API Documentation
Toggle TOC panel
<access-service>/api/v1/keys

URL structure

1 https://access-service.xy-company.com/api/v1/keys

Supported methods and overview

  • POST - used to generate a cryptographic key.

Detailed description

This API endpoint generates a cryptographic key, which in turn is required to encrypt the data of a file object.

A file object (i.e. Secure Object) is created through the <access-service>/api/v1/organisations/{orgGroupId}/objects endpoint.

Supported roles and conditions

This API endpoint supports requests utilizing Covata user accounts with the following roles (as described in the Organization Administrator's Guide) and conditions:

The the Covata Platform's resources available to one of these Covata users (above) is determined by the access token passed in the header of requests to this endpoint.

Required headers

  • Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0NjcwMTY2NjYsInVzZXJfbmFtZSI6ImFsZXgub...
    where the Bearer token is the appropriate access token.
  • Content-Type: application/json

Required body

If none of the Optional parameters below are specified, then an empty JSON object must be passed in the body of the request:

  • {}

Optional parameters

The following optional parameter can be sent in the body of the POST request, as an individual member of a JSON object:

  • keyLength - The bit length of the cryptographic key to be returned from the Covata Platform. This key is used to encrypt data using an Advanced Encryption Standard (AES) cryptographic algorithm whose mode of operation is CipherBlock Chaining (CBC). Valid values for this parameter are: 128, 192 or 256. If this parameter is not specified, a value of 256 is assumed.

    Example (request parameter - optional):

    { "keyLength": 128 }

Returns

A JSON-formatted response containing a keys array which has the following elements:

  • id - The ID value associated with the cryptographic key value returned below.
    Important: Retain this value as it is required during the initial stages of creating a file object - i.e. this key ID value is used:
  • keyValue - The cryptographic key value itself. The length of this key may differ depending on the keyLength value submitted as part of the request's optional parameters above.
    Note: This value is returned for the purposes of local/client-side encryption (i.e. if your client application does not rely on the Covata Platform's server-side encryption). The keyValue value should be retained by your client application after associating this key with an initialized file object (see <access-service>/api/v1/organisations/{orgGroupId}/objects for more information), until you have performed local/client-side encryption.
  • initializationVector - The initialization vector required to begin local/client-side encryption using the AES algorithm (in CBC mode).
    Note: Like keyValue above, this value is also returned for the purposes of local/client-side encryption. The initializationVector value should be retained after associating keyValue (above) with an initialized file object (see <access-service>/api/v1/organisations/{orgGroupId}/objects for more information), until you have performed local/client-side encryption.
  • cryptographicAlgorithm - The cryptographic algorithm supported by the Covata Platform. This should be AES.
  • keyLength - The bit length of the cryptographic key value returned above. This should be 256 or match the value of the keyLength submitted as part of the request's optional parameters above.
  • createdAt - The date and time when the cryptographic key was created.

  • modifiedAt - This value should match the createdAt value above.

    Example (response):

    {
    "keys": [{
    "id": "732857710936506368",
    "keyValue": "eAQ5SC/Txsva85kBzHVTM2LsT9WOgRA1y1lzYbzGrbQ=",
    "initializationVector": "0GlFPnFNErU18PUFGDIQ4Q==",
    "cryptographicAlgorithm": "AES",
    "keyLength": 256,
    "createdAt": "2016-07-15T07:14:54.125Z",
    "modifiedAt": "2016-07-15T07:14:54.125Z"
    }]
    }