API Documentation
<access-service>/api/v1/objects/{objectId}/keys

URL structure

https://access-service.xy-company.com/api/v1/objects/{objectId}/keys

where {objectId} is the ID of a Secure Object.

Supported methods and overview

  • GET - used to retrieve the cryptographic key required to decrypt the encrypted data of a Secure Object, based on the Secure Object's ID.

Note: This method takes no parameters.

Detailed description

This API endpoint retrieves the cryptographic key required to decrypt the encrypted data of a Secure Object, using the Secure Object's ID.

This key is generated by:

  1. Calling the <access-service>/api/v1/keys endpoint to obtain a cryptographic key and then
  2. Associating this key with a new Incomplete or completed Secure Object (by subsequently calling the <access-service>/api/v1/objects endpoint).

A Secure Object's ID can be obtained by calling the <access-service>/api/v1/items API endpoint, which retrieves a list of information associated with Secure Objects that can be filtered using various 'search' criteria.

Supported roles and conditions

This API endpoint supports the following Covata user roles (as described in the Covata Platform Administrator's Guide), conditions and permissions (where applicable):

  • Originator - a Covata user with this role can call this endpoint on a Secure Object they own.
  • Originator, Collaborator and Ad hoc - a Covata user with any of these roles can call this endpoint for a Secure Object they are a collaborator on (with the Download permission).

The Covata Platform's resources available to one of these Covata users (above) is determined by the access token passed in the header of requests to this endpoint.

Required headers

The appropriate access token as the Bearer token:

  • Authorization: Bearer a1b2c3d4-e5f6-g7h8-i9j0-k1l2m3n4o5p6

Returns

A JSON-formatted response containing the following members:

  • keyValue - .
  • cryptographicAlgorithm - .
  • keyLength - .

  • initializationVector - .

    Example:

    {
    "keyValue": "2VCZkPeYPhvL4VkzrEqIVGaW2AGmRM1uwuXiPRbe8NU=",
    "cryptographicAlgorithm": "AES",
    "keyLength": 256,
    "initializationVector": "fpEIYIk+dnMw7rgFA+Bz8g=="
    }

* The currently authenticated user is determined by the access token passed in the header of requests to this endpoint.