

Properties

  • commonName: (string)

    Certificate Common Name (CN). Must consist of up to 255 ASCII symbols. If a CN is not specified, (a silly) one is auto-generated from over 2 million combinations.

  • ttl: (number)

    The time to leave duration for the certificate in seconds. Defaults to 31536000 (365 days) if not specified. Must be greater than zero.

    Example:

    31536000

Examples:

Specific credentials:

{
  "commonName": "silver-advice",
  "ttl": 31540000
}

Autogenerated credentials:

{}

HTTP status code 201

Credentials issued successfully.

Body

Media type: application/json

Type: object

Example:

{
  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDPDCCAiSgAwIBAgIUeMV9wzZ+GjCwQRdoMgaKJkegmhQwDQYJKoZIhvcNAQEL\nBQAwEzERMA8GA1UEAxMIdGVuYW50LTEwHhcNMjAwNjI1MTQ1NzE5WhcNMjAwNzI1\nMTQ1NzQ5WjATMREwDwYDVQQDEwhteWRldmljZTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAODsZoL429cy3ELGG5Z/AVA3+PtR2ptXw1h2J67kHCZEwmvv\nzUW0ZCV15aKN41Gjkmzh5UgNk+/3WAqRORb3V9Dv+Vyx/v/Ny3w0Zo2IRHGGXbaJ\nDNOZ93CuII1QfqkyXfhUaKYB66RgAa7ds/secjiWg0IEekaJFnvGeDU6Ul+BDw+g\nxa/e8d8BWQs8LpKbXmszu7B6FgESXbxLaP7GX92dHpMqOQAcQxuvKUqZGQEMvSdS\nxO5WEcFl+SNrHoLlAOSWyxDSQEB6WSyhSNk2WaO1KwlZh8gFYlrwRouezXsdMgvp\nTX32N/E3OAlABcGZnp12moijt25iUqLxH1wwAq8CAwEAAaOBhzCBhDAOBgNVHQ8B\nAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW\nBBQvOh9lYid44MHmYTqYf6uI2GHqYzAfBgNVHSMEGDAWgBSsaalMfsbVrWlm3Rfn\ng7Xo3613WjATBgNVHREEDDAKgghteWRldmljZTANBgkqhkiG9w0BAQsFAAOCAQEA\nEbXSec1JQEaVB5fU0qH1P5D0G6uPfwUrKcf6vbFfIOGYPvj7AlpUny1EMFyAHOWG\nsI9XC9+yibXo09pU6lO0IT3Er4jOYAWJAjnlve8DgP1/dzKOr4Spu53Syq5Mxjiz\npANMJsy/jhBafkYYY1NzI4hsHwAwaH1ysEdJLxZiODDeauUSuVgI7EVSuiPIE+mo\ngeZEz+ioSgmjGxQuRVVJj8JTAaLTd8UtUZ5xw5R5XQrwOtwmFyFJFitZSzk7nh1b\nSzjlELa1m2wmyzJAXFxn57hmiDxlW/MmPkoqzg/fniIwE2sTruyoa78mRZ331wQQ\n6BGgvKveqJd8nzCbLqzDEQ==\n-----END CERTIFICATE-----",
  "issuingCa": "-----BEGIN CERTIFICATE-----\nMIIDMzCCAhugAwIBAgIUW1WymJMlO/le/kg7AZ/5MgtG04UwDQYJKoZIhvcNAQEL\nBQAwGjEYMBYGA1UEAxMPS2FhaW90IFBsYXRmb3JtMB4XDTIwMDYyNTE0NTI0NVoX\nDTIwMDcyNzE0NTMxNVowEzERMA8GA1UEAxMIdGVuYW50LTEwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQClwUDXtgqd5D5uE/1+fH3fQm4E/a4KwEv3PluZ\nw2Cm2ilSHNXod058Bw6HLY3Qa7ahWdBgvq1YZ5kA+4xEbVRNss4MFZmo50j5GN1Z\ngwMGe/aQBurhuomuz1uDEKDnMgKdOliykyCUDok0RhT4bBeJzxh0OFnhLGgjaDw0\n3qO0+wylORjjBAiN9uIUFMoQm6//iQhBVD4EnxmQcWU63+HzbZR1munBzaQLpH1l\nZgnB82hT7icDG3cA3OoMoEOwd5+DnTBDJae4KiYqD+E/XINeTERvBkqJnUUQP8fP\nIQu38/tml/KewY//oLBglA8XhaNxilg49iHSJGcDDBHoWOx7AgMBAAGjeDB2MA4G\nA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSsaalMfsbV\nrWlm3Rfng7Xo3613WjAfBgNVHSMEGDAWgBRnSYasvZ3ptlSid0OvvV2qzP1lrTAT\nBgNVHREEDDAKggh0ZW5hbnQtMTANBgkqhkiG9w0BAQsFAAOCAQEAOTXCqZfmQCUU\nvqFt2qf4BiNq6k72EmkL2MjGKlSo51gZnwt8wk4Nfj2GxYztRU1DVnrUUEKk9/ij\nwHMKMuczIyt1nfaV6VFF1fPBLONiSHbsOqX2viDX4pSaicKPJXypwjvRM59ughvR\nSBDDl6PuwO+cREUEFAeHmQOI2oGxdZMuuYVNtBes+td3tVqJiWTNXy9qHwkFnO43\nwCYVkXeCvcZ68YAGdsTeidA3UebjywJ0K8/XEpQAOBjjEGO9lwNxVbtqHvVgo9gJ\nZDDSLqL61geP20QN3ClWJ2M8kPc3Nd9RXSgyOJyunjM5+LCFWxukpH7zhbtKrvbK\nmCD14iCpVQ==\n-----END CERTIFICATE-----",
  "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA4Oxmgvjb1zLcQsYbln8BUDf4+1Ham1fDWHYnruQcJkTCa+/N\nRbRkJXXloo3jUaOSbOHlSA2T7/dYCpE5FvdX0O/5XLH+/83LfDRmjYhEcYZdtokM\n05n3cK4gjVB+qTJd+FRopgHrpGABrt2z+x5yOJaDQgR6RokWe8Z4NTpSX4EPD6DF\nr97x3wFZCzwukpteazO7sHoWARJdvEto/sZf3Z0ekyo5ABxDG68pSpkZAQy9J1LE\n7lYRwWX5I2seguUA5JbLENJAQHpZLKFI2TZZo7UrCVmHyAViWvBGi57Nex0yC+lN\nffY38Tc4CUAFwZmenXaaiKO3bmJSovEfXDACrwIDAQABAoIBAQDaEdlB2m2qs1EC\nHHja7MAlOl9XqwC749ctiUDoO5lfMQMfCxyGHGOMPkYp2E8w89ofXtShiyiHW9Qs\nSqiDL8QgesnVqW2GLcy/2z4isp9JQfDR7QZWkcxpnylIWWa0PHUHMy9S5EHG2J5J\nIAJD0j0DyEnyU80JXhhCYSZi1OzQUcrO97ejPf3XkadMNVyF8eP+sh+2o6+q7Wwg\nTb7oqgTk17DUwxzzciCdWdXnmvxFlxncPswNbOBE2KL4M2/VelNjnyhjX/l4G1f1\ngDV7Id3gc/H/MKY023F1FhsiRvFGHE5s7izKQrfZamQMJMU11dcyVslRXvp4vf2+\n+gI0p3ahAoGBAPnMoUX2CT77mNgLRRJ5uMHkFeDctX84Zqc9GlukRjDV03AovAnm\nJq7WVB+xnHqOuYoCaasSWCtG25ONhLnx9oxXtEDo7VUAHtOegjv5A9ED8HH25+Rj\nQ2TNOgvMnihm2KjmV5y1YEbD76rT7+lki5XO0QbLNKTmsI+leykm0xOlAoGBAOaB\nsc9kAupaS/ejGmqmCLeyXOwmDssJd9b+2ouo4mdHfcj9KlA1iYW0TaHSa4dRa0NP\nnWdcB0G8VoEsJ4ArO1tF2ijOVkpZwLZ2m4yYrY7RwJ6hI5FKGHVrxg3pClUPUFSS\nabuD0kmSWVZrmpe8XiA9KULOPdKyRUKG4ai6mhzDAoGAYZKToB81h1uBXUoxpcDT\n8TBld1rerh3awxJz/D3TiPnMyC+xG3DBxWNEosiepaSgRo8gtUjKFcVsuVr68CLa\nOgF8ECqroZsVb3Wny0M+QWN3hRx7gdNgHLypIri/QmrB0F+A815Jh/q64BA+0vyK\nJW8OaMfw/UR6zPFHhVB7/F0CgYAsKI5yx5sTYEcLYtCtu68R2faZOtU8qkyuAFbH\nyIvO81Ayj+VqRkdZOOhiZtg4rS1aUMc7xNKTEkyUJGxQzndpjeE0TgsT5UvY6LH1\n5k3hfWdkPER/Ee3LmODxS0KyduORwBbHWIKRm5rHxodwKCL0FCNya+ZGFebUztgu\nJcleVwKBgQCpRCBQLp6so30jOiNh4BU7f5Tti66bAfQGn7COlHrNKm2W254g4lnL\nscKbeNpt1bNSNVCvDhwCCQRHqD73VV52ZMGTsxS4oOrl3x9/yWLv2YUZIbRGku+g\nIhfQQOdJ+JAWQMcN5dJQ41Bb8TpJS1KPgq+Bl5Xc9UGNUuoU06dYHg==\n-----END RSA PRIVATE KEY-----",
  "privateKeyType": "rsa",
  "serialNumber": "78:c5:7d:c3:36:7e:1a:30:b0:41:17:68:32:06:8a:26:47:a0:9a:14"
}

HTTP status code 400

Common name or invalid after date is not valid.

Secured by OAuth 2.0

Headers

  • Authorization: (string)

    Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.