Overview and authentication

You can use the Crypto Express Network API for Secure Execution Enclaves to:

  • Configure Rsyslog and loglevel of the c16 server
  • Generate mTLS server KEY and server CSR (certificate signing request) for the c16 server
  • Configure mTLS
  • Manage the c16 server

Note: You can manage the Secure Service Container by using APIs. For more information about using the APIs, see Common Framework.

Status codes

Each API request that is sent to the server returns a response that includes an HTTP status code and any requested information.

Note: The value of the API session timeout is 600 seconds.

The following list shows some common HTTP status codes:

  • 200 OK

    The endpoint operation was successful.

  • 201 Created

    The endpoint operation was successful and resulted in the creation of a resource.

  • 202 Accepted

    The request is accepted for processing, but the processing is not yet completed. Asynchronous endpoints return this status code in the response to the original request.

  • 204 No content

    The endpoint operation was successful, but no content is returned in the response.

  • 303 [interim response status]

    The endpoint operation is in progress. Asynchronous endpoints return this status code in response to a request for status.

The following list shows some common HTTP status error codes:

  • 400 Bad Request
  • 403 Forbidden
  • 404 Not Found
  • 500 Internal Server Error

Authentication

The REST API requires token-based authentication rather than authentication with a user ID and password.

To access the API, you need to get an authentication token first by using the username and password of the SSC appliance administrator. Use the token to get authenticated to the Crypto Express Network API for Secure Execution Enclaves to perform various operations.

Authenticate by using /api/com.ibm.zaci.system/api-tokens POST.

{
    "kind": "request",
    "parameters": {
        "user": "<username of root admin of appliance>",
        "password": "<password of root admin of appliance>"
        }
}

Synopsis of the request URL:

curl -k -H "Content-Type: application/vnd.ibm.zaci.payload+json;version=1.0" -H "zACI-API:com.ibm.zaci.system/1.0" -H "Accept: application/vnd.ibm.zaci.payload+json;version=1.0" https://<crypto_appliance_host>/api/com.ibm.zaci.system/api-tokens -X POST -d@token.json

Note: Only users with the ADMIN role can access the Crypto Express Network API for Secure Execution Enclaves by using the authentication token.