Skip to content

Instantly share code, notes, and snippets.

@jorgedison
Created June 27, 2020 00:08
Show Gist options
  • Save jorgedison/cc0e26179d3582657b502907fa1a8e19 to your computer and use it in GitHub Desktop.
Save jorgedison/cc0e26179d3582657b502907fa1a8e19 to your computer and use it in GitHub Desktop.
swagger: '2.0'
info:
version: 0.7.0
title: Fabric CA Server API
description: Hyperledger Fabric CA Server APIs provides certificate authority services for the blockchain.
schemes:
- https
- http
consumes:
- application/json
produces:
- application/json
tags:
- name: fabric-ca-server
description: Fabric CA server APIs
definitions:
identityInfo:
type: object
properties:
id:
type: string
description: The enrollment ID which uniquely identifies an identity
type:
type: string
description: 'The type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
max_enrollments:
type: integer
description: |-
The maximum number of times that the secret can be used to enroll.
If 0, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If -1, infinite max enrollments.
If > configured max enrollments of the Fabric CA server, error.
affiliation:
type: string
description: |
The affiliation path of the new identity.
attrs:
type: array
description: An array of attribute names and values to give to the new identity.
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
- value
required:
- id
- type
- affiliation
affiliationInfo:
type: object
properties:
name:
type: string
description: The affiliation path
affiliations:
type: array
items:
$ref: '#/definitions/affiliationInfo'
identities:
type: array
items:
$ref: '#/definitions/identityInfo'
affiliationResponse:
type: object
properties:
name:
type: string
description: The affiliation path
affiliations:
type: array
items:
$ref: '#/definitions/affiliationInfo'
identities:
type: array
items:
$ref: '#/definitions/identityInfo'
caname:
type: string
description: The name of the root CA associated with this server.
paths:
/api/v1/cainfo:
get:
tags:
- fabric-ca-server
description: Get CA information.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
responses:
'200':
description: Successfully retrieved server information
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful
Result:
type: object
properties:
CAName:
type: string
description: The name of the root CA associated with this server
CAChain:
type: string
description: Base 64 encoded PEM-encoded certificate chain of the server's signing certificate
IssuerPublicKey:
type: string
description: Base 64 encoding of proto bytes of the CA's Idemix issuer public key
IssuerRevocationPublicKey:
type: string
description: Base 64 encoding of PEM-encoded bytes of the CA's Idemix issuer revocation public key
Version:
type: string
description: Version of the server
Errors:
type: array
description: A array of error messages (i.e. code and string messages).
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: A array of informational messages (i.e. code and string messages).
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/enroll:
post:
tags:
- fabric-ca-server
description: Enroll a new identity and return an enrollment certificate.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An HTTP basic authorization header where:
* *user* is the enrollment ID;
* *password* is the enrollment secret.
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
request:
type: string
description: 'A PEM-encoded string containing the CSR (Certificate Signing Request) based on PKCS #10.'
profile:
type: string
## - 'null'
description: The name of the signing profile to use when issuing the certificate.
label:
type: string
## - 'null'
description: The label used in HSM operations
caname:
type: string
## - 'null'
description: Name of the CA to direct traffic to within server.
attr_reqs:
type: array
description: An array of attribute requests to be placed into the enrollment certificate
items:
type: object
properties:
name:
type: string
description: The name of the attribute being requested to put into the enrollment certificate.
optional:
type: boolean
description: Boolean indicating whether the attribute is optional. An error is returned if the attribute is required but not found. The default value is false.
required:
- name
required:
- request
responses:
'201':
description: Successfully enrolled a new identity
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
Cert:
type: string
description: The enrollment certificate in base 64 encoded format.
ServerInfo:
type: object
properties:
CAName:
type: string
description: The name of the CA that issued the credential
CAChain:
type: string
description: Base 64 encoded PEM-encoded certificate chain of the CA's signing certificate
IssuerPublicKey:
type: string
description: Base 64 encoding of proto bytes of the CA's Idemix issuer public key
IssuerRevocationPublicKey:
type: string
description: Base 64 encoding of PEM-encoded bytes of the CA's Idemix issuer revocation public key
Version:
type: string
description: Version of the server
required:
- CAName
- CAChain
- IssuerPublicKey
- IssuerRevocationPublicKey
- Version
Errors:
type: array
description: A array of error messages (i.e. code and string messages).
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: A array of informational messages (i.e. code and string messages).
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/idemix/credential:
post:
tags:
- fabric-ca-server
description: 'Get an Identity Mixer credential. Identity Mixer credential issuance is a two step process. First, a request with empty request body is sent to this endpoint. The Fabric CA server will respond back with a nonce. This nonce should be used to create a credential request. Next, a request with the credential request in the request body is sent to this endpoint. The server will respond back with a credential.'
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: '**basic** <base64 encoding of userid:password> (OR) **token** <An enrollment token consisting of two base 64 encoded parts separated by a period: an enrollment certificate; a signature over the certificate and body of request>'
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
request:
type: string
description: JSON encoding idemix.CredentialRequest struct
caname:
type: string
description: Name of the CA to direct this request to within the Fabric CA server
required:
- request
responses:
'201':
description: Successfully returned a nonce or Identity Mixer credential
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful
Result:
type: object
properties:
Credential:
type: string
description: The credential in base64 encoding of the bytes of the idemix.Credential proto buffer
Nonce:
type: string
description: The nonce in base 64 encoded format
Attrs:
type: object
properties:
OU:
type: string
description: The Organizational Unit of the identity that requested the credential
Role:
type: integer
description: Represent the role value of an identity
EnrollmentID:
type: string
description: The enrollment ID of the identity that requested the credential
required:
- OU
- Role
- EnrollmentID
CRI:
type: string
description: The cri base64 encoding of the bytes of the idemix.CredentialRevocationInformation proto buffer
CAInfo:
type: object
properties:
CAName:
type: string
description: The name of the CA that issued the credential
CAChain:
type: string
description: Base 64 encoded PEM-encoded certificate chain of the CA's signing certificate
IssuerPublicKey:
type: string
description: Base 64 encoding of proto bytes of the CA's Idemix issuer public key
IssuerRevocationPublicKey:
type: string
description: Base 64 encoding of PEM-encoded bytes of the CA's Idemix issuer revocation public key
Version:
type: string
description: Version of the server
required:
- CAName
- CAChain
- IssuerPublicKey
- IssuerRevocationPublicKey
- Version
Errors:
type: array
description: A array of error messages (i.e. code and string messages).
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: A array of informational messages (i.e. code and string messages).
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/idemix/cri:
post:
tags:
- fabric-ca-server
description: Gats an Idemix Credential Revocation Information (CRI)
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: An authorization token based on Idemix credential or X509 certificate
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
caname:
type: string
## - 'null'
description: Name of the CA to send the request to within the Fabric CA server.
responses:
'200':
description: Successfully returned CRI
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
cri:
type: string
description: base64 encoding of the proto bytes of idemix.CredentialRevocationInformation
required:
- cri
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/reenroll:
post:
tags:
- fabric-ca-server
description: |
Reenroll an enrollment certificate. This is useful for renewing an enrollment certificate before it expires or because it has been compromised.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
request:
type: string
description: 'A PEM-encoded string containing the CSR (Certificate Signing Request) based on PKCS #10.'
profile:
type: string
## - 'null'
description: The name of the signing profile to use when issuing the certificate.
label:
type: string
## - 'null'
description: The label used in HSM operations
caname:
type: string
## - 'null'
description: Name of the CA to direct traffic to within server.
attr_reqs:
type: array
description: An array of attribute requests to be placed into the enrollment certificate
items:
type: object
properties:
name:
type: string
description: The name of the attribute being requested to put into the enrollment certificate.
optional:
type: boolean
description: Boolean indicating whether the attribute is optional. An error is returned if the attribute is required but not found. The default value is false.
required:
- name
required:
- request
responses:
'201':
description: Successfully reenrolled identity
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
Cert:
type: string
description: The enrollment certificate in base 64 encoded format.
ServerInfo:
type: object
properties:
CAName:
type: string
description: The name of the CA that issued the credential
CAChain:
type: string
description: Base 64 encoded PEM-encoded certificate chain of the CA's signing certificate
IssuerPublicKey:
type: string
description: Base 64 encoding of proto bytes of the CA's Idemix issuer public key
IssuerRevocationPublicKey:
type: string
description: Base 64 encoding of PEM-encoded bytes of the CA's Idemix issuer revocation public key
Version:
type: string
description: Version of the server
required:
- CAName
- CAChain
- IssuerPublicKey
- IssuerRevocationPublicKey
- Version
Errors:
type: array
description: A array of error messages (i.e. code and string messages).
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: A array of informational messages (i.e. code and string messages).
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/register:
post:
tags:
- fabric-ca-server
description: |-
Register a new identity with the Fabric CA server.
An enrollment secret is returned which can then be used, along with the enrollment ID, to enroll a new identity.
The caller must have **hf.Registrar** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
id:
type: string
description: The enrollment ID which uniquely identifies an identity
type:
type: string
description: 'The type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
secret:
type: string
## - 'null'
description: 'The enrollment secret. If not provided, a random secret is generated.'
max_enrollments:
type: integer
## - 'null'
description: |-
The maximum number of times that the secret can be used to enroll.
If 0, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If > configured max enrollments of the fabric-ca-server, error.
affiliation:
type: string
description: |-
The affiliation of the new identity.
If no affliation is provided, the affiliation of the registrar is used.
attrs:
type: array
description: An array of attribute names and values to give to the registered identity.
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
- value
caname:
type: string
## - 'null'
description: Name of the CA to direct traffic to within server.
required:
- id
- attrs
responses:
'201':
description: Successfully registered identity
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
secret:
type: string
description: The base64 encoded enrollment secret of the newly registered identity.
required:
- secret
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/revoke:
post:
tags:
- fabric-ca-server
description: |-
Perform revocation of one of the following:
* a specific certificate identified by a serial number and AKI (Authority Key Identitifer), or
* all certificates associated with the identity and prevent any future enrollments for this identity.
The caller must have the **hf.Revoker** attribute.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
id:
type: string
## - 'null'
description: |-
The enrollment ID of the identity whose certificates are to be revoked, including both enrollment certificates and transaction certificates.
All future enrollment attempts for this identity will be rejected.
If this field is specified, the *serial* and *aki* fields are ignored.
aki:
type: string
## - 'null'
description: |-
The Authority Key Identifier of the certificate which is to be revoked.
The *serial* field must also be specified.
serial:
type: string
## - 'null'
description: |-
The serial number of the certificate which is to be revoked.
The *aki* (Authority Key Identifier) field must also be specified.
reason:
type: string
## - 'null'
description: |-
The reason for revocation.
See https://godoc.org/golang.org/x/crypto/ocsp for valid values.
The default value is 0 (ocsp.Unspecified).
caname:
type: string
## - 'null'
description: Name of the CA to direct traffic to within server.
gencrl:
type: boolean
## - 'null'
description: 'When this request results in revoking one or more certificates, this boolean indicates whether to generate a CRL and return it in the response'
responses:
'200':
description: Successfully completed the revocation
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
RevokedCerts:
type: array
description: An array of revoked certificates
items:
type: object
description: A revoked certificate
properties:
Serial:
type: string
description: Serial number of the revoked certificate
AKI:
type: string
description: Authority Key Identifier (AKI) of the revoked certificate
CRL:
type: string
description: base64 encoded PEM-encoded CRL
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/gencrl:
post:
tags:
- fabric-ca-server
description: Generates a Certifcate Revocation List (CRL)
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
revokedafter:
type: string
# - 'null'
description: Include certificates that were revoked after this UTC timestamp (in RFC3339 format) in the CRL
revokedbefore:
type: string
# - 'null'
description: Include certificates that were revoked before this UTC timestamp (in RFC3339 format) in the CRL
expireafter:
type: string
# - 'null'
description: Include revoked certificates that expire after this UTC timestamp (in RFC3339 format) in the CRL
expirebefore:
type: string
# - 'null'
description: Include revoked certificates that expire before this UTC timestamp (in RFC3339 format) in the CRL
caname:
type: string
# - 'null'
description: Name of the CA to send the request to within the Fabric CA server.
responses:
'200':
description: Successfully generated the CRL
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
CRL:
type: string
description: base64 encoded PEM-encoded CRL
required:
- CRL
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/affiliations:
get:
tags:
- fabric-ca-server
description: |-
List all affiliations equal to and below the caller's affiliation.
The caller must have **hf.AffiliationMgr** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
responses:
'200':
description: List all affiliations equal to and below the caller's affiliation.
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
$ref: '#/definitions/affiliationResponse'
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
post:
tags:
- fabric-ca-server
description: |-
Create a new affiliation.
The caller must have **hf.AffiliationMgr** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: force
in: query
description: 'If any of the parent affiliations do not exist and **force** is true, create all parent affiliations also'
type: boolean
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
name:
type: string
description: The affiliation path to create.
caname:
type: string
# - 'null'
description: Name of the CA to send the request to within the Fabric CA server.
required:
- name
responses:
'201':
description: Successfully created the affiliation.
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
name:
type: string
description: The affiliation path that was created.
caname:
type: string
description: Name of the CA containing this affiliation.
required:
- name
- caname
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
'/api/v1/affiliations/{affiliation}':
get:
tags:
- fabric-ca-server
description: |-
List a specific affiliation at or below the caller's affinity.
The caller must have **hf.AffiliationMgr** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: affiliation
in: path
description: An affiliation path
required: true
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
responses:
'200':
description: List a specific affiliation equal to and below the caller's affiliation.
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
$ref: '#/definitions/affiliationResponse'
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
put:
tags:
- fabric-ca-server
description: |-
Rename an affiliation.
The caller must have **hf.AffiliationMgr** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: affiliation
in: path
description: An affiliation path
required: true
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: force
in: query
description: 'If any identities are associated with this affiliation, force causes these identities'' affiliations to be renamed; otherwise, an error is returned'
type: boolean
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
name:
type: string
description: The new affiliation path.
caname:
type: string
# - 'null'
description: Name of the CA to send the request to within the Fabric CA server.
required:
- name
responses:
'200':
description: List a specific affiliation equal to and below the caller's affiliation.
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
$ref: '#/definitions/affiliationResponse'
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
delete:
tags:
- fabric-ca-server
description: |-
Delete an affiliation.
The caller must have **hf.AffiliationMgr** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: affiliation
in: path
description: An affiliation path
required: true
type: string
- name: force
in: query
description: 'If there are any child affiliations or any identities are associated with this affiliation or child affiliations, force causes these identities and child affiliations to be deleted; otherwise, an error is returned'
required: false
type: boolean
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
responses:
'200':
description: List the affiliation(s) and any identities which were deleted.
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
$ref: '#/definitions/affiliationResponse'
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
/api/v1/identities:
get:
tags:
- fabric-ca-server
description: |-
List all identities that the caller is entitled to see.
The caller must have **hf.Registrar** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
responses:
'200':
description: List of identities visible to the caller.
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
identities:
type: array
items:
type: object
properties:
id:
type: string
description: The enrollment ID which uniquely identifies an identity
type:
type: string
description: 'The type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
max_enrollments:
type: integer
# - 'null'
description: |-
The maximum number of times that the secret can be used to enroll.
If 0, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If > configured max enrollments of the fabric-ca-server, error.
name:
type: string
description: |
The affiliation path of the new identity.
attrs:
type: array
description: An array of attribute names and values to give to the new identity.
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
- value
caname:
type: string
description: Name of the CA containing these identities.
required:
- identities
- caname
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
post:
tags:
- fabric-ca-server
description: |-
Create a new identity with the Fabric CA server.
An enrollment secret is returned which can then be used, along with the enrollment ID, to enroll a new identity.
The caller must have **hf.Registrar** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
id:
type: string
description: The enrollment ID which uniquely identifies an identity
type:
type: string
description: 'The type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
secret:
type: string
# - 'null'
description: 'The enrollment secret. If not provided, a random secret is generated.'
max_enrollments:
type: integer
# - 'null'
description: |-
The maximum number of times that the secret can be used to enroll.
If 0, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If > configured max enrollments of the fabric-ca-server, error.
affiliation:
type: string
description: |
The affiliation path of the new identity.
attrs:
type: array
description: An array of attribute names and values to give to the new identity.
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
- value
caname:
type: string
# - 'null'
description: Name of the CA to direct traffic to within server.
required:
- id
- affiliation
- attrs
responses:
'201':
description: Successfully created identity
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
id:
type: string
description: The enrollment ID which uniquely identifies an identity
type:
type: string
description: 'The type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
secret:
type: string
# - 'null'
description: The enrollment secret.
max_enrollments:
type: integer
# - 'null'
description: |-
The maximum number of times that the secret can be used to enroll.
If 0, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If > configured max enrollments of the fabric-ca-server, error.
affiliation:
type: string
description: |
The affiliation path of the new identity.
attrs:
type: array
description: An array of attribute names and values to give to the new identity.
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
- value
caname:
type: string
description: Name of the CA containing this identity.
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
'/api/v1/identities/{id}':
get:
tags:
- fabric-ca-server
description: |-
Get an identity.
The caller must have **hf.Registrar** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: id
in: path
description: An enrollment ID
required: true
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
responses:
'200':
description: The identity information associated with the ID.
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
id:
type: string
description: The enrollment ID which uniquely identifies an identity
type:
type: string
description: 'The type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
max_enrollments:
type: integer
# - 'null'
description: |-
The maximum number of times that the secret can be used to enroll.
If 0, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If > configured max enrollments of the fabric-ca-server, error.
affiliation:
type: string
description: |
The affiliation path of the new identity.
attrs:
type: array
description: An array of attribute names and values to give to the new identity.
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
- value
caname:
type: string
description: Name of the CA containing this identity.
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
put:
tags:
- fabric-ca-server
description: |-
Update an existing identity.
The caller must have **hf.Registrar** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: id
in: path
description: An enrollment ID
required: true
type: string
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: body
in: body
description: The request body
required: true
schema:
type: object
properties:
type:
type: string
description: 'The new type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
secret:
type: string
# - 'null'
description: The new enrollment secret.
max_enrollments:
type: integer
# - 'null'
description: |-
The new maximum number of times that the secret can be used to enroll.
If -1, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If > configured max enrollments of the fabric-ca-server, error.
affiliation:
type: string
description: |
The affiliation path of the identity.
attrs:
type: array
description: 'An array of attribute names and values to add or modify for the identity. If the value is omitted, delete the attribute.'
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
# - 'null'
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
caname:
type: string
# - 'null'
description: Name of the CA to direct traffic to within server.
responses:
'200':
description: Successfully updated identity
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
id:
type: string
description: The enrollment ID which uniquely identifies an identity
type:
type: string
description: 'The type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
secret:
type: string
# - 'null'
description: The enrollment secret which is only present if the secret was updated in this request.
max_enrollments:
type: integer
# - 'null'
description: |-
The maximum number of times that the secret can be used to enroll.
If 0, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If > configured max enrollments of the fabric-ca-server, error.
affiliation:
type: string
description: |
The affiliation path of the identity.
attrs:
type: array
description: An array of attribute names and values to give to the new identity.
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
- value
caname:
type: string
description: Name of the CA containing this identity.
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
delete:
tags:
- fabric-ca-server
description: |-
Delete an existing identity.
The caller must have **hf.Registrar** authority.
parameters:
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
- name: id
in: path
description: An enrollment ID
required: true
type: string
- name: force
in: query
description: Required to delete your own identity
type: boolean
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
responses:
'200':
description: Successfully deleted identity
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
description: The identity that was deleted.
type: object
properties:
id:
type: string
description: The enrollment ID which uniquely identifies an identity
type:
type: string
description: 'The type of the identity (e.g. *user*, *app*, *peer*, *orderer*, etc)'
max_enrollments:
type: integer
# - 'null'
description: |-
The maximum number of times that the secret can be used to enroll.
If 0, use the configured max_enrollments of the fabric-ca-server;
If > 0 and <= configured max enrollments of the fabric-ca-server, use max_enrollments;
If > configured max enrollments of the fabric-ca-server, error.
affiliation:
type: string
description: |
The affiliation path of the identity.
attrs:
type: array
description: An array of attribute names and values to give to the new identity.
items:
type: object
properties:
name:
type: string
description: Attribute name
value:
type: string
description: Value of attribute
ecert:
type: boolean
description: A value of true indicates that this attribute should be included in an enrollment certificate by default
required:
- name
- value
caname:
type: string
description: Name of the CA containing the deleted identity.
required:
- id
- affiliation
- attrs
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Errors
- Messages
/api/v1/certificates:
get:
tags:
- fabric-ca-server
description: |-
Get certificate(s).
The caller will be able to view certificates that it owns. In addition, if the caller has **hf.Registrar.Roles** or **hf.Revoker** attribute, it will be able to view certificates for identities that have affiliations equal to or below the caller's affiliation.
parameters:
- name: Authorization
in: header
description: |-
An enrollment token consisting of two base 64 encoded parts separated by a period:
* an enrollment certificate;
* a signature over the certificate and body of request.
required: true
type: string
- name: id
in: query
description: The enrollment ID that uniquely identifies an identity
type: string
- name: aki
in: query
description: The AKI for a certificate
type: string
- name: serial
in: query
description: The serial number for a certificate
type: string
- name: revoked_start
in: query
description: 'Get revoked certificates starting at the specified time, either as timestamp (RFC3339 format) or duration (-30d)'
type: string
- name: revoked_end
in: query
description: 'Get revoked certificates before the specified time, either as timestamp (RFC3339 format) or duration (-15d)'
type: string
- name: expired_start
in: query
description: 'Get expired certificates starting at the specified time, either as timestamp (RFC3339 format) or duration (-30d)'
type: string
- name: expired_end
in: query
description: 'Get expired certificates before the specified time, either as timestamp (RFC3339 format) or duration (-15d)'
type: string
- name: notexpired
in: query
description: Don't return expired certificates
type: boolean
- name: notrevoked
in: query
description: Don't return revoked certificates
type: boolean
- name: ca
in: query
description: 'The name of the CA to direct this request to within the server, or the default CA if not specified'
type: string
responses:
'200':
description: The certificates that were retrieved.
schema:
type: object
properties:
Success:
type: boolean
description: Boolean indicating if the request was successful.
Result:
type: object
properties:
certs:
type: array
description: An array of base64 encoded PEM-encoded certificates
items:
type: string
description: base64 encoded PEM-encoded CRL
caname:
type: string
description: Name of the CA containing this identity.
Errors:
type: array
description: An array of error messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of error.
message:
type: string
description: An error message
required:
- code
- message
Messages:
type: array
description: An array of information messages (code and message)
items:
type: object
properties:
code:
type: integer
description: Integer code denoting the type of message.
message:
type: string
description: A more specific message.
required:
- code
- message
required:
- Success
- Result
- Errors
- Messages
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment