|
Key Manager Plus (KMP) APIs allow other applications to connect, interact and integrate with Key Manager Plus directly. These APIs belong to the REpresentational State Transfer category and allow applications to create, fetch, associate digital keys and add, retrieve or manage users programmatically.
The first step to configure and use KMP APIs is generating the API key from the KMP user interface. Only administrator users can generate the API keys. The API keys serve as the auth token for your access purposes. The API keys are tied to the host in which they are created.
KMP provides a total of twenty-four APIs:
To fetch resources, user accounts, keys, account/resource details
To delete an existing key or a certificate
To create new keys, certificates or to discover resources
The APIs can be via HTTP POST, GET and PUT requests. All parameters in the request should be form-url encoded. For all the APIs you need to pass AUTH token, which is mandatory.
The URL structure for the KMP API would be as below:
https:// <Host-Name-of-KMP-Server OR IP address> :6565/api/pki/restapi/ <api_name> /AUTHTOKEN=(The token you have generated and copied from the GUI)
To create a new SSH key
POST
The following data to be passed as input
{"operation":{"Details":{"keyName":"keytest",
"passPhrase":"passPhrase",
"comment":"comment",
"length":"2048",
"keyType":"SSH2_RSA"}}}
https:// <HostName> :6565/api/pki/restapi/createsshkey?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE&INPUT_DATA={"operation":{"Details":{"keyName":"keytest","passPhrase":"passPhrase","comment":"comment","length":"2048","keyType":"SSH2_RSA"}}}
{ "name": "CreateSSHKey",
"result": {
"status": "Success",
"message": "New SSH key created successfully"v }
}
To update credentials for the discovered resources.
POST
The following data to be passed as input
{"operation":{"Details":{"userName":"test3",
"password":"test3",
"resourceName":"172.21.147.80",
"isAdmin":"false"}}}
https:// <HostName> :6565/api/pki/restapi/applycredentials?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE&INPUT_DATA={"operation":{"Details":{"userName":"test3","password":"test3","resourceName":"172.21.147.80","isAdmin":"false"}}}
{
"name": "ApplyCredentials",
"result": {
"status": "Success",
"message": "Credentials updated successfully"
}
}
To fetch all the discovered SSH keys
GET
None
https://<HostName>:6565/api/pki/restapi/getAllSSHKeys?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE
{
"name": "GetAllSSHKeys",
"result": {
"status": "Success",
"message": "All SSH Keys fetched successfully"
},
"totalRows": 2,
"SSHKeys": [
{
"KeyName": "key",
"KeyType": "ssh-rsa",
"KeyLength": "2048",
"FingerPrint": "4b:97:8d:aa:8d:73:89:7c:96:69:7d:10:df:b2:d0:af",
"CreatedBy": "admin",
"CreationTime": "1 days"
},
{
"KeyName": "keytest",
"KeyType": "ssh-rsa",
"KeyLength": "2048",
"FingerPrint": "69:ff:8d:8e:4d:a3:79:da:fc:09:6c:e8:01:15:66:9b",
"CreatedBy": "admin",
"CreationTime": "Today"
}
]
}
To fetch a particular SSH keys from the discovered keys
POST
The name of the operation and key to be passed as input
{"operation":{"Details":{"keyName":"key"}}}
https://<HostName>:6565/api/pki/restapi/getSSHKey?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE&INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}
{
"name": "GetSSHKey",
"result": {
"status": "Success",
"message": "SSH Key key fetched successfully"
},
"SSHKey": [
{
"KeyName": "key",
"KeyType": "ssh-rsa",
"KeyLength": "2048",
"FingerPrint": "4b:97:8d:aa:8d:73:89:7c:96:69:7d:10:df:b2:d0:af",
"CreatedBy": "admin",
"CreationTime": "1 days"
}
]
}
To export a particular SSH key
POST
The name of the operation and key to be passed as input
{"operation":{"Details":{"keyName":"key"}}}
https://<HostName>:6565/api/pki/restapi/exportSSHKey?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE&INPUT_DATA={"operation":{"Details":{"keyName":"key"}}}
Key file
To get all the SSH keys associated with a particular user
GET
The user name and resource name to be passed as input
{"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}
https://<HostName>:6565/api/pki/restapi/getSSHkeysforuser?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE&INPUT_DATA={"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}
{
"name": "GetSSHKeysForUser",
"result": {
"status": "Success",
"message": "SSH keys for user test of resource 172.21.147.80 fetched successfully"
},
"Keys": "key,keytest"
}
To enumerate all users in a particular resource
POST
The user name and resource name to be passed as input
{"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}
https://<HostName>:6565/api/pki/restapi/enumerateusers?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE&INPUT_DATA={"operation":{"Details":{"userName":"test","resourceName":"172.21.147.80"}}}
{
"name": "EnumerateUsers",
"result": {
"status": "Success",
"message": "User enumeration started"
}
}
To get all the discovered SSH users
GET
None
https://<HostName>:6565/api/pki/restapi/getAllSSHUsers?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE
{
"name": "GetAllSSHUsers",
"result": {
"status": "Success",
"message": "All SSH Users fetched successfully"
},
"totalRows": 2,
"AllSSHUsers": [
{
"UserName": "test",
"ResourceName": "172.21.147.80"
},
{
"UserName": test1,
"ResourceName": "172.21.147.80"
}
]
}
To fetch all the users associated with SSH keys
GET
None
https://<HostName>:6565/api/pki/restapi/getAllAssociatedUsers?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE
{
"name": "GetAllAssociatedUsers",
"result": {
"status": "Success",
"message": "All associated users fetched successfully"
},
"totalRows": 1,
"AllAssociatedUsers": [
{
"UserName": "test",
"ResourceName": "172.21.147.80"
}
]
Keystore: Key Manager Plus provides a repository called keystore to securely store your digital keys. To fetch all the keys from keystore
GET
None
https:// <HostName> :6565/api/pki/restapi/getAllKeyStoreKeys?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE
{
"name": "getAllKeyStoreKeys",
"result": {
"status": "Success",
"message": "All KeyStore Keys fetched successfully"
},
"totalRows": 1,
"data": [
{
"Description": "test",
"Key Name": "cert.cer",
"Created Time": "Sep 27, 2016 12:27",
"Datacenter": "Central US",
"Instance Name": "test",
"Key Type": "test",
"Created By": "admin"
}
]
}
To export a particular key from the keystore
POST
The key name to be passed as input.
{"operation":{"Details":{"keyName":"cert.cer"}}}
https://<HostName>:6565/api/pki/restapi/exportKeyStoreKey?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE&INPUT_DATA={"operation":{"Details":{"keyName":"cert.cer"}}}
Key file
To delete a key from the keystore
DELETE
The key name to be passed as input.
{"operation":{"Details":{"keyName":"cert.cer"}}}
https://<HostName>:6565/api/pki/restapi/deleteKeyStoreKey?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE&INPUT_DATA={"operation":{"Details":{"keyName":"cert.cer"}}}
{
"name": "DeleteKeyStoreKey",
"result": {
"status": "Success",
"message": "Key Store keys deleted successfully"
}
}
To add a new key to the keystore
POST
The following data to be passed as input.
{"operation":{"Details":{"keyName":"brin.cer",
"description":"test",
"datacenter":"test",
"passphrase":"test",
"keyType":"test",
"instanceName":"test"}}} -F File=@E:/certs/cert.cer
curl -X POST -k -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"brin.cer","description":"test","datacenter":"test","passphrase":"test","keyType":"test","instanceName":"test"}}} -F File=@E:/certs/cert.cer https://<HostName>:6565/api/pki/restapi/addKeyStoreKey?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE
{"Status":"Success","Message":"Key added to key store successfully"}
To update a particular keystore key
POST
The following data to be passed as input.
{"operation":{"Details":{"keyName":"brin.cer",
"description":"test",
"datacenter":"test",
"passphrase":"test",
"keyType":"test",
"instanceName":"test"}}} -F File=@E:/certs/cert.cer
curl -X POST -k -H 'Content-Type: multipart/form-data' -F INPUT_DATA={"operation":{"Details":{"keyName":"brin.cer","description":"test","datacenter":"test","passphrase":"test","keyType":"test","instanceName":"test"}}} -F File=@E:/certs/cert3.cer https://<HostName>:6565/api/pki/restapi/updateKeyStoreKey?AUTHTOKEN=99AE42A9-02E0-4638-888A-D4D19225C3FE
{"Status":"Success","Message":"Key Store key updated successfully"}
To obtain a certificate from KMP's certificate repository
GET
The operation details and the name of the certificate fetched to be passed as input
{"operation":{"Details":{"common_name":"*.google.com"}}}
https://<HostName>:6565/api/pki/restapi/getCertificate?AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283&INPUT_DATA={"operation":{"Details":{"common_name":"*.google.com"}}}
Certificate object
To obtain all certificates from KMP's certificate repository
GET
None
https://<HostName>:6565/api/pki/restapi/getAllSSLCertificates?AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283
{"name":"GetAllSSLCertificates","result":{"status":"Success","message":"All SSL
Certificates fetched successfully"},"totalRows":1,"SSLCertificates":[{"CertID":1,"DNS
Name/FQDN":"ec2-54-243-44-216.compute-1.amazonaws.com","Port":443,"Common Name":"*.acquia-sites.com",
"Issuer":"Acquia Inc","FromDate":"Sep 3, 2009","ExpiryDate":"Sep 3,
2010","KeyStrength":"1024"}]}
To get the expiry dates of all the certificates
GET
None
https://<HostName>:6565/api/pki/restapi/getAllSSLCertsExpiryDate?AUTHTOKEN=1B2BF6FA-8511-47A8-867D-CE7FFE4BFBD0
{"name":"GetAllSSLCertificatesExpiryDate","result":{"status":"Success","message":"Certificates expiry date fetched successfully"},"totalRows":1,"SSLCertificates_Expiry_Date":[{"Common Name":"*.acquia-sites.com","ExpiryDate":"Sep 3, 2010"}]}
To get the details of a particular certificate
GET
The operation details and the name of the certificate to passed as input
{"operation": {"Details":{"common_name":"*.google.com"}}}
https://<HostName>:6565/api/pki/restapi/getCertificateDetails?AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283&INPUT_DATA={"operation": {"Details":{"common_name":"*.google.com"}}}
{"name":"GetCertificateDetails","result":{"status":"Success","message":"Details of certificate
apitest fetched
successfully"},"endpoint":{"hostName":"apitest","port":443,"expiry_date":"2016-11-15
15:05:10.0","from_date":"2016-09-16
15:05:10.0","certSignAlg":"SHA256withRSA","Sans":"","serial":"3472ac6d","fingerPrint":"1afa050
78aacf702e4ae7e84f182a817eea96c46","keyalg":"RSA","PublicKeyLength":2048,"PrivateKey":true},
"issuer":{"cname":"apitest","org":"apit","orgunit":"apitest"},"issuedto":
{"cname":"apitest","org":"apit","orgunit":"apitest"},"intermediate":{}}
To get the key store file of a particular certificate
GET
The name of the operation and the common name of the keystore file to be passed as input
{"operation":{"Details":{"common_name":"apitest"}}}
https://<HostName>:6565/api/pki/restapi/getCertificateKeyStore?AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283&INPUT_DATA={"operation":{"Details":{"common_name":"apitest"}}}
KeyStore File Object
To delete a certificate from KMP's repository
DELETE
The operation name and the common name of the certificate to be passed as input
{"operation": {"Details":{"common_name":"apitest"}}}
https://<HostName>:6565/api/pki/restapi/deleteCertificate?AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283&INPUT_DATA={"operation": {"Details":{"common_name":"apitest"}}}
{"name":"DeleteCertificate","result":{"status":"Success","message":"Certificate apitest deleted successfully."}}
To discover a particular resource for SSL certificates
POST
The name/IP address of the host and port number to be passed as input
{"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"6565"}}}
https://<HostName>:6565/api/pki/restapi/sslCertSingleDiscovery?AUTHTOKEN=3E014D78-E603-413A-AC24-6392F0001283&INPUT_DATA={"operation":{"Details":{"HOST":"de-ubuntu10-1","TIMEOUT":"300","PORT":"6565"}}}
{
"name": "Get SSL Discovery",
"totalRows": 1,
"de-ubuntu10-1": [
"SUCCESS",
"SSL Certificate discovered, demo.keymanager.com certificate found at port 6565"
]
}
To discover a set of resources for SSL certificates
POST
The start and end IP addresses, port number and time-out to be passed as input
{"operation":{"Details":{"StartIpAddress":"192.168.216.0",
"EndIpAddress":"192.168.216.3",
"TIMEOUT":"3",
"PORT":"443"}}}
https://<HostName>:6565/api/pki/restapi/sslCertRangeDiscovery?AUTHTOKEN=7EDC4ED5-E684-4413-9848-F0016C114874&INPUT_DATA={"operation":{"Details":{"StartIpAddress":"192.168.216.0","EndIpAddress":"192.168.216.3","TIMEOUT":"3","PORT":"443"}}}
{ "name": "Get SSL Discovery",
"totalRows": 4,
"192.168.216.1": [
"FAILURE",
"Connection failed,no certificate found at port 443"
],
"192.168.216.0": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
],
"192.168.216.3": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
],
"192.168.216.2": [
"FAILURE",
"Connection timed out,no certificate found at port 443"
]
}
To create a certificate signing request
POST
The following data need to be passed as input.
{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"hhh",
"ORG":"h",
"LOCATION":"hh",
"STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb",
"VALIDITY":"888",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}
https://<HostName>:6565/api/pki/restapi/createCSR?AUTHTOKEN=C6506112-6113-42C9-AD3
F-4A3AEF9476C9&INPUT_DATA={"operation":{"Details":{"CNAME":"mytestcert","ALT_NAMES":"test","ORGUNIT":
"hhh","ORG":"h","LOCATION":"hh","STATE":"h","COUNTRY":"hh","PASSWORD":"bbbbbbbb",
"VALIDITY":"888","ALG":"RSA","LEN":"4096","SIGALG":"SHA256",
"StoreType":"PKCS12"}}}
{"name":"CreateCertificate","result":{"status":"Success","message":"CSR saved successfully"}}
To create an SSL certificate
POST
The following data to be passed as input.
{"operation":{"Details":{"CNAME":"mytestcert",
"ALT_NAMES":"test",
"ORGUNIT":"hhh",
"ORG":"h",
"LOCATION":"hh",
"STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb",
"VALIDITY":"888",
"ALG":"RSA",
"LEN":"4096",
"SIGALG":"SHA256",
"StoreType":"PKCS12"}}}
https://<HostName>:6565/api/pki/restapi/createCertificate?AUTHTOKEN=C6506112-6113-42C9-
AD3F-4A3AEF9476C9&INPUT_DATA={"operation":{"Details":{"CNAME":"mytestcert","ALT_NAMES":"test","ORGUNIT":
"hhh","ORG":"h","LOCATION":"hh","STATE":"h",
"COUNTRY":"hh",
"PASSWORD":"bbbbbbbb",
"VALIDITY":"888","ALG":"RSA","LEN":"4096","SIGALG":"SHA256","StoreType":"PKCS12"}}}
{"name":"CreateCertificate","result":{"status":"Success","message":"Certificate saved successfully"}}
To import an SSH key
POST
The following data to be passed as input.
{"operation":{"Details":{"keyName":"testkey","passphrase":"passtrix"}}}
curl -X POST -k -H 'Content-Type: multipart/form-data' -F
INPUT_DATA={"operation":{"Details":{"keyName":"testkey","passphrase":"passtrix"
}}} -F File=@D:/certs/keys/test1-passtrix/test1_Jul-21-2017-15_56.key
https://
5-4AA4-918E-F258F38149F8
{"name":"addSSHKey","result":{"status":"SUCCESS","message":"Key imported
successfully"}}
To associate an SSH key
POST
The following data to be passed as input.
{"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpi
n.com","userName":"test"}}}
https://
15-4AA4-918E-F258F38149F8&INPUT_DATA={"operation":{"Details":{"keyName":"te
stkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}
{
"name": "associateKey",
"result": {
"status": "Success",
"message": "Key associated successfully "
}
}
To dissociate an SSH key
POST
The following data to be passed as input.
{"operation":{"Details":{"keyName":"testkey","resourceName":"test.csez.zohocorpi
n.com","userName":"test"}}}
https://
15-4AA4-918E-F258F38149F8&INPUT_DATA={"operation":{"Details":{"keyName":"te
stkey","resourceName":"test.csez.zohocorpin.com","userName":"test"}}}
{
"name": "dissociateKey",
"result": {
"status": "SUCCESS",
"message": "Key dissociated successfully."
}
}