- Created by Mikhail Yakovlev, last modified on Nov 21, 2022
Purpose
A set of API functions allows you to manage cards (USB tokens, smart cards) by means of client applications.
Usage
Access to API functions is implemented through the icmapi web application, which is part of the Indeed Certificate Manager server. To interact with Indeed CM through the API, in the Roles section of the Indeed CM configuration, you will need to create a service role, include the account on whose behalf the API will be accessed, and define privileges for the role:
- Finding users
- Viewing card repository
- Enabling card
- Disabling card
- Updating card
- Revoking card
1. Cards - get the list of cards added to the system.
Request type:
- GET
Parameters:
- without parameters
- offset - shift by the specified number of cards
- count - number of output cards
- filter.serialNumber - card serial number
- filter.userName - user logon name in sAMAccountName or userPrincipalName format
- filter.cardTypeName - cards type
- filter.comment - comment for cards
- filter.tags - card tags
- filter.state - card state:
– Clean
– Assigned
– Pending
– Issued
– Disabled
– Revoked - filter.contentExpirationStatus - content expiration status:
– None
– ManagedCertificatesExpiring
– ManagedCertificatesExpired
– CommonCertificatesExpiring
– CommonCertificatesExpired
– TracedCertificatesExpiring
– TracedCertificatesExpired
Return values (CardInfo object list):
- id - card identifier
- serialNumber - card serial number
- cardTypeName - card type name
- cardModelName - card model name is available only for eToken PRO Java 72K and IDPrime MD cards if a division for different models is added in the Card types section for these cards
- atr - card ATR (Answer To Reset)
- label - card label
- comment - comment for card
- tags - card tags
- state - card state
- formFactor - card form factor
- pacNumber - card HID label
- expirationDate - card expiration date in ISO 8601 format
- timeIssued - сard issue time in ISO 8601 format
- timeDisabled - card disable time in ISO 8601 format
- timeUpdated - card update time in ISO 8601 format
- timeRevoked - card revocation time in ISO 8601 format
Example:
http://localhost/icmapi/Cards - output of all cards
http://localhost/icmapi/Cards?offset=0&count=50 - output of 50 cards without shifting
2. Cards/{id}/Revoke - withdraw user card.
Request type:
- POST
Parameters:
- id - card identifier
reason - card revocation reason:
– 0 - None
– 1 - CardBroken
– 2 - CardLost
– 3 - CardUpgrade
– 4 - CardExpired
– 5 - CardWithdraw
– 6 - UserRemoved
– 7 - CardCompromised
Return values:
- not
Example:
http://localhost/icmapi/Cards/1/Revoke
Request body:
- Card revocation reason - for example, { "reason": "CardWithdraw" }
3. Cards/{id}/Disable - temporarily disable the user's card.
Request type:
- POST
Parameter:
- id - card identifier
Return values:
- not
Example:
http://localhost/icmapi/Cards/1/Disable
4. Cards/{id}/Enable - enable the user's card.
Request type:
- POST
Parameter:
- id - card identifier
Return values:
- not
Example:
http://localhost/icmapi/Cards/1/Enable
5. Cards/{id}/PreUpdate - revoke irrelevant user certificate.
The Preupdate method is required when changing smart card usage policy. If the issued certificate is not supported in the new policy and the option "Revoke certificate at card revoking/disabling" is enabled in the certificate template in the old policy, then it will be revoked.
The Preupdate method cannot be performed on a smart card that is disabled, assigned, revoked, and pending issue or update.
Request type:
- POST
Parameter:
- id - card identifier
Return values:
- not
Example:
http://localhost/icmapi/Cards/1/PreUpdate
- No labels