Versions Compared

Old Version 4

changes.mady.by.user Mikhail Yakovlev

Saved on

compared with

New Version Current

changes.mady.by.user Daliya Agletdinova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Purpose

A set of API functions allows you to manage devices cards (USB tokens, smart cards) by means of client applications.

Usage

Access to API functions is implemented through the icmapi API web application, which is part of the Indeed Certificate Manager Axidian CertiFlow server.  To To interact with Indeed CM Axidian CertiFlow through the API, in the Roles section of the Indeed CM system configuration, you will need to create a service role, include the account on whose behalf the API will be accessed, and define privileges for the role:

  • Get smart cards
  • Revoke smart cards
  • Disable smart cards
  • Enable smart cards
  • Update smart cards

  • Finding users
  • Viewing card repository
  • Enabling card
  • Disabling card
  • Updating card
  • Resetting PIN
  • Locking card
  • Revoking card
  • Removing tasks

1. Cards - get the list of cards added to the system1. GetCards - get a list of user's smart cards.

Request type:

    • GET

Parameter:

    • Name - username in UPN format (user principal name)

Parameters:

    • without parameters
    • offset - shift by the specified number of cards
    • count - number of output cards
    • serialNumber -  card serial number
    • userName - user logon name in down-level logon name format (DOMAIN\LogonName) or in User principal name (UPN) format
    • cardTypeName - cards type 
    • comment - comment for cards
    • tags - card tags
    • state - card state:
      – Clean
      – Assigned
      – Pending
      – Issued
      – Disabled
      – Revoked
    • contentExpirationStatus - content expiration status:
      – None 
      – ManagedCertificatesExpiring 
      – ManagedCertificatesExpired 
      – CommonCertificatesExpiring
      – CommonCertificatesExpired
      – TracedCertificatesExpiring
      – TracedCertificatesExpired

Return values (CardInfo object list):

    • id -  smart card identifier
    • serialNumber -  smart card serial number
    • cardTypeName - card type name
    • cardModelName - card model name is available only for eToken PRO Java 72K and IDPrime MD cards if a division for different models is added in the Card types section for these cards
    • atr - card ATR (Answer To Reset)atr - ATR smart cards
    • label - smart card label
    • comment - comment for card
    • tags - card tags
    • state - smart card state
    • formFactor - card form factor
    • pacNumber - smart card HID label
    • expirationDate - card expiration date in ISO 8601 format
    • timeIssued - сard issue time in ISO 8601 format
    • timeDisabled - card disable time in ISO 8601 format
    • timeUpdated - card update time in ISO 8601 format
    • timeRevoked - card revocation time in ISO 8601 format
    • userId - card user ID
    • userName - card user name in down-level logon name format (DOMAIN\LogonName)
    • policyId - card policy ID
    • policyName - card policy name
    • certificates:
      • type - certificate type
      • serialNumber - certificate serial number
      • thumbprint - certificate thumbprint
      • subject - Common Name (CN) of the certificate subject
      • issuer - Common Name (CN) of the certificate issuer
      • validTo - certificate expiration date in ISO 8601 format
Info
iconfalse
titleExample:

http://localhost/certiflow/api/Cards - output of all cards
http://localhost/icmapicertiflow/userapi/getcards?name=user1Cards?offset=0&count=50 - output of 50 cards without shifting

2. Cards/{id}/Revoke - withdraw user card.

Request type:

    • POST

Parameters:

    • id -  smart card identifier

    • reason - smart card revoke revocation reason:

      – 0 - noneNone
      – 1 - broken CardBroken
      – 2 - lostCardLost
      – 3 - upgradeCardUpgrade
      – 4 - expiredCardExpired
      – 5 - withdrawCardWithdraw
      – 6 - user removed- UserRemoved
      – 7 - CardCompromised

Return values:

    • not

Request body:

    • Card revocation reason - for example, { reason=5 }
Info
iconfalse
titleExample:

http://localhost/icmapi/card/revoke?id=id1

Request body:

    • Smart card revoke reason - for example, { reason: 5 }

certiflow/api/Cards/1013/Revoke?reason=CardWithdraw

3. Cards/{id}/3. Disable - temporarily disable the user's smart card.

Request type:

    • POST

Parameter:

    • id -  smart card identifier

Return values:

    • not
Info
iconfalse
titleExample:

http://localhost/icmapi/card/disable?id=id1certiflow/api/Cards/1065/Disable

4. Cards/{id}/Enable - enable the user's smart card.

Request type:

    • POST

Parameter:

    • id -  smart card identifier

Return values:

    • not
Info
iconfalse
titleExample:

http://localhost/icmapi/card/enable?id=id1certiflow/api/Cards/1065/Enable

5. PreupdateCards/{id}/PreUpdate - revoke irrelevant user certificate.

Warning

The Preupdate method is required when changing smart card usage policy. If  If the issued certificate is not supported in the new policy and the option "Revoke certificate at card revoking/disabling" is enabled in the certificate template in the old policy, then it will be deletedrevoked.

The Preupdate method cannot be performed on a smart card that is disabled, assigned, revoked, and pending issue or update.

Request type:

    • POST

Parameter:

    • id -   smart card identifier

Return values:

    • not
Info
iconfalse
titleExample:

http://localhost/icmapi/card/preupdate?id=id1certiflow/api/Cards/1073/PreUpdate