Client Credentials Management service version v1
{schema}://{host}/api/{version}
- schema: required(one of http, https - default: http)
- host: required(string - default: localhost)
- version: required(v1)
Basic credentials
Operations on client basic credentials.
Returns a list of basic client credentials in the scope of the requested tenant.
Creates new basic credentials.
get /basic-credentials
Returns a list of basic client credentials in the scope of the requested tenant.
- tenant:basic-credentials:read on tenant-system resource
CCM supports OAuth 2.0 for authenticating most API requests.
HTTP status code 200
Body
Media type: application/json
Type: array of ccm-api-types.CredentialsState
Items: BasicCredentials
- state: required(one of Active, Inactive, Suspended, Revoked)
Client credentials state.
- `Active` - The credentials are valid for use. They have been used at least once.
- `Inactive` - The credentials are valid for use. They have not been used by any client yet.
- `Suspended` - The credentials are suspended and cannot be used now.
- `Revoked` - The credentials are no longer usable.
- username: required(string)
Tenant-wide unique username (login).
- id: required(string)
Unique identifier of the basic credentials.
- createdDate: required(datetime)
Credentials creation time and date in ISO 8601 format.
- updatedDate: required(datetime)
Last time when the credentials were updates in ISO 8601 format.
- lastUseDate: (datetime)
Last time when the credentials were used for authentication.
Example:
[
{
"username": "UserA",
"id": "br7si8mg10l7an82que0",
"state": "Inactive",
"createdDate": "2020-03-01T12:47:02.247462Z",
"updatedDate": "2020-04-17T12:00:01.311853Z"
},
{
"username": "UserB",
"id": "br7si8mg10l7an82queg",
"state": "Active",
"createdDate": "2020-04-02T12:47:02.247941Z",
"updatedDate": "2020-04-12T13:00:01.311934Z",
"lastUseDate": "2020-06-16T16:01:07.090941Z"
},
{
"username": "UserC",
"id": "br7si8mg10l7an82quf0",
"state": "Suspended",
"createdDate": "2020-05-03T12:47:02.247752Z",
"updatedDate": "2020-05-12T12:00:01.311835Z",
"lastUseDate": "2020-06-16T16:01:07.090941Z"
}
]
Secured by OAuth 2.0
Headers
- Authorization: (string)
Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.
post /basic-credentials
Creates new basic credentials.
- tenant:basic-credentials:create
CCM supports OAuth 2.0 for authenticating most API requests.
Body
Media type: application/json
Type: object
Properties- username: (string)
Tenant-wide unique username (login). Up to 255 ASCII symbols long (except of
:and@symbols, which are not allowed). It is not recommended to use any Personally Identifiable Information (PII) in a username. If a username is not specified, (a silly) one is auto-generated from over 2 million combinations and returned in the successful response. - password: (string)
Password matching the given username. Must consist of up to 72 ASCII symbols. If not specified, one is auto-generated and returned in the successful response.
Examples:
Specific credentials:
{
"username": "UserA",
"password": "123"
}
Autogenerated credentials:
{}HTTP status code 201
Credentials created successfully.
Body
Media type: application/json
Type: object
Properties- state: required(one of Active, Inactive, Suspended, Revoked)
Client credentials state.
- `Active` - The credentials are valid for use. They have been used at least once.
- `Inactive` - The credentials are valid for use. They have not been used by any client yet.
- `Suspended` - The credentials are suspended and cannot be used now.
- `Revoked` - The credentials are no longer usable.
- username: required(string)
Tenant-wide unique username (login).
- id: required(string)
Unique identifier of the basic credentials.
- createdDate: required(datetime)
Credentials creation time and date in ISO 8601 format.
- updatedDate: required(datetime)
Last time when the credentials were updates in ISO 8601 format.
- lastUseDate: (datetime)
Last time when the credentials were used for authentication.
- password: required(string)
Password matching the given credentials.
Example:
{
"username": "reasonable-kangaroo",
"password": "deta7IWaHohNo4Uunoorei7OIk3OC3Ot",
"id": "bg7si8mg10l7an82que0",
"state": "Inactive",
"createdDate": "2020-03-01T12:47:02.247962Z",
"updatedDate": "2020-04-17T12:00:01.311923Z"
}
HTTP status code 400
Username or password is not valid.
HTTP status code 409
Basic credentials with such username already registered.
Secured by OAuth 2.0
Headers
- Authorization: (string)
Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.
Updates credentials state. CCM maintains a credentials state machine summarized in the service documentation. Only transitions from/to specified states are permitted.
patch /basic-credentials/{id}/state
Updates credentials state. CCM maintains a credentials state machine summarized in the service documentation. Only transitions from/to specified states are permitted.
- tenant:basic-credentials:update
CCM supports OAuth 2.0 for authenticating most API requests.
URI Parameters
- id: required(string)
Unique identifier of the basic credentials.
Example:
efh63sad72g0sggo3s5a
Body
Media type: application/json
Type: object
Properties- state: required(one of Active, Suspended, Revoked)
Desired new client credentials state.
- `Active` - The credentials are valid for use. They have been used at least once.
- `Suspended` - The credentials are suspended and cannot be used now.
- `Revoked` - The credentials are no longer usable.
Example:
{
"state": "Suspended"
}
HTTP status code 204
Successfully updated credentials state.
HTTP status code 400
Invalid request.
Body
Media type: application/json
Type: object
Properties- message: required(string)
Detailed error description.
HTTP status code 404
The requested basic credentials are not found or the querying user is denied access.
Body
Media type: application/json
Type: object
Properties- message: required(string)
Detailed error description.
Secured by OAuth 2.0
Headers
- Authorization: (string)
Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.
Resets basic credentials password.
patch /basic-credentials/{id}/password
Resets basic credentials password.
- tenant:basic-credentials:update
CCM supports OAuth 2.0 for authenticating most API requests.
URI Parameters
- id: required(string)
Unique identifier of the basic credentials.
Example:
efh63sad72g0sggo3s5a
Body
Media type: application/json
Type: object
Properties- password: (string)
New password. Must consist of up to 72 ASCII symbols. If not specified, one is auto-generated and returned in the successful response.
Example:
{
"password": "mQ8jSA3Cywbs7cLJ"
}
HTTP status code 200
Password is successfully reset.
Body
Media type: application/json
Type: object
Properties- password: required(string)
Password matching the given credentials.
Example:
{
"password": "mQ8jSA3Cywbs7cLJ"
}
HTTP status code 400
Password is not valid.
Body
Media type: application/json
Type: object
Properties- message: required(string)
Detailed error description.
Secured by OAuth 2.0
Headers
- Authorization: (string)
Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.
X.509 credentials
Operations on client X.509 credentials.
Returns a list of client X.509 credentials in the scope of the requested tenant.
Issue a client X.509 credentials in the scope of the requested tenant.
get /x509-credentials
Returns a list of client X.509 credentials in the scope of the requested tenant.
- tenant:x509-credentials:read on tenant-system resource
CCM supports OAuth 2.0 for authenticating most API requests.
HTTP status code 200
Body
Media type: application/json
Type: array of ccm-api-types.CredentialsState
Items: X509Credentials
- state: required(one of Active, Inactive, Suspended, Revoked)
Client credentials state.
- `Active` - The credentials are valid for use. They have been used at least once.
- `Inactive` - The credentials are valid for use. They have not been used by any client yet.
- `Suspended` - The credentials are suspended and cannot be used now.
- `Revoked` - The credentials are no longer usable.
- id: required(string)
Unique identifier of the certificate.
- serialNumber: required(string)
Certificate serial number, base 10 encoded.
- commonName: required(string)
Certificate Common Name (CN).
- invalidAfter: required(datetime)
The time and date past which the certificate is no longer valid in ISO 8601 format.
- createdDate: required(datetime)
Certificate creation time and date in ISO 8601 format.
- updatedDate: required(datetime)
Last time when the certificate was updates in ISO 8601 format.
- lastUseDate: (datetime)
Last time when the certificate was used for authentication in ISO 8601 format.
Example:
[
{
"id": "bg7si8mg10l7an82que0",
"state": "Inactive",
"serialNumber": "8163249196696785795007161035531673258207322822",
"commonName": "silver-advice",
"invalidAfter": "2025-07-01T12:48:09.247962Z",
"createdDate": "2020-03-01T12:47:02.247962Z",
"updatedDate": "2020-04-17T12:00:01.311923Z"
},
{
"id": "bg7si8mg10l7an82quh4",
"state": "Active",
"serialNumber": "8163249196696785795007161035531673258207322829",
"commonName": "silver-advice",
"invalidAfter": "2025-07-01T12:48:09.247962Z",
"createdDate": "2020-03-01T12:47:02.247962Z",
"updatedDate": "2020-04-17T12:00:01.311923Z",
"lastUseDate": "2020-06-16T16:01:07.090941Z"
},
{
"id": "bg7si8mg10l7an82quk2",
"state": "Suspended",
"serialNumber": "8163249196696785795007161035531673258207322821",
"commonName": "silent-kangaroo",
"invalidAfter": "2025-07-01T12:48:09.247962Z",
"createdDate": "2020-03-01T12:47:02.247962Z",
"updatedDate": "2020-04-17T12:00:01.311923Z",
"lastUseDate": "2020-06-16T16:01:07.090941Z"
}
]
Secured by OAuth 2.0
Headers
- Authorization: (string)
Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.
post /x509-credentials
Issue a client X.509 credentials in the scope of the requested tenant.
- tenant:x509-credentials:create on tenant-system resource
CCM supports OAuth 2.0 for authenticating most API requests.
Body
Media type: application/json
Type: object
Properties- commonName: (string)
Certificate Common Name (CN). Must consist of up to 255 ASCII symbols. If a CN is not specified, (a silly) one is auto-generated from over 2 million combinations.
- ttl: (number)
The time to leave duration for the certificate in seconds. Defaults to 31536000 (365 days) if not specified. Must be greater than zero.
Example:
31536000
Examples:
Specific credentials:
{
"commonName": "silver-advice",
"ttl": 31540000
}
Autogenerated credentials:
{}HTTP status code 201
Credentials issued successfully.
Body
Media type: application/json
Type: object
Example:
{
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDPDCCAiSgAwIBAgIUeMV9wzZ+GjCwQRdoMgaKJkegmhQwDQYJKoZIhvcNAQEL\nBQAwEzERMA8GA1UEAxMIdGVuYW50LTEwHhcNMjAwNjI1MTQ1NzE5WhcNMjAwNzI1\nMTQ1NzQ5WjATMREwDwYDVQQDEwhteWRldmljZTCCASIwDQYJKoZIhvcNAQEBBQAD\nggEPADCCAQoCggEBAODsZoL429cy3ELGG5Z/AVA3+PtR2ptXw1h2J67kHCZEwmvv\nzUW0ZCV15aKN41Gjkmzh5UgNk+/3WAqRORb3V9Dv+Vyx/v/Ny3w0Zo2IRHGGXbaJ\nDNOZ93CuII1QfqkyXfhUaKYB66RgAa7ds/secjiWg0IEekaJFnvGeDU6Ul+BDw+g\nxa/e8d8BWQs8LpKbXmszu7B6FgESXbxLaP7GX92dHpMqOQAcQxuvKUqZGQEMvSdS\nxO5WEcFl+SNrHoLlAOSWyxDSQEB6WSyhSNk2WaO1KwlZh8gFYlrwRouezXsdMgvp\nTX32N/E3OAlABcGZnp12moijt25iUqLxH1wwAq8CAwEAAaOBhzCBhDAOBgNVHQ8B\nAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQW\nBBQvOh9lYid44MHmYTqYf6uI2GHqYzAfBgNVHSMEGDAWgBSsaalMfsbVrWlm3Rfn\ng7Xo3613WjATBgNVHREEDDAKgghteWRldmljZTANBgkqhkiG9w0BAQsFAAOCAQEA\nEbXSec1JQEaVB5fU0qH1P5D0G6uPfwUrKcf6vbFfIOGYPvj7AlpUny1EMFyAHOWG\nsI9XC9+yibXo09pU6lO0IT3Er4jOYAWJAjnlve8DgP1/dzKOr4Spu53Syq5Mxjiz\npANMJsy/jhBafkYYY1NzI4hsHwAwaH1ysEdJLxZiODDeauUSuVgI7EVSuiPIE+mo\ngeZEz+ioSgmjGxQuRVVJj8JTAaLTd8UtUZ5xw5R5XQrwOtwmFyFJFitZSzk7nh1b\nSzjlELa1m2wmyzJAXFxn57hmiDxlW/MmPkoqzg/fniIwE2sTruyoa78mRZ331wQQ\n6BGgvKveqJd8nzCbLqzDEQ==\n-----END CERTIFICATE-----",
"issuingCa": "-----BEGIN CERTIFICATE-----\nMIIDMzCCAhugAwIBAgIUW1WymJMlO/le/kg7AZ/5MgtG04UwDQYJKoZIhvcNAQEL\nBQAwGjEYMBYGA1UEAxMPS2FhaW90IFBsYXRmb3JtMB4XDTIwMDYyNTE0NTI0NVoX\nDTIwMDcyNzE0NTMxNVowEzERMA8GA1UEAxMIdGVuYW50LTEwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQClwUDXtgqd5D5uE/1+fH3fQm4E/a4KwEv3PluZ\nw2Cm2ilSHNXod058Bw6HLY3Qa7ahWdBgvq1YZ5kA+4xEbVRNss4MFZmo50j5GN1Z\ngwMGe/aQBurhuomuz1uDEKDnMgKdOliykyCUDok0RhT4bBeJzxh0OFnhLGgjaDw0\n3qO0+wylORjjBAiN9uIUFMoQm6//iQhBVD4EnxmQcWU63+HzbZR1munBzaQLpH1l\nZgnB82hT7icDG3cA3OoMoEOwd5+DnTBDJae4KiYqD+E/XINeTERvBkqJnUUQP8fP\nIQu38/tml/KewY//oLBglA8XhaNxilg49iHSJGcDDBHoWOx7AgMBAAGjeDB2MA4G\nA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSsaalMfsbV\nrWlm3Rfng7Xo3613WjAfBgNVHSMEGDAWgBRnSYasvZ3ptlSid0OvvV2qzP1lrTAT\nBgNVHREEDDAKggh0ZW5hbnQtMTANBgkqhkiG9w0BAQsFAAOCAQEAOTXCqZfmQCUU\nvqFt2qf4BiNq6k72EmkL2MjGKlSo51gZnwt8wk4Nfj2GxYztRU1DVnrUUEKk9/ij\nwHMKMuczIyt1nfaV6VFF1fPBLONiSHbsOqX2viDX4pSaicKPJXypwjvRM59ughvR\nSBDDl6PuwO+cREUEFAeHmQOI2oGxdZMuuYVNtBes+td3tVqJiWTNXy9qHwkFnO43\nwCYVkXeCvcZ68YAGdsTeidA3UebjywJ0K8/XEpQAOBjjEGO9lwNxVbtqHvVgo9gJ\nZDDSLqL61geP20QN3ClWJ2M8kPc3Nd9RXSgyOJyunjM5+LCFWxukpH7zhbtKrvbK\nmCD14iCpVQ==\n-----END CERTIFICATE-----",
"privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA4Oxmgvjb1zLcQsYbln8BUDf4+1Ham1fDWHYnruQcJkTCa+/N\nRbRkJXXloo3jUaOSbOHlSA2T7/dYCpE5FvdX0O/5XLH+/83LfDRmjYhEcYZdtokM\n05n3cK4gjVB+qTJd+FRopgHrpGABrt2z+x5yOJaDQgR6RokWe8Z4NTpSX4EPD6DF\nr97x3wFZCzwukpteazO7sHoWARJdvEto/sZf3Z0ekyo5ABxDG68pSpkZAQy9J1LE\n7lYRwWX5I2seguUA5JbLENJAQHpZLKFI2TZZo7UrCVmHyAViWvBGi57Nex0yC+lN\nffY38Tc4CUAFwZmenXaaiKO3bmJSovEfXDACrwIDAQABAoIBAQDaEdlB2m2qs1EC\nHHja7MAlOl9XqwC749ctiUDoO5lfMQMfCxyGHGOMPkYp2E8w89ofXtShiyiHW9Qs\nSqiDL8QgesnVqW2GLcy/2z4isp9JQfDR7QZWkcxpnylIWWa0PHUHMy9S5EHG2J5J\nIAJD0j0DyEnyU80JXhhCYSZi1OzQUcrO97ejPf3XkadMNVyF8eP+sh+2o6+q7Wwg\nTb7oqgTk17DUwxzzciCdWdXnmvxFlxncPswNbOBE2KL4M2/VelNjnyhjX/l4G1f1\ngDV7Id3gc/H/MKY023F1FhsiRvFGHE5s7izKQrfZamQMJMU11dcyVslRXvp4vf2+\n+gI0p3ahAoGBAPnMoUX2CT77mNgLRRJ5uMHkFeDctX84Zqc9GlukRjDV03AovAnm\nJq7WVB+xnHqOuYoCaasSWCtG25ONhLnx9oxXtEDo7VUAHtOegjv5A9ED8HH25+Rj\nQ2TNOgvMnihm2KjmV5y1YEbD76rT7+lki5XO0QbLNKTmsI+leykm0xOlAoGBAOaB\nsc9kAupaS/ejGmqmCLeyXOwmDssJd9b+2ouo4mdHfcj9KlA1iYW0TaHSa4dRa0NP\nnWdcB0G8VoEsJ4ArO1tF2ijOVkpZwLZ2m4yYrY7RwJ6hI5FKGHVrxg3pClUPUFSS\nabuD0kmSWVZrmpe8XiA9KULOPdKyRUKG4ai6mhzDAoGAYZKToB81h1uBXUoxpcDT\n8TBld1rerh3awxJz/D3TiPnMyC+xG3DBxWNEosiepaSgRo8gtUjKFcVsuVr68CLa\nOgF8ECqroZsVb3Wny0M+QWN3hRx7gdNgHLypIri/QmrB0F+A815Jh/q64BA+0vyK\nJW8OaMfw/UR6zPFHhVB7/F0CgYAsKI5yx5sTYEcLYtCtu68R2faZOtU8qkyuAFbH\nyIvO81Ayj+VqRkdZOOhiZtg4rS1aUMc7xNKTEkyUJGxQzndpjeE0TgsT5UvY6LH1\n5k3hfWdkPER/Ee3LmODxS0KyduORwBbHWIKRm5rHxodwKCL0FCNya+ZGFebUztgu\nJcleVwKBgQCpRCBQLp6so30jOiNh4BU7f5Tti66bAfQGn7COlHrNKm2W254g4lnL\nscKbeNpt1bNSNVCvDhwCCQRHqD73VV52ZMGTsxS4oOrl3x9/yWLv2YUZIbRGku+g\nIhfQQOdJ+JAWQMcN5dJQ41Bb8TpJS1KPgq+Bl5Xc9UGNUuoU06dYHg==\n-----END RSA PRIVATE KEY-----",
"privateKeyType": "rsa",
"serialNumber": "8163249196696785795007161035531673258207322829",
"commonName": "silver-advice"
}
HTTP status code 400
Common name or invalid after date is not valid.
Secured by OAuth 2.0
Headers
- Authorization: (string)
Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.
Updates credentials state. CCM maintains a credentials state machine summarized in the service documentation. Only transitions from/to specified states are permitted.
patch /x509-credentials/{id}/state
Updates credentials state. CCM maintains a credentials state machine summarized in the service documentation. Only transitions from/to specified states are permitted.
- tenant:x509-credentials:update
CCM supports OAuth 2.0 for authenticating most API requests.
URI Parameters
- id: required(string)
Unique identifier of the X.509 credentials.
Example:
efh63sad72g0sggo3s5a
Body
Media type: application/json
Type: object
Properties- state: required(one of Active, Suspended, Revoked)
Desired new client credentials state.
- `Active` - The credentials are valid for use. They have been used at least once.
- `Suspended` - The credentials are suspended and cannot be used now.
- `Revoked` - The credentials are no longer usable.
Example:
{
"state": "Suspended"
}
HTTP status code 204
Successfully updated credentials state.
HTTP status code 400
Invalid request.
Body
Media type: application/json
Type: object
Properties- message: required(string)
Detailed error description.
HTTP status code 404
The requested X.509 credentials are not found or the querying user is denied access.
Body
Media type: application/json
Type: object
Properties- message: required(string)
Detailed error description.
Secured by OAuth 2.0
Headers
- Authorization: (string)
Used to send a valid OAuth 2 access token. Example: "Authorization: Bearer 'access_token'" where 'access_token' must be replaced by a valid OAuth access token. This header is needed only if API authentication is enabled for the service.