API Documentation
Toggle TOC panel
<access-service>/api/v1/objects/{objectId}/keys

URL structure

1 https://access-service.xy-company.com/api/v1/objects/{objectId}/keys

where {objectId} is the ID of a file object/Secure Object.

Supported methods and overview

  • GET - retrieves the cryptographic key required to decrypt the active version of a file object/Secure Object (specified by objectId).

Note: This method takes no parameters.

Detailed description

This API endpoint retrieves the cryptographic key required to decrypt the active version of a file object, using the file object's ID.

This key is generated by:

  1. Calling the <access-service>/api/v1/keys endpoint to obtain a cryptographic key and then
  2. Associating this key with a new Incomplete or completed file object (by subsequently calling the <access-service>/api/v1/organisations/{orgGroupId}/objects endpoint).

A file object's ID can be obtained by calling the <access-service>/api/v1/organisations/{orgId}/items API endpoint, which retrieves a list of information associated with file objects that can be filtered using various 'search' criteria.

Supported roles and conditions

This API endpoint supports the following Cocoon Data user roles (as described in the Organisation Administrator's Guide), conditions and permissions (where applicable):

  • Originator - when this user owns the file object whose ID is specified by {objectId} in the request's URL.
  • Originator, Collaborator and Ad hoc - when this user is a collaborator with the Download permission on the file object whose ID is specified by {objectId} in the URL.

The Cocoon Data Platform's resources available to a Cocoon Data user meeting the criteria above is determined by the access token submitted in the header of requests to this endpoint.

Required headers

The appropriate access token as the Bearer token:

  • Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE0NjcwMTY2NjYsInVzZXJfbmFtZSI6ImFsZXgub...

Returns

If the request succeeded, then an HTTP response status 200 OK is returned.

For successful requests only, a JSON-formatted response containing the following members is also returned:

  • keyValue - The cryptographic key value itself.
  • cryptographicAlgorithm - The cryptographic algorithm supported by the Cocoon Data Platform. This should be AES.
  • keyLength - The bit length of the cryptographic key value returned above.
  • initializationVector - The initialization vector required to begin local/client-side decryption using the AES algorithm (in CBC mode).
    Example:
    {
    "keyValue": "2VCZkPeYPhvL4VkzrEqIVGaW2AGmRM1uwuXiPRbe8NU=",
    "cryptographicAlgorithm": "AES",
    "keyLength": 256,
    "initializationVector": "fpEIYIk+dnMw7rgFA+Bz8g=="
    }