REST API sample

Sample for REST API that uses rest-calls.http plug-in in VScode.

@host =
# @name login
POST https://{{host}}/api/com.ibm.zaci.system/api-tokens HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind": "request",
    "parameters": {
        "user": "",
        "password": ""
        }
}

### send request to config log settings (loglevel --- trace, debug, info, warn, err, error, critical, off, 'info' is default value)
POST https://{{host}}/api/com.ibm.crypto/apilog
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind":"request",
    "parameters":{
        "log_config":{
            "ld_ca_root": "",
            "log_target_ip": "",
            "loglevel": "error"
        }
    }
}

### get inner system service logs of Crypto Appliance
GET https://{{host}}/api/com.ibm.crypto/apilog HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0
Accept: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind":"request",
    "parameters":{
        "service_name": "", 
        "logline_number": "",
        "from_timestamp": ""
    }
}


### send request to generate server key+ server csr, and return server CSR
POST https://{{host}}/api/com.ibm.crypto/csr
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind":"request",
    "parameters":{
        "mtls":{
            "server_common_name":""
        }
    }
}

### config server with mTLS
POST https://{{host}}/api/com.ibm.crypto/configs HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind":"request",
    "parameters":{
        "mtls":{
            "client_ca_root": "",
            "server_cert":""
        }
    }
}

### manage server status - start/stop/restart
POST https://{{host}}/api/com.ibm.crypto/server HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind":"request",
    "parameters":{
        "action": "restart"
    }
}

### get server status
GET https://{{host}}/api/com.ibm.crypto/server HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0


### get all configrations - mTLS and log settings
GET https://{{host}}/api/com.ibm.crypto/configs HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0

### get ilmt scanning result as `tar`
curl -k -X GET https://{{host}}/api/com.ibm.crypto/ilmt -H "Accept: application/octet-stream" -H "zACI-API: com.ibm.zaci.system/1.0" -H "Authorization: Bearer {{login.response.body.parameters.token}}" --output ilmt_scanlog.tar.gz
### get all domains or cert module.domain
GET https://{{host}}/api/com.ibm.crypto/domains/ HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0


### disable management of client-domain bindings
POST https://{{host}}/api/com.ibm.crypto/domains/enableClientACL=true
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind":"request",
    "parameters":{

    }
}

### bind client with target domain
POST https://{{host}}/api/com.ibm.crypto/domains/07.0000 HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind":"request",
    "parameters":{
        "client_pem": ""
    }
}

### delete the binding of client with target domain
DELETE https://{{host}}/api/com.ibm.crypto/domains/07.001a HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
    "kind":"request",
    "parameters":{
        "client_pem": ""               
    }
}

### refresh domain list with 'lscrypt'
PUT https://{{host}}/api/com.ibm.crypto/domains/ HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

### security settings for CA monitoring
POST https://{{host}}/api/com.ibm.crypto/camonitor HTTP/1.1
zACI-API: com.ibm.zaci.system/1.0
Authorization: Bearer {{login.response.body.parameters.token}}
Accept: application/vnd.ibm.zaci.payload+json;version=1.0
Content-type: application/vnd.ibm.zaci.payload+json;version=1.0

{
   "kind":"request",
    "parameters":{
        "username": "",
        "password_hash": "",
        "tls_cert":"",
        "tls_key":""
    }
}