Comment on page

Kernel APIs

Security APIs
​Key Manager Service​
​Crypto Manager Service​
​License Key Service​
​Crypto Signature Service​
Notification APIs
​SMS Notification Service​
​Email Notification Service​
ID Generator APIs
​UIN Service​
​RID Service​
​Static Token Service​
Common APIs
​Audit Manager Service​
​Data Sync Service​
​Applicant Types Service​
​OTP Manager Service​
​Registration Center APIs​
Key Manager Service (Private)
This service in MOSIP are used for operations related to key management and interaction with SoftHSM or RealHSM for key generation.
​POST /generateCSR​
​POST /generateMasterKey/{objectType}​
​GET /getCertificate​
​POST /uploadCertificate​
​POST /uploadOtherDomainCertificate​
POST /generateCSR
This service will generate CSRs for a MOSIP application.
Resource URL
https://{base_url}/v1/keymanager/generateCSR
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
No
Request Part Parameters
Name
Required
Description
Example
applicationId
Yes
ID of the MOSIP Application for which we want to generate the CSR
KERNEL
commonName
Yes
The fully qualified domain name (FQDN) of your server.
MOSIP
country
Yes
The two-letter ISO code for the country where your organization is location.
IN for India
state
Yes
The state/region where your organization is located.
KA
location
Yes
The city where your organization is located.
BANGALORE
organization
Yes
The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.
IIITB
organizationUnit
Yes
The division of your organization handling the certificate.
MOSIP-TECH-CENTER
Request
{
  "id": "io.mosip.keymanager.generateCSR",
  "metadata": {},
  "request": {
    "applicationId": "KERNEL",
    "commonName": "MOSIP",
    "country": "IN",
    "location": "BANGALORE",
    "organization": "IIITB",
    "organizationUnit": "MOSIP-TECH-CENTER",
    "referenceId": "string",
    "state": "KA"
  },
  "requesttime": "2020-10-05T13:14:56.696Z",
  "version": "1.0"
}
Responses
Success Response
{
  "errors": null,
  "id": "io.mosip.keymanager.generateCSR",
  "metadata": {},
  "response": {
    "certSignRequest": "string",
    "certificate": "string",
    "expiryAt": "string",
    "issuedAt": "string",
    "timestamp": "2020-10-05T13:14:56.696Z"
  },
  "responsetime": "2020-10-05T13:14:56.696Z",
  "version": "1.0"
}
Response Code : 200 (OK)
Failure Response
{
  "id": "io.mosip.keymanager.generateCSR",
  "version": "1.0",
  "responsetime": "2020-10-05T13:14:56.696Z",
  "metadata": null,
  "response": null,
  "errors": [
    {
      "errorCode": "KER-KMS-012",
      "message": "Key Generation Process is not completed."
    }
  ]
}
Response Code : 200 (OK)
POST /generateMasterKey/{objectType}
This service will generate master keys for a MOSIP application.
Resource URL
https://{base_url}/v1/keymanager/generateMasterKey/{objectType}
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
Yes
Path Parameters
Name
Required
Description
Example
objectType
Yes
Object Type can be Response Type Certificate or CSR
​
Request Part Parameters
Name
Required
Description
Example
applicationId
Yes
ID of the MOSIP Application for which we want to generate the Master Key
REGISTRATION
commonName
Yes
The fully qualified domain name (FQDN) of your server.
MOSIP
country
Yes
The two-letter ISO code for the country where your organization is location.
IN for India
state
Yes
The state/region where your organization is located.
KA
location
Yes
The city where your organization is located.
BANGALORE
organization
Yes
The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.
IIITB
organizationUnit
Yes
The division of your organization handling the certificate.
MOSIP-TECH-CENTER
referenceId
No
ID of the Machine or Partner for whom the Key is getting generated
​
force
Yes
Force attribute will force key rotation.
true or false
Request
{
  "id": "io.mosip.keymanager.generateMasterKey",
  "metadata": {},
  "request": {
    "applicationId": "KERNEL",
    "commonName": "MOSIP",
    "country": "IN",
    "force": false,
    "location": "BANGALORE",
    "organization": "IIITB",
    "organizationUnit": "MOSIP-TECH-CENTER",
    "referenceId": "string",
    "state": "KA"
  },
  "requesttime": "2020-10-05T13:44:48.123Z",
  "version": "1.0"
}
Responses
Success Response
{
  "errors": null,
  "id": "io.mosip.keymanager.generateMasterKey",
  "metadata": {},
  "response": {
    "certSignRequest": "string",
    "certificate": "string",
    "expiryAt": "string",
    "issuedAt": "string",
    "timestamp": "2020-10-05T13:44:48.123Z"
  },
  "responsetime": "2020-10-05T13:44:48.123Z",
  "version": "1.0"
}
Response Code : 200 (OK)
Error Response
{
  "id": "io.mosip.keymanager.generateMasterKey",
  "version": "1.0",
  "responsetime": "2020-10-05T13:44:48.123Z",
  "metadata": null,
  "response": null,
  "errors": [
    {
      "errorCode": "KER-KMS-010",
      "message": "Reference Id Not Supported for the Application ID."
    }
  ]
}
Response Code : 200 (OK)
GET /getCertificate
This service will retrieve a certificate using the application id and reference id.
Resource URL
https://{base_url}/v1/keymanager/getCertificate?applicationId={application_id}&referenceId={reference_id}
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
Yes
Query Parameters
Name
Required
Description
Example
applicationId
Yes
ID of the MOSIP Application for which we want to fetch the certificate
​
referenceId
No
ID of the Machine or Partner for whom we want to fetch the certificate
​
Request Part Parameters
-NA-
Request
-NA-
Responses
Success Response
{
  "errors": null,
  "id": "string",
  "metadata": {},
  "response": {
    "certSignRequest": "string",
    "certificate": "string",
    "expiryAt": "string",
    "issuedAt": "string",
    "timestamp": "string"
  },
  "responsetime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
  "version": "string"
}
Response Code : 200 (OK)
Error Response
{
  "id": null,
  "version": null,
  "responsetime": "2020-10-05T13:53:53.799Z",
  "metadata": null,
  "response": null,
  "errors": [
    {
      "errorCode": "KER-KMS-005",
      "message": "Required String parameter 'applicationId' is not present"
    }
  ]
}
Response Code : 200 (OK)
Failure Details
Error Code
Error Message
KER-KMS-002
ApplicationId not found in Key Policy
KER-KMS-005
Required String parameter 'applicationId' is not present
KER-KMS-012
Key Generation Process is not completed.
POST /uploadCertificate
This service will be used to upload a certificate.
Resource URL
https://{base_url}/v1/keymanager/uploadCertificate
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
No
Request Part Parameters
Name
Required
Description
Example
applicationId
Yes
ID of the MOSIP Application for which we want to fetch the certificate
​
certificateData
Yes
The certificate data
​
referenceId
No
ID of the Machine or Partner for which we want to upload the certificate
​
Request
{
  "id": "io.mosip.keymanager.uploadCertificate",
  "metadata": {},
  "request": {
    "applicationId": "KERNEL",
    "certificateData": "<certificate data>",
    "referenceId": "10001"
  },
  "requesttime": "2020-10-05T14:05:34.658Z",
  "version": "1.0"
}
Responses
Success Response
{
  "errors": null,
  "id": "io.mosip.keymanager.uploadCertificate",
  "metadata": {},
  "response": {
    "status": "success",
    "timestamp": "2020-10-05T14:01:51.588Z"
  },
  "responsetime": "2020-10-05T14:05:34.658Z",
  "version": "1.0"
}
Response Code : 200 (OK)
Error Response
{
  "id": "io.mosip.keymanager.uploadCertificate",
  "version": "1.0",
  "responsetime": "2020-10-05T14:05:34.658Z",
  "metadata": null,
  "response": null,
  "errors": [
    {
      "errorCode": "KER-KMS-003",
      "message": "No unique alias is found"
    }
  ]
}
Response Code : 200 (OK)
Failure Details
Error Code
Error Message
KER-KMS-002
ApplicationId not found in Key Policy
KER-KMS-005
Required String parameter 'applicationId' is not present
KER-KMS-012
Key Generation Process is not completed.
KER-KMS-003
No unique alias is found
KER-KMS-013
Certificate Parsing Error.
POST /uploadOtherDomainCertificate
This service will be used to upload a certificate which is of other domains with in MOSIP system.
Resource URL
https://{base_url}/v1/keymanager/uploadOtherDomainCertificate
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
No
Request Part Parameters
Name
Required
Description
Example
applicationId
Yes
ID of the MOSIP Application for which we want to fetch the certificate
​
certificateData
Yes
The certificate data
​
referenceId
No
ID of the Machine or Partner for which we want to upload the certificate
​
Request
{
  "id": "io.mosip.keymanager.uploadOtherDomainCertificate",
  "metadata": {},
  "request": {
    "applicationId": "KERNEL",
    "certificateData": "<certificate data>",
    "referenceId": "10001"
  },
  "requesttime": "2020-10-05T14:05:34.658Z",
  "version": "1.0"
}
Responses
Success Response
{
  "errors": null,
  "id": "io.mosip.keymanager.uploadOtherDomainCertificate",
  "metadata": {},
  "response": {
    "status": "success",
    "timestamp": "2020-10-05T14:01:51.588Z"
  },
  "responsetime": "2020-10-05T14:05:34.658Z",
  "version": "1.0"
}
Response Code : 200 (OK)
Error Response
{
  "id": "io.mosip.keymanager.uploadOtherDomainCertificate",
  "version": "1.0",
  "responsetime": "2020-10-05T14:11:11.810Z",
  "metadata": null,
  "response": null,
  "errors": [
    {
      "errorCode": "KER-KMS-013",
      "message": "Certificate Parsing Error."
    }
  ]
}
Response Code : 200 (OK)
Failure Details
Error Code
Error Message
KER-KMS-002
ApplicationId not found in Key Policy
KER-KMS-005
Required String parameter 'applicationId' is not present
KER-KMS-012
Key Generation Process is not completed.
KER-KMS-003
No unique alias is found
KER-KMS-013
Certificate Parsing Error.
Crypto Manager (Private)
​POST v1/cryptomanager/encrypt​
​POST v1/cryptomanager/decrypt​
POST v1/cryptomanager/encrypt
This service will encrypt provided plain string data with session symmetric key and encrypt symmetric key with application specific public key based on given timestamp(current timestamp of encryption). This will respond combined encrypted data and symmetric key having a key splitter.
Resource URL
https://{base_url}/v1/cryptomanager/encrypt
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
Yes
Request
{
  "id": "io.mosip.cryptomanager.encrypt",
  "metadata": {},
  "request": {
    "aad": "VGhpcyBpcyBzYW1wbGUgYWFk",
    "applicationId": "REGISTRATION",
    "data": "string",
    "referenceId": "REF01",
    "salt": "LA7YcvP9DdLIVI5CwFt1SQ",
    "timeStamp": "2018-12-10T06:12:52.994Z"
  },
  "requesttime": "2018-12-10T06:12:52.994Z",
  "version": "1.0"
}
Responses
Success Response
{
  "id": "io.mosip.cryptomanager.encrypt",
  "version": "1.0",
  "metadata": {},
  "responsetime": "2018-12-10T06:12:52.994Z",
  "errors": null,
  "response": {
    "data": "wk4RM2su2lBXuhx3_EtBijXTDp0Y20fJA6tmoONPjr6YBLqwu_YRWiSa10o-bQWesb-IobxPg-KsZq-Gc0L6Rq6besw-rMavg5a5nPU7b3pAug0N6Ek4B7S8v_tc5cu7LBRdBv1mRSS2onxXbT2R4qeEwl_11KtxPs_ek6g4vV6oEQRem2fPhop_21DaoWVEZFovHAAJDqSFj3R38A-fxvHHpVSa9BRTe-DeTKj_xZsNYXQixZR3jMdijtm8Q7lIT3E1x8LYp-hG3RhR_xC7trAOTqilzLjLfirE3Wjfor5bhLiG9eZyTb52ihKsDV1l2oBAhn9Aao_fYl3UD5QekSNLRVlfU1BMSVRURVIjeKen-3j5KhnE-93Qfe_pBfMBIKEkTJJ7pR-4cO7l-X0"
  } 
}   
Response Code : 200 (OK)
POST v1/cryptomanager/decrypt
This service will decrypt encryted data along with symmetric key having splitter for given timestamp(encryption timestamp).
Resource URL
https://mosip.io/v1/cryptomanager/decrypt
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
Yes
Request
{
  "id": "io.mosip.cryptomanager.decrypt",
  "metadata": {},
  "request": {
    "aad": "VGhpcyBpcyBzYW1wbGUgYWFk",
    "applicationId": "REGISTRATION",
    "data": "string",
    "referenceId": "REF01",
    "salt": "LA7YcvP9DdLIVI5CwFt1SQ",
    "timeStamp": "2018-12-10T06:12:52.994Z"
  },
  "requesttime": "2018-12-10T06:12:52.994Z",
  "version": "1.0"
}
Responses
Success Response
{
  "id": "io.mosip.cryptomanager.decrypt",
  "version": "1.0",
  "metadata": {},
  "responsetime": "2018-12-10T06:12:52.994Z",
  "errors": null,
  "response": {
    "data": "string"
  }
}	
Response Code : 200 (OK)
Error Response
{
  "id": "io.mosip.cryptomanager.decrypt",
  "version": "1.0",
  "metadata": {},
  "responsetime": "2018-12-10T06:12:52.994Z",
  "errors": [
    {
      "errorCode": "string",
      "message": "string"
    }
  ],
 "response": null
}	
Response Code : 200 (OK)
Failure details
Error Code
Error Message
Error Description
KER-CRY-001
No Such algorithm is supported
No Such algorithm is supported
KER-CRY-002
public key is invalid
public key is invalid
KER-CRY-003
data sent to decrypt is without key splitter or invalid
invalid data without key breaker
KER-CRY-003
or not base64 encoded
Invalid data
KER-CRY-004
should not be null or empty
Invalid request
KER-CRY-005
cannot connect to keymanager service
cannot connect to key manager service
KER-CRY-006
Keymanager Service has replied with following error
keymanager service error
KER-CRY-008
Error occur while parsing error from response
Response Parse Error
KER-CRY-007
timestamp should be in ISO 8601 format yyyy-MM-ddTHH::mm:ss.SZ
DateTime Parse Exception
KER-CRY-500
Internal server error
Internal server error
License Key Manager (Private)
MISPs call the IDA to authenticate the Individuals. There can be various service calls such as Demographic, biometric based authentications. Each service calls have the permission associated. When a service call comes to the IDA, a request is sent to the Kernel module to retrieve the permissions for the License Key.
This service facilitates generation of license key, mapping the license key to several permissions, and fetch permissions mapped to a license key.
License Key Generation
This component generates a license key for a specified MISP ID.
​POST /license/generate​
​POST /license/permission​
​GET /license/permission​
​PUT /license/status​
POST /license/generate
Resource URL
https://mosip.io/v1/licensekeymanager/license/generate
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
Yes
Request Part Parameters
Name
Required
Description
Default Value
Example
licenseExpiryTime
Yes
The time at which the license will expire
​
2019-03-07T10:00:00.000Z
MISPId
Yes
The MISP ID against which the license key generated will be mapped
​
9837
Request
{
  "id": "string",
  "version": "string",
  "metadata": {},
  "requesttime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
  "request": {
    "licenseExpiryTime": "2019-03-07T10:00:00.000Z",
	"MISPId": "9837"
  }
}
Responses
Success Response
Description: license key generated successfully
{
  "id": "string",
  "version": "string",
  "metadata": {},
  "responsetime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
  "errors": null,
  "response": {
    "licenseKey": "gR7Mw7tA7S7qifkf"
  }
}
Response Code : 200 (OK)
POST /license/permission
This component maps various permissions provided to a specified license key.
Resource URL
https://mosip.io/v1/licensekeymanager/license/permission
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
Yes
Request Part Parameters
Name
Required
Description
Default Value
Example
licenseKey
Yes
The license key to which the permissions will be mapped
​
gR7Mw7tA7S7qifkf
MISPId
Yes
The MISP ID against which the license key is mapped
​
9837
permissions
Yes
The list of permissions that will be mapped to the MISP-licensekey mentioned.
​
OTP Trigger
Request
{
  "id": "string",
  "version": "string",
  "metadata": {},
  "requesttime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
  "request": {
	"licenseKey": "gR7Mw7tA7S7qifkf",
	"permissions": [
	  "OTP Trigger","OTP Authentication"
	],
    "MISPId": "9837"
  }
}
Responses
Success Response
Description: license key permission updated successfully
{
  "id": "string",
  "version": "string",
  "metadata": {},
  "responsetime": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
  "errors": null,
  "response": {
    "status": "Mapped License with the permissions"
  }
}
Response Code : 200 (OK)
GET /license/permission
This component fetches various permission mapped to a license key.
Resource URL
https://mosip.io/v1/licensekeymanager/license/permission
Resource details
Resource Details
Description
Response format
JSON
Requires Authentication
Yes
Request Part Parameters
Name
Required
Description
Default Value
Example
licenseKey
Yes
The license key for which the permissions need to be fetched
​
gR7Mw7tA7S7qifkf
MISPId
Yes
The MISP ID against which the license key is mapped
​
9837
Request
https://mosip.io/v1/licensekeymanager/license/permission?licenseKey=gR7Mw7tA7S7qifkf&MISPId=9837
Responses
Success Response
Description: license key permissions fetched successfully
{

Name	Required	Description	Example
applicationId	Yes	ID of the MOSIP Application for which we want to generate the CSR	KERNEL
commonName	Yes	The fully qualified domain name (FQDN) of your server.	MOSIP
country	Yes	The two-letter ISO code for the country where your organization is location.	IN for India
state	Yes	The state/region where your organization is located.	KA
location	Yes	The city where your organization is located.	BANGALORE
organization	Yes	The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.	IIITB
organizationUnit	Yes	The division of your organization handling the certificate.	MOSIP-TECH-CENTER

Name	Required	Description	Example
applicationId	Yes	ID of the MOSIP Application for which we want to generate the Master Key	REGISTRATION
commonName	Yes	The fully qualified domain name (FQDN) of your server.	MOSIP
country	Yes	The two-letter ISO code for the country where your organization is location.	IN for India
state	Yes	The state/region where your organization is located.	KA
location	Yes	The city where your organization is located.	BANGALORE
organization	Yes	The legal name of your organization. This should not be abbreviated and should include suffixes such as Inc, Corp, or LLC.	IIITB
organizationUnit	Yes	The division of your organization handling the certificate.	MOSIP-TECH-CENTER
referenceId	No	ID of the Machine or Partner for whom the Key is getting generated
force	Yes	Force attribute will force key rotation.	true or false

Error Code	Error Message
KER-KMS-002	ApplicationId not found in Key Policy
KER-KMS-005	Required String parameter 'applicationId' is not present
KER-KMS-012	Key Generation Process is not completed.

Name	Required	Description
applicationId	Yes	ID of the MOSIP Application for which we want to fetch the certificate
certificateData	Yes	The certificate data
referenceId	No	ID of the Machine or Partner for which we want to upload the certificate

Error Code	Error Message	Error Description
KER-CRY-001	No Such algorithm is supported	No Such algorithm is supported
KER-CRY-002	public key is invalid	public key is invalid
KER-CRY-003	data sent to decrypt is without key splitter or invalid	invalid data without key breaker
KER-CRY-003	or not base64 encoded	Invalid data
KER-CRY-004	should not be null or empty	Invalid request
KER-CRY-005	cannot connect to keymanager service	cannot connect to key manager service
KER-CRY-006	Keymanager Service has replied with following error	keymanager service error
KER-CRY-008	Error occur while parsing error from response	Response Parse Error
KER-CRY-007	timestamp should be in ISO 8601 format yyyy-MM-ddTHH::mm:ss.SZ	DateTime Parse Exception
KER-CRY-500	Internal server error	Internal server error

Name	Required	Description	Default Value	Example
licenseExpiryTime	Yes	The time at which the license will expire		2019-03-07T10:00:00.000Z
MISPId	Yes	The MISP ID against which the license key generated will be mapped		9837

Name	Required	Description	Example
licenseKey	Yes	The license key to which the permissions will be mapped	gR7Mw7tA7S7qifkf
MISPId	Yes	The MISP ID against which the license key is mapped	9837
permissions	Yes	The list of permissions that will be mapped to the MISP-licensekey mentioned.	OTP Trigger

Name	Required	Description	Default Value	Example
licenseKey	Yes	The license key for which the permissions need to be fetched		gR7Mw7tA7S7qifkf
MISPId	Yes	The MISP ID against which the license key is mapped		9837