REST API
The REST API offered by Web Services Option Pack is made up of three parts: crypto for cryptographic operations, km for key management, and a health check endpoint.
Full details of the REST API are available in the Web Services Option Pack OpenAPI spec file /opt/nfast/webservices/docs/openapi.yaml.
The currently defined set of operations is as follows:
-
Crypto
-
Sign
-
Verify
-
Encrypt
-
Decrypt
-
-
Key Management
-
List Keys
-
List Keys in a key group
-
Get Key information
-
Create Key
-
Delete Key
-
List key groups
-
Get key group information
-
Get key group name
-
Create key group
-
Delete key group
-
Create protection domain
-
Delete protection domain
-
List protection domains
-
Get protection domain information
-
Activate a protection domain
-
Deactivate a protection domain
-
-
Random Number Generation
-
Health check endpoint
Common fields
Several of these fields are common to many cryptographic and key management operations.
Key identifiers
Security World keys are uniquely identified in REST calls through a resource identifier. A key’s resource identifier includes which key group it is a member of. An example key identifier is:
km/v1/groups/ee3b7c4b-c6a7-3f2b-9d1c-0fc6c76168bb/keys/f9388a1e-b1c6-3e0e-bb5e-8eb887aab4beKey group identifiers
All Security World keys belong to exactly one key group. Each key group belongs to, and is protected by, a single protection domain. An example key group identifier is:
ee3b7c4b-c6a7-3f2b-9d1c-0fc6c76168bbProtection domain identifiers
A protection domain is either a Softcard or the set of all module keys. An example protection domain identifier is:
ee3b7c4b-c6a7-3f2b-9d1c-0fc6c76168bbProtection domain types
A protection domain is one of the following types:
-
Module
-
Softcard
-
Well-Known
Plaintext, ciphertext, payloads and signatures
Data sent in requests or responses is encoded in base64url format. Base64url encoding is a variation of standard base64 encoding and uses a slightly different character set that are safe for using in URLs without additional escaping of reserved characters, see Base64url Encoding
Data that forms part of cryptographic operations must be sent in a single request. Responses will similarly be sent from Web Services Option Pack as a single response body.
Digest option
Applicable for signing and verification requests, the optional digest Boolean flag indicates whether the provided payload has been hashed prior to sending the request.
When the digest flag is set to true, the server-side hashing of the payload is skipped, and length checking is performed to ensure that the supplied payload is the correct length for the hash that corresponds to the signature or verification algorithm.
The digest flag is not applicable for HMAC signing and verification requests.
|
IV and AAD parameters
Supplemental iv and aad parameters can be used with supported mechanisms as described below:
| Mechanism | Parameters |
|---|---|
AES-CBC |
|
AES-GCM |
|
RSA-OAEP |
|
Algorithm identifiers
The majority of the algorithms are identified using JSON Web Algorithm identifiers.
For example, RS256 specifies RSA signatures with SHA-256 for hashing.
For further information, see Supported algorithms in this User Guide and the Web Services Option Pack OpenAPI Specification.
Key type identifiers
The types of keys that can be created are identified using nCore identifiers. Refer to the Web Services Option Pack OpenAPI Specification for further information.
Elliptic Curve identifiers
Elliptic Curves are identified using defined names from the Digital Signature Standard (DSS).
For example, P-256.
Refer to Web Services Option Pack OpenAPI Specification for further information.
The name input parameter should not contain any HTML character, for example <, > or &, as this can result in those values becoming corrupted when they are retrieved later.
|
Protection domain activation option
Applicable for crypto and key creation requests, the optional protectiondomain parameter activates the protection domain if required.
When passphrase is provided as a part of the protectiondomain parameter and the protection domain is not activated, the passphrase will be used to attempt to activate the protection domain before completing the request.
Examples
Given client identity information and a corresponding key, it is possible to use command line tools such as curl to demonstrate use of the REST API.
These examples assume the following:
-
The Web Services Option Pack server’s CA certificate is located in
server_ca.pem. -
A valid client certificate is located in
client_crt.pem. -
The private key corresponding to the client certificate is located in
client_key.pem.
List keys
List all keys:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/keys?sort=created"Result:
{
"keys": [
{
"created": "2017-07-03T13:17:56Z",
"keyType": "AES",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/90050af4-9b8c-5731-bbf2-08e3af797e2c",
"length": 256,
"sworldAppname": "simple",
"sworldIdent": "test-aes"
},
{
"created": "2017-07-06T15:44:12Z",
"keyType": "RSA",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/e51a13d1-b775-3129-b1f9-b8642a212475",
"public": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/e51a13d1-b775-3129-b1f9-b8642a212475/public",
"length": 1024,
"sworldAppname": "simple",
"sworldIdent": "test-rsa"
}'
{
"created": "2018-07-06T15:44:12Z",
"curve": "P-521",
"keyType": "ECDSA",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/6fdc73bb-db0e-517b-962d-a378f270fd41",
"public": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/6fdc73bb-db0e-517b-962d-a378f270fd41/public",
"sworldAppname": "simple",
"sworldIdent": "test-ecdsa"
}
//...
]
}List one key:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/keys?limit=1"Result:
{
"keys": [
{
"created": "2017-07-03T13:17:56Z",
"keyType": "AES"'
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/90050af4-9b8c-5731-bbf2-08e3af797e2c",
"length": 256,
"sworldAppname": "simple",
"sworldIdent": "test-aes"
}
]
}List keys, with an offset:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/keys?offset=2"Result:
{
"keys": [
{
"created": "2017-07-06T08:12:51Z",
"keyType": "AES",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/69fc1c75-81eb-58ad-83ff-c3fd517c27cf",
"length": 192,
"sworldAppname": "simple",
"sworldIdent": "test-aes192"
},
{
"created": "2017-07-07T17:24:31Z",
"keyType": "AES",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/7f34e38a-be3a-5378-a163-3313ce82ea02",
"length": 256,
"sworldAppname": "simple",
"sworldIdent": "test-aes256"
}
//...
]
}List all keys created since the beginning of 2017:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/keys?filter=created%20ge%20datetime'2017-01-01T00:00:00Z'"Result:
{
"keys": [
{
"created": "2017-07-03T13:17:56Z",
"keyType": "AES",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/90050af4-9b8c-5731-bbf2-08e3af797e2c",
"length": 256,
"sworldAppname": "simple",
"sworldIdent": "test-aes"
},
{
"created": "2017-07-06T15:44:12Z",
"keyType": "RSA",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/e51a13d1-b775-3129-b1f9-b8642a212475",
"length": 1024,
"sworldAppname": "simple",
"sworldIdent": "test-rsa"
}
]
}
The use of %20 to escape spaces in URIs.
Date and time stamps are in ISO-8601 format.
|
List all keys which have a certain name:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/keys?name=engineering"Result:
{
"keys": [
{
"created": "2021-12-17T16:44:52Z",
"keyType": "AES",
"kid": "/km/v1/groups/19e40e8c-2188-5f9f-a1c8-8007424a4157/keys/589e4486-9da6-53ec-92ff-b2444c61ee02",
"length": 192,
"name": "engineering",
"sworldAppname": "simple",
"sworldIdent": "test-aes192"
},
{
"created": "2021-12-17T16:44:52Z",
"keyType": "AES",
"kid": "/km/v1/groups/19e40e8c-2188-5f9f-a1c8-8007424a4157/keys/470d26c7-ad9d-5e49-9910-6e0c4fa9dad5",
"length": 256,
"name": "engineering",
"sworldAppname": "simple",
"sworldIdent": "test-aes256"
},
{
"created": "2021-12-17T16:45:08Z",
"keyType": "RSA",
"kid": "/km/v1/groups/a8668e0d-ef17-5a36-9dff-12a885dcb738/keys/1afdf157-056a-561e-8280-9b1b8e3aa817",
"length": 1024,
"name": "engineering",
"public": "/km/v1/groups/a8668e0d-ef17-5a36-9dff-12a885dcb738/keys/1afdf157-056a-561e-8280-9b1b8e3aa817/public",
"sworldAppname": "simple",
"sworldIdent": "test-rsa"
}
]
}List all keys with a matching substring of that named.
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/keys?filter=kid%20contains'269f0189'"Result:
{
"keys": [
{
"created": "2017-07-03T13:17:56Z",
"keyType": "AES",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/90050af4-9b8c-5731-bbf2-08e3af797e2c",
"length": 256,
"sworldAppname": "simple",
"sworldIdent": "test-aes"
}
]
}List keys in a group
List all keys belonging to a certain group, for instance 19e40e8c-2188-5f9f-a1c8-8007424a4157 group:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/groups/19e40e8c-2188-5f9f-a1c8-8007424a4157/keys"Result:
{
"keys": [
{
"created": "2021-12-17T16:44:52Z",
"keyType": "AES",
"kid": "/km/v1/groups/19e40e8c-2188-5f9f-a1c8-8007424a4157/keys/4a59aec6-1cb4-5f27-9546-249b6e241f6f",
"length": 256,
"sworldAppname": "simple",
"sworldIdent": "test-aes192"
},
{
"created": "2021-12-17T16:44:51Z",
"keyType": "HMACSHA256",
"kid": "/km/v1/groups/19e40e8c-2188-5f9f-a1c8-8007424a4157/keys/dc2b10ee-dc7b-521f-b732-db252f7c13c2",
"length": 256,
"name": "accounting",
"sworldAppname": "simple",
"sworldIdent": "test-hmac256"
},
//...
]
}| All HTTP queries described in List keys also work when listing the keys of a certain group. |
Public key export
The following example exports the public key from an ECDSA key:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/6ff3a5ef-c12f-5e82-b1d6-d955caef2730/public"Result:
{
"crv": "P-384",
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/6ff3a5ef-c12f-5e82-b1d6-d955caef2730”,
"kty": "EC",
"x": "JDvhhAqlSpn2xrjq7C1iOYKvPZl1PVARsXlsQc9EyP9dxhcZSJ0bkJcYXuu-3PWx",
"y": "_B3o_PZx2jsYA4nsKG82sCoEyCzdbeFTtIPrO5Y8PhkRc4owIiO_7BOUu97BkRsZ"
}Public key import
Public Key import can only be performed in the Well-Known Protection key group.
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '{"appname":"simple", "ident":"test-import", "public": {"alg": "ES384","crv": "P-384","kty": "EC","x": "JDvhhAqlSpn2xrjq7C1iOYKvPZl1PVARsXlsQc9EyP9dxhcZSJ0bkJcYXuu-3PWx", "y": "_B3o_PZx2jsYA4nsKG82sCoEyCzdbeFTtIPrO5Y8PhkRc4owIiO_7BOUu97BkRsZ"}}'
'https://wsop.server:18001/km/v1/groups/2bd40730-85b1-5deb-8417-fb78a7735743/keys'Result:
{
"kid": "/km/v1/groups/2bd40730-85b1-5deb-8417-fb78a7735743/keys/170ff5ca-9d46-522c-84d1-84074955b94f"
}Create keys
Create a key in the Module Protection key group:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '\{"keytype":"ECDSA","curve":"P-256", "appname":"simple","ident":"test-p256"}'
'https://wsop.server:18001/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys'Result:
{
"kid": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/54872032-a16b-5c5e-a1c5-97f2656b7c24"
}Create a key in the Softcard Protection key group with a passphrase:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '{"keytype":"ECDSA","curve":"P-384", "appname":"simple","ident":"test-p384","protectiondomain":{"passphrase":"passphrase1"}}'
'https://wsop.server:18001/km/v1/groups/22fe7f69-ce90-5b75-b00b-69d55e840b3a/keys'Result:
{
"kid": "/km/v1/groups/22fe7f69-ce90-5b75-b00b-69d55e840b3a/keys/54872032-a16b-5c5e-a1c5-97f2656b7c24"
}Delete keys
The following example deletes a key:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--request DELETE \
'https://wsop.server:18001/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/54872032-a16b-5c5e-a1c5-97f2656b7c24'On successful deletion, 204 No Content is returned.
List key groups
List all key groups:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/groups"Result:
{
"groups": [
{
"groupid": "ccba7ee7-9032-5217-9db2-58d07fd4c045",
"keys": "/km/v1/groups/ccba7ee7-9032-5217-9db2-58d07fd4c045/keys",
"name": "soft1",
"protection": "/km/v1/protectiondomains/ccba7ee7-9032-5217-9db2-58d07fd4c045",
"type": "Softcard"
},
{
"groupid": "366f38ec-64e1-503c-9950-18cc324d67c6",
"keys": "/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys",
"name": "Module Protection",
"protection": "/km/v1/protectiondomains/366f38ec-64e1-503c-9950-18cc324d67c6",
"type": "Module"
},
//...
]
}Create key groups
Create a key group within a protection domain.
The following example creates a key group with name newGroup.
curl --cacert server_ca.pem \
-cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '\{"name": "newGroup", "protection": "/km/v1/protectiondomains/bf3cab05-b27c-5627-9b44-1d32b6f7148f"}' \
'https://test-server:18001/km/v1/groups'Result:
{
"id": "/km/v1/groups/31894214-4ec9-4418-889e-609b6d65751b"
}Delete key groups
Delete a key group within a protection domain. The following example deletes a key group and all keys within the group.
curl --cacert server_ca.pem \
-cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request DELETE \
'https://test-server:18001/km/v1/groups/4759eac6-9a22-5a8d-8dda-ef3e94d08161?cascade=keys'On successful deletion, 204 No Content is returned.
| By default a group will not be deleted if it has any keys within it. The cascade parameter allows a user to set this behaviour. The options are "none" (default) and "keys". If "keys" is set then all keys in the group will be deleted alongside the group. |
Create protection domains
Create protection domain can only be performed with Softcard protection domain types.
The following example creates a protection domain of type Softcard.
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '{"name":"softcard1","passphrase":"passphrase1","type":"Softcard"}' \
'https://wsop.server:18001/km/v1/protectiondomains' | jqResult:
{
"id": "e3307c07-300e-585a-95da-ed4f3d0c226e"
}Delete protection domains
Delete protection domain can only be performed with Softcard protection domain types.
The following example deletes a protection domain and all associated keys.
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request DELETE \
'https://wsop.server:18001/km/v1/protectiondomains/025ad489-3ec8-5bbc-b251-f0e497f7cd48?cascade=keys' | jqOn successful deletion, 204 No Content is returned.
| By default a protection domain will not be deleted if it has any groups within it. The cascade parameter allows a user to set this behaviour. The options are "none" (default), "groups" and "keys". If "groups" is set then all groups will be deleted alongside the protection domain as long as the groups do not contain any keys. If "keys" is set then all keys in all of the groups will be deleted alongside the protection domain. |
List protection domains
List all protection domains:
curl --cacert server_ca.pem \
--cert client_crt.pem --key client_key.pem \
--header 'Accept: application/json' \
--request GET \
"https://wsop.server:18001/km/v1/protectiondomains"Result:
{
"protectiondomains": [
{
"active": true,
"id": "366f38ec-64e1-503c-9950-18cc324d67c6",
"name": "Module Protection",
"type": "Module"
},
{
"active": false,
"id": "ccba7ee7-9032-5217-9db2-58d07fd4c045",
"name": "soft1",
"type": "Softcard"
},
//...
]
}Activate protection domains
Activate a protection domain:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '\{"passphrase":"passphrase1"}' \
"https://127.0.0.1:18001/km/v1/protectiondomains/ccba7ee7-9032-5217-9db2-58d07fd4c045/activate"Result:
{
"protectiondomain": {
"active": true,
"id": "ccba7ee7-9032-5217-9db2-58d07fd4c045",
"name": "soft1",
"type": "Softcard"
}
}Deactivate protection domains
Deactivate a protection domain:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
"https://127.0.0.1:18001/km/v1/protectiondomains/ccba7ee7-9032-5217-9db2-58d07fd4c045/deactivate"Result:
{
"protectiondomain": {
"active": false,
"id": "ccba7ee7-9032-5217-9db2-58d07fd4c045",
"name": "soft1",
"type": "Softcard"
}
}Sign payload
The following example signs a payload:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '\{"kid":"/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/e51a13d1-b775-3129-b1f9-b8642a212475",
"alg":"RS256",
"payload":"dGVzdCBkYXRhCg"}'
'https://wsop.server:18001/crypto/v1/sign'Result:
{
"signature": "<base64url-encoded signature omitted>"
}Verify signature
The resulting signature can be verified as follows:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '\{"kid":"/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/e51a13d1-b775-3129-b1f9-b8642a212475",
"alg":"RS256",
"payload":"dGVzdCBkYXRhCg",
"signature": "<base64url-encoded signature omitted>"}'
'https://wsop.server:18001/crypto/v1/verify'Result:
{
"valid":true
}Sign a payload with a passphrase
The following example signs a payload with a passphrase:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '\{"kid":"/km/v1/groups/22fe7f69-ce90-5b75-b00b-69d55e840b3a/keys/54872032-a16b-5c5e-a1c5-97f2656b7c24",
"alg":"ECDSA-SHA384",
"payload":"dGVzdCBkYXRhCg",
"protectiondomain": {"passphrase":"passphrase1"}}'
'https://wsop.server:18001/crypto/v1/sign'Result:
{
"signature": "<base64url-encoded signature omitted>"
}Encrypt plaintext
The following example encrypts some plaintext:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '\{"kid":"/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/90050af4-9b8c-5731-bbf2-08e3af797e2c",
"alg":"RSA-OAEP-256",
"plaintext":"dGVzdCBkYXRhCg"}'
'https://wsop.server:18001/crypto/v1/encrypt'Result:
{
"ciphertext": "<base64url-encoded ciphertext omitted>",
}Decrypt ciphertext
The resulting ciphertext can be decrypted as follows:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request POST \
-d '\{"kid":"":"/km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/90050af4-9b8c-5731-bbf2-08e3af797e2c ",
"alg":"RSA-OAEP-256",
"ciphertext":"<base64url-encoded ciphertext omitted>"}'
'https://wsop.server:18001/crypto/v1/decrypt'Result:
{
"plaintext": "dGVzdCBkYXRhCg"
}Random Number Generation
The random number endpoint can be used to generate random bytes from the HSM, using a single length input parameter for the number of bytes to be generated.
The random numbers are returned encoded in a base64RawURL format. They can be generated as follows:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request GET \
'https://wsop.server:18001/random/v1/random-bytes?length=20'Result:
{
"bytes": "C26xQCt0zI0MrH5LdsIJINMlMEg"
}| The length parameter takes a minimum value of 1 and a maximum of 65535. |
| Setting no length parameter corresponds to a default length of 1 byte. |
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request GET \
'https://wsop.server:18001/random/v1/random-bytes'Result:
{
"bytes": "PA"
}Health check
The health of the system can be checked as follows:
curl --cacert server_ca.pem \
--cert client_crt.pem –-key client_key.pem \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--request GET \
'https://wsop.server:18001/health'Result:
{
"releaseId": "1.5.0",
"status": "pass",
"version": "1"
}| The health check endpoint can be configured to not require TLS mutual authentication while retaining mutual authentication on all other endpoints. For more information, see Configure the Web Services Option Pack. |
Error handling
In the event of a failed request, errors are reported to the client by using the HTTP response codes that indicate errors and an appropriate error message and error code in the response body in JSON format.
For example:
{
"error": "ResourceNotFound",
"message": "loading key /km/v1/groups/366f38ec-64e1-503c-9950-18cc324d67c6/keys/98487743-2ac4-5fe9-81ba-95eb4a93cae4 failed: unknown key",
"path": "/crypto/v1/sign",
"status": "404",
"timestamp": "2019-12-05T09:58:40Z"
}Language bindings
An OpenAPIv3-compliant API description is provided (/opt/nfast/webservices/docs/openapi.yaml).
This represents the Web Services Option Pack REST API, which can be used for generating bindings for a number of programming languages using tools provided as part of Smartbear’s Swagger.
| The correctness of the generated bindings from Smartbear’s Swagger tooling cannot be guaranteed due to numerous issues with the generators. For more information, see the documentation provided by Smartbear. |