List Key Default Rollover REST Service

Use the List Key Default Rollover REST Service to list wrapping key rollovers in a rollover list for 3592 tape drive.

Operation: GET
URL: https://host:port/SKLM/rest/v1/certificates/rollover?name=<name value>&usage<usage value>&uuid=<uuid value>

By default, Guardium Key Lifecycle Manager server listens to the secure port 9443 (HTTPS) for communication. During IBM Security Guardium Key Lifecycle Manager installation, you can modify this default port.

Request

Request Parameters

Parameter	Description
host	Specify the IP address or hostname of the IBM Security Guardium Key Lifecycle Manager server.
port	Specify the port number on which the IBM Security Guardium Key Lifecycle Manager server listens for requests.

Request Headers

Header name	Value
Content-Type	`application/json`
Accept	`application/json`
Authorization	`SKLMAuth userAuthId=<authIdValue>`
Accept-Language	Any valid locale that is supported by IBM Security Guardium Key Lifecycle Manager. For example, `en` or `de`.

Request body

JSON object with the following specification:

JSON property name	Description
name	Specify the name of an existing key. It is not case-sensitive.
uuid	Specify the unique universal identifier of an existing key rollover.

Response

Response Headers

Header name	Value and description
Status Code	200 OK The request was successful. The response body contains the requested representation. 400 Bad Request The authentication information was not provided in the correct format. 401 Unauthorized The authentication credentials were missing or incorrect. 404 Not Found Error The processing of the request fails. 500 Internal Server Error The processing of the request fails because of an unexpected condition on the server.
Content-Type	`application/json`
Content-Language	Locale for the response message.

Success response body

JSON object with the following specification:

JSON property name	Description
Key rollover uuid	Returns the unique universal identifier of the key rollover.
<deviceGroup> system default	Returns the system default key name/alias for the device group. This response is returned if the key is a system default.
<deviceGroup> partner default	Returns the partner default key name/alias for the device group. This response is returned if the key is a partner default.
Effective date	Returns the date on which the key is set for rollover. The value is a current or future date in `yyyy-MM-dd` format.

Error Response Body

JSON object with the following specification.

JSON property name	Description
code	Returns the application error code.
message	Returns a message that describes the error.

Examples

Service request to list key rollover

GET https://localhost:port/SKLM/rest/v1/rollover/3592?usage=3592

Success response

Status Code: 200 OK
[
  {
    "Certificate rollover uuid": "ROLLOVER-d70d6f8-85ac2101-86e6-449c-b824-0543d9fddf62",
    "3592 system default": "key2",
    "Effective date": "11/5/21 12:00:00 AM PDT"
  }
]

Service request to list key rollover when an incorrect usage is specified

GET https://localhost:port/SKLM/rest/v1/rollover/3592?usage=lto
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m

Error response

{
  "code": "CTGKM0830E",
  "message": "Device group is not valid: lto"
}