Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Purpose

A set of API functions allows you to manage cards (tokens, smart cards) by means of client applications.

Usage

Access to API functions is implemented through the icmapi web application, which is part of the Indeed Certificate Manager server. To interact with Indeed CM through the API, in the Roles section of the Indeed CM configuration, you will need to create a service role, include the account on whose behalf the API will be accessed, and define privileges for the role:

  • Finding users
  • Viewing card repository
  • Enabling card
  • Disabling card
  • Updating card
  • Revoking card

1. GetCards - get a the list of user's cards.

Request type:

    • GET

Parameter:

    • name - username in UPN format (user principal name)

Return values (CardInfo object list):

    • id - card identifier
    • serialNumber - card serial number
    • atr - card ATR (Answer To Reset)
    • label - card label
    • state - card state
    • formFactor - card form factor
    • pacNumber - card HID label
    • expirationDate - card expiration date
Info
iconfalse
titleExample:

http://localhost/icmapi/user/getcards?name=mike.benson@demo.local

2. GetAllCards - get a the list of cards added to the system.

Request type:

    • GET

Parameter:

    • without parameters
    • offset - shift by the specified number of cards
    • count - number of output cards

Return values (CardInfo object list):

    • id - card identifier
    • serialNumber - card serial number
    • atr - card ATR (Answer To Reset)
    • label - card label
    • state - card state
    • formFactor - card form factor
    • pacNumber - card HID label
    • expirationDate - card expiration date
Info
iconfalse
titleExample:

http://localhost/icmapi/Card/GetAllCards - output of all cards
http://localhost/icmapi/Card/GetAllCards?offset=0&count=50 - output of 50 cards without shifting

3. Revoke - withdraw user card.

Request type:

    • POST

Parameters:

    • id - card identifier
    • reason - card revoke reason:

      – 0 - none
      – 1 - broken
      – 2 - lost
      – 3 - upgrade
      – 4 - expired
      – 5 - withdraw
      – 6 - user removed

      – 7 - compromised

Return values:

    • not
Info
iconfalse
titleExample:

http://localhost/icmapi/card/revoke?id=id1

Request body:

    • Card revoke reason - for example, { reason: 5 }

4. Disable - temporarily disable the user's card.

Request type:

    • POST

Parameter:

    • id - card identifier

Return values:

    • not
Info
iconfalse
titleExample:

http://localhost/icmapi/card/disable?id=id1

5. Enable - enable the user's card.

Request type:

    • POST

Parameter:

    • id - card identifier

Return values:

    • not
Info
iconfalse
titleExample:

http://localhost/icmapi/card/enable?id=id1

6. Preupdate - revoke irrelevant user certificate.

Warning

The Preupdate method is required when changing smart card usage policy. If the issued certificate is not supported in the new policy, it will be deleted.

The Preupdate method cannot be performed on a smart card that is disabled, assigned, revoked, and pending issue or update.

Request type:

    • POST

Parameter:

    • id - card identifier

Return values:

    • not
Info
iconfalse
titleExample:

http://localhost/icmapi/card/preupdate?id=id1