Comment on page
Kernel APIs
- Security APIs
- Notification APIs
- ID Generator APIs
This service in MOSIP are used for operations related to key management and interaction with SoftHSM or RealHSM for key generation.
This service will generate CSRs for a MOSIP application.
https://{base_url}/v1/keymanager/generateCSR
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | No |
Name | Required | Description | Example |
---|---|---|---|
applicationId | Yes | ID of the MOSIP Application for which we want to generate the CSR | KERNEL |
commonName | Yes | The fully qualified domain name (FQDN) of your server. | MOSIP |
country | Yes | The two-letter ISO code for the country where your organization is location. | IN for India |
state | Yes | The state/region where your organization is located. | KA |
location | Yes | The city where your organization is located. | BANGALORE |
organization | Yes | The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. | IIITB |
organizationUnit | Yes | The division of your organization handling the certificate. | MOSIP-TECH-CENTER |
{
"id": "io.mosip.keymanager.generateCSR",
"metadata": {},
"request": {
"applicationId": "KERNEL",
"commonName": "MOSIP",
"country": "IN",
"location": "BANGALORE",
"organization": "IIITB",
"organizationUnit": "MOSIP-TECH-CENTER",
"referenceId": "string",
"state": "KA"
},
"requesttime": "2020-10-05T13:14:56.696Z",
"version": "1.0"
}
Success Response
{
"errors": null,
"id": "io.mosip.keymanager.generateCSR",
"metadata": {},
"response": {
"certSignRequest": "string",
"certificate": "string",
"expiryAt": "string",
"issuedAt": "string",
"timestamp": "2020-10-05T13:14:56.696Z"
},
"responsetime": "2020-10-05T13:14:56.696Z",
"version": "1.0"
}
Response Code : 200 (OK)
Failure Response
{
"id": "io.mosip.keymanager.generateCSR",
"version": "1.0",
"responsetime": "2020-10-05T13:14:56.696Z",
"metadata": null,
"response": null,
"errors": [
{
"errorCode": "KER-KMS-012",
"message": "Key Generation Process is not completed."
}
]
}
Response Code : 200 (OK)
This service will generate master keys for a MOSIP application.
https://{base_url}/v1/keymanager/generateMasterKey/{objectType}
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | Yes |
Name | Required | Description | Example |
---|---|---|---|
objectType | Yes | Object Type can be Response Type Certificate or CSR | |
Name | Required | Description | Example |
---|---|---|---|
applicationId | Yes | ID of the MOSIP Application for which we want to generate the Master Key | REGISTRATION |
commonName | Yes | The fully qualified domain name (FQDN) of your server. | MOSIP |
country | Yes | The two-letter ISO code for the country where your organization is location. | IN for India |
state | Yes | The state/region where your organization is located. | KA |
location | Yes | The city where your organization is located. | BANGALORE |
organization | Yes | The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC. | IIITB |
organizationUnit | Yes | The division of your organization handling the certificate. | MOSIP-TECH-CENTER |
referenceId | No | ID of the Machine or Partner for whom the Key is getting generated | |
force | Yes | Force attribute will force key rotation. | true or false |
{
"id": "io.mosip.keymanager.generateMasterKey",
"metadata": {},
"request": {
"applicationId": "KERNEL",
"commonName": "MOSIP",
"country": "IN",
"force": false,
"location": "BANGALORE",
"organization": "IIITB",
"organizationUnit": "MOSIP-TECH-CENTER",
"referenceId": "string",
"state": "KA"
},
"requesttime": "2020-10-05T13:44:48.123Z",
"version": "1.0"
}
Success Response
{
"errors": null,
"id": "io.mosip.keymanager.generateMasterKey",
"metadata": {},
"response": {
"certSignRequest": "string",
"certificate": "string",
"expiryAt": "string",
"issuedAt": "string",
"timestamp": "2020-10-05T13:44:48.123Z"
},
"responsetime": "2020-10-05T13:44:48.123Z",
"version": "1.0"
}
Response Code : 200 (OK)
Error Response
{
"id": "io.mosip.keymanager.generateMasterKey",
"version": "1.0",
"responsetime": "2020-10-05T13:44:48.123Z",
"metadata": null,
"response": null,
"errors": [
{
"errorCode": "KER-KMS-010",
"message": "Reference Id Not Supported for the Application ID."
}
]
}
Response Code : 200 (OK)
This service will retrieve a certificate using the application id and reference id.
https://{base_url}/v1/keymanager/getCertificate?applicationId={application_id}&referenceId={reference_id}
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | Yes |
Name | Required | Description | Example |
---|---|---|---|
applicationId | Yes | ID of the MOSIP Application for which we want to fetch the certificate | |
referenceId | No | ID of the Machine or Partner for whom we want to fetch the certificate | |
-NA-
-NA-
Success Response
{
"errors": null,
"id": "string",
"metadata": {},
"response": {
"certSignRequest": "string",
"certificate": "string",
"expiryAt": "string",
"issuedAt": "string",
"timestamp": "string"
},
"responsetime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
"version": "string"
}
Response Code : 200 (OK)
Error Response
{
"id": null,
"version": null,
"responsetime": "2020-10-05T13:53:53.799Z",
"metadata": null,
"response": null,
"errors": [
{
"errorCode": "KER-KMS-005",
"message": "Required String parameter 'applicationId' is not present"
}
]
}
Response Code : 200 (OK)
Error Code | Error Message |
---|---|
KER-KMS-002 | ApplicationId not found in Key Policy |
KER-KMS-005 | Required String parameter 'applicationId' is not present |
KER-KMS-012 | Key Generation Process is not completed. |
This service will be used to upload a certificate.
https://{base_url}/v1/keymanager/uploadCertificate
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | No |
Name | Required | Description | Example |
---|---|---|---|
applicationId | Yes | ID of the MOSIP Application for which we want to fetch the certificate | |
certificateData | Yes | The certificate data | |
referenceId | No | ID of the Machine or Partner for which we want to upload the certificate | |
{
"id": "io.mosip.keymanager.uploadCertificate",
"metadata": {},
"request": {
"applicationId": "KERNEL",
"certificateData": "<certificate data>",
"referenceId": "10001"
},
"requesttime": "2020-10-05T14:05:34.658Z",
"version": "1.0"
}
Success Response
{
"errors": null,
"id": "io.mosip.keymanager.uploadCertificate",
"metadata": {},
"response": {
"status": "success",
"timestamp": "2020-10-05T14:01:51.588Z"
},
"responsetime": "2020-10-05T14:05:34.658Z",
"version": "1.0"
}
Response Code : 200 (OK)
Error Response
{
"id": "io.mosip.keymanager.uploadCertificate",
"version": "1.0",
"responsetime": "2020-10-05T14:05:34.658Z",
"metadata": null,
"response": null,
"errors": [
{
"errorCode": "KER-KMS-003",
"message": "No unique alias is found"
}
]
}
Response Code : 200 (OK)
Error Code | Error Message |
---|---|
KER-KMS-002 | ApplicationId not found in Key Policy |
KER-KMS-005 | Required String parameter 'applicationId' is not present |
KER-KMS-012 | Key Generation Process is not completed. |
KER-KMS-003 | No unique alias is found |
KER-KMS-013 | Certificate Parsing Error. |
This service will be used to upload a certificate which is of other domains with in MOSIP system.
https://{base_url}/v1/keymanager/uploadOtherDomainCertificate
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | No |
Name | Required | Description | Example |
---|---|---|---|
applicationId | Yes | ID of the MOSIP Application for which we want to fetch the certificate | |
certificateData | Yes | The certificate data | |
referenceId | No | ID of the Machine or Partner for which we want to upload the certificate | |
{
"id": "io.mosip.keymanager.uploadOtherDomainCertificate",
"metadata": {},
"request": {
"applicationId": "KERNEL",
"certificateData": "<certificate data>",
"referenceId": "10001"
},
"requesttime": "2020-10-05T14:05:34.658Z",
"version": "1.0"
}
Success Response
{
"errors": null,
"id": "io.mosip.keymanager.uploadOtherDomainCertificate",
"metadata": {},
"response": {
"status": "success",
"timestamp": "2020-10-05T14:01:51.588Z"
},
"responsetime": "2020-10-05T14:05:34.658Z",
"version": "1.0"
}
Response Code : 200 (OK)
Error Response
{
"id": "io.mosip.keymanager.uploadOtherDomainCertificate",
"version": "1.0",
"responsetime": "2020-10-05T14:11:11.810Z",
"metadata": null,
"response": null,
"errors": [
{
"errorCode": "KER-KMS-013",
"message": "Certificate Parsing Error."
}
]
}
Response Code : 200 (OK)
Error Code | Error Message |
---|---|
KER-KMS-002 | ApplicationId not found in Key Policy |
KER-KMS-005 | Required String parameter 'applicationId' is not present |
KER-KMS-012 | Key Generation Process is not completed. |
KER-KMS-003 | No unique alias is found |
KER-KMS-013 | Certificate Parsing Error. |
This service will encrypt provided plain string data with session symmetric key and encrypt symmetric key with application specific public key based on given timestamp(current timestamp of encryption). This will respond combined encrypted data and symmetric key having a key splitter.
https://{base_url}/v1/cryptomanager/encrypt
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | Yes |
{
"id": "io.mosip.cryptomanager.encrypt",
"metadata": {},
"request": {
"aad": "VGhpcyBpcyBzYW1wbGUgYWFk",
"applicationId": "REGISTRATION",
"data": "string",
"referenceId": "REF01",
"salt": "LA7YcvP9DdLIVI5CwFt1SQ",
"timeStamp": "2018-12-10T06:12:52.994Z"
},
"requesttime": "2018-12-10T06:12:52.994Z",
"version": "1.0"
}
Success Response
{
"id": "io.mosip.cryptomanager.encrypt",
"version": "1.0",
"metadata": {},
"responsetime": "2018-12-10T06:12:52.994Z",
"errors": null,
"response": {
"data": "wk4RM2su2lBXuhx3_EtBijXTDp0Y20fJA6tmoONPjr6YBLqwu_YRWiSa10o-bQWesb-IobxPg-KsZq-Gc0L6Rq6besw-rMavg5a5nPU7b3pAug0N6Ek4B7S8v_tc5cu7LBRdBv1mRSS2onxXbT2R4qeEwl_11KtxPs_ek6g4vV6oEQRem2fPhop_21DaoWVEZFovHAAJDqSFj3R38A-fxvHHpVSa9BRTe-DeTKj_xZsNYXQixZR3jMdijtm8Q7lIT3E1x8LYp-hG3RhR_xC7trAOTqilzLjLfirE3Wjfor5bhLiG9eZyTb52ihKsDV1l2oBAhn9Aao_fYl3UD5QekSNLRVlfU1BMSVRURVIjeKen-3j5KhnE-93Qfe_pBfMBIKEkTJJ7pR-4cO7l-X0"
}
}
Response Code : 200 (OK)
This service will decrypt encryted data along with symmetric key having splitter for given timestamp(encryption timestamp).
https://mosip.io/v1/cryptomanager/decrypt
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | Yes |
{
"id": "io.mosip.cryptomanager.decrypt",
"metadata": {},
"request": {
"aad": "VGhpcyBpcyBzYW1wbGUgYWFk",
"applicationId": "REGISTRATION",
"data": "string",
"referenceId": "REF01",
"salt": "LA7YcvP9DdLIVI5CwFt1SQ",
"timeStamp": "2018-12-10T06:12:52.994Z"
},
"requesttime": "2018-12-10T06:12:52.994Z",
"version": "1.0"
}
Success Response
{
"id": "io.mosip.cryptomanager.decrypt",
"version": "1.0",
"metadata": {},
"responsetime": "2018-12-10T06:12:52.994Z",
"errors": null,
"response": {
"data": "string"
}
}
Response Code : 200 (OK)
Error Response
{
"id": "io.mosip.cryptomanager.decrypt",
"version": "1.0",
"metadata": {},
"responsetime": "2018-12-10T06:12:52.994Z",
"errors": [
{
"errorCode": "string",
"message": "string"
}
],
"response": null
}
Response Code : 200 (OK)
Error Code | Error Message | Error Description |
---|---|---|
KER-CRY-001 | No Such algorithm is supported | No Such algorithm is supported |
KER-CRY-002 | public key is invalid | public key is invalid |
KER-CRY-003 | data sent to decrypt is without key splitter or invalid | invalid data without key breaker |
KER-CRY-003 | or not base64 encoded | Invalid data |
KER-CRY-004 | should not be null or empty | Invalid request |
KER-CRY-005 | cannot connect to keymanager service | cannot connect to key manager service |
KER-CRY-006 | Keymanager Service has replied with following error | keymanager service error |
KER-CRY-008 | Error occur while parsing error from response | Response Parse Error |
KER-CRY-007 | timestamp should be in ISO 8601 format yyyy-MM-ddTHH::mm:ss.SZ | DateTime Parse Exception |
KER-CRY-500 | Internal server error | Internal server error |
MISPs call the IDA to authenticate the Individuals. There can be various service calls such as Demographic, biometric based authentications. Each service calls have the permission associated. When a service call comes to the IDA, a request is sent to the Kernel module to retrieve the permissions for the License Key.
This service facilitates generation of license key, mapping the license key to several permissions, and fetch permissions mapped to a license key.
License Key Generation
This component generates a license key for a specified MISP ID.
https://mosip.io/v1/licensekeymanager/license/generate
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | Yes |
Name | Required | Description | Default Value | Example |
---|---|---|---|---|
licenseExpiryTime | Yes | The time at which the license will expire | | 2019-03-07T10:00:00.000Z |
MISPId | Yes | The MISP ID against which the license key generated will be mapped | | 9837 |
{
"id": "string",
"version": "string",
"metadata": {},
"requesttime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
"request": {
"licenseExpiryTime": "2019-03-07T10:00:00.000Z",
"MISPId": "9837"
}
}
Success Response
Description: license key generated successfully
{
"id": "string",
"version": "string",
"metadata": {},
"responsetime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
"errors": null,
"response": {
"licenseKey": "gR7Mw7tA7S7qifkf"
}
}
Response Code : 200 (OK)
This component maps various permissions provided to a specified license key.
https://mosip.io/v1/licensekeymanager/license/permission
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | Yes |
Name | Required | Description | Default Value | Example |
---|---|---|---|---|
licenseKey | Yes | The license key to which the permissions will be mapped | | gR7Mw7tA7S7qifkf |
MISPId | Yes | The MISP ID against which the license key is mapped | | 9837 |
permissions | Yes | The list of permissions that will be mapped to the MISP-licensekey mentioned. | | OTP Trigger |
{
"id": "string",
"version": "string",
"metadata": {},
"requesttime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
"request": {
"licenseKey": "gR7Mw7tA7S7qifkf",
"permissions": [
"OTP Trigger","OTP Authentication"
],
"MISPId": "9837"
}
}
Success Response
Description: license key permission updated successfully
{
"id": "string",
"version": "string",
"metadata": {},
"responsetime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
"errors": null,
"response": {
"status": "Mapped License with the permissions"
}
}
Response Code : 200 (OK)
This component fetches various permission mapped to a license key.
https://mosip.io/v1/licensekeymanager/license/permission
Resource Details | Description |
---|---|
Response format | JSON |
Requires Authentication | Yes |
Name | Required | Description | Default Value | Example |
---|---|---|---|---|
licenseKey | Yes | The license key for which the permissions need to be fetched | | gR7Mw7tA7S7qifkf |
MISPId | Yes | The MISP ID against which the license key is mapped | | 9837 |
https://mosip.io/v1/licensekeymanager/license/permission?licenseKey=gR7Mw7tA7S7qifkf&MISPId=9837
Success Response
Description: license key permissions fetched successfully
{