REST API sample
Sample for REST API that uses rest-calls.http
plug-in in VScode.
@host =
# @name login
POST https://{{host}}/api/com.ibm.zaci.system/api-tokens HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind": "request",
"parameters": {
"user": "",
"password": ""
}
}
### send request to config log settings (loglevel --- trace, debug, info, warn, err, error, critical, off, 'info' is default value)
POST https://{{host}}/api/com.ibm.crypto/apilog
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
"log_config":{
"ld_ca_root": "",
"log_target_ip": "",
"loglevel": "error"
}
}
}
### get inner system service logs of Crypto Appliance
GET https://{{host}}/api/com.ibm.crypto/apilog HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
"service_name": "",
"logline_number": "",
"from_timestamp": ""
}
}
### send request to generate server key+ server csr, and return server CSR
POST https://{{host}}/api/com.ibm.crypto/csr
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
"mtls":{
"server_common_name":""
}
}
}
### config server with mTLS
POST https://{{host}}/api/com.ibm.crypto/configs HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
"mtls":{
"client_ca_root": "",
"server_cert":""
}
}
}
### manage server status - start/stop/restart
POST https://{{host}}/api/com.ibm.crypto/server HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
"action": "restart"
}
}
### get server status
GET https://{{host}}/api/com.ibm.crypto/server HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
### get all configrations - mTLS and log settings
GET https://{{host}}/api/com.ibm.crypto/configs HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
### get ilmt scanning result as `tar`
curl -k -X GET https://{{host}}/api/com.ibm.crypto/ilmt -H "Accept: application/octet-stream" -H "zACI-API: com.ibm.zaci.system/1.0" -H "Authorization: Bearer {{login.response.body.parameters.token}}" --output ilmt_scanlog.tar.gz
### get all domains or cert module.domain
GET https://{{host}}/api/com.ibm.crypto/domains/ HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
### disable management of client-domain bindings
POST https://{{host}}/api/com.ibm.crypto/domains/enableClientACL=true
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
}
}
### bind client with target domain
POST https://{{host}}/api/com.ibm.crypto/domains/07.0000 HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
"client_pem": ""
}
}
### delete the binding of client with target domain
DELETE https://{{host}}/api/com.ibm.crypto/domains/07.001a HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
"client_pem": ""
}
}
### refresh domain list with 'lscrypt'
PUT https://{{host}}/api/com.ibm.crypto/domains/ HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
### security settings for CA monitoring
POST https://{{host}}/api/com.ibm.crypto/camonitor HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
{
"kind":"request",
"parameters":{
"username": "",
"password_hash": "",
"tls_cert":"",
"tls_key":""
}
}