Axidian CertiFlow API

Purpose

A set of API functions allows you to manage cards (USB tokens, smart cards) by means of client applications.

Usage

Access to API functions is implemented through API web application, which is part of the Axidian CertiFlow server. To interact with Axidian CertiFlow through the API, in the Roles section of the system configuration, you will need to create a service role, include the account on whose behalf the API will be accessed, and define privileges for the role:

• Finding users
• Viewing card repository
• Enabling card
• Disabling card
• Updating card
• Resetting PIN
• Locking card
• Revoking card
• Removing tasks

1. Cards - get the list of cards added to the system.

Request type:

• • GET

Parameters:

• • without parameters
  • offset - shift by the specified number of cards
  • count - number of output cards
  • serialNumber -  card serial number
  • userName - user logon name in down-level logon name format (DOMAIN\LogonName) or in User principal name (UPN) format
  • cardTypeName - cards type 
  • comment - comment for cards
  • tags - card tags
  • state - card state:
    – Clean
    – Assigned
    – Pending
    – Issued
    – Disabled
    – Revoked
  • contentExpirationStatus - content expiration status:
    – None 
    – ManagedCertificatesExpiring 
    – ManagedCertificatesExpired 
    – CommonCertificatesExpiring
    – CommonCertificatesExpired
    – TracedCertificatesExpiring
    – TracedCertificatesExpired

Return values (CardInfo object list):

• • id - card identifier
  • serialNumber - card serial number
  • cardTypeName - card type name
  • cardModelName - card model name is available only for eToken PRO Java 72K and IDPrime MD cards if a division for different models is added in the Card types section for these cards
  • atr - card ATR (Answer To Reset)
  • label - card label
  • comment - comment for card
  • tags - card tags
  • state - card state
  • formFactor - card form factor
  • pacNumber - card HID label
  • expirationDate - card expiration date in ISO 8601 format
  • timeIssued - сard issue time in ISO 8601 format
  • timeDisabled - card disable time in ISO 8601 format
  • timeUpdated - card update time in ISO 8601 format
  • timeRevoked - card revocation time in ISO 8601 format
  • userId - card user ID
  • userName - card user name in down-level logon name format (DOMAIN\LogonName)
  • policyId - card policy ID
  • policyName - card policy name
  • certificates:
    • type - certificate type
    • serialNumber - certificate serial number
    • thumbprint - certificate thumbprint
    • subject - Common Name (CN) of the certificate subject
    • issuer - Common Name (CN) of the certificate issuer
    • validTo - certificate expiration date in ISO 8601 format

2. Cards/{id}/Revoke - withdraw user card.

Request type:

• • POST

Parameters:

• • id - card identifier

  • reason - card revocation reason:

    – 0 - None
    – 1 - CardBroken
    – 2 - CardLost
    – 3 - CardUpgrade
    – 4 - CardExpired
    – 5 - CardWithdraw
    – 6 - UserRemoved
    – 7 - CardCompromised

Return values:

• • not

Request body:

• • Card revocation reason - for example, { reason=5 }

3. Cards/{id}/Disable - temporarily disable the user's card.

Request type:

• • POST

Parameter:

• • id - card identifier

Return values:

• • not

4. Cards/{id}/Enable - enable the user's card.

Request type:

• • POST

Parameter:

• • id - card identifier

Return values:

• • not

5. Cards/{id}/PreUpdate - revoke irrelevant user certificate.

Request type:

• • POST

Parameter:

• • id - card identifier

Return values:

• • not