CZERTAINLY Compliance Provider v2 API (2.16.0)
Download OpenAPI specification:Download
REST API for implementations of custom v2 Compliance Provider
Connector Information API. Each connector may have multiple functions represented by FunctionGroupCode. For each FunctionGroupCode there is a list of implemented end points. These endpoints must be according the specified interface, this is validated by the core. You can also implement helper end points that are used for callbacks and other relevant operations specific to implementation.
List supported functions of the connector
Returns map of functional code and implemented end points
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
Responses
Response samples
- 200
- 400
- 403
- 404
Content type
application/json
[- {
- "functionGroupCode": "credentialProvider",
- "kinds": "[\"SoftKeyStore\", \"Basic\", \"ApiKey\"]",
- "endPoints": [
- {
- "uuid": "7b55ge1c-844f-11dc-a8a3-0242ac120002",
- "name": "Name",
- "context": "/v1",
- "method": "POST",
- "required": "true"
}
]
}
]Compliance Provider API. Used to check the compliance of resource objects. The provider contains the list of rules for checking the compliance. The user can choose the list of compliance checks that has to be performed. To check for the compliance of a resource object, the Connector accepts its content and the list of rule references. Once the values are received, compliance is checked and status will be returned
Check resource object compliance
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| kind required | string Connector Kind |
Request Body schema: application/jsonrequired
| resource | string (Resource) Enum: "NONE" "ANY" "dashboard" "settings" "auditLogs" "credentials" "connectors" "attributes" "jobs" "users" "roles" "acmeAccounts" "acmeProfiles" "scepProfiles" "cmpProfiles" "authorities" "raProfiles" "certificates" "certificateRequests" "groups" "complianceProfiles" "discoveries" "oids" "entities" "locations" "tokenProfiles" "tokens" "keys" "approvalProfiles" "approvals" "notificationProfiles" "notificationInstances" "rules" "actions" "triggers" "resources" "resourceEvents" "searchFilters" "keyItems" "platformEnums" "notifications" "conditions" "executions" "complianceRules" "complianceGroups" "customAttributes" "globalMetadata" "acmeOrders" "acmeAuthorizations" "acmeChallenges" "cmpTransactions" "endEntityProfiles" "authenticationProviders" Resource of rules to be checked |
| type | string Type of the resource object that is sent to compliance check |
| format | string Format of the resource object data that are sent to compliance check |
| data required | string Base64 encoded content of resource object |
required | Array of objects (ComplianceRuleRequestDto) List of UUIDs of Compliance rules |
| groups required | Array of strings <uuid> [ items <uuid > ] List of UUIDs of Compliance groups |
Responses
Request samples
- Payload
Content type
application/json
{- "resource": "NONE",
- "type": "X.509",
- "format": "pkcs7",
- "data": "string",
- "rules": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "attributes": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]
}
], - "groups": [
- "497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}Response samples
- 200
- 400
- 403
- 404
- 422
Content type
application/json
{- "status": "not_checked",
- "rules": [
- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Rule1",
- "status": "ok"
}
]
}Connector Health check API. Connector returns own status and in some cases can return status of services on which it depends like database, HSM and so on.
Compliance Provider rules API. Used to get the list of rules provided by the connector. These rules will be made available for the users to choose from the list.To check for the compliance of resource objects, the Connector accepts content and the list of rule references. Once the values are received, compliance is checked based on the rules.
Get list of rules
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| kind required | string Connector kind |
query Parameters
| resource | string (Resource) Enum: "NONE" "ANY" "dashboard" "settings" "auditLogs" "credentials" "connectors" "attributes" "jobs" "users" "roles" "acmeAccounts" "acmeProfiles" "scepProfiles" "cmpProfiles" "authorities" "raProfiles" "certificates" "certificateRequests" "groups" "complianceProfiles" "discoveries" "oids" "entities" "locations" "tokenProfiles" "tokens" "keys" "approvalProfiles" "approvals" "notificationProfiles" "notificationInstances" "rules" "actions" "triggers" "resources" "resourceEvents" "searchFilters" "keyItems" "platformEnums" "notifications" "conditions" "executions" "complianceRules" "complianceGroups" "customAttributes" "globalMetadata" "acmeOrders" "acmeAuthorizations" "acmeChallenges" "cmpTransactions" "endEntityProfiles" "authenticationProviders" |
| type | string |
| format | string |
Responses
Response samples
- 200
- 400
- 403
- 404
Content type
application/json
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "groupUuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Rule1",
- "description": "Sample rule description",
- "resource": "NONE",
- "type": "X.509",
- "format": "pkcs7",
- "attributes": [
- {
- "version": "2",
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "type": "data",
- "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": "true",
- "group": "requiredAttributes",
- "required": "false",
- "readOnly": "false",
- "list": "false",
- "multiSelect": "false"
}, - "constraints": [
- {
- "type": "regExp",
- "errorMessage": "string",
- "description": "string",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]
}
]Get list of rules and groups with rules in one batch
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| kind required | string Connector kind |
Request Body schema: application/jsonrequired
| ruleUuids required | Array of strings <uuid> unique [ items <uuid > ] UUIDs of the rules to retrieve |
| groupUuids required | Array of strings <uuid> unique [ items <uuid > ] UUIDs of the groups to retrieve |
| withGroupRules | boolean Default: "false" Flag to determine whether to include group rules in the response |
Responses
Request samples
- Payload
Content type
application/json
{- "ruleUuids": [
- "166b5cf52-63f2-11ec-90d6-0242ac120003"
], - "groupUuids": [
- "166b5cf52-63f2-11ec-90d6-0242ac120003"
], - "withGroupRules": "false"
}Response samples
- 200
- 400
- 403
- 404
Content type
application/json
{- "rules": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "groups": "166b5cf52-63f2-11ec-90d6-0242ac120003"
}Get specific rule
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| kind required | string Connector kind |
| ruleUuid required | string <uuid> Rule UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
Content type
application/json
{- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "groupUuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Rule1",
- "description": "Sample rule description",
- "resource": "NONE",
- "type": "X.509",
- "format": "pkcs7",
- "attributes": [
- {
- "version": "2",
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "type": "data",
- "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": "true",
- "group": "requiredAttributes",
- "required": "false",
- "readOnly": "false",
- "list": "false",
- "multiSelect": "false"
}, - "constraints": [
- {
- "type": "regExp",
- "errorMessage": "string",
- "description": "string",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]
}Get list of groups
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| kind required | string Connector kind |
query Parameters
| resource | string (Resource) Enum: "NONE" "ANY" "dashboard" "settings" "auditLogs" "credentials" "connectors" "attributes" "jobs" "users" "roles" "acmeAccounts" "acmeProfiles" "scepProfiles" "cmpProfiles" "authorities" "raProfiles" "certificates" "certificateRequests" "groups" "complianceProfiles" "discoveries" "oids" "entities" "locations" "tokenProfiles" "tokens" "keys" "approvalProfiles" "approvals" "notificationProfiles" "notificationInstances" "rules" "actions" "triggers" "resources" "resourceEvents" "searchFilters" "keyItems" "platformEnums" "notifications" "conditions" "executions" "complianceRules" "complianceGroups" "customAttributes" "globalMetadata" "acmeOrders" "acmeAuthorizations" "acmeChallenges" "cmpTransactions" "endEntityProfiles" "authenticationProviders" |
Responses
Response samples
- 200
- 400
- 403
- 404
Content type
application/json
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "RFC",
- "description": "Sample description of the group",
- "resource": "NONE"
}
]Get specific group
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| kind required | string Connector kind |
| groupUuid required | string <uuid> Group UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
Content type
application/json
{- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "RFC",
- "description": "Sample description of the group",
- "resource": "NONE"
}Get list of rules for a group
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| kind required | string Connector kind |
| groupUuid required | string <uuid> Group UUID |
Responses
Response samples
- 200
- 400
- 403
- 404
Content type
application/json
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "groupUuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Rule1",
- "description": "Sample rule description",
- "resource": "NONE",
- "type": "X.509",
- "format": "pkcs7",
- "attributes": [
- {
- "version": "2",
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "type": "data",
- "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": "true",
- "group": "requiredAttributes",
- "required": "false",
- "readOnly": "false",
- "list": "false",
- "multiSelect": "false"
}, - "constraints": [
- {
- "type": "regExp",
- "errorMessage": "string",
- "description": "string",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]
}
]Connector Attributes API. Provides information about supported Attributes of the connector. Attributes are specific to implementation and gives information about the data that can be exchanged and properly parsed by the connector. Part of this API is validation of the Attributes.
Validate Attributes
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| functionalGroup required | string (FunctionGroupCode) Enum: "credentialProvider" "legacyAuthorityProvider" "authorityProvider" "discoveryProvider" "entityProvider" "complianceProvider" "complianceProviderV2" "cryptographyProvider" "notificationProvider" Function Group |
| kind required | string Kind |
Request Body schema: application/jsonrequired
Array
| uuid required | string UUID of the Attribute |
| name required | string Name of the Attribute |
| contentType required | string (AttributeContentType) Enum: "string" "text" "integer" "boolean" "float" "date" "time" "datetime" "secret" "file" "credential" "codeblock" "object" Content Type of the Attribute |
required | Array of BooleanAttributeContent (object) or CodeBlockAttributeContent (object) or CredentialAttributeContent (object) or DateAttributeContent (object) or DateTimeAttributeContent (object) or FileAttributeContent (object) or FloatAttributeContent (object) or IntegerAttributeContent (object) or ObjectAttributeContent (object) or SecretAttributeContent (object) or StringAttributeContent (object) or TextAttributeContent (object) or TimeAttributeContent (object) (BaseAttributeContentDto) Content of the Attribute |
Responses
Request samples
- Payload
Content type
application/json
[- {
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "contentType": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
]
}
]Response samples
- 400
- 403
- 404
- 422
Content type
application/json
{- "message": "Error message"
}List available Attributes
Authorizations:
NoAuthCertificateTLSAuthConnectorAPIKeyAuthBasicAuth
path Parameters
| functionalGroup required | string (FunctionGroupCode) Enum: "credentialProvider" "legacyAuthorityProvider" "authorityProvider" "discoveryProvider" "entityProvider" "complianceProvider" "complianceProviderV2" "cryptographyProvider" "notificationProvider" Function Group |
| kind required | string Kind |
Responses
Response samples
- 200
- 400
- 403
- 404
Content type
application/json
[- {
- "version": "2",
- "uuid": "166b5cf52-63f2-11ec-90d6-0242ac120003",
- "name": "Attribute",
- "description": "string",
- "content": [
- {
- "reference": "string",
- "data": true
}
], - "type": "data",
- "contentType": "string",
- "properties": {
- "label": "Attribute Name",
- "visible": "true",
- "group": "requiredAttributes",
- "required": "false",
- "readOnly": "false",
- "list": "false",
- "multiSelect": "false"
}, - "constraints": [
- {
- "type": "regExp",
- "errorMessage": "string",
- "description": "string",
- "data": "string"
}
], - "attributeCallback": {
- "callbackContext": "string",
- "callbackMethod": "string",
- "mappings": [
- {
- "from": "string",
- "attributeType": "data",
- "attributeContentType": "string",
- "to": "string",
- "targets": [
- "pathVariable"
], - "value": { }
}
]
}
}
]