Initial considerations
1. Authentication
2. Modules
3. Organization license
4. Product license
5. User privileges level
Request/response protocol
1. REST service
2. SOAP service
Service authentication [Auth]
1. Obtaining session token [Auth/Login]
2. Obtaining session token [Auth/LoginToken]
3. Login check [Auth/Check]
4. Check login validation code [Auth/CheckValidation]
5. Impersonating user [Auth/Impersonate]
6. Password recovery [Auth/PasswordRecovery]
7. Check the possibility of changing a password [Auth/ProviderModifiablePass]
8. Token check [Auth/TokenCheck]
Auditory management [Audit]
1. Listing auditory records [Audit/List]
2. Obtaining auditory categories and action data [Audit/Info]
Authentication provider management [AuthProvider]
1. Listing authentication provider [AuthProvider/List]
Certificate management [Cert]
1. Importing certificates with private key [Cert/ImportPFX]
2. Deleting certificates [Cert/Del]
3. Obtaining certificate data [Cert/Get]
4. Listing certificates [Cert/List]
5. Setting certificate data [Cert/Set]
6. Getting certificate public key [Cert/CERGet]
7. Getting certificate certification chain [Cert/ChainGet]
8. Listing available certificates [Cert/ListAvailable]
9. Moving certificates [Cert/Move]
10. Checking certificate pin [Cert/PinCheck]
11. Setting a new pin to a certificate [Cert/PinSet]
12. Obtaining certificate provider certificate public key [Cert/RefGetCER]
13. Linking reference certificates [Cert/RefLink]
14. Listing certificate provider certificates [Cert/RefList]
15. Creating and installing certificates (1/3) [Cert/RSAGen]
16. Creating and installing certificates (2/3) [Cert/GenCSR]
17. Creating and installing certificates (3/3) [Cert/InstallCER]
18. Certificate replacement [Cert/Replace]
19. Searching certificates [Cert/Search]
Certificate providers management [CertProvider]
1. Listing certificate provider [CertProvider/List]
Bin certificates management [CertTrash]
1. Deleting bin certificates [CertTrash/Del]
2. Getting bin certificates data [CertTrash/Get]
3. Listing bin certificates [CertTrash/List]
4. Sending certificates to the certificate bin [CertTrash/Move]
5. Restoring bin certificates [CertTrash/Rest]
Configuration management [Config]
1. Creating configuration [Config/Add]
2. Deleting configuration [Config/Del]
3. Getting configuration [Config/Get]
4. Listing configurations [Config/List]
5. Setting configuration [Config/Set]
6. Getting public configuration [Config/PublicGet]
7. Listing public configuration [Config/PublicList]
Delegations management [Deleg]
1. Delegation creation [Deleg/Add]
2. Deleting delegation [Deleg/Del]
3. Getting delegation data [Deleg/Get]
4. Listing delegations [Deleg/List]
5. Setting delegation [Deleg/Set]
6. Listing allowed delegation users [Deleg/AllowedUserList]
7. Deleting delegated certificates [Deleg/CertDel]
8. Listing delegated certificates [Deleg/CertList]
9. Associating user to delegation [Deleg/UserAdd]
10. Deleting user from delegation [Deleg/UserDel]
Device management [Device]
1. Device creation [Device/Add]
2. Deleting devices [Device/Del]
3. Getting device data [Device/Get]
4. Listing devices [Device/List]
5. Setting devices [Device/Set]
Authorization petition management [Inquiry]
1. Getting inquiry [Inquiry/Get]
2. Setting inquiry [Inquiry/Set]
License management [License]
1. Getting license data [License/Get]
Notification management [Notify]
1. Getting notification [Notify/Get]
2. Listing notification [Notify/List]
3. Setting notification [Notify/Set]
Organizations management [Orga]
1. Creating organizations [Orga/Add]
2. Deleting organizations [Orga/Del]
3. Getting organization data [Orga/Get]
4. Listing organizations [Orga/List]
5. Setting organization data [Orga/Set]
6. Renaming organization [Orga/Ren]
External PKI integration management [PKI]
1. Certificate request [PKI/Petition]
2. Getting CA certificate's public key [PKI/CACERGet]
3. Listing CA PKI certificates [PKI/CAList]
4. Generating PKI certificate [PKI/CertGen]
5. Listing PKI certificates [PKI/CertList]
6. Getting PKI certificate public key [PKI/CertCAGet]
7. Revoking PKI certificate [PKI/Revoke]
Public certificates management [PubCert]
1. Creating public certificates [PubCert/Add]
2. Deleting public certificates [PubCert/Del]
3. Obtención de certificados públicos [PubCert/Get]
4. Listing public certificates [PubCert/List]
5. Setting public certificates [PubCert/Set]
Public certificate management [PubCertBin]
1. Creating public certificates [PubCertBin/Add]
2. Getting public certificate data [PubCertBin/Get]
3. Checking public certificate [PubCertBin/Check]
Usage rules / Usage policies management [Rule]
1. Creating usage rule [Rule/Add]
2. Deleting rule [Rule/Del]
3. Getting rule data [Rule/Get]
4. Listing rule [Rule/List]
5. Setting usage rule [Rule/Set]
Simple hash signatures [Sign]
1. Hash signature [Sign/Hash] ✍
2. PDF basic signature [Sign/PDF] ✍
3. RSA Signature [Sign/RSA] ✍
4. TSP signature [Sign/TSP] ✍
Document signatures [Signature]
1. PDF document signature [Signature/Pades] ✍
2. XML document signature [Signature/Xades] ✍
3. Generic document signature [Signature/Cades] ✍
4. PDF document time stamping [Signature/TimestampPdf] ✍
5. Signed PDF document upgrade [Signature/UpgradePades] ✍
Biometry sign [Biometry]
1. PDF document signature [Biometry/Sign] ✍
Statistics management [Stats]
1. General system statistics [Stats/System]
2. Organization and its child organization statistics [Stats/OrgaChain]
3. Organization statistics [Stats/Orga]
4. User statistics [Stats/User]
5. Specific system statistic [Stats/DetailSys]
6. Specific organization statistic [Stats/DetailOrga]
7. Specific user statistic [Stats/DetailUser]
8. Yearly organization signature statistic [Stats/OperationYear]
Time stamp operations [TSP]
1. Time stamp signature [TSP/Sign]
2. PDF document time stamping [TSP/TimestampPDF]
3. Time stamp verification [TSP/Verify]
User management [User]
1. User creation [User/Add]
2. Deleting user [User/Del]
3. Obtaining user data [User/Get]
4. Listing users [User/List]
5. Setting user data [User/Set]
6. User creation [User/PublicAdd]
7. Searching users [User/Find]
8. Obtaining user level [User/Level]
9. Checking modifiable user fields [User/Modifiablefields]
10. Moving a user to another organization [User/OrgaMove]
11. Renaming users [User/Ren]
Verification operations [Verify]
1. CA certificate verification [Verify/CER]
2. Chain CA certificate verification [Verify/CERChain]
3. IvSign certificate verification [Verify/Cert]
4. IvSign certificate verification [Verify/CertChain]
5. Signed PDF document verification [Verify/Pades]
6. Signed XML document verification [Verify/Xades]
7. Signed generic document verification [Verify/Cades]
8. Time stamp verification [Verify/TSP]
IvSign common objects definition
1. Audit object
2. AuditInfo object
3. AuthProviderInfo object
4. Cert object
5. CertRef object
6. CertProviderInfo object
7. CertTrash object
8. Config object
9. Deleg object
10. Device object
11. Inquiry object
12. Notify object
13. Orga object
14. PKICert object
15. PubCert object
16. PubCertBin object
17. Rule object
18. SignPadesParams object
19. PDFSignParams object
20. PdfSignWidgetProps object
21. SignatureTextArea object
22. SignatureWidgetTextField object
23. PdfSignBackground object
24. TransparencyMask object
25. TimeStampServerInfo object
26. Biometry object
27. SignPolicy object
28. SignXadesParams object
29. SignLocation object
30. SignCadesParams object
31. StatsResult object
32. StatsDetailResult object
33. Stats object
34. User object
35. CertInfo object
36. RevocationData object
37. VerifyCER object
38. VerifyCert object
39. SignatureData object
40. tsainfo object
41. Caller object
42. Hash object
43. KeyValue object
44. Page object
45. Error object

1. Initial considerations

1.1. Authentication

Authentication on IvSign requires three parameters: user, password and organization. A part from that, as of IvSign version 8 (API 4), the parameters integration module and device are needed. More information about modules will be provided in further sections.
To be able to perform device authentication, the device must be authorized for the user who wants to authenticate. Depending on the user's organization or the authentication module it is possible that the device authorization won't be requested.

1.2. Modules

During user's authentication process, indicating module and its module key will be needed.
Each module has a list of methods and/or groups of methods that allow or deny the access to them. To know which methods are allowed to access or denied to access to depending on a module, please contact with the project manager.

1.3. Organization license

Organizations must have a license code. Associated to the license code, there signature privileges and monthly quantity restrictions. As well as limits on the quantity of users and certificates an organization can hold.
Those limits are maximum users and certificates an organization can hold. A part from that, this parameters allows or denies perform several actions: document signatures, time stamp signatures and verifications. As well as the monthly quantity allowed to be performed. To know which restrictions an organization license code has, contact with the project manager.

1.4. Product license

All INHOUSE environments where IvSign is installed must have a product license. This license code has associated a maximum number of users, certificates and organizations a environment can hold.
A part from that there are restrictions to perform several actions: document signatures, time stamp signatures and verifications. As well as the monthly quantity allowed to be performed. There are also some restrictions referring to IvSign components a environment can hold, such as keyman, certmanager, pscintegration or ivssm.

1.5. User privileges level

There are four level user privileges: basic user, administrator user, super administrator user and system administrator user. Each one of these profiles is allowed to access some methods. On each detail method explanation there is an indication of which level privileges are required to access to it and the requested conditions to do it.

The administrator user is able to perform operations on itself and on its organization other users. As well as manage some aspect of its organization.
The super administrator user is able to perform more operations than an administrator user. It is able to manage aspects not only of its organizations but also its child organization and all organizations that come from them. As well as manage their users.
The system administrator user is able to perform any action on any organization or users without restrictions.

2. Request/response protocol

It is possible to connect to IvSign's API through REST and SOAP protocols. Both protocols have the same methods and the same in and out object structure.
The methods are organized in categories. Some of them, such as the signature engine, may require a validation or a license in order to be used.

Consult with your project manager to obtain the URL and the credentials needed for a demo of the product in our demo environments.

2.1. REST service

REST service uses JSON notation for in and out of the service.
It is required a POST request to each operation URL with the request data.
The Auth category operations will return a session token. It will be needed on each operation and must be sent on the Authentication headline.

In order to access to each REST method it is needed to create the URL using the following example:
https://ENVIRONMENT/Keyman/rest/v5/CATEGORY/ACTION

For instance, to do a Login action in Auth category:
https://demo.ivsign.net/Keyman/rest/v5/auth/login

2.2. SOAP service

SOAP service uses WCF Microsoft services, allowing a quick implementation through .NET resources.
The Auth category operations will return a session token. It will be needed on each operation and must be sent as a parameter.

The URL service will depend on the environment it is wanted to access, using the following format:
https://ENVIRONMENT/Keyman/KeymanServiceV5.svc

Once the service is referenced, the operations described below in this document will be available. The name of each method will be the union between the category and the action.
For instance, to do a Login action in Auth category the .NET method would be:
AuthLoginResponse AuthLogin(AuthLoginRequest request);

3. Service authentication [Auth]

3.1. Obtaining session token [Auth/Login]

Obtaining a session token is done trough the Auth/Login method using the following parameters.

Auth/Login - Request
Parameter	Type	Requested	Description
orgaid	string	Yes	User's organization
login	string	Yes	User's identifier
pass	string	Yes	User's password
module	string	Yes	Integration module identifier
authmethod	string	No	Authentication method (pass, win or federated)
origin	string	No	Connection device name
modkey	string	No	Integration module key
modver	string	No	Integration module version
deviceinfo	string	No	Connection device information

Auth/Login - Response
Parameter	Type	Description
token	string	IvSign session token
user	User	IvSign user object
deviceid	string	IvSign device ID
validuntil	DateTime	Token expiry date time
error	Error	IvSign error object

Request and response example:

JSON request
{ "orgaid": "MYORGA", "login": "myuser", "pass": "mypass", "module": "apitest", "authmethod": "pass", "origin": "myuser-pc", "modkey": "apitestkey", "modver": "5.0", "deviceinfo": "{\"osuser\":\"myuser\",\"osuserid\":\"myuser-id\",\"host\":\"MYUSER-PC\",..." }

JSON response
{ "token": "KrFWFozz0Mt5z+6A7vnz8VjWD9Xbt2/vROvRfJqtXjXuWBIVztI26HNL1Ko0ZAWqM8rzzXGdXN6QYWVqfcYADYA3OwIqZERoBvJdEYSuHimA=", "user": { "userid": "myuser", "extid": null, "orgaid": "MYORGA", "orgachain": "ROOT.MYORGA.", "name": "User Name", "lastname": "User Last Name", "email": "myuser@ivnosys.com", "ident": null, "disabled": false, "disabledreason": null, "valid": true, "admin": true, "superadmin": true, "authprovider": "db", "lastlogin": "2019-06-21T12:16:32Z", "previouslogin": "2019-06-21T12:12:03Z", "lastip": "127.0.0.1", "createdate": "2019-05-16T06:59:21Z", "pass": null, "validation": null, "lang": null, "phone": null }, "deviceid": "7DC5AELHYXQNK", "validuntil": "2019-06-27T13:37:44.9362554+02:00", "error": { "code": "K0000", "message": "OK", "traceid": "ABK5CRZERQOR2AAB" } }

JSON response

{
"token": "KrFWFozz0Mt5z+6A7vnz8VjWD9Xbt2/vROvRfJqtXjXuWBIVztI26HNL1Ko0ZAWqM8rzzXGdXN6QYWVqfcYADYA3OwIqZERoBvJdEYSuHimA=",
"user": {
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "User Name",
"lastname": "User Last Name",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": true,
"authprovider": "db",
"lastlogin": "2019-06-21T12:16:32Z",
"previouslogin": "2019-06-21T12:12:03Z",
"lastip": "127.0.0.1",
"createdate": "2019-05-16T06:59:21Z",
"pass": null,
"validation": null,
"lang": null,
"phone": null
},
"deviceid": "7DC5AELHYXQNK",
"validuntil": "2019-06-27T13:37:44.9362554+02:00",
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5CRZERQOR2AAB"
}
}

In this example the token is: KrFWFozz0Mt5z+6A7vnz8VjWD9Xbt2/vROvRfJqtXjXuWBIVztI26HNL1Ko0ZAWqM8rzzXGdXN6QYWVqfcYADYA3OwIqZERoBvJdEYSuHimA=

Auth/Login - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/Login - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

3.2. Obtaining session token [Auth/LoginToken]

Obtaining a valid token using a valid token is done through the Auth/LoginToken method.
This method allows to re-use valid user credentials through a valid token for generating a new one using another module and device.

Auth/LoginToken - Request
Parameter	Type	Requested	Description
module	string	Yes	Integration module identifier
modkey	string	No	Integration module key
modulver	string	No	Integration module version
deviceinfo	string	No	Connection device information

Auth/LoginToken - Response
Parameter	Type	Description
token	string	Session token
user	User	IvSign user object
deviceid	string	IvSign device ID
validuntil	DateTime	Token expiry date time
error	Error	IvSign error object

Request and response example:

JSON request
{ "module": "apitest2", "modkey": "apitest2key", "modulver": "5.0", "deviceinfo": "{\"osuser\":\"myuser\",\"osuserid\":\"myuser-id\",\"host\":\"MYUSER-PC\",..." }

JSON response
{ "token": "Kb3UgDXnKbpxpURvzdT8qaw2FVtd442RHcPCMdQjxy6fzemOSyQjmdeDMScenfew3UslQ9mBE+oR3Po4KFE5EvEgDPoIajcQpykd7a99D3Ug=", "user": { "userid": "myuser", "extid": null, "orgaid": "MYORGA", "orgachain": "ROOT.MYORGA.", "name": "User Name", "lastname": "User Last Name", "email": "myuser@ivnosys.com", "ident": null, "disabled": false, "disabledreason": null, "valid": true, "admin": true, "superadmin": true, "authprovider": "db", "lastlogin": "2019-06-21T12:16:32Z", "previouslogin": "2019-06-21T12:12:03Z", "lastip": "127.0.0.1", "createdate": "2019-05-16T06:59:21Z", "pass": null, "validation": null, "lang": null, "phone": null }, "deviceid": "7DC5AELHYXQNK", "validuntil": "2019-06-27T14:17:57.9452391+02:00", "error": { "code": "K0000", "message": "OK", "traceid": "ABK5CRZERQOR2AAB" } }

JSON response

{
"token": "Kb3UgDXnKbpxpURvzdT8qaw2FVtd442RHcPCMdQjxy6fzemOSyQjmdeDMScenfew3UslQ9mBE+oR3Po4KFE5EvEgDPoIajcQpykd7a99D3Ug=",
"user": {
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "User Name",
"lastname": "User Last Name",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": true,
"authprovider": "db",
"lastlogin": "2019-06-21T12:16:32Z",
"previouslogin": "2019-06-21T12:12:03Z",
"lastip": "127.0.0.1",
"createdate": "2019-05-16T06:59:21Z",
"pass": null,
"validation": null,
"lang": null,
"phone": null
},
"deviceid": "7DC5AELHYXQNK",
"validuntil": "2019-06-27T14:17:57.9452391+02:00",
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5CRZERQOR2AAB"
}
}

In this example the token is: Kb3UgDXnKbpxpURvzdT8qaw2FVtd442RHcPCMdQjxy6fzemOSyQjmdeDMScenfew3UslQ9mBE+oR3Po4KFE5EvEgDPoIajcQpykd7a99D3Ug=

Auth/LoginToken - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/LoginToken - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

3.3. Login check [Auth/Check]

Checking user's login without generating a token is done through the Auth/Check method.
The method allows only Windows authentication or user/password authentication.

Auth/Check - Request
Parameter	Type	Requested	Description
orgaid	string	No	User's organization
login	string	Yes	User's identifier
pass	string	Yes	User's password
module	string	Yes	Integration module identifier
authmethod	string	No	Authentication method
origin	string	No	Connection device name
modver	string	No	Integration module version
modkey	string	No	Integration module key

Auth/Check - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "orgaid": "MYORGA", "login": "myuser", "pass": "mypass", "module": "apitest", "authmethod": "pass", "origin": "myuser-pc", "modkey": "apitestkey", "modver": "5.0" }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Auth/Check - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/Check - Audits
Operation	Audits
Correct	No
Incorrect	No

3.4. Check login validation code [Auth/CheckValidation]

Checking that the user validation code sent by email is correct is done through the Auth/CheckValidation method.

Auth/CheckValidation - Request
Parameter	Type	Requested	Description
orgaid	string	Yes	User's organization
login	string	Yes	User's identifier
validation	string	Yes	Validation code

Auth/CheckValidation - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "orgaid": "MYORGA", "login": "myuser", "validation": "myvalidationcode" }

JSON response
{ "user": { "userid": "myuser", "extid": null, "orgaid": "MYORGA", "orgachain": "ROOT.MYORGA.", "name": "User Name", "lastname": "User Last Name", "email": "myuser@ivnosys.com", "ident": null, "disabled": false, "disabledreason": null, "valid": true, "admin": true, "superadmin": true, "authprovider": "db", "lastlogin": "2019-06-21T12:16:32Z", "previouslogin": "2019-06-21T12:12:03Z", "lastip": "127.0.0.1", "createdate": "2019-05-16T06:59:21Z", "pass": null, "validation": null, "lang": null, "phone": null }, "error": { "code": "K0000", "message": "OK", "traceid": "ABK5CRZERQOR2AAB" } }

JSON response

{
"user": {
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "User Name",
"lastname": "User Last Name",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": true,
"authprovider": "db",
"lastlogin": "2019-06-21T12:16:32Z",
"previouslogin": "2019-06-21T12:12:03Z",
"lastip": "127.0.0.1",
"createdate": "2019-05-16T06:59:21Z",
"pass": null,
"validation": null,
"lang": null,
"phone": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5CRZERQOR2AAB"
}
}

Auth/CheckValidation - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/CheckValidation - Audits
Operation	Audits
Correct	No
Incorrect	No

3.5. Impersonating user [Auth/Impersonate]

Impersonating other users is done through the Auth/Impersonate method.
This method is used to perform actions in the name of the impersonated used. It is not possible to impersonate users with higher privileges.

Auth/Impersonate - Request
Parameter	Type	Requested	Description
origin	string	No	Connection device name
login	string	Yes	Impersonated user identifier
orgaid	string	Yes	Impersonated user organization

Auth/Impersonate - Response
Parameter	Type	Description
token	string	Session token
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "origin": "myuser-pc", "login": "myuser2", "orgaid": "MYORGA2" }

JSON response
{ "token": "KcgtB8tU8pmHJtKcrTbd1AfTGPhNKInBdKHFhlRRoHFtJp7WsRqafOYbZ37D6bf7ODjzRV3J5ng/2UyK5+xEzbVgqmRqCrpbYesDtOsGhFwcyltQH2UyxGL7yHXBS6L2n", "user": { "userid": "myuser2", "extid": null, "orgaid": "MYORGA2", "orgachain": "ROOT.MYORGA.MYORGA2.", "name": "User Name", "lastname": "User Last Name", "email": "myuser2@ivnosys.com", "ident": null, "disabled": false, "disabledreason": null, "valid": true, "admin": true, "superadmin": true, "authprovider": "db", "lastlogin": "2019-06-21T12:16:32Z", "previouslogin": "2019-06-21T12:12:03Z", "lastip": "127.0.0.1", "createdate": "2019-05-16T06:59:21Z", "pass": null, "validation": null, "lang": null, "phone": null }, "error": { "code": "K0000", "message": "OK", "traceid": "ABK5CRZERQOR2AAB" } }

JSON response

{
"token": "KcgtB8tU8pmHJtKcrTbd1AfTGPhNKInBdKHFhlRRoHFtJp7WsRqafOYbZ37D6bf7ODjzRV3J5ng/2UyK5+xEzbVgqmRqCrpbYesDtOsGhFwcyltQH2UyxGL7yHXBS6L2n",
"user": {
"userid": "myuser2",
"extid": null,
"orgaid": "MYORGA2",
"orgachain": "ROOT.MYORGA.MYORGA2.",
"name": "User Name",
"lastname": "User Last Name",
"email": "myuser2@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": true,
"authprovider": "db",
"lastlogin": "2019-06-21T12:16:32Z",
"previouslogin": "2019-06-21T12:12:03Z",
"lastip": "127.0.0.1",
"createdate": "2019-05-16T06:59:21Z",
"pass": null,
"validation": null,
"lang": null,
"phone": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5CRZERQOR2AAB"
}
}

Auth/Impersonate - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The impersonated user must belong to the same organization as the agent user
Super Administrator	Yes	The impersonated user must belong to the same organization as the agent user or to a child organization of this

Auth/Impersonate - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

3.6. Password recovery [Auth/PasswordRecovery]

Recovering passwords is done through the Auth/PasswordRecovery method.

Auth/PasswordRecovery - Request
Parameter	Type	Requested	Description
orgaid	string	Yes	User's organization
login	string	Yes	User's identifier
module	string	Yes	Integration module identifier
modver	string	No	Integration module version
modkey	string	No	Integration module key

Auth/PasswordRecovery - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "orgaid": "MYORGA", "login": "myuser", "module": "apitest", "modver": "5.0", "modkey": "apitestkey" }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Auth/PasswordRecovery - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/PasswordRecovery - Audits
Operation	Audits
Correct	No
Incorrect	No

3.7. Check the possibility of changing a password [Auth/ProviderModifiablePass]

Checking that the users of an organization, or authentication provider, are able to change their passwords is done through the Auth/ProviderModifiablePass method.

Auth/ProviderModifiablePass - Request
Parameter	Type	Requested	Description
authprovider	string	Yes	Authentication provider identifier

Auth/ProviderModifiablePass - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "authprovider": "myauthprovider" }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Auth/ProviderModifiablePass - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/ProviderModifiablePass - Audits
Operation	Audits
Correct	No
Incorrect	No

3.8. Token check [Auth/TokenCheck]

Checking tokens is done through the Auth/TokenCheck method.

Auth/TokenCheck - Request
Parameter	Type	Requested	Description
token	string	Yes	Session token

Auth/TokenCheck - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "token": "KrFWFozz0Mt5z+6A7vnz8VjWD9Xbt2/vROvRfJqtXjXuWBIVztI26HNL1Ko0ZAWqM8rzzXGdXN6QYWVqfcYADYA3OwIqZERoBvJdEYSuHimA=" }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Auth/TokenCheck - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/TokenCheck - Audits
Operation	Audits
Correct	No
Incorrect	No

4. Auditory management [Audit]

4.1. Listing auditory records [Audit/List]

Listing auditory records is done through the Audit/List method.
The method returns the auditory records based on the request parameters and the pagination.

Audit/List - Request
Parameter	Type	Requested	Description
startdate	DateTime	Yes	UTC request start date time
enddate	DateTime	Yes	UTC request end date time
audit	Audit		IvSign auditory object
audit.userid	string	No	User ID filter
audit.orgaid	string	No	Organization ID filter
audit.oper	string	No	Operator user filter
audit.category	string	No	Category filter
audit.action	string	No	Performed action filter
audit.seccess	bool	No	Success / failure filter
audit.certid	string	No	Certificate ID filter
audit.serial	string	No	Certificate serial number filter
audit.module	string	No	Module filter
page	Page	No	IvSign page object
limit	int	No	Element per page limit number on IvSign page object
foruser	string	No	User ID for looking up at the auditory, all the direct actions performed for the user and the indirect actions performed on the user
fororga	string	No	Organization ID for looking up at the auditory, all the direct actions performed for its members and the indirect actions performed on them

Audit/List - Response
Parameter	Type	Description
auditlist	Audit[]	IvSign auditory object
page	Page	IvSign page object
error	Error	IvSign error object

Request and response example:

JSON request
{ "startdate": "2019-07-08T00:00:00.000Z", "enddate": "2019-07-14T23:59:59.999Z", "auditlist": { "oper": "myuser", "module": "apitest" }, "foruser": "myuser", "fororga": "MYORGA" }

JSON response

{
"auditlist": [
{
"auditid": "8666",
"date": "2019-07-09T07:14:09.126839Z",
"userid": "myuser",
"orgaid": "MYORGA",
"oper": "ivnosysuser",
"operorgaid": "IVNOSYS",
"impersonator": null,
"certid": null,
"serial": null,
"certidorig": null,
"certsha1sum": null,
"category": "User",
"action": "Add",
"actiondata": null,
"success": true,
"info": "User='myuser' added",
"app": null,
"location": null,
"server": "MYUSER-PC",
"module": "apitest",
"modver": "5.0",
"data": null,
"ip": "127.0.0.1",
"host": "127.0.0.1"
},
{
"auditid": "8667",
"date": "2019-07-09T07:23:50.738544Z",
"userid": "myuser",
"orgaid": "MYORGA",
"oper": "myuser",
"operorgaid": "MYORGA",
"impersonator": null,
"certid": null,
"serial": null,
"certidorig": null,
"certsha1sum": null,
"category": "Auth",
"action": "Login",
"actiondata": null,
"success": true,
"info": "Login successfully",
"app": null,
"location": null,
"server": "MYUSER-PC",
"module": "apitest",
"modver": "5.0",
"data": null,
"ip": "127.0.0.1",
"host": "127.0.0.1"
}
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5ERHZ2Z7EKAAI"
}
}

Audit/List - User permissions
User	Allowed	Conditions
Basic	Yes	The searched user must be the agent user
Administrator	Yes	The searched users must belong to the same organization as the agent user
Super Administrator	Yes	The searched users must belong to the same organization as the agent user or to a child organization of this

Audit/List - Audits
Operation	Audits
Correct	No
Incorrect	No

4.2. Obtaining auditory categories and action data [Audit/Info]

Obtaining auditory categories and action data is done through the Audit/Info method.
The returned data depends on the recorded performed operations.

Audit/Info - Request
Parameter	Type	Requested	Description
Without request parameters

Audit/Info - Response
Parameter	Type	Description
auditinfo	AuditInfo	IvSign auditory information object
error	Error	IvSign error object

Request and response example:

JSON request
{}

JSON response

{
"data": {
"category": [
"Auth",
"Cert",
"CertTrash",
"Config",
"Deleg",
"Notify",
"Orga",
"Rule",
"Sign",
"Signature",
"TSP",
"User",
"Verify"
],
"action": [
"Add",
"Cades",
"CER",
"Cert",
"ClientSign",
"Del",
"DelCert",
"Generate",
"Impersonate",
"ImportPFX",
"Login",
"Move",
"OrgaMove",
"Pades",
"PadesFinalize",
"PadesInit",
"PasswordRecovery",
"PinCheck",
"PinSet",
"Ren",
"Replace",
"Rest",
"RSA",
"Set",
"Sign",
"TimestampPdf",
"TSP",
"UserAdd",
"Xades"
]
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5ERIG422AQAAJ"
}
}

Audit/Info - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Audit/Info - Audits
Operation	Audits
Correct	No
Incorrect	No

5. Authentication provider management [AuthProvider]

5.1. Listing authentication provider [AuthProvider/List]

Listing agent user organization authentication providers is done trough the AuthProvider/List method.

AuthProvider/List - Request
Parameter	Type	Requested	Description
filter	AuthProviderInfo		IvSign authentication provider information object
filter.name	string	No	Authentication provider's name
filter.class	string	No	Authentication provider's class
filter.default	bool	no	Authentication provider is a default provider flag
filter.properties	KeyValue[]	No	Authentication provider's properties, currently unused

AuthProvider/List - Response
Parameter	Type	Description
authproviderlist	AuthProviderInfo[]	IvSign authentication provider information object
error	Error	IvSign error object

Request and response example:

JSON request
{ "filter": { "class": "db" } }

JSON response
{ "authproviderlist": [ { "name": "db", "class": "db", "default": true, "properties": null }, { "name": "db_aux", "class": "db", "default": false, "properties": null } ], "error": { "code": "K0000", "message": "OK", "traceid": "ABK5CSEJUO3OWAAE" } }

AuthProvider/List - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes

AuthProvider/List - Audits
Operation	Audits
Correct	No
Incorrect	No

6. Certificate management [Cert]

6.1. Importing certificates with private key [Cert/ImportPFX]

Importing certificates PFX or P12 with private key is done through the Cert/ImportPFX method.
The method imports the certificate to the agent user or to the specified user.

Cert/ImportPFX - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.name	string	Yes	Certificate's name
cert.userid	string	No	Certificate recipient user
cert.orgaid	string	No	Certificate recipient organization
cert.descr	string	No	Certificate's description
cert.pin	string	No (Yes if newpin is empty)	Certificate's pin
cert.newpin	string	No (Yes if pin is empty)	Certificate's pin
cert.custom1	string	No	Custom field 1
cert.custom2	string	No	Custom field 2
cert.custom3	string	No	Custom field 3
cert.extid	string	No	Certificate external identifier
pfxdata	byte[]	Yes	PFX/P12 certificate
pfxpass	string	Yes	PFX/P12 certificate's password

Cert/ImportPFX - Response
Parameter	Type	Description
error	Error	IvSign error object
cert	Cert	IvSign certificate object

Request and response example:

JSON request
{ "cert": { "userid": "myuser", "orgaid": "MYORGA", "name": "mycert", "descr": "certdesc", "newpin": "certpin" }, "pfxdata": "MIIhJgIBAz...", "pfxpass": "pfxpassword" }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5CX7CGYSMKABM"
},
"cert": {
"certid": "ABK5CX7CHSEQGABN",
"name": "mycert",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert subject",
"subjectcn": "mycert subject common name",
"issuer": "mycert issuer",
"issuercn": "mycert issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Y",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bf",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}
}

Cert/ImportPFX - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/ImportPFX - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.2. Deleting certificates [Cert/Del]

Deleting certificates is done through the Cert/Del method.
Once the certificate is erased, it is not possible to be recovered.

Cert/Del - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID

Cert/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5CX7CHSEQGABN" } }

JSON response
{ "result" : true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.3. Obtaining certificate data [Cert/Get]

Obtaining a certificate data is done through the Cert/Get method.

Cert/Get - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	No (Yes if sha1sum and extid are empty)	IvSign certificate ID
cert.sha1sum	string	No (Yes if certid and extid are empty)	Certificate SHA1SUM
cert.extid	string	No (Yes if certid adn sha1sum are empty)	Certificate external identifier

Cert/Get - Response
Parameter	Type	Description
cert	Cert	IvSign certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid":"ABK5CX7CHSEQGABN" } }

JSON response

{
"cert": {
"certid": "ABK5CX7CHSEQGABN",
"name": "mycert",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert subject",
"subjectcn": "mycert subject common name",
"issuer": "mycert issuer",
"issuercn": "mycert issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Y",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bf",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5CX7CGYSMKABM"
}
}

Cert/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

6.4. Listing certificates [Cert/List]

Listing certificates is done through the Cert/List method.
The list can contain from a user's certificates up to all system's certificates, depending on agent user privileges.

Cert/List - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.userid	string	No	User ID filter
cert.orgaid	string	No	Organization ID filter
page	Page		IvSign page object

Cert/List - Response
Parameter	Type	Description
certlist	Cert[]	IvSign certificate object
error	Error	IvSign error object
page	Page	IvSign page object

Request and response example:

JSON request
{ "cert":{ "userid": "myuser", "orgaid": "MYORGA" } }

JSON response

{
"certlist": [
{
"certid": "ABK5CX7CHSEQGABN",
"name": "mycert",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert subject",
"subjectcn": "mycert subject common name",
"issuer": "mycert issuer",
"issuercn": "mycert issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Y",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bf",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
},
{
"certid": "ABK5CX7CHSEQGABM",
"name": "mycert2",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert2 subject",
"subjectcn": "mycert2 subject common name",
"issuer": "mycert2 issuer",
"issuercn": "mycert2 issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Z",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bg",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}

Cert/List - User permissions
User	Allowed	Conditions
Basic	Yes	The certificates must belong to the agent user
Administrator	Yes	The certificates must belong to the same organization as the agent user
Super Administrator	Yes	The certificates must belong to the same organization as the agent user or to a child organization of this

Cert/List - Audits
Operation	Audits
Correct	No
Incorrect	No

6.5. Setting certificate data [Cert/Set]

Modifying certificate data is done through the Cert/Set method.

Cert/Set - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization
cert.disabled	bool	No	Certificate's state
cert.name	string	No	Certificate's name
cert.descr	string	No	Certificate's description
cert.custom1	string	No	Custom field 1
cert.custom2	string	No	Custom field 2
cert.custom3	string	No	Custom field 3

Cert/Set - Response
Parameter	Type	Description
cert	Cert	IvSign certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5CX7CHSEQGABN", "name": "mycert set" } }

JSON response

{
"cert": {
"certid": "ABK5CX7CHSEQGABN",
"name": "mycert set",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert subject",
"subjectcn": "mycert subject common name",
"issuer": "mycert issuer",
"issuercn": "mycert issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Y",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bf",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Cert/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.6. Getting certificate public key [Cert/CERGet]

Getting certificate public key is done through the Cert/CERGet method.

Cert/CERGet - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID

Cert/CERGet - Response
Parameter	Type	Description
error	Error	IvSign error object
cer	string	IvSign certificate object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5CX7CHSEQGABN" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "cer": "MIIHbTCCBlWgAwIBAgIQSJ4vRUX8Vl..." }

Cert/CERGet - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/CERGet - Audits
Operation	Audits
Correct	No
Incorrect	No

6.7. Getting certificate certification chain [Cert/ChainGet]

Getting certificate certification complete chain, as of its immediate superior CA until root certificate (if it is possible) is done through the Cert/ChainGet method.

Cert/ChainGet - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization

Cert/ChainGet - Response
Parameter	Type	Description
certlist	PubCert[]	IvSign public certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5CX7CHSEQGABN" } }

JSON response

{
"certlist": [
{
"sha1sum": "808B72E43B574CF5877CB841A8DF88396D38AB94",
"sha1sumissuer": "ec503507b215c4956219e2a89a5b42992c4c2c20",
"cer": "MIIG2jCCBMKgAwIBAgIQRV864VwhzbpUT4KqR1Hr2zANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJFUzE...",
"subject": "CN=AC FNMT Usuarios, OU=Ceres, O=FNMT-RCM, C=ES",
"issuer": "OU=AC RAIZ FNMT-RCM, O=FNMT-RCM, C=ES",
"alias": "",
"serial": "455F3AE15C21CDBA544F82AA4751EBDB",
"validfrom": "2014-10-28T12:48:58Z",
"validto": "2029-10-28T12:48:58Z",
"revokeddate": null,
"isroot": false,
"isca": true
},
{
"sha1sum": "ec503507b215c4956219e2a89a5b42992c4c2c20",
"sha1sumissuer": "ec503507b215c4956219e2a89a5b42992c4c2c20",
"cer": "MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYTAkVTMRE...",
"subject": "OU=AC RAIZ FNMT-RCM, O=FNMT-RCM, C=ES",
"issuer": "OU=AC RAIZ FNMT-RCM, O=FNMT-RCM, C=ES",
"alias": "",
"serial": "5D938D306736C8061D1AC754846907",
"validfrom": "2008-10-29T16:59:56Z",
"validto": "2030-01-01T01:00:00Z",
"revokeddate": null,
"isroot": true,
"isca": true
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5CYEIRB3LKAAD"
}
}

Cert/ChainGet - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/ChainGet - Audits
Operation	Audits
Correct	No
Incorrect	No

6.8. Listing available certificates [Cert/ListAvailable]

Listing currently available certificates is done through the Cert/ListAvailable method.
The method list only the certificates allowed to be used on the current application. Only agent user certificates will be listed. Those invalid certificates due to usage rules or policy rules won't be listed. Expired and/or revoked certificates may be omitted during the listing by having the hiderevoked and/or hideexpired configurations enabled.

Cert/ListAvailable - Request
Parameter	Type	Requested	Description
caller	Caller		IvSign caller object
cert	Cert		IvSign certificate object
cert.linked	bool	No	Linked certificate filter
cert.revoked	bool	No	Revoked certificate filter
cert.expired	bool	No	Expired certificate filter
cert.userid	string	No	Certificate's user filter
cert.orgaid	string	No	Certificate's organization filter
date	DateTime	No	Listing request moment

Cert/ListAvailable - Response
Parameter	Type	Description
certlist	Cert[]	IvSign certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "caller": { "app": "testapi", "host": "myuser-pc", }, "cert": { "userid":"myuser" } }

JSON response

Cert/ListAvailable - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Cert/ListAvailable - Audits
Operation	Audits
Correct	No
Incorrect	No

6.9. Moving certificates [Cert/Move]

Moving certificates from one user to another is done through the Cert/Move method.

Cert/Move - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
user	User		IvSign user object
user.userid	string	Yes	User's ID
user.orgaid	string	No	User's organization

Cert/Move - Response
Parameter	Type	Description
error	Error	IvSign error object
cert	Cert	IvSign certificate object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5CX7CHSEQGABN" }, "user": { "userid": "myuser2" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
"cert": {
"certid": "ABK5CX7CHSEQGABN",
"name": "mycert",
"userid": "myuser2",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert subject",
"subjectcn": "mycert subject common name",
"issuer": "mycert issuer",
"issuercn": "mycert issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Y",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bf",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}
}

Cert/Move - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/Move - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.10. Checking certificate pin [Cert/PinCheck]

Checking certificates pin is done through the Cert/PinCheck method.

Cert/PinCheck - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's access pin

Cert/PinCheck - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5CX7CHSEQGABN", "pin": "certpin" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/PinCheck - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/PinCheck - Audits
Operation	Audits
Correct	No
Incorrect	Yes

6.11. Setting a new pin to a certificate [Cert/PinSet]

Setting a new pin to a certificate is done through the Cert/PinSet method.

Cert/PinSet - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.newpin	string	Yes	New certificate's pin
cert.pin	string	Yes	Current certificate's pin

Cert/Set - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5CX7CHSEQGABN", "pin": "certpin" "newpin": "newcertpin" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/PinSet - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/PinSet - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.12. Obtaining certificate provider certificate public key [Cert/RefGetCER]

Obtaining certificate's provider, CA, certificate public key is done through the Cert/RefGetCER method.

Cert/RefGetCER - Request
Parameter	Type	Requested	Description
certprovider	string	Yes	Certificate's provider
id	string	Yes	IvSign certificate ID or IvSign certificate key ID

Cert/RefGetCER - Response
Parameter	Type	Description
cer	byte[]	Certificates public key
error	Error	IvSign error object

Request and response example:

JSON request
{ "certprovider": "dbsecure", "id": "ABK5CX7CHT4TIABO" }

JSON response
{ "data": "MIIHbTCCBlWgAwIBAgIQSJ4vRUX8VlZcpxVj2tM3GT...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/RefGetCER - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

Cert/RefGetCER - Audits
Operation	Audits
Correct	No
Incorrect	No

6.13. Linking reference certificates [Cert/RefLink]

Linking reference certificates, CA certificates, to a user is done through the Cert/RefLink method.

Cert/RefLink - Request
Parameter	Type	Requested	Description
certref	CertRef		IvSign reference certificate object
certref.id	string	Yes	Certificate's ID
certref.certprovider	string	Yes	Certificate's provider
cert	Cert		IvSign certificate object
cert.userid	string	No	IvSign user ID, recipient user
cert.orgaid	string	No	User's organization
cert.pin	string	No (Yes if newpin is empty)	Certificate's pin
cert.newpin	string	No (Yes if pin is empty)	Certificate's pin

Cert/RefLink - Response
Parameter	Type	Description
error	Error	IvSign error object
cert	Cert	IvSign certificate object

Request and response example:

JSON request
{ "certref": { "certprovider": "dbsecure" }, "cert": { "orgaid": "MYORGA", "userid": "myuser", "pin": "certpin" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"cert": {
"certid": "ABK5CX7CHSEQGABN",
"name": "mycert",
"userid": "myuser2",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert subject",
"subjectcn": "mycert subject common name",
"issuer": "mycert issuer",
"issuercn": "mycert issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Y",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bf",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}
}

Cert/RefLink - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/RefLink - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.14. Listing certificate provider certificates [Cert/RefList]

Listing certificate provider certificates, CA, is done through the Cert/RefList method.

Cert/RefList - Request
Parameter	Type	Requested	Description
Without request parameters

Cert/RefList - Response
Parameter	Type	Description
certreflist	CertRef[]	IvSign reference certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{}

JSON response
{ "certreflist": [ { "id": "61376F3768372D65636473612D3139303732303138", "certprovider": "realsec", "data": "MIIBMDCB5qADAgECAg..." }, { "id": "617061636865327465737431", "certprovider": "realsec", "data": "MIIDRDCCAiygAwIBAg..." } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/RefList - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

Cert/RefList - Audits
Operation	Audits
Correct	No
Incorrect	No

6.15. Creating and installing certificates (1/3) [Cert/RSAGen]

Creating and installing certificates is done through 3 methods. The first one is the Cert/RSAGen.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method generates certificate public and private key.

Cert/RSAGen - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization
cert.pin	string	No (Yes if newpin is empty)	Certificate's pin
cert.newpin	string	No (Yes if pin is empty)	Certificate's pin
cert.keysize	string	No	Certificate's private key size
cert.name	string	No	Certificate's name
cert.descr	string	No	Certificate's description
cert.certprovider	string	No	Certificate's provider
cert.type	string	No	IvSign certificate type

Cert/RSAGen - Response
Parameter	Type	Description
error	Error	IvSign error object
cert	Cert	IvSign public certificate object

Request and response example:

JSON request
{ "cert": { "name": "mycert gen", "pin": "certpin", "keysize": "2048" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5DR5KPX6OGAAG"
},
"cert": {
"certid": "ABK5DR5KP34YOAAH",
"name": "mycert gen",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": true,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-07-03T09:51:35Z",
"subject": "CN=None",
"subjectcn": "None",
"issuer": "CN=None",
"issuercn": "None",
"validfrom": "2019-07-03T09:51:35Z",
"validto": "2019-07-03T09:51:35Z",
"serial": "0x0",
"keysize": "2048",
"signalg": "None",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "Generate",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": null,
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}
}

Cert/RSAGen - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/RSAGen - Audits
Operation	Audits
Correct	No
Incorrect	Yes

6.16. Creating and installing certificates (2/3) [Cert/GenCSR]

Creating and installing certificates is done through 3 methods. The second one is the Cert/GenCSR.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method sets subject parameter to the certificate.

Cert/GenCSR - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID en IvSign
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization
cert.pin	string	Yes	Certificate's pin
subject	string[]	Yes	Certificate's subject parameters

Cert/GenCSR - Response
Parameter	Type	Description
data	byte[]	Certificate's public key
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5DR5KP34YOAAH", "pin": "certpin" }, "subject": [ "CN=mycert gen", "OU=myuser", "O=Test S.L.", "L=Valencia", "C=ES" ] }

JSON response
{ "data": "MIICUjCCAToCAQAwDzENMAsGA1UEAwwEY2VydD...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/GenCSR - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/GenCSR - Audits
Operation	Audits
Correct	No
Incorrect	Yes

6.17. Creating and installing certificates (3/3) [Cert/InstallCER]

Creating and installing certificates is done through 3 methods. The third one is the Cert/InstallCER.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method installs the public certificate key into IvSign. This public key must be signed by the proper CA before using this method.

Cert/InstallCER - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID en IvSign
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization
cert.pin	string	Yes	Certificate's pin
cerbin	byte[]	Yes	Certificate's public key

Cert/InstallCER - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5DR5KP34YOAAH", "pin": "certpin" }, "cerbin": "MIID/zCCAuegAwIBAgIFSMxA2s0wDQYJKoZIhvcNAQEFBQAwSzELMAkGA..." }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/InstallCER - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/InstallCER - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.18. Certificate replacement [Cert/Replace]

Certificate replacement is done through the Cert/Replace method.
This method can be used, for instance, when a certificate is about to expire. It can be replaced for its substitute and all the delegations and referred properties will be assigned to the new one.

Cert/Replace - Request
Parameter	Type	Requested	Description
newCert	Cert		IvSign certificate object
newCert.certid	string	Yes	IvSign certificate ID en IvSign
newCert.pin	string	Yes	Certificate's pin
oldCert	Cert		IvSign certificate object
oldCert.certid	string	Yes	IvSign certificate ID en IvSign
oldCert.pin	string	Yes	Certificate's pin
undo	bool	No	Indicates if the operation is a certificate replacement or back to the original one

Cert/Replace - Response
Parameter	Type	Description
error	Error	IvSign error object
replaced	bool	Result, correct or incorrect

Request and response example:

JSON request
{ "newCert": { "certid": "ABK5CX7CHSEQGABN", "pin": "certpin" }, "oldCert": { "certid": "ABK5DR5KP34YOAAH", "pin": "certpin" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "replaced": true }

Cert/Replace - User permissions
User	Allowed	Conditions
Basic	Yes	The certificates must belong to the agent user
Administrator	Yes	The certificates must belong to a user that belong to the same organization as the agent user
Super Administrator	Yes	The certificates must belong to a user that belong to the same organization as the agent user or to a child organization of this

Cert/Replace - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.19. Searching certificates [Cert/Search]

Searching certificates by its public key is done through the Cert/Search method.

Cert/Search - Request
Parameter	Type	Requested	Description
certbin	byte[]	Yes	Certificate public key

Cert/Search - Response
Parameter	Type	Description
certlist	Cert[]	IvSign certificate object
error	Error	IvSign error object
page	Page	IvSign page object

Request and response example:

JSON request
{ "certbin": "MIIKzjCCCLagAwIBAgIIFdG9GevW/cEwD..." }

JSON response

{
"certlist": [
{
"certid": "ABK5DR5KP34YOAAH",
"name": "mycert gen",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "CN=cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-07-03T10:09:25Z",
"subject": "CN=cert",
"subjectcn": "cert",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2019-07-03T10:09:14Z",
"validto": "2024-07-01T10:09:14Z",
"serial": "3HP8BE6GH6",
"keysize": "2048",
"signalg": "sha1RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "Generate",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "aqwbjuk37fmf6c7ltge01bvtjaqbidkxx4h4vmgs",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5DSAGJ4CK2AAO"
},
"page": null
}

Cert/Search - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

Cert/Search - Audits
Operation	Audits
Correct	No
Incorrect	No

7. Certificate providers management [CertProvider]

7.1. Listing certificate provider [CertProvider/List]

Listing certificate providers is done through the CertProvider/List method.

CertProvider/List - Request
Parameter	Type	Requested	Description
filter	CertProviderInfo		IvSign certificate provider information object
filter.name	string	No	Certificate provider's name
filter.class	string	No	Certificate provider's class
filter.deletekey	bool	No	Certificate provider allows deleting key flag
filter.externalcerts	bool	No	Certificate provider allows external certificates flag
filter.restorepin	bool	No	Certificate provider allows restore certificate pin flag
filter.modifykeypass	bool	No	Certificate provider allows modify key pass flag
filter.qscd	bool	No	Certificate provider is QSCD flag
filter.available	bool	No	Certificate provider is available flag

CertProvider/List - Response
Parameter	Type	Description
user	CertProviderInfo[]	IvSign certificate provider information object
error	Error	IvSign error object

JSON request
{ "filter": { } }

JSON response
{ "certproviderlist": [ { "name": "dbsecure", "class": "dbsecure", "deletekey": false, "externalcerts": false, "restorepin": false, "modifykeypass": true, "qscd": false, "available": true } ], "error": { "code": "K0000", "message": "OK", "traceid": "ABK5DSBS7AEUMAAR" } }

CertProvider/List - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

CertProvider/List - Audits
Operation	Audits
Correct	No
Incorrect	No

8. Bin certificates management [CertTrash]

8.1. Deleting bin certificates [CertTrash/Del]

Deleting certificates from the certificate's bin is done through the CertTrash/Del method.
Once the certificate is erased, it is not possible to be recovered.

CertTrash/Del - Request
Parameter	Type	Requested	Description
certtrash	CertTrash		IvSign trash certificate object
certtrash.certid	string	Yes	IvSign trash certificate ID

CertTrash/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "certtrash": { "certid": "ABK5DR5KP34YOAAH" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

CertTrash/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

CertTrash/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

8.2. Getting bin certificates data [CertTrash/Get]

Getting bin certificates data is done through the CertTrash/Get method.

CertTrash/Get - Request
Parameter	Type	Requested	Description
certtrash	CertTrash		IvSign trash certificate object
certtrash.certid	string	Yes	IvSign trash certificate ID

CertTrash/Get - Response
Parameter	Type	Description
certtrash	CertTrash	IvSign trash certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "certtrash": { "certid": "ABK5DR5KP34YOAAH" } }

JSON response

{
"certtrash": {
"certid": "ABK5DR5KP34YOAAH",
"name": "mycert gen",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "CN=cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-07-03T10:09:25Z",
"subject": "CN=cert",
"subjectcn": "cert",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2019-07-03T10:09:14Z",
"validto": "2024-07-01T10:09:14Z",
"serial": "3HP8BE6GH6",
"keysize": "2048",
"signalg": "sha1RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "Generate",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "aqwbjuk37fmf6c7ltge01bvtjaqbidkxx4h4vmgs",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

CertTrash/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

CertTrash/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

8.3. Listing bin certificates [CertTrash/List]

Listing certificate bin certificates is done through the CertTrash/List.
The list can contain from a user's certificates up to all system's certificates, depending on agent user privileges.

CertTrash/List - Request
Parameter	Type	Requested	Description
certtrash	CertTrash		IvSign trash certificate object
certtrash.userid	string	No	Certificate's user
certtrash.orgaid	string	No	Certificate's organization

CertTrash/List - Response
Parameter	Type	Description
certtrashlist	CertTrash[]	IvSign trash certificate object
error	Error	IvSign error object
page	Page	IvSign page object

Request and response example:

JSON request
{ "certtrash": { "userid": "miuser", "orgaid": "MYORGA" } }

JSON response

{
"certtrashlist": [
{
"certid": "ABK5CX7CHSEQGABN",
"name": "mycert",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert subject",
"subjectcn": "mycert subject common name",
"issuer": "mycert issuer",
"issuercn": "mycert issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Y",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bf",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
},
{
"certid": "ABK5CX7CHSEQGABM",
"name": "mycert2",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert2 subject",
"subjectcn": "mycert2 subject common name",
"issuer": "mycert2 issuer",
"issuercn": "mycert2 issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Z",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bg",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}

CertTrash/List - User permissions
User	Allowed	Conditions
Basic	Yes	The certificates must belong the agent user
Administrator	Yes	The certificates must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificates must belong to a user that belongs to the same organization as the agent user or to a child organization of this

CertTrash/List - Audits
Operation	Audits
Correct	No
Incorrect	No

8.4. Sending certificates to the certificate bin [CertTrash/Move]

Sending certificates to the certificate bin is done through the CertTrash/Move method.
The Cert object becomes a CertTrash object.

Cert/Move - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID

Cert/Move - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert":{ "certid": "ABK5CX7CHSEQGABN" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/Move - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/Move - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

8.5. Restoring bin certificates [CertTrash/Rest]

Restoring certificates from the certificates bin is done through the CertTrash/Rest method.
The CertTrash object becomes a Cert object.

CertTrash/Rest - Request
Parameter	Type	Requested	Description
certtrash	CertTrash		IvSign trash certificate object
certtrash.certid	string	Yes	IvSign trash certificate ID

CertTrash/Rest - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "certtrash": { "certid": "882D1394205D" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

CertTrash/Rest - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

CertTrash/Rest - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

9. Configuration management [Config]

9.1. Creating configuration [Config/Add]

Creating a new configuration is done through the Config/Add method.

Config/Add - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.orgaid	string	Yes	Configuration's organization
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.opt	string	No	Configuration's option inside the configuration's name
config.value	string	Yes	Configuration's value
config.type	string	Yes	Configuration's data value type
config.w	int	Yes	Configuration's user level privileges needed to write it
config.r	int	Yes	Configuration's user level privileges needed to read it

Config/Add - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object

Request and response example:

JSON request
{ "config": { "orgaid": "MYORGA", "section": "mysection", "name": "myname", "opt": "", "type": "int", "value": "50", "w": 10, "r": 20 } }

JSON response
{ "config": { "configid": "19316", "orgaid": "MYORGA", "section": "mysection", "name": "myname", "opt": "", "type": "int", "value": "50", "w": 10, "r": 20 }, "error": { "code": "K0000", "message": "OK", "traceid": "ABK5DSL6RGMI4ACF" } }

Config/Add - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	The created configuration must belong to organization of the agent user or to a child organization of this

Config/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

9.2. Deleting configuration [Config/Del]

Deleting a configuration is done through the Config/Del method.

Config/Del - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.configid	string	Yes	IvSign configuration ID

Config/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "config": { "configid": 19316 } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Config/Del - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The deleted configuration must belong to organization of the agent user
Super Administrator	Yes	The deleted configuration must belong to organization of the agent user or to a child organization of this

Config/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

9.3. Getting configuration [Config/Get]

Getting a configuration is done through the Config/Get method.

Config/Get - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.orgaid	string	No	Configuration's organization

Config/Get - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object

Request and response example:

JSON request
{ "config": { "orgaid": "MYORGA", "section": "mysection", "name": "myname", } }

JSON response
{ "config": { "configid": "19316", "orgaid": "MYORGA", "section": "mysection", "name": "myname", "opt": "", "type": "int", "value": "50", "w": 10, "r": 20 }, "error": { "code": "K0000", "message": "OK", "traceid": "ABK5DSL6RGMI4ACF" } }

Config/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The requested configuration's reading level value must be equal or lower than the agent user
Administrator	Yes	The requested configuration's reading level value must be equal or lower than the agent user
Super Administrator	Yes	The requested configuration's reading level value must be equal or lower than the agent user

Config/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

9.4. Listing configurations [Config/List]

Listing configurations is done through the Config/List method.
Only the allowed configurations to the agent user will be listed, according to the agent user privileges level.

Config/List - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.section	string	No (Yes if name, type and opt are empty)	Configuration's section
config.name	string	No (Yes if section, type and opt are empty)	Configuration's name inside the configuration's section
config.type	string	No (Yes if section, name and opt are empty)	Configuration's data value type
config.opt	string	No (Yes if section, name and type are empty)	Configuration's option inside the configuration's name
config.orgaid	string	No	Configuration's organization

Config/List - Response
Parameter	Type	Description
config	Config[]	IvSign configuration object
error	Error	IvSign error object

Request and response example:

JSON request
{ "config": { "section": "auth" } }

JSON response
{ "configlist": [ { "configid": "19316", "orgaid": "MYORGA", "section": "mysection", "name": "myname", "opt": "", "type": "int", "value": "50", "w": 10, "r": 20 }, { "configid": "19316", "orgaid": "MYORGA", "section": "mysection", "name": "myname", "opt": "", "type": "int", "value": "50", "w": 10, "r": 20 } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Config/List - User permissions
User	Allowed	Conditions
Basic	Yes	The requested configuration's reading level value must be equal or lower than the agent user
Administrator	Yes	The requested configuration's reading level value must be equal or lower than the agent user
Super Administrator	Yes	The requested configuration's reading level value must be equal or lower than the agent user

Config/List - Audits
Operation	Audits
Correct	No
Incorrect	No

9.5. Setting configuration [Config/Set]

Setting a configuration's value is done through the Config/Set method.

Config/Set - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.orgaid	string	No	Configuration's organization
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.opt	string	No	Configuration's option inside the configuration's name
config.value	string	Yes	Configuration's value

Config/Set - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object

Request and response example:

JSON request
{ "config": { "section": "auth", "name": "passtries", "value": 20 } }

JSON response
{ "config": { "configid": "19498", "orgaid": "MYORGA", "section": "auth", "name": "passtries", "opt": "", "type": "int", "value": "20", "w": 20, "r": 10 }, "error": { "code": "K0000", "message": "OK", "traceid": "ABK5DSVOIRHAQAAD" } }

Config/Set - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The modified configuration must belong to the organization of the agent user and its writing level value must be equal or lower than the agent user
Super Administrator	Yes	The modified configuration must belong to the organization of the agent user or to a child organization of this and its writing level value must be equal or lower than the agent user

Config/Set - Audits
Operation	Audits
Correct	No
Incorrect	No

9.6. Getting public configuration [Config/PublicGet]

Getting public configuration is done through the Config/PublicGet method.
The difference between configuration and public configuration is that public configuration has no user level privileges restrictions.

Config/PublicGet - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.orgaid	string	Yes	Configuration's organization

Config/PublicGet - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object

Request and response example:

JSON request
{ "config": { "orgaid": "MYORGA", "section": "customization", "name": "passrecovery", "opt": "default" } }

JSON response
{ "config": { "configid": "19359", "orgaid": "MYORGA", "section": "customization", "name": "passrecovery", "opt": "default", "type": "bool", "value": "false", "w": 20, "r": 0 }, "error": { "code": "K0000", "message": "OK", "traceid": "ABK5DSWRYK45UABP" } }

Config/PublicGet - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Config/PublicGet - Audits
Operation	Audits
Correct	No
Incorrect	No

9.7. Listing public configuration [Config/PublicList]

Listing public configuration is done through the Config/PublicList method.
The difference between configuration and public configuration is that public configuration has no user level privileges restrictions.

Config/PublicList - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.orgaid	string	Yes	Configuration's organization

Config/PublicList - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object

Request and response example:

JSON request
{ "config": { "orgaid": "MYORGA", "section": "customization", "name": "passrecovery" } }

JSON response
{ "configlist": [ { "configid": "19359", "orgaid": "MYORGA", "section": "customization", "name": "passrecovery", "opt": "default", "type": "bool", "value": "false", "w": 20, "r": 0 } ], "error": { "code": "K0000", "message": "OK", "traceid": "ABK5DSWRYK45UABP" } }

Config/PublicList - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Config/PublicList - Audits
Operation	Audits
Correct	No
Incorrect	No

10. Delegations management [Deleg]

10.1. Delegation creation [Deleg/Add]

IvSign certificate delegations are done through the Deleg/Add method.
Once the delegation is created, users can be assigned to it. For each user assigned a copy certificate of the delegation certificate will be created.

Deleg/Add - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.certid	string	Yes	IvSign certificate ID
deleg.name	string	Yes	Delegation's name
deleg.orgaid	string	No	Delegation's organization

Deleg/Add - Response
Parameter	Type	Description
deleg	Deleg	IvSign certificate delegation object
error	Error	IvSign error object

Request and response example:

JSON request
{ "deleg": { "certid": "ABK5DR5KP34YOAAH", "name": "mydeleg" } }

JSON response
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD", "userid": "myuser", "orgaid": "MYORGA", "certid": "ABK5DR5KP34YOAAH", "serial": "NKFH8Y5P3R", "name": "mydeleg", "descr": "CN=cert", "disabled": false, "createdate": "2019-07-03T13:59:12.2810766Z", "ignorecertrules": false, "oper": "myuser", "data": null }, "error": { "code": "K0000", "message": "OK", "traceid": "ABK5DS2LANIBWAAC" } }

Deleg/Add - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

10.2. Deleting delegation [Deleg/Del]

Deleting a delegation is done through the Deleg/Del method.
The delegation must have no users associated to it.

Deleg/Del - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID

Deleg/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

10.3. Getting delegation data [Deleg/Get]

Getting delegation data is done through the Deleg/Get method.

Deleg/Get - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID

Deleg/Get - Response
Parameter	Type	Description
deleg	Deleg	IvSign certificate delegation object
error	Error	IvSign error object

Request and response example:

JSON request
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD" } }

JSON response
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD", "userid": "myuser", "orgaid": "MYORGA", "certid": "ABK5DR5KP34YOAAH", "serial": "NKFH8Y5P3R", "name": "mydeleg", "descr": "CN=cert", "disabled": false, "createdate": "2019-07-03T13:59:12.2810766Z", "ignorecertrules": false, "oper": "myuser", "data": null }, "error": { "code": "K0000", "message": "OK", "traceid": "ABK5DS2LANIBWAAC" } }

Deleg/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

10.4. Listing delegations [Deleg/List]

Listing delegations a user delegations or an organization delegations is done through the Deleg/List method.

Deleg/List - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.orgaid	string	No	Delegation's organization
deleg.userid	string	No	Delegation's user
page	Page		IvSign page object

Deleg/List - Response
Parameter	Type	Description
deleg	Deleg[]	IvSign certificate delegation object
page	Page	IvSign page object
error	Error	IvSign error object

Request and response example:

JSON request
{ "deleg": { "orgaid": "MYORGA", "userid": "myuser" }, "page": null }

JSON response

{
"deleglist": [
{
"delegid": "ABK5DS2LAREYWAAD",
"userid": "myuser",
"orgaid": "MYORGA",
"certid": "ABK5DR5KP34YOAAH",
"serial": "NKFH8Y5P3R",
"name": "mydeleg",
"descr": "CN=cert",
"disabled": false,
"createdate": "2019-07-03T13:59:12.2810766Z",
"ignorecertrules": false,
"oper": "myuser",
"data": "CN=certCN=Test User CA, OU=Sistemas, O=Test S.L., C=ES"
},
{
"delegid": "ABK5DS2LAREYWAAE",
"userid": "myuser",
"orgaid": "MYORGA",
"certid": "ABK5DR5KP34YOAAI",
"serial": "NKFH8Y5P3S",
"name": "mydeleg2",
"descr": "CN=cert",
"disabled": false,
"createdate": "2019-07-03T13:59:15.2810766Z",
"ignorecertrules": false,
"oper": "myuser",
"data": "CN=certCN=Test User CA, OU=Sistemas, O=Test S.L., C=ES"
}
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5DS23FLHLQAAE"
}
}

Deleg/List - User permissions
User	Allowed	Conditions
Basic	Yes	The listed delegations must belong to the agent user
Administrator	Yes	The listed delegations must belong to users that belong to the same organizations as the agent user
Super Administrator	Yes	The listed delegations must belong to users that belong to the same organizations as the agent user or to a child organization of this

Deleg/List - Audits
Operation	Audits
Correct	No
Incorrect	No

10.5. Setting delegation [Deleg/Set]

Setting a delegation parameters is done through the Deleg/Set method.

Deleg/Set - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	string	Yes	IvSign certificate delegation ID
deleg.name	string	No	Delegation's name
deleg.disabled	bool	No	Enabled / disabled delegation flag

Deleg/Set - Response
Parameter	Type	Description
deleg	Deleg	IvSign certificate delegation object
error	Error	IvSign error object

Request and response example:

JSON request
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD", "name": "cocoa", "disabled": true } }

JSON response
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD", "userid": "myuser", "orgaid": "MYORGA", "certid": "ABK5DR5KP34YOAAH", "serial": "NKFH8Y5P3R", "name": "cocoa", "descr": "CN=cert", "disabled": false, "createdate": "2019-07-03T13:59:12.2810766Z", "ignorecertrules": false, "oper": "myuser", "data": null }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

10.6. Listing allowed delegation users [Deleg/AllowedUserList]

Listing which users are allowed to be assigned to a delegation is done through the Deleg/AllowedUserList method.
Usually these users are the enabled ones that belong to the same organization as the agent user.

Deleg/AllowedUserList - Request
Parameter	Type	Requested	Description
Without request parameters

Deleg/AllowedUserList - Response
Parameter	Type	Description
userlist	User[]	IvSing user object
error	Error	IvSign error object

Request and response example:

JSON request
{}

JSON response

{
"userlist": [
{
"userid": "myuser2",
"extid": null,
"orgaid": null,
"orgachain": null,
"name": "myuser2 name",
"lastname": "myuser2 last name",
"email": "myuser2@ivnosys.com",
"ident": null,
"disabled": null,
"disabledreason": null,
"valid": null,
"admin": null,
"superadmin": null,
"authprovider": null,
"lastlogin": null,
"previouslogin": null,
"lastip": null,
"createdate": null,
"pass": null,
"validation": null,
"lang": null,
"phone": null,
"guid": null
},
{
"userid": "myuser3",
"extid": null,
"orgaid": null,
"orgachain": null,
"name": "myuser3 name",
"lastname": "myuser3 last name",
"email": "myuser3@ivnosys.com",
"ident": null,
"disabled": null,
"disabledreason": null,
"valid": null,
"admin": null,
"superadmin": null,
"authprovider": null,
"lastlogin": null,
"previouslogin": null,
"lastip": null,
"createdate": null,
"pass": null,
"validation": null,
"lang": null,
"phone": null,
"guid": null
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5DS4LCIKS2AAG"
}
}

Deleg/AllowedUserList - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

Deleg/AllowedUserList - Audits
Operation	Audits
Correct	No
Incorrect	No

10.7. Deleting delegated certificates [Deleg/CertDel]

Deleting delegated certificates from its delegation is done through the Deleg/CertDel method.

Deleg/CertDel - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID, the delegated certificate ID

Deleg/CertDel - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD" }, "cert": { "certid": "ABK5DS66ZT3SUACV" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/CertDel - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/CertDel - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

10.8. Listing delegated certificates [Deleg/CertList]

Listing all the delegated certificates created by a delegation is done through the Deleg/CertList method.

Deleg/CertList - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.delegid	int	Yes	IvSign certificate delegation ID

Deleg/CertList - Response
Parameter	Type	Description
certlist	Cert[]	IvSign certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "delegid": "ABK5DS2LAREYWAAD" } }

JSON response

{
"certlist": [
{
"certid": "ABK5DS66ZT3SUACV",
"name": "mycert gen",
"userid": "myuser2",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "CN=cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-07-03T10:09:25Z",
"subject": "CN=cert",
"subjectcn": "cert",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2019-07-03T10:09:14Z",
"validto": "2024-07-01T10:09:14Z",
"serial": "NKFH8Y5P3R",
"keysize": "2048",
"signalg": "sha1RSA",
"certprovider": "dbsecure",
"delegated": true,
"delegid": "ABK5DS2LAREYWAAD",
"oper": "dgarcia",
"linked": false,
"createmethod": "DelegAddCert",
"createmodule": "testapi",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "4uvhsdy4vdxua27xck998dddqrnt7xuxsmq8gcac",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5DS7T5ENPUACW"
}
}

Deleg/CertList - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/CertList - Audits
Operation	Audits
Correct	No
Incorrect	No

10.9. Associating user to delegation [Deleg/UserAdd]

Associating a user to a delegation is done through the Deleg/UserAdd method.
This method creates a delegation certificate copy to each user assigned to it. The copy certificates are marked as it.

Deleg/UserAdd - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID
cert	Cert		IvSign certificate object
cert.userid	string	Yes	Recipient user
cert.orgaid	string	No	Recipient user organization
cert.pin	string	Yes	Certificate's pin
cert.newpin	string	Yes	Delegated certificate's pin
disablenotify	bool	No	Enabled / disabled notification flag

Deleg/UserAdd - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD" }, "cert": { "userid": "myuser2", "orgaid": "MYORGA", "pin": "certpin", "newpin": "delegcertpin" }, "disablenotify": true }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/UserAdd - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this, and the user and the must belong to the same organization

Deleg/UserAdd - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

10.10. Deleting user from delegation [Deleg/UserDel]

Deleting a user from a delegation is done through the Deleg/UserDel method.
This method deletes the delegated certificate, removing the user from the delegation.

Deleg/UserDel - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID
user	User		IvSign user object
user.userid	string	Yes	Public certificate's user
user.orgaid	string	No	User's organization

Deleg/UserDel - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "deleg": { "delegid": "ABK5DS2LAREYWAAD" }, "user": { "userid": "myuser2", "orgaid": "MYORGA" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/UserDel - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this, and the user and the must belong to the same organization

Deleg/UserDel - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

11. Device management [Device]

11.1. Device creation [Device/Add]

Device creation can be done through the Device/Add method. It can be also created during user authentication.
If more than one user authenticates using the same device, the device will registered for all the users.

Device/Add - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.deviceinfo	string[][]	Yes	Device information parameters
device.userid	string	No	Device's owner
device.orgaid	string	No	Device's owner organization
device.authorized	bool	No	Authorized / unauthorized device flag
device.notifyenabled	bool	No	Receive push notification enabled / disabled flag

Device/Add - Response
Parameter	Type	Description
device	Device	IvSign device object
error	Error	IvSign error object

Request and response example:

JSON request
{ "device": { "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "authorized": true, "notifyenabled": false } }

JSON response
{ "device": { "deviceid": "7DC4UILIWUFY4", "userid": "miuser", "orgaid": "MYORGA", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "lastaccess": "2018-08-24T07:29:19.6678975Z", "authorized": true, "notifyenabled": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Device/Add - User permissions
User	Allowed	Conditions
Basic	Yes	The device must belong to the agent user
Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

11.2. Deleting devices [Device/Del]

Deleting devices is done through the Device/Del method.

Device/Del - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.deviceid	string	Yes	IvSign device ID

Device/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "device": { "deviceid": "7DC4UILIWUFY4" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Device/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The device must belong to the agent user
Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

11.3. Getting device data [Device/Get]

Getting device data is done through the Device/Get method.
There two ways of asking the device data, by using its deviceid or by using a combination of its userid, orgaid and deviceinfo.

Device/Get - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.deviceid	string	No (Yes if deviceinfo, userid and orgaid are empty)	IvSign device ID
device.deviceinfo	string[][]	No (Yes if deviceid is empty)	Device information parameters
device.userid	string	No (Yes if devideid is empty)	Device's owner
device.orgaid	string	No (Yes if devideid is empty)	Device's organization

Device/Get - Response
Parameter	Type	Description
device	Device	IvSign device object
error	Error	IvSign error object

Request and response example:

JSON request
{ "device": { "userid": "miuser", "orgaid": "MYORGA", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ] } }

JSON response
{ "device": { "deviceid": "7DC4UILIWUFY4", "userid": "miuser", "orgaid": "MYORGA", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "lastaccess": "2018-08-24T08:01:45.0216337Z", "authorized": true, "notifyenabled": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Device/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The device must belong to the agent user
Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

11.4. Listing devices [Device/List]

Listing devices is done through the Device/List method.

Device/List - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.userid	string	No	Device's owner
device.orgaid	string	No	Device's organization
page	Page	No	IvSign page object

Device/List - Response
Parameter	Type	Description
error	Error	IvSign error object
devicelist	Device[]	IvSign device object
page	Page	IvSign page object

Request and response example:

JSON request
{ "device": { "userid": "miuser", "orgaid": "MYORGA" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"devicelist": [
{
"deviceid": "7DC4UILIWUFY4",
"userid": "miuser",
"orgaid": "MYORGA"
"deviceinfo": [
[
"equipo",
"equipoprueba1"
],
[
"ip",
"172.0.0.1"
]
],
"lastaccess": "2018-08-24T07:53:45.5817337Z",
"authorized": true,
"notifyenabled": false
},
{
"deviceid": "7DC4UILIWUFY5",
"userid": "miuser",
"orgaid": "MYORGA"
"deviceinfo": [
[
"equipo",
"equipoprueba2"
],
[
"ip",
"172.0.0.2"
]
],
"lastaccess": "2018-08-24T07:53:45.5817337Z",
"authorized": true,
"notifyenabled": false
},
],
"page": null
}

Device/List - User permissions
User	Allowed	Conditions
Basic	Yes	The listed devices must belong to the agent user
Administrator	Yes	The listed devices must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The listed devices must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/List - Audits
Operation	Audits
Correct	No
Incorrect	No

11.5. Setting devices [Device/Set]

Setting devices is done through the Device/Set method.

Device/Set - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.deviceid	string	Yes	IvSign device ID
device.userid	string	No	Device's owner
device.deviceinfo	string[][]	No	Device information parameters
device.lastaccess	DateTime	No	Device's last access
device.authorized	bool	No	Authorized / unauthorized device flag
device.notifyenabled	bool	No	Receive push notification enabled / disabled flag

Device/Set - Response
Parameter	Type	Description
device	Device	IvSign device object
error	Error	IvSign error object

Request and response example:

JSON request
{ "device": { "deviceid": "7DC4UILIWUFY4", "userid": "miuser", "authorized": false } }

JSON response
{ "device": { "deviceid": "7DC4UILIWUFY4", "userid": "miuser", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "lastaccess": "2018-08-24T08:01:45.0216337Z", "authorized": false, "notifyenabled": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Device/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The device must belong to the agent user
Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

12. Authorization petition management [Inquiry]

12.1. Getting inquiry [Inquiry/Get]

Getting an IvSign inquiry is done through the Inquiry/Get method.

Inquiry/Get - Request
Parameter	Type	Requested	Description
inquiry	Inquiry		IvSign inquiry object
inquiry.inquiryid	string	Yes	IvSign inquiry ID

Inquiry/Get - Response
Parameter	Type	Description
error	Error	IvSign error object
inquiry	Inquiry	IvSign inquiry object

Request and response example:

JSON request
{ "inquiry": { "inquiryid": "7DC5FA5WSOFTE" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"inquiry": {
"inquiryid": "7DC5FA5WSOFTE",
"type": "authsign",
"data": "{\"delegacion.delegid\":\"7DC5FAVXCIQGY\",\"delegacion.name\":\"TestInquiry\",\"delegacion.descr"\:\"\",\"cert.certid\":\"7DC5FAV5LFHN6\",...}",
"createdate": "2019-07-12 07:48:57",
"validuntil": "2019-07-12 07:58:57",
"userid": "myuser",
"orgaid": "MYORGA",
"pending": true,
"response": null
}
}

Inquiry/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Administrator	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Super Administrator	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user

Inquiry/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

12.2. Setting inquiry [Inquiry/Set]

Setting devices is done through the Inquiry/Set method.

Inquiry/Set - Request
Parameter	Type	Requested	Description
inquiry	Inquiry		IvSign inquiry object
inquiry.inquiryid	string	Yes	IvSign inquiry ID
inquiry.response	string	Yes	Inquiry response to the authorization petition

Inquiry/Set - Response
Parameter	Type	Description
error	Error	IvSign error object
inquiry	Inquiry	IvSign inquiry object

Request and response example:

JSON request
{ "inquiry": { "inquiryid": "7DC44PFZOEPUQ", "response": "{\"usagecount\":\"1\",\"hours\":\"1\",\"accepted\":\"true\"}" } }

JSON response

Inquiry/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Administrator	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Super Administrator	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user

Inquiry/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

13. License management [License]

13.1. Getting license data [License/Get]

Getting an organization license data or an environment license data is done through the License/Get method.

License/Get - Request
Parameter	Type	Requested	Description
license	string	Yes	License code

License/Get - Response
Parameter	Type	Description
error	Error	IvSign error object
licenseinfo	KeyValue[]	A parameters list

Request and response example:

JSON request
{ "license": "mylicensecode" }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"licenseinfo": [
{
"Key": "maxCerts",
"Value": ""
},
{
"Key": "maxUsers",
"Value": ""
},
{
"Key": "signatureBiometricEnable",
"Value": "False"
},
{
"Key": "signatureEnable",
"Value": "False"
},
{
"Key": "tspEnable",
"Value": "True"
},
{
"Key": "verifyEnable",
"Value": "True"
},
{
"Key": "expireDate",
"Value": "03/07/2020 9:17:54"
}
]
}

License/Get - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

License/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

14. Notification management [Notify]

14.1. Getting notification [Notify/Get]

Getting a notification data is done through the Notify/Get method.

Notify/Get - Request
Parameter	Type	Requested	Description
notify	Notify		IvSign notification object
notify.notifyid	int	Yes	IvSign notification ID

Notify/Get - Response
Parameter	Type	Description
error	Error	IvSign error object
notify	Notify	IvSign notification object

Request and response example:

JSON request
{ "notify": { "notifyid": 1 } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"notify": {
"notifyid": 1,
"subject": "Notification subject",
"body": "Notification message body",
"createdate": "2018-05-31T11:09:35",
"userid": "myuser",
"orgaid": MYORGA,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": "2018-08-28T10:47:38.175698",
"accepteduser": "myuser",
"readed": true,
"accepted": true,
"requiredcheck": null
}
}

Notify/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The notification must be addressed to the agent user
Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this

Notify/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

14.2. Listing notification [Notify/List]

Listing the notifications addressed to a user or to an organization is done through the Notify/List method.

Notify/List - Request
Parameter	Type	Requested	Description
notify	Notify		IvSign notification object
notify.userid	string	No	Notification's addressed user
notify.orgaid	string	No	Notification's addressed organization
page	Page	No	IvSign page object

Notify/List - Response
Parameter	Type	Description
error	Error	IvSign error object
notifylist	Notify[]	IvSign notification object
page	Page	IvSign page object

Request and response example:

JSON request
{ "notify": { "userid": "myuser", "orgaid": "MYORGA" }, "page": null }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"notifylist": [
{
"notifyid": 1,
"subject": "Notification subject",
"body": "Notification message body",
"createdate": "2018-05-31T11:09:35",
"userid": "myuser",
"orgaid": MYORGA,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": "2018-08-28T10:47:38.175698",
"accepteduser": "myuser",
"readed": true,
"accepted": true,
"requiredcheck": null
},
{
"notifyid": 2,
"subject": "Notification subject 2",
"body": "Notification message body 2",
"createdate": "2018-05-31T11:09:35",
"userid": "myuser2",
"orgaid": MYORGA,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": null,
"accepteduser": "myuser",
"readed": true,
"accepted": false,
"requiredcheck": null
}
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": null
}
}

Notify/List - User permissions
User	Allowed	Conditions
Basic	Yes	The notification must be addressed to the agent user
Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this

Notify/List - Audits
Operation	Audits
Correct	No
Incorrect	No

14.3. Setting notification [Notify/Set]

Setting a notification parameters is done through the Notify/Set method.
This method is also used to accept a notification.

Notify/Set - Request
Parameter	Type	Requested	Description
notify	Notify		IvSign notification object
notify.notifyid	int	Yes	IvSign notification ID
notify.subject	string	No	Notification's subject
notify.body	string	No	Notification's message
notify.required	bool	No	Required acceptance flag
notify.readed	bool	No	Notification read flag
notify.accepted	bool	No	Notification accepted flag

Notify/Set - Response
Parameter	Type	Description
error	Error	IvSign error object
notify	Notify	IvSign notification object

Request and response example:

JSON request
{ "notify": { "notifyid": 1, "subject": "Nuevo asunto", "body": "Nuevo cuerpo" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"notify": {
"notifyid": 2,
"subject": "Notification subject 2",
"body": "Notification message body 2",
"createdate": "2018-05-31T11:09:35",
"userid": "myuser2",
"orgaid": MYORGA,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": "2018-08-28T10:47:38.175698",
"accepteduser": "myuser",
"readed": true,
"accepted": true,
"requiredcheck": null
}
}

Notify/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The notification must be addressed to the agent user
Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this

Notify/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

15. Organizations management [Orga]

15.1. Creating organizations [Orga/Add]

Creating organizations in IvSign is done through the Orga/Add method.

Orga/Add - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID
orga.descr	string	No	Organization's description
orga.parent	string	No	Organization's parent
orga.extid	string	No	Organization's external identifier
orga.license	string	No	Organization's license code

Orga/Add - Response
Parameter	Type	Description
orga	Orga	IvSign organization object
error	Error	IvSign error object

Request and response example:

JSON request
{ "orga": { "orgaid": "MYORGA", "license": "MYORGA license code" } }

JSON response
{ "orga": { "orgaid": "MYORGA", "extid": null, "descr": "MYORGA", "parent": "root", "chain": "root.MYORGA.", "license": "MYORGA license code", "createdate": "2018-08-24T06:16:49Z" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Add - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	The created organization must have agent user organization on its organization chain

Orga/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

15.2. Deleting organizations [Orga/Del]

Deleting organizations is done through the Orga/Del method.
The organization must hold no users nor certificates.

Orga/Del - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID

Orga/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "orga": { "orgaid": "MYORGA" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Del - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	The organization must have agent user organization on its organization chain

Orga/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

15.3. Getting organization data [Orga/Get]

Getting organization data is done through the Orga/Get method.

Orga/Get - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	No (Yes if extid and license are empty)	IvSign organization ID
orga.extid	string	No (Yes if orgaid and license are empty)	Organization's external identifier
orga.license	string	No (Yes if orgaid and extid are empty)	Organization's license code

Orga/Get - Response
Parameter	Type	Description
orga	Orga	IvSign organization object
error	Error	IvSign error object

Request and response example:

JSON request
{ "orga": { "orgaid": "MYORGA" } }

JSON response
{ "orga": { "orgaid": "MYORGA", "extid": null, "descr": "MYORGA", "parent": "root", "chain": "root.MYORGA.", "license": "MYORGA license code", "createdate": "2018-08-24T06:16:49Z" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Get - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The agent user must belong to the organization
Super Administrator	Yes	The organization must have agent user organization on its organization chain

Orga/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

15.4. Listing organizations [Orga/List]

Listing organizations is done through the Orga/List method.
The method lists from only agent user organization up to all system organizations, depending on agent user privileges.

Orga/List - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	No	IvSign certificate ID en IvSign
page	Page	No	IvSign page object

Orga/List - Response
Parameter	Type	Description
orgalist	Orga[]	IvSign organization object
page	Page	IvSign page object
error	Error	IvSign error object

Request and response example:

JSON request
{ "orga": {}, "page": null }

JSON response

{
"orgalist": [
{
"orgaid": "MYORGA",
"extid": null,
"descr": "MYORGA",
"parent": "root",
"chain": "root.MYORGA.",
"license": "MYORGA license code",
"createdate": "2018-08-24T06:16:49Z"
},
{
"orgaid": "MYORGA2",
"extid": null,
"descr": "MYORGA2",
"parent": "MYORGA",
"chain": "root.MYORGA.MYORGA2.",
"license": "MYORGA2 license code",
"createdate": "2018-08-24T06:16:49Z"
}
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Orga/List - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The listed organization must be agent user organization
Super Administrator	Yes	The listed organization must have agent user organization on its organization chain

Orga/List - Audits
Operation	Audits
Correct	No
Incorrect	No

15.5. Setting organization data [Orga/Set]

Setting organization data is done through the Orga/Set method.

Orga/Set - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID
orga.descr	string	No	Organization's description
orga.extid	string	No	Organization's external identifier
orga.license	string	No	Organization's license code

Orga/Set - Response
Parameter	Type	Description
orga	Orga	IvSign organization object
error	Error	IvSign error object

Request and response example:

JSON request
{ "orga": { "orgaid": "MYORGA", "descr": "MYORGA new description" } }

JSON response
{ "orga": { "orgaid": "MYORGA", "extid": null, "descr": "MYORGA new description", "parent": "root", "chain": "root.MYORGA.", "license": "MYORGA license code", "createdate": "2018-08-24T06:16:49Z" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Set - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The renamed organization must be agent user organization
Super Administrator	Yes	The renamed organization must have agent user organization on its organization chain

Orga/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

15.6. Renaming organization [Orga/Ren]

Renaming an organization, changing its orgaid, is done through the Orga/Ren method.
The renamed organization will loose its previous auditory records.

Orga/Ren - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID
neworga	Orga		IvSign organization object
neworga.orgaid	string	Yes	IvSign organization ID

Orga/Ren - Response
Parameter	Type	Description
orga	Orga	IvSign organization object
error	Error	IvSign error object

Request and response example:

JSON request
{ "orga": { "orgaid": "MYORGA" }, "neworga": { "orgaid": "myneworga" } }

JSON response
{ "orga": { "orgaid": "myneworga", "extid": null, "descr": "MYORGA new description", "parent": "root", "chain": "root.MYORGA.", "license": "MYORGA license code", "createdate": "2018-08-24T06:16:49Z" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Ren - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The renamed organization must be agent user organization
Super Administrator	Yes	The renamed organization must have agent user organization on its organization chain

Orga/Ren - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

16. External PKI integration management [PKI]

16.1. Certificate request [PKI/Petition]

Requesting certificates with associated PKI is done through PKI/Petition method.
Administrator privileges are needed to use this method.
The authentication will be provided on the pkiauth parameter. It changes according to the specified PKI.
The parameter fields will contain a key value array (dictionary). Its parameters will changes according to the specified PKI.

PKI/Petition - Request
Parameter	Type	Requested	Description
pki	string	Yes	PKI identifier
pkiauth	string	Yes	Certificate's pin
fields	string[][]	Yes	Request parameters

PKI/Petition - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "pki": "status", "pkiauth": "sign\|8981CEC30B43\|pin", "fields": [ [ "name", "John" ], [ "ID", "012345678Z" ], ] }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PKI/Petition - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

PKI/Petition - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

16.2. Getting CA certificate's public key [PKI/CACERGet]

Getting CA certificate's public key is done through the PKI/CACERGet method.

PKI/CACERGet - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
fields	string[][]	Yes	Request parameters

PKI/CACERGet - Response
Parameter	Type	Description
cer	byte[]	Certificate`s public key
error	Error	IvSign error object

Request and response example:

JSON request
{ "pki": "mypki", "fields": [ [ "name", "John" ], [ "ID", "012345678Z" ], ] }

JSON response
{ "cer": "MIIH0zCCBrugAwIBAgIJALuqibvbQhjqMA0G...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PKI/CACERGet - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CACERGet - Audits
Operation	Audits
Correct	No
Incorrect	No

16.3. Listing CA PKI certificates [PKI/CAList]

Listing CA PKI certificates is done through the PKI/CAList method.

PKI/CAList - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
pkicert	PKICert		IvSign PKI certificate object
pkicert.sha1sum	string	No	PKI certificate's SHA1SUM
page	Page	No	IvSign page object

PKI/CAList - Response
Parameter	Type	Description
result	PKICert[]	IvSign PKI certificate object
page	Page	IvSign page object
error	Error	IvSign error object

Request and response example:

JSON request
{ "pki": "prueba" }

JSON response

{
"result": [
{
"sha1sum": "YV5LJLEZ88WFRCHRSRRXQRT7FXJSZHYE6CQBEUT4",
"serial": "QTGE35LNGMCN",
"name": "MyCA",
"subjectcn": "MYCA_CA_INTERMEDIATE",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
},
{
"sha1sum": "PQ734NTNAK37JJWVSTAMGH9HE5LRZNFLVJW2Z8Y5",
"serial": "D2GSYXYJQE6E",
"name": "MyCA Root",
"subjectcn": "IvPKI Root",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
}
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PKI/CAList - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CAList - Audits
Operation	Audits
Correct	No
Incorrect	No

16.4. Generating PKI certificate [PKI/CertGen]

Generating new PKI certificates is done through the PKI/CertGen method.

PKI/CertGen - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
fields	string[][]	Yes	Request parameters
cert	Cert		IvSign certificate object
cert.name	string	No	Certificate's name
cert.descr	string	No	Certificate's description
cert.pin	string	No	Certificate's pin
user	User		IvSign user object
user.userid	string	Yes	Certificate's user
user.orgaid	string	Yes	Certificate's organization

PKI/CertGen - Response
Parameter	Type	Description
cert	Cert	IvSign certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "pki": "mypki", "fields": [ [ "subject", "{\"cn\":\"myuser\"}" ], [ "validfrom", "2019-05-22T08:01:49.902Z" ], [ "validto", "2020-05-22T08:01:49.902Z" ] ], "user": { "userid": "myuser", "orgaid": "MYORGA" }, "cert": { "name": "mycert pki", "pin": "certpin" } }

JSON response

{
"cert": {
"certid": "WMNH3MJJVLV8H64W",
"name": "mycert pki",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": true,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-07-03T09:51:35Z",
"subject": "CN=None",
"subjectcn": "None",
"issuer": "OU=IvSign, O=Ivnosys, L=Paterna, S=Valencia, C=ES, CN=MYCA_CA_INTERMEDIATE",
"issuercn": "MYCA_CA_INTERMEDIATE",
"validfrom": "2019-07-03T09:51:35Z",
"validto": "2019-07-03T09:51:35Z",
"serial": "J6CPY72955HB",
"keysize": "2048",
"signalg": "None",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "PKICertGen",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "adm2k3zr9pdzegxsd33e5ddtfb8bn5wweb9rya5p",
"extid": null,
"providerdata": "{\"pkiprovider\":\"mypki\"}",
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44VS2HFYAG"
}
}

PKI/CertGen - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CertGen - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

16.5. Listing PKI certificates [PKI/CertList]

Listing PKI certificates is done through the PKI/CertList method.

PKI/CertList - Request
Parameter	Type	Requested	Description
pkicert	PKICert		IvSign PKI certificate object
pkicert.sha1sum	string	No	Certificate SHA1SUM
pki	string	Yes	Associated PKI identifier
page	Page	No	IvSign page object

PKI/CertList - Response
Parameter	Type	Description
result	PKICert[]	IvSign PKI certificate object
page	Page	IvSign page object
error	Error	IvSign error object

Request and response example:

JSON request
{ "pki": "mypki" }

JSON response

{
"result": [
{
"sha1sum": "XP8VNY2LLB9RXBUP7PYTUAMQXCCW4BW8LEZXSJ62",
"serial": "ZX8L5Y25H9XG",
"name": "Mica root",
"subjectcn": "MICA_CA_INTERMEDIA",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
},
{
"sha1sum": "KN8MTFLKDMZ6DWKJSNBX2P94D9NC4UEXNNE8DGNT",
"serial": "EG2JHPSGM7FF",
"name": "ROOT",
"subjectcn": "IvPKI Root",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
}
...
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 6
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PKI/CertList - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CertList - Audits
Operation	Audits
Correct	No
Incorrect	No

16.6. Getting PKI certificate public key [PKI/CertCAGet]

Getting a PKI certificate's public key is done through the PKI/CertCAGet method.

PKI/CertCAGet - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
fields	string[][]	No	Request parameters

PKI/CertCAGet - Response
Parameter	Type	Description
cer	byte[]	Certificate`s public key
error	Error	IvSign error object

Request and response example:

JSON request
{ "pki": "mypki" }

JSON response
{ "cer": "MIIH0zCCBrugAwIBAgIJALuqibvbQhjqMA0G...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PKI/CertCAGet - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CertCAGet - Audits
Operation	Audits
Correct	No
Incorrect	No

16.7. Revoking PKI certificate [PKI/Revoke]

Revoking a PKI certificate is done through the PKI/Revoke method.

PKI/Revoke - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
fields	string[][]	Yes	Request parameters

PKI/Revoke - Response
Parameter	Type	Description
result	string	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "pki": "mypki", "fields": [ [ "sha1sum", "cssvkuau6qxx7usayddqmeafbkmt9jaep92hwrw2" ] ] }

JSON response
{ "result": "cssvkuau6qxx7usayddqmeafbkmt9jaep92hwrw2 REVOKED", "error": { "code": "K0000", "message": "OK", "traceid": "7DC44VTOE5IAY" } }

PKI/Revoke - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/Revoke - Audits
Operation	Audits
Correct	No
Incorrect	No

17. Public certificates management [PubCert]

17.1. Creating public certificates [PubCert/Add]

Creating new public certificates on IvSing using its public key is done through the PubCert/Add method.

PubCert/Add - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.userid	string	No	Public certificate's user
pubcert.orgaid	string	No	Public certificate's organization
pubcert.alias	string	Yes	Public certificate's alias
cer	byte[]	Yes	Public certificate

PubCert/Add - Response
Parameter	Type	Description
result	PubCert	IvSign public certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "pubcer":{ "userid": "myuser", "orgaid": "MYORGA", "alias": "mypubcert" } "cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev..." }

JSON response

{
"result": {
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "root.MYORGA",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mypubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PubCert/Add - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

PubCert/Add - Audits
Operation	Audits
Correct	No
Incorrect	No

17.2. Deleting public certificates [PubCert/Del]

Deleting public certificates is done through the PubCert/Del method.

PubCert/Del - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.pubcertid	string	Yes	IvSign public certificate ID

PubCert/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "pubcert": { "pubcertid": "8C7792DAA0A5" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PubCert/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

PubCert/Del - Audits
Operation	Audits
Correct	No
Incorrect	No

17.3. Obtención de certificados públicos [PubCert/Get]

Método para obtener un certificado público de IvSign.

PubCert/Get - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.pubcertid	string	No	IvSign public certificate ID
pubcert.userid	string	No	Public certificate's user
pubcert.orgaid	string	No	User's organization
pubcert.sha1sum	string	No	Certificate's SHA1SUM

PubCert/Get - Response
Parameter	Type	Description
result	PubCert	IvSign public certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "pubcert": { "pubcertid": "8C7792DAA0A5" } }

JSON response

PubCert/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

PubCert/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

17.4. Listing public certificates [PubCert/List]

Listing public certificates is done through the PubCert/List method.

PubCert/List - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.pubcertid	string	No	IvSign public certificate ID
pubcert.userid	string	No	Public certificate's user
pubcert.orgaid	string	No	Public certificate's organization
pubcert.sha1sum	string	No	Certificate's SHA1SUM
page	Page		IvSign page object

PubCert/List - Response
Parameter	Type	Description
result	PubCert[]	IvSign public certificate object
error	Error	IvSign error object
page	Page	IvSign page object

Request and response example:

JSON request
{ "pubcert": { "userid": "miuser" } }

JSON response

{
"result": [
{
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "root.MYORGA",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mypubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
{
"pubcertid": "8C7792DAA0A6",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf15",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26f",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "root.MYORGA",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mypubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}

PubCert/List - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

PubCert/List - Audits
Operation	Audits
Correct	No
Incorrect	No

17.5. Setting public certificates [PubCert/Set]

Setting public certificates is done through the PubCert/Set method.

PubCert/Set - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.pubcertid	string	Yes	IvSign public certificate ID
pubcert.alias	string	Yes	Public certificate's alias
pubcert.userid	string	No	Public certificate's user
pubcert.orgaid	string	No	Public certificate's organization
pubcert.sha1sum	string	No	Certificate's SHA1SUM

PubCert/Set - Response
Parameter	Type	Description
result	PubCert	IvSign public certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "pubcert": { "pubcertid": "8C7792DAA0A5", "alias": "mypubcert modified" } }

JSON response

{
"result": {
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "root.MYORGA",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mypubcert modified",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PubCert/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

PubCert/Set - Audits
Operation	Audits
Correct	No
Incorrect	No

18. Public certificate management [PubCertBin]

18.1. Creating public certificates [PubCertBin/Add]

Creating public certificates is done through the PubCertBin/Add method.

PubCertBin/Add - Request
Parameter	Type	Requested	Description
cer	byte[]	Yes	Certificate's public key

PubCertBin/Add - Response
Parameter	Type	Description
result	PubCertBin	IvSign public bin certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev..." }

JSON response

{
"result": {
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev...",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PubCertBin/Add - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

PubCertBin/Add - Audits
Operation	Audits
Correct	No
Incorrect	No

18.2. Getting public certificate data [PubCertBin/Get]

Getting public certificate data using its fingerprint is done through the PubCertBin/Get method.

PubCertBin/Get - Request
Parameter	Type	Requested	Description
fingerprint	string	Yes	Public bin certificate's fingerprint

PubCertBin/Get - Response
Parameter	Type	Description
result	PubCertBin	IvSign public bin certificate object
error	Error	IvSign error object

Request and response example:

JSON request
{ "fingerprint": "09931e3ecdb89c5f4750987797af9324ad1adf14" }

JSON response

PubCertBin/Get - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

PubCertBin/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

18.3. Checking public certificate [PubCertBin/Check]

Checking if a public certificate exists in IvSing is done through the PubCertBin/Check method.

PubCertBin/Check - Request
Parameter	Type	Requested	Description
fingerprint	string	Yes	Public bin certificate's fingerprint

PubCertBin/Check - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "fingerprint": "09931e3ecdb89c5f4750987797af9324ad1adf14" }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PubCertBin/Check - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

PubCertBin/Check - Audits
Operation	Audits
Correct	No
Incorrect	No

19. Usage rules / Usage policies management [Rule]

19.1. Creating usage rule [Rule/Add]

Creating usage rules or usage policies is done through the Rule/Add method.
The rules can be applied to a certificate or to a delegation. If the rule is applied to certificate is called policy. Once a rule is applied to a delegation, its effect is applied to all the delegated certificates as well.

Rule/Add - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.delegid	string	No (Yes if certid is empty)	IvSign certificate delegation ID
rule.certid	string	No (Yes if delegid is empty)	IvSign certificate ID
rule.name	string	Yes	Rule's name
rule.dayfrom	DateTime	No	Rule application start date
rule.dayto	DateTime	No	Rule application end date
rule.hourfrom	int	No	Rule application start time
rule.hourto	int	No	Rule application end time
rule.dow	int	No	Rule application weekdays, in binary format, for instance: 5 is binary is 101, that means the rule is applied on Monday and Wednesday

Rule/Add - Response
Parameter	Type	Description
rule	Rule	IvSign rule object
error	Error	IvSign error object

Request and response example:

JSON request
{ "rule": { "delegid": "ABK5DS2LAREYWAAD", "name": "myrule", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 31 } }

JSON response
{ "rule": { "ruleid": "7DC4VWUHLDIYA", "delegid": "ABK5DS2LAREYWAAD", "certid": null, "name": "miregla", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 31, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/Add - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate or the delegation must belong to the agent user
Administrator	Yes	The certificate or the delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate or the delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

19.2. Deleting rule [Rule/Del]

Deleting a usage rule or usage policy is done through the Rule/Del method.

Rule/Del - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.ruleid	String	Yes	IvSign rule ID

Rule/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "rule": { "ruleid": "7DC4VWUHLDIYA" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The deleted rule must belong to a certificate or delegation that belongs to the agent user
Administrator	Yes	The deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

19.3. Getting rule data [Rule/Get]

Getting usage rule data is done through the Rule/Get method.

Rule/Get - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.ruleid	string	Yes	IvSign rule ID

Rule/Get - Response
Parameter	Type	Description
rule	Rule	IvSign rule object
error	Error	IvSign error object

Request and response example:

JSON request
{ "rule": { "ruleid": "7DC4VWUHLDIYA" } }

JSON response
{ "rule": { "ruleid": "7DC4VWUHLDIYA", "delegid": "ABK5DS2LAREYWAAD", "certid": null, "name": "miregla", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 31, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The deleted rule must belong to a certificate or delegation that belongs to the agent user
Administrator	Yes	The deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

19.4. Listing rule [Rule/List]

Listing a delegation usage rules or a certificate usage policies is done through the Rule/List method.

Rule/List - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.delegid	string	No (Yes if certid is empty)	IvSign certificate delegation ID
rule.certid	string	No (Yes if delegid is empty)	IvSign certificate ID

Rule/List - Response
Parameter	Type	Description
rule	Rule[]	IvSign rule object
error	Error	IvSign error object

Request and response example:

JSON request
{ "rule": { "delegid": "ABK5DS2LAREYWAAD" } }

JSON response
{ "rulelist": [ { "ruleid": "7DC4VWUHLDIYA", "delegid": "ABK5DS2LAREYWAAD", "certid": null, "name": "miregla", "dayfrom": "2018-08-01T00:00:00Z", "dayto": "2018-08-31T00:00:00Z", "hourfrom": 8, "hourto": 20, "dow": 31, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/List - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate or the delegation must belong to the agent user
Administrator	Yes	The certificate or the delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate or the delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/List - Audits
Operation	Audits
Correct	No
Incorrect	No

19.5. Setting usage rule [Rule/Set]

Setting usage rules or usage policies is done through the Rule/Set method.
This set method works different than the others. In this method all the fields, including the null ones, will be set

Rule/Set - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.rule	string	Yes	IvSign rule ID
rule.name	string	No	Rule's name
rule.dayfrom	DateTime	No	Rule application start date
rule.dayto	DateTime	No	Rule application end date
rule.hourfrom	int	No	Rule application start time
rule.hourto	int	No	Rule application end time
rule.dow	int	No	Rule application weekdays, in binary format, for instance: 5 is binary is 101, that means the rule is applied on Monday and Wednesday

Rule/Set - Response
Parameter	Type	Description
rule	Rule	IvSign rule object
error	Error	IvSign error object

Request and response example:

JSON request
{ "rule": { "ruleid": "7DC4VWUHLDIYA", "name": "myrule", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 127 } }

JSON response
{ "rule": { "ruleid": "7DC4VWUHLDIYA", "delegid": "ABK5DS2LAREYWAAD", "certid": null, "name": "miregla", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 127, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The set rule must must belong to the agent user
Administrator	Yes	The set rule must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The set rule must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20. Simple hash signatures [Sign]

20.1. Hash signature [Sign/Hash] ✍

Hash signature are performed by using the Sign/Hash method.

Sign/Hash - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's pin
hash	Hash		IvSign hash parameters object
hash.algorithm	string	Yes	Hash algorithm: 'SHA1', 'SHA256', 'SHA512' , SHA1 by default
hash.digest	byte[]	Yes	Hash to sign
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller

Sign/Hash - Response
Parameter	Type	Description
data	byte[]	Hash signature
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5DS66ZT3SUACV", "pin": "certpin" }, "hash": { "algorithm": "SHA512", "digest": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9..." }, "caller": { "host": "devhost", "app": "apitest" } }

JSON response
{ "data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Sign/Hash - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Sign/Hash - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.2. PDF basic signature [Sign/PDF] ✍

PDF basic signature are performed by using the Sign/PDF method.

Sign/PDF - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's pin
document	byte[]	Yes	PDF to sign
algorithm	string	No	Hash algorithm
extradata	string[][]	No	Signature extra information
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller

Sign/PDF - Response
Parameter	Type	Description
data	byte[]	Signed PDF
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5DS66ZT3SUACV", "pin": "certpin" }, "data": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9...", "caller": { "host": "devhost", "app": "apitest" } }

JSON response
{ "data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Sign/PDF - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Sign/PDF - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.3. RSA Signature [Sign/RSA] ✍

RSA signature are performed by using the Sign/RSA method.

Sign/RSA - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's pin
data	byte[]	Yes	Object to sign
extradata	string[][]	No	Signature extra information
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller

Sign/RSA - Response
Parameter	Type	Description
data	byte[]	RSA signature
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "ABK5DS66ZT3SUACV", "pin": "pincert" }, "data": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9...", "caller": { "host": "devhost", "app": "apitest" } }

JSON response
{ "data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Sign/RSA - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Sign/RSA - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.4. TSP signature [Sign/TSP] ✍

TSP signature are performed by using the Sign/TSP method.

Sign/TSP - Request
Parameter	Type	Requested	Description
tsulist	string[]	Yes	Time stamp servers URL list
includecert	bool	No	Include time stamp server certificate into the signature
hash	Hash		IvSign hash parameters object
hash.algorithm	string	Yes	Hash algorithm
hash.digest	byte[]	Yes	Hash to sign
nonce	byte[]	No	Random generated signature identifier, included into the signature
policy	string	No	Signature policy identifier

Sign/TSP - Response
Parameter	Type	Description
error	Error	IvSign error object
tsainfo	tsainfo	IvSign TSA information object
tsr	byte[]	Signed object

Request and response example:

JSON request
{ "tsulist": [ "http://usuario:password@servidor.sellado" ], "includecert": true, "hash": { "algorithm": "sha256", "digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ=" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "tsainfo": { "subjectcn": "servidor.sellado", "url": "http://servidor.sellado", "serial": "73CF40966ECAA1E358984E23F4AA3B7D", "cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..." }, "tsr": "MIIMFDADAgEAMIAGCSqGSIb3..." }

Sign/TSP - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Sign/TSP - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

21. Document signatures [Signature]

21.1. PDF document signature [Signature/Pades] ✍

PDF document signature are performed by using the Signature/Pades method.
The signature is highly customizable.

Signature/Pades - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's access pin
document	byte[]	Yes	PDF document to sign
asyncdata	byte[]	No	Signature in detached mode
profile	string	Yes	Signature profile: 'basic' or 'enhanced'
hashalgorithm	string	No	Hash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SHA1 by default
extensions	string	No	Signature extensions, separated by coma: 't'=Include TimeStamp into the signature, 'timestamp'=Add a TimeStamp to the signature (Long Term Validation), 'epes'=Include signature policy, 'biometry'=Include biometric data, 'revinfo'=Include certificate's revocation information
operation	string	No	Kind of operation to perform: sign, cosign, upgrade, append...
extradata	string[][]	No	Signature extra information
parameters	SignPadesParams		IvSign signature complementary PAdES parameters
parameters.cause	string	No	Signature reason
parameters.tstampservers	TimeStampServerInfo[]	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
parameters.pdfparameters	PDFSignParams	No	IvSign PDF signature parameters object
parameters.biometry	Biometry	No	IvSign biometric data object
parameters.policy	SignPolicy		IvSign signature policies object
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller
caller.location	string	No	Client URL location
caller.remoteuser	string	No	Client host user

Signature/Pades - Response
Parameter	Type	Description
error	Error	IvSign error object
data	byte[]	Signed PDF document

Request and response example:

JSON request

{
"cert": {
"certid": "ABK5DS66ZT3SUACV",
"pin": "certpin"
},
"document": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0Nh...",
"profile": "enhanced",
"extensions": "t,timestamp,biometry",
"parameters": {
"tstampservers": [
{
"name": "seg-social",
"url": "https://w6.seg-social.es/tspTSA/input/RequestTSA",
"httpauth": false,
"hashalgorithm": "SHA256",
"includecertificates": true,
"usenonce": true
}
],
"biometry": {
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQA...",
"data": "AAEAABAAAAAFpwnxeWleeHgOymUHL2tOmBcYBneDA/vtzTXsvKi..."
},
"policy": {
"policyidentifier": "2.16.724.1.3.1.1.2.1.9",
"policydigest": "G7roucf600+f03r/o0bAOQ6WAs0=",
"policydigestalgorithm": "sha1",
"policyidentifieraddqualifier": true,
"policyqualifieruri": "https://sede.060.gob.es/politica_de_firma_anexo_1.pdf"
}
}
}

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9U..." }

Signature/Pades - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Signature/Pades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

21.2. XML document signature [Signature/Xades] ✍

XML document signature are performed by using the Signature/Xades method.
The signature is highly customizable.

Signature/Xades - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's access pin
document	byte[]	Yes	XML document to sign
signdata	byte[]	No	Signature in detached mode
profile	string	Yes	Signature profile, values are 'xmldsig', 'bes', 'epes', 't', 'c', 'xl', 'a'.'bes'= xades basic, 't'=Include TimeStamp into the signature, 'epes'= Add signature policy, 'c'=Add references to the signature for future Verifications, 'x'=Add TimeStamp to the references, 'xl'=Current revocation information for long term verifications, 'a'= Add archive time-stamps
extension	string	Yes	Signature options, for example: 'digestdetached' to embed the document as messagedigest reference in signedinfo, 'codice' to detect and sign codice documents.
hashalgorithm	string	No	Hash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SHA1 by default
envelop	string	Yes	Signature format: 'enveloped'=The signature includes the original XML document, 'enveloping'=A new XML document is generated with the original XML document on one of its nodes
operation	string	No	Kind of operation to perform: sign, cosign
extradata	string[][]	No	Signature extra information
parameters	SignXadesParams		IvSign signature complementary XAdES parameters
parameters.tstampserver	TimeStampServerInfo	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
parameters.location	SignLocation	No	Signature location data, for instance, the city where the signature is performed
parameters.policy	SignPolicy	No	IvSign signature policy object
parameters.signerrole	string	No	Signer user role
parameters.includewholechain	bool	No	Include or not the whole certificate's certificate chain
parameters.includekeyvalue	bool	No	Include or not certificate's public key
parameters.xadesversion	int	No	XAdES signature version
parameters.envreferencetosign	string	No (Yes if envelop = enveloped)	Internal reference to the original XML document, must start by '#'
parameters.envsigdestreference	string	No	Sets the xmldsign destination node element through document xpath search method
parameters.envnamespacelist	string[][]	No	Sets the envsigdestreference xpath search method referred nodes namespace and its prefixes list
parameters.envreferencetosignns	string	No	ID node namespace to sign, for example, wsu:Id
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller
caller.location	string	No	Client URL location
caller.remoteuser	string	No	Client host user

Signature/Xades - Response
Parameter	Type	Description
error	Error	IvSign error object
data	byte[]	XML signed document

Request and response example:

JSON request

{
"cert": {
"certid": "ABK5DS66ZT3SUACV",
"pin": "certpin"
},
"document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...",
"profile": "t",
"envelop": "enveloping",
"parameters": {
"tstampservers": [{
"url": "http://usuario:password@servidor.sellado",
"httpauth": false,
"usenonce": true,
"includecertificates": true,
"hashalgorithm": "sha1"
}]
}

**JSON response**


{
	"error": {
		"code": "K0000",
		"message": "OK",
		"traceid":"7DC44PFZOEPUQ"
	},
	"data": "77u/PD94bWwg..."
}

Signature/Xades - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Signature/Xades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

21.3. Generic document signature [Signature/Cades] ✍

Generic document signature are performed by using the Signature/Cades method.
The signature is highly customizable.

Signature/Cades - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's access pin
document	byte[]	Yes	Generic document to sign
signdata	byte[]	No	Signature in detached mode
profile	string	Yes	Signature profile: 'cms'=Without encapsulation, 'bes'=Basic, 't'=Include TimeStamp into the signature, 'c'=Add references to the signature for future Verifications, 'x'=Extended, 'xl'=Long term extended
extensions	string	No	Signature options, for example: T include TimeStamp into the signature, EPES include signature policy o LTV re stamp the signature
hashalgorithm	string	No	Hash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SHA1 by default
envelop	string	No	Signature format: 'enveloped'=The signature includes the original document, 'enveloping'=A new XML document is generated with the original document on one of its nodes
operation	string	No	Kind of operation to perform: sign, cosign, upgrade, append...
parameters	SignCadesParams		IvSign signature complementary CAdES parameters
extradata	string[][]	No	Signature extra information
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller
caller.location	string	No	Client URL location
caller.remoteuser	string	No	Client host user

Signature/Cades - Response
Parameter	Type	Description
error	Error	IvSign error object
data	byte[]	Generic signed document

Request and response example:

JSON request
{ "cert": { "certid": "ABK5DS66ZT3SUACV", "pin": "certpin" }, "document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...", "profile": "t", "parameters": { "tstampservers": [ { "url": "http://usuario:password@servidor.sellado", "httpauth": false, "usenonce": true, "includecertificates": true, "hashalgorithm": "sha1" } ] } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "77u/PD94bWwg..." }

Signature/Cades - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Signature/Cades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

21.4. PDF document time stamping [Signature/TimestampPdf] ✍

PDF documents time stamping are performed by using the Signature/Cades method.
The time stamp is highly customizable.

Signature/TimestampPdf - Request
Parameter	Type	Requested	Description
document	byte[]	Yes	PDF document to stamp
algorithm	string	Yes	Algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
extradata	string[][]	No	Signature extra information
parameters	SignPadesParams		IvSign signature complementary PAdES parameters
parameters.cause	string	No	Time stamp reason
parameters.pdfparameters	PDFSignParams	No	IvSign PDF signature parameters object
parameters.tstampservers	TimeStampServerInfo []	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
parameters.biometry	Biometry	No	IvSign biometric data object

Signature/TimestampPdf - Response
Parameter	Type	Description
error	Error	IvSign error object
data	byte[]	Time stamped PDF document

Request and response example:

JSON request
{ "document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...", "algorithm": "sha256", "parameters": { "tstampservers":[ { "url": "http://usuario:password@servidor.sellado", "httpauth": false, "usenonce": true, "includecertificates": true, "hashalgorithm": "sha1" }] } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "77u/PD94bWwg..." }

Signature/TimestampPdf - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Signature/TimestampPdf - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

21.5. Signed PDF document upgrade [Signature/UpgradePades] ✍

Upgrading a signed PDF document is done through the Signature/UpgradePades method.
The signature is highly customizable.

Signature/UpgradePades - Request
Parameter	Type	Requested	Description
document	byte[]	Yes	Signed PDF document to upgrade
profile	string	Yes	Signature profile 't', 'lt', 'lta' or 'ltv'
signatureselector	SignatureSelector		Siganture selector options
signatureselector.signaturenumber	int	No	Specific signature ID to upgrade
signatureselector.signatureorder	string	No	Order by which the signatures of the document will be upgraded, the options are 'first', 'last' and 'all'
signatureselector.signaturetypefilter	string	No	Type of signatures to upgrade, the options are 'all', 'usersignatures' and 'documenttimestamp'
parameters	SignPadesParams		IvSign signature complementary PAdES parameters
parameters.cause	string	No	Signature reason
parameters.tstampservers	TimeStampServerInfo[]	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
parameters.pdfparameters	PDFSignParams	No	IvSign PDF signature parameters object
parameters.biometry	Biometry	No	IvSign biometric data object
parameters.policy	SignPolicy		IvSign signature policies object
extensions	string	No	Signature extensions, separated by coma: 't'=Include TimeStamp into the signature, 'timestamp'=Add a TimeStamp to the signature (Long Term Validation), 'epes'=Include signature policy, 'biometry'=Include biometric data, 'revinfo'=Include certificate's revocation information
force	bool	No	Force the signature upgrade even though the signature verification is not valid flag

Signature/UpgradePades - Response
Parameter	Type	Description
error	Error	IvSign error object
data	byte[]	Signed PDF document

Request and response example:

JSON request
{ "document": "JVBERi0xLjQKJeLjz9MKMSAwIG9iago8PC9UeXBlIC9DYXRhbG...", "profile": "t", "signatureselector": { "signatureorder": "all", "signaturetypefilter": "all" }, "parameters": { "tstampservers": [ { "name": "seg-social", "url": "https://w6.seg-social.es/tspTSA/input/RequestTSA", "includecertificates": true, "hashalgorithm": "sha1" } ] }, "extensions": "timestamp", "force": true }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid": "ABK5ENBKRSMZIABL" }, "data": "JVBERi0xLjQKJeLjz9MKMSAwIG9iago8PC9UeXBlIC9DYXRhbG9nIC..." }

Signature/UpgradePades - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Signature/UpgradePades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

22. Biometry sign [Biometry]

22.1. PDF document signature [Biometry/Sign] ✍

PDF document signature with biometry data are performed by using the Biometry/Sign method with a certificate configured for the organization.
The signature is highly customizable.

Signature/Pades - Request
Parameter	Type	Requested	Description
document	byte[]	Yes	PDF document to sign
asyncdata	byte[]	No	Signature in detached mode
profile	string	Yes	Signature profile: 'basic' or 'enhanced'
hashalgorithm	string	No	Hash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SHA1 by default
extensions	string	No	Signature extensions, separated by coma: 't'=Include TimeStamp into the signature, 'timestamp'=Add a TimeStamp to the signature (Long Term Validation), 'epes'=Include signature policy, 'biometry'=Include biometric data, 'revinfo'=Include certificate's revocation information
operation	string	No	Kind of operation to perform: sign, cosign, upgrade, append...
extradata	string[][]	No	Signature extra information
parameters	SignPadesParams		IvSign signature complementary PAdES parameters
parameters.cause	string	No	Signature reason
parameters.tstampservers	TimeStampServerInfo[]	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
parameters.pdfparameters	PDFSignParams	No	IvSign PDF signature parameters object
parameters.biometry	Biometry	Yes	IvSign biometric data object
parameters.policy	SignPolicy		IvSign signature policies object

Biometry/Sign - Response
Parameter	Type	Description
error	Error	IvSign error object
data	byte[]	Signed PDF document

Request and response example:

JSON request

{
"document": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0Nh...",
"profile": "enhanced",
"extensions": "t,timestamp,biometry",
"parameters": {
"tstampservers": [
{
"name": "seg-social",
"url": "https://w6.seg-social.es/tspTSA/input/RequestTSA",
"httpauth": false,
"hashalgorithm": "SHA256",
"includecertificates": true,
"usenonce": true
}
],
"biometry": {
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQA...",
"data": "AAEAABAAAAAFpwnxeWleeHgOymUHL2tOmBcYBneDA/vtzTXsvKi..."
},
"policy": {
"policyidentifier": "2.16.724.1.3.1.1.2.1.9",
"policydigest": "G7roucf600+f03r/o0bAOQ6WAs0=",
"policydigestalgorithm": "sha1",
"policyidentifieraddqualifier": true,
"policyqualifieruri": "https://sede.060.gob.es/politica_de_firma_anexo_1.pdf"
}
}
}

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9U..." }

Biometry/Sign - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Biometry/Sign - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

23. Statistics management [Stats]

23.1. General system statistics [Stats/System]

Getting general system statistics is done through the Stats/System method.
This statistics are related to the system capacity, for instance how many users it holds or the quantity of signatures performed the current month. A part from that, its license limits are shown.

Stats/System - Request
Parameter	Type	Requested	Description
Without request parameters

Stats/System - Response
Parameter	Type	Description
error	Error	IvSign error object
statslist	StatsResult	IvSign common statistics object

Request and response example:

JSON request
{}

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "10"
},
{
"Key": "Cert",
"Value": "50"
},
{
"Key": "Deleg",
"Value": "20"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "6"
},
{
"Key": "Sign",
"Value": "240"
},
{
"Key": "Signature",
"Value": "150"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "320"
},
{
"Key": "Signature",
"Value": "210"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Orga",
"Value": "10"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}

Stats/System - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	No

Stats/System - Audits
Operation	Audits
Correct	No
Incorrect	No

23.2. Organization and its child organization statistics [Stats/OrgaChain]

Getting an organization and its child organization statistics is done through the Stats/OrgaChain method.
This statistics are related to an organization chain capacity, for instance how many users it holds or the quantity of signatures performed the current month. A part from that, the root organization of the chain license limits are shown.

Stats/OrgaChain - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	No	IvSign organization ID

Stats/OrgaChain - Response
Parameter	Type	Description
error	Error	IvSign error object
statslist	StatsResult	IvSign common statistics object

Request and response example:

JSON request
{ "orga": { "orgaid": "MYORGA" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "6"
},
{
"Key": "Cert",
"Value": "30"
},
{
"Key": "Deleg",
"Value": "7"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "3"
},
{
"Key": "Sign",
"Value": "102"
},
{
"Key": "Signature",
"Value": "53"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "270"
},
{
"Key": "Signature",
"Value": "180"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}

Stats/OrgaChain - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	The searched organization must be the agent user's organization or a child organization of this

Stats/OrgaChain - Audits
Operation	Audits
Correct	No
Incorrect	No

23.3. Organization statistics [Stats/Orga]

Getting an organization statistics is done through the Stats/Orga method.
This statistics are related an organization capacity, for instance how many users it holds or the quantity of signatures performed the current month. A part from that, its license limits are shown.

Stats/Orga - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID

Stats/Orga - Response
Parameter	Type	Description
error	Error	IvSign error object
statslist	StatsResult	IvSign common statistics object

Request and response example:

JSON request
{ "orga": { "orgaid": "MYORGA" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "2"
},
{
"Key": "Cert",
"Value": "5"
},
{
"Key": "Deleg",
"Value": "1"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Sign",
"Value": "58"
},
{
"Key": "Signature",
"Value": "26"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "157"
},
{
"Key": "Signature",
"Value": "103"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}

Stats/Orga - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The searched organization must be the agent user's organization
Super Administrator	Yes	The searched organization must be the agent user's organization or a child organization of this

Stats/Orga - Audits
Operation	Audits
Correct	No
Incorrect	No

23.4. User statistics [Stats/User]

Getting a user statistics is done through the Stats/User method.
This statistics are related to a user capacity (its organization capacity), for instance how many certificates it has or the quantity of signatures performed the current month. A part from that, its organization license limits are shown.

Stats/User - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	Yes	User's organization

Stats/User - Response
Parameter	Type	Description
error	Error	IvSign error object
statslist	StatsResult	IvSign common statistics object

Request and response example:

JSON request
{ "user": { "userid": "myuser", "orgaid": "MYORGA" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "Cert",
"Value": "2"
},
{
"Key": "Deleg",
"Value": "1"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Sign",
"Value": "22"
},
{
"Key": "Signature",
"Value": "3"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "27"
},
{
"Key": "Signature",
"Value": "4"
}
],
"licenseLimit": null
}
}

Stats/User - User permissions
User	Allowed	Conditions
Basic	Yes	The searched user must be the agent user
Administrator	Yes	The searched user must belong to the same organization as the agent user
Super Administrator	Yes	The searched user must belong to the same organization as the agent user or to a child organization of this

Stats/User - Audits
Operation	Audits
Correct	No
Incorrect	No

23.5. Specific system statistic [Stats/DetailSys]

Getting a specific detailed system statistic is done through the Stats/DetailSys method.
This statistics are related to the system performed signatures.

Stats/DetailSys - Request
Parameter	Type	Requested	Description
datefrom	DateTime	Yes	Search start date
dateto	DateTime	Yes	Search end date
category	string	Yes	Category filter (auth, sign, deleg...)
type	string	Yes	Type filter (location, app, module, host)

Stats/DetailSys - Response
Parameter	Type	Description
statsdetail	StatDetailResult[]	IvSign specific statistics object
error	Error	IvSign error object

Request and response example:

JSON request
{ "datefrom": "2018-08-01T00:00:00", "dateto": "2018-08-31T00:00:00", "category": "sign", "type": "app" }

JSON response
{ "statssign": [ { "value": "app prueba", "owned": 1, "delegated": 0, "fore": 0 }, { "value": "IEXPLORE.EXE", "owned": 5, "delegated": 0, "fore": 0 } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Stats/DetailSys - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	No

Stats/DetailSys - Audits
Operation	Audits
Correct	No
Incorrect	No

23.6. Specific organization statistic [Stats/DetailOrga]

Getting a specific detailed organization statistic is done through the Stats/DetailSys method.
This statistics are related to an organization performed signatures.

Stats/DetailOrga - Request
Parameter	Type	Requested	Description
datefrom	DateTime	Yes	Search start date
dateto	DateTime	Yes	Search end date
orga	Orga		IvSign organization object
orga.orgaid	string	No	IvSign organization ID
category	string	Yes	Category filter (auth, sign, deleg...)
type	string	Yes	Type filter (location, app, module, host)

Stats/DetailOrga - Response
Parameter	Type	Description
statsdetail	StatDetailResult[]	IvSign specific statistics object
error	Error	IvSign error object

Request and response example:

JSON request
{ "datefrom": "2018-08-01T00:00:00", "dateto": "2018-08-31T00:00:00", "category": "sign", "type": "module" }

JSON response
{ "statssign": [ { "value": "KeyController", "owned": 5, "delegated": 0, "fore": 0 }, { "value": "unknown", "owned": 1, "delegated": 0, "fore": 0 } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Stats/DetailOrga - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The searched organization must be the agent user's organization
Super Administrator	Yes	The searched organization must be the agent user's organization or a child organization of this

Stats/DetailOrga - Audits
Operation	Audits
Correct	No
Incorrect	No

23.7. Specific user statistic [Stats/DetailUser]

Getting a specific detailed user statistic is done through the Stats/DetailSys method.
This statistics are related to a user performed signatures.

Stats/DetailUser - Request
Parameter	Type	Requested	Description
datefrom	DateTime	Yes	Search start date
dateto	DateTime	Yes	Search end date
user	User		IvSign organization object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	No	IvSign organization ID
category	string	Yes	Category filter (auth, sign, deleg...)
type	string	Yes	Type filter (location, app, module, host)

Stats/DetailUser - Response
Parameter	Type	Description
statsdetail	StatDetailResult[]	IvSign specific statistics object
error	Error	IvSign error object

Request and response example:

JSON request
{ "datefrom": "2018-08-01T00:00:00", "dateto": "2018-08-31T00:00:00", "user": { "userid": "myuser", "orgaid": "MYORGA" }, "category": "sign", "type": "host" }

JSON response
{ "statssign": [ { "value": "MIUSER-PC", "owned": 3, "delegated": 0, "fore": 0 }, { "value": "host prueba", "owned": 1, "delegated": 0, "fore": 0 } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Stats/DetailUser - User permissions
User	Allowed	Conditions
Basic	Yes	The searched user must be the agent user
Administrator	Yes	The searched user must belong to the same organization as the agent user
Super Administrator	Yes	The searched user must belong to the same organization as the agent user or to a child organization of this

Stats/DetailUser - Audits
Operation	Audits
Correct	No
Incorrect	No

23.8. Yearly organization signature statistic [Stats/OperationYear]

Getting an organization signature statistics for periods no longer than a year is done through the Stats/OperationYear method.
This statistics are related to an organization capacity and performed actions.

Stats/OperationYear - Request
Parameter	Type	Requested	Description
yearfrom	int	Yes	Search start year
monthfrom	int	Yes	Search start month
yearto	int	Yes	Search end year
monthto	int	Yes	Search end month
orgaid	string	Yes	Selected organization

Stats/OperationYear - Response
Parameter	Type	Description
error	Error	IvSign error object
statslist	Stats[][]	IvSign statistics object

Request and response example:

JSON request
{ "yearfrom": 2019, "monthfrom": 4, "yearto": 2019, "monthto": 5, "orgaid": "orgatest" }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "DMS44QJBTHJ4O"
},
"statslist": [
[
{
"statsid": 156,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Sign",
"value": "44"
},
{
"statsid": 206,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Sign",
"value": "900"
}
],
[
{
"statsid": 157,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Signature",
"value": "4"
},
{
"statsid": 207,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Signature",
"value": "584"
}
],
[
null,
null
],
[
{
"statsid": 158,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Verify",
"value": "4"
},
{
"statsid": 208,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Verify",
"value": "579"
}
]
]
}

Stats/OperationYear - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The searched organization must be the agent user's organization
Super Administrator	Yes	The searched organization must be the agent user's organization or a child organization of this

Stats/OperationYear - Audits
Operation	Audits
Correct	No
Incorrect	No

24. Time stamp operations [TSP]

24.1. Time stamp signature [TSP/Sign]

TSP signature are performed by using the Sign/TSP method.

TSP/Sign - Request
Parameter	Type	Requested	Description
tsulist	string[]	Yes	Time stamp servers URL list
includecert	bool	No	Include time stamp server certificate into the signature
hash	Hash		IvSign hash parameters object
hash.algorithm	string	Yes	Hash algorithm
hash.digest	byte[]	Yes	Hash to sign
nonce	byte[]	No	Random generated signature identifier, included into the signature
policy	string	No	Signature policy identifier

STSP/Sign - Response
Parameter	Type	Description
error	Error	IvSign error object
tsainfo	tsainfo	IvSign TSA information object
tsr	byte[]	Signed object

Request and response example:

JSON request
{ "tsulist": [ "http://usuario:password@servidor.sellado" ], "includecert": true, "hash": { "algorithm": "sha256", "digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ=" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "tsainfo": { "subjectcn": "servidor.sellado", "url": "http://servidor.sellado", "serial": "73CF40966ECAA1E358984E23F4AA3B7D", "cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..." }, "tsr": "MIIMFDADAgEAMIAGCSqGSIb3..." }

TSP/Sign - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

TSP/Sign - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

24.2. PDF document time stamping [TSP/TimestampPDF]

PDF documents time stamping are performed by using the Signature/Cades method.
The time stamp is highly customizable.

TSP/TimestampPDF - Request
Parameter	Type	Requested	Description
document	byte[]	Yes	PDF document to stamp
algorithm	string	Yes	Algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
extradata	string[][]	No	Signature extra information
parameters	SignPadesParams		IvSign signature complementary PAdES parameters
parameters.cause	string	No	Time stamp reason
parameters.pdfparameters	PDFSignParams	No	IvSign PDF signature parameters object
parameters.tstampservers	TimeStampServerInfo []	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
parameters.biometry	Biometry	No	IvSign biometric data object

TSP/TimestampPdf - Response
Parameter	Type	Description
error	Error	IvSign error object
data	byte[]	Time stamped PDF document

Request and response example:

JSON request
{ "document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...", "algorithm": "sha256", "parameters": { "tstampservers": { "url": "http://usuario:password@servidor.sellado", "httpauth": false, "usenonce": true, "includecertificates": true, "hashalgorithm": "sha1" } } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "77u/PD94bWwg..." }

TSP/TimestampPdf - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

TSP/TimestampPdf - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

24.3. Time stamp verification [TSP/Verify]

TSR, Time Stamp Response, verifications are performed by using the TSP/Verify.
To do the verification the TSR is needed. Optionally, the original digest and the signing certificate can be included.

If the original digest is included, the method will compare it with the TSR digest and will return true or false on the valid_digest parameter according to the result.
Otherwise, valid_digest will be null.

If the signing certificate is included, the method will compare it with the TSR certificate and will return true or false on the valid_cert parameter according to the result.
Note: In case signing certificate is not included into the TSP, it will be needed to be provided.

The valid parameter will be true if all the non null valid parameters are true.

TSP/Verify - Request
Parameter	Type	Requested	Description
hash	Hash		IvSign hash parameters object
hash.algorithm	string	No	Hash algorithm
hash.digest	byte[]	No	Hash to sign
tsr	byte[]	Yes	TimeStamp to verify
cer	byte[]	No	Signed certificate, in case it is not included into the TSR

TSP/Verify - Response
Parameter	Type	Description
valid	bool	True if all the non null valid parameters are true
valid_digest	bool	Digest validation parameter
valid_tsr	bool	TSR validation parameter
valid_cert	bool	Certificate validation parameter
datetime	DateTime	TimeStamp UTC date time
tsainfo	tsainfo	IvSign TSA information object
hash	Hash	IvSign hash parameters object
message	string	Hash algorithm
error	Error	IvSign error object

Request and response example:

JSON request
{ "hash": { "algorithm": "sha256", "digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ=" }, "tsr": "MIIMFDADAgEAMIAGCSqGSIb3..." }

JSON response

{
"valid": true,
"valid_digest": true,
"valid_tsr": true,
"valid_cert": true,
"datetime": "2018-02-22T11:57:08Z",
"tsainfo": {
"subjectcn": "servidor.sellado",
"url": null,
"serial": "73CF40966ECAA1E358984E23F4AA3B7D",
"cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7Ko..."
},
"hash": {
"algorithm": "sha256",
"digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ="
},
"message": "",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

TSP/Verify - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

TSP/Verify - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

25. User management [User]

25.1. User creation [User/Add]

Creating users is done through the User/Add method.
Administrator privileges or higher are needed.

User/Add - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.email	string	No	User's email direction
user.orgaid	string	Yes	User's organization
user.pass	string	No (Yes if disablenotify = true)	User's password (if not is specified, it will be randomly generated)
user.name	string	No	User's name
user.lastname	string	No	User's last name
user.phone	string	No	User's phone number
user.ident	string	No	User's identity card
user.extid	string	No	User external identifier
user.disabled	bool	No	Enabled/disabled user flag
user.admin	bool	No	Privileges user level
user.superadmin	bool	No	Privileges user level
disablenotify	bool	No	Allows not to send a creation email

User/Add - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "userid": "myuser", "orgaid": "myorga", "name": "myuser name", "lastname": "myuser lastname", "email": "myuser@ivnosys.com", "disabled": false, "valid": true, "admin": true, "superadmin": false, "pass": "myuserpass", "lang": "en", "phone": "666666666" }, "disablenotify": false }

JSON response

{
"user": {
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "myuser name",
"lastname": "myuser lastname",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": false,
"authprovider": "db",
"lastlogin": null,
"previouslogin": null,
"lastip": null,
"createdate": "2019-07-09T07:14:08",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABQ"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5EQ7MBGF4YABP"
}
}

User/Add - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The created user must belong to the same organization as the agent user
Super Administrator	Yes	The created user must belong to the same organization as the agent user or to a child organization of this

User/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

25.2. Deleting user [User/Del]

Deleting user is done through the User/Del method.
Only users without certificates can be deleted. A user can not delete itself. Administrator privileges or higher are needed to delete users

User/Del - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	Yes	User's organization

User/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "userid": "myuser", "orgaid": "MYORGA" } }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

User/Del - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The user to delete must belong to same organization as the agent user
Super Administrator	Yes	The user to delete must belong to same organization as the agent user or to a child organization of this

User/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

25.3. Obtaining user data [User/Get]

Obtaining user data is done through the User/Get method.
The method returns a specific user data.

User/Get - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.orgaid	string	No	User's organization
user.userid	string	No	IvSign user ID
user.email	string	No	User's email
user.name	string	No	User's name
user.lastname	string	No	User's last name
user.ident	string	No	User's identity card

User/Get - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "orgaid": "MYORGA", "userid": "miuser" } }

JSON response

{
"user": {
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "myuser name",
"lastname": "myuser lastname",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": false,
"authprovider": "db",
"lastlogin": "2019-07-09T07:23:50Z",
"previouslogin": null,
"lastip": "127.0.0.1",
"createdate": "2019-07-09T07:14:08Z",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABQ"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5ERAT5MIDUABS"
}
}

User/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The user to obtain must be the agent user
Administrator	Yes	The user to obtain must belong to same organization as the agent user
Super Administrator	Yes	The user to obtain must belong to same organization as the agent user or to a child organization of this

User/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

25.4. Listing users [User/List]

Listing users is done through the User/List method.
The method list users depending on some filter parameters. Administrator privileges are needed.

User/List - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	No	User ID filter
user.orgaid	string	No	Organization ID filter
user.email	string	No	User's email filter
user.name	string	No	User's name filter
user.lastname	string	No	User's last name filter
user.ident	string	No	User's identity card filter
user.disabled	bool	No	User enabled state filter
user.phone	string	No	User's phone number filter
page	Page		IvSign page object

User/List - Response
Parameter	Type	Description
userlist	User[]	IvSign user object
page	Page	IvSign page object
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "orgaid": "MYORGA" } }

JSON response

{
"userlist": [
{
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "myuser name",
"lastname": "myuser lastname",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": false,
"authprovider": "db",
"lastlogin": "2019-07-09T07:23:50Z",
"previouslogin": null,
"lastip": "127.0.0.1",
"createdate": "2019-07-09T07:14:08Z",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABQ"
},
{
"userid": "myuser2",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "myuser2 name",
"lastname": "myuser2 lastname",
"email": "myuser2@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": false,
"authprovider": "db",
"lastlogin": "2019-07-09T07:23:50Z",
"previouslogin": null,
"lastip": "127.0.0.1",
"createdate": "2019-07-09T07:14:08Z",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABU"
}
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/List - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	Only applicable to agent user organization
Super Administrator	Yes	Only applicable to agent user organization or to a child organization of this

User/List - Audits
Operation	Audits
Correct	No
Incorrect	No

25.5. Setting user data [User/Set]

Setting user data is done through the User/Set method.
This method allows to change user personal data and its password.
The no null values established will be used to modify data of the user indicated on the user.userid field.

User/Set - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.orgaid	string	Yes	User's organization
user.userid	string	Yes	IvSign user ID
user.lang	string	No	User language
user.email	string	No	User's email direction
user.pass	string	No	New IvSign user password
user.name	string	No	User's name
user.lastname	string	No	User's last name
user.ident	string	No	User's identity card
user.phone	string	No	User's phone number
user.disabled	bool	No	Enabled/disabled user flag

User/Set - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "userid": "myuser", "orgaid": "myorga", "name": "myuser new name", "disabled": true } }

JSON response

{
"user": {
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "myuser new name",
"lastname": "myuser lastname",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": true,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": false,
"authprovider": "db",
"lastlogin": "2019-07-09T07:23:50Z",
"previouslogin": null,
"lastip": "127.0.0.1",
"createdate": "2019-07-09T07:14:08Z",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABQ"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The user to set must be the agent user
Administrator	Yes	The user to set must belong to same organization as the agent user
Super Administrator	Yes	The user to set must belong to same organization as the agent user or to a child organization of this

User/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

25.6. User creation [User/PublicAdd]

Creating new users without token session is done through the User/PublicAdd method.
All these users aren't valid, they will need to be validated once they will access to IvSign.

User/PublicAdd - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.email	string	Yes	User's email direction
user.orgaid	string	Yes	User's organization
user.pass	string	No (Yes if disablenotify = true)	Password (if not is specified, it will be randomly generated)
user.name	string	No	User's name
user.lastname	string	No	User's last name
user.phone	string	No	User's phone number
user.ident	string	No	User's identity card
user.extid	string	No	User external identifier
user.disabled	bool	No	Enabled/disabled user flag
user.createdate	DateTime	No	Creation user date
user.admin	bool	No	Privileges user level
user.superadmin	bool	No	Privileges user level
disablenotify	bool	No	Allows not to send a creation email

User/PublicAdd - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "userid": "mypublicuser", "orgaid": "MYORGA", "name": "mypublicuser name", "lastname": "mypublicuser lastname", "email": "mypublicuser@ivnosys.com", "pass": "mypublicuserpass" }, "disablenotify": false }

JSON response

{
"user": {
"userid": "mypublicuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "mypublicuser name",
"lastname": "mypublicuser lastname",
"email": "mypublicuser@ivnosys.com",
"ident": null,
"disabled": false,
"disabledreason": null,
"valid": false,
"admin": false,
"superadmin": false,
"authprovider": "db",
"lastlogin": "2019-07-09T07:23:50Z",
"previouslogin": null,
"lastip": "127.0.0.1",
"createdate": "2019-07-09T07:14:08Z",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABQ"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/PublicAdd - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

User/PublicAdd - Audits
Operation	Audits
Correct	No
Incorrect	No

25.7. Searching users [User/Find]

Searching user's information is done through the User/Find method.
The difference between User/Get and User/Find is that User/Find search on any available authentication provider and create the user in the database if it doesn't exist.

User/Find - Request
Parameter	Type	Requested	Description
usid	string	Yes	IvSign user ID
orgaid	string	Yes	User's organization

User/Find - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "usid": "myuser", "orgaid": "MYORGA" }

JSON response

User/Find - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	Only applicable to agent user organization or to a child organization of this

User/Find - Audits
Operation	Audits
Correct	No
Incorrect	No

25.8. Obtaining user level [User/Level]

Obtaining user privileges level is done through the User/Level method.

User/Level - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	No	IvSign user ID
user.orgaid	string	No	User's organization

User/Level - Response
Parameter	Type	Description
result	string	User level: 10 -> basic user, 15 -> impersonated user, 20 -> administrator user, 30 -> super administrator user, 40 -> system administrator user
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "userid": "myuser", "orgaid": "MYORGA" } }

JSON response
{ "result": "20", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

User/Level - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	Only applicable to users that belong to same organization as the agent user or to a child organization of this

User/Level - Audits
Operation	Audits
Correct	No
Incorrect	No

25.9. Checking modifiable user fields [User/Modifiablefields]

Checking which user field are allowed to be modified is done through the User/Modifiablefields method.

User/Modifiablefields - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	No	IvSign user ID
user.orgaid	string	No	User's organization

User/Modifiablefields - Response
Parameter	Type	Description
modifiablefields	string[]	List of the modifiable fields
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "userid": "myuser", "orgaid": "MYORGA" } }

JSON response
{ "modifiablefields": [ "userid", "extid", "name", "lastname", "disabled", "disabledreason", "admin", "superadmin", "pass", "lang", "phone", "guid" ], "error": { "code": "K0000", "message": "OK", "traceid": "ABK5ERGXEFJ2EAAE" } }

User/Modifiablefields - User permissions
User	Allowed	Conditions
Basic	Yes	The checked user must be the agent user
Administrator	Yes	The checked user must belong to the same organization as the agent user
Super Administrator	Yes	The checked user must belong to the same organization as the agent user or to a child organization of this

User/Modifiablefields - Audits
Operation	Audits
Correct	No
Incorrect	No

25.10. Moving a user to another organization [User/OrgaMove]

Moving a user to another organization is done through the User/OrgaMove method.
Both organizations must belong to the agent user organization chain.

User/OrgaMove - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	Yes	User's organization
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	New user organization

User/OrgaMove - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "userid": "myuser", "orgaid": "MYORGA" }, "orga": { "orgaid": "MYORGA2" } }

JSON response

{
"user": {
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA2",
"orgachain": "ROOT.MYORGA.MYORGA2.",
"name": "myuser new name",
"lastname": "myuser lastname",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": true,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": false,
"authprovider": "db",
"lastlogin": "2019-07-09T07:23:50Z",
"previouslogin": null,
"lastip": "127.0.0.1",
"createdate": "2019-07-09T07:14:08Z",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABQ"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/OrgaMove - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	Only applicable to users that belong to same organization as the agent user or to a child organization of this

User/OrgaMove - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

25.11. Renaming users [User/Ren]

Renaming users, changing its userid, is done through the User/Ren method.
The renamed user will loose its previous auditory records.

User/Ren - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	Yes	User's organization
newuser	User		IvSign user object
newuser.userid	string	Yes	New IvSign user ID

User/Ren - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object

Request and response example:

JSON request
{ "user": { "userid": "myuser", "orgaid": "MYORGA" }, "newuser": { "userid": "mynewuser" } }

JSON response

{
"user": {
"userid": "mynewuser",
"extid": null,
"orgaid": "MYORGA2",
"orgachain": "ROOT.MYORGA.MYORGA2.",
"name": "myuser new name",
"lastname": "myuser lastname",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": true,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": false,
"authprovider": "db",
"lastlogin": "2019-07-09T07:23:50Z",
"previouslogin": null,
"lastip": "127.0.0.1",
"createdate": "2019-07-09T07:14:08Z",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABQ"
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/Ren - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The renamed user must belong to the same organization as the agent user
Super Administrator	Yes	The renamed user must belong to the same organization as the agent user or to a child organization of this

User/Ren - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

26. Verification operations [Verify]

26.1. CA certificate verification [Verify/CER]

CA certificate verifications are performed by using the Verify/CER method.
It is needed the certificate as a binary DER certificate in order to verify it.

Verify/CER - Request
Parameter	Type	Requested	Description
cer	byte[]	Yes	Certificate in DER format
querydate	DateTime	No	Request date time moment
type	string	No	Force CRL or OCSP

Verify/CER - Response
Parameter	Type	Description
certinfo	CertInfo	IvSign certificate information object
expired	bool	True if the certificate has expired, false otherwise
expirederror	string	Message error in case there is no possibility of checking if the certificate is expired
untrusted	bool	True if the certificate is not trusted, false otherwise
untrustederror	string	Message error if the certificate is not trusted
revoked	bool	True if the certificate is revoked, false if it is not, null if it was not possible to verify it
revokederror	string	Message error in case there is no possibility of checking if the certificate is revoked
invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
invalidsignatureerror	string	Message error in case there is no possibility of checking certificate's signature
valid	bool	True if all the not null Verifications are true, false otherwise
validerror	string	Message error in case there is no possibility of checking if the certificate is valid
revocationdata	RevocationData	IvSign certificate revocation data object
error	Error	IvSign error object

Request and response example:

JSON request
{ "cer": "MIIHLjCCBhagAwIBAgIJNAjgYn1V5+QrMA0GC...", "querydate": "2019-07-09T08:01:53.507Z", "type": "CRL" }

JSON response

Verify/CER - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/CER - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

26.2. Chain CA certificate verification [Verify/CERChain]

Chain CA certificate verifications are performed by using the Verify/CERChain method.
It is needed the certificate as a binary DER certificate in order to verify it.

Verify/CERChain - Request
Parameter	Type	Requested	Description
cer	byte[]	Yes	Certificate in DER format
querydate	DateTime	No	Request date time moment

Verify/CERChain - Response
Parameter	Type	Description
certinfo	CertInfo	IvSign certificate information object
expired	bool	True if the certificate has expired, false otherwise
expirederror	string	Message error in case there is no possibility of checking if the certificate is expired
untrusted	bool	True if the certificate is not trusted, false otherwise
untrustederror	string	Message error if the certificate is not trusted
revoked	bool	True if the certificate is revoked, false if it is not, null if it was not possible to verify it
revokederror	string	Message error in case there is no possibility of checking if the certificate is revoked
invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
invalidsignatureerror	string	Message error in case there is no possibility of checking certificate's signature
valid	bool	True if all the not null Verifications are true, false otherwise
validerror	string	Message error in case there is no possibility of checking if the certificate is valid
revocationdata	RevocationData	IvSign certificate revocation data object
issuerverification	VerifyCER	IvSign CA certificate verification data object
error	Error	IvSign error object

Request and response example:

JSON request
{ "cer": "MIIHLjCCBhagAwIBAgIJNAjgYn1V5+QrMA0GC...", "querydate": "2019-07-09T08:01:53.507Z" }

JSON response

{
"certinfo": {
"serial": "3408E0627D55E7E42B",
"validfrom": "2018-02-01T11:04:41+01:00",
"validto": "2021-01-31T11:04:41+01:00",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), E=caracer@camerfirma.com, C=ES",
"issuercn": "RACER",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CÁMARA ESPAÑOL, G=JUAN, SN=CÁMARA ESPAÑOL, OID.1.3.6.1.4.1.17326.30.4=DNI, SERIALNUMBER=00000000T, S=ÁVILA, L=ÁVILA",
"subjectcn": "[SOLO PRUEBAS]JUAN CÁMARA ESPAÑOL",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Autenticación del cliente (1.3.6.1.5.5.7.3.2)",
"Correo seguro (1.3.6.1.5.5.7.3.4)"
],
"caname": "Camerfirma",
"type": "PF",
"etsitype": null,
"qscd": false,
"qualified": false,
"userinfo": {
"name": "JUAN",
"lastname": "CÁMARA ESPAÑOL",
"documentcode": null,
"countrycode": null,
"ident": "00000000T",
"email": "email_contacto@camerfirma.com"
},
"orgainfo": {
"ident": null,
"name": null,
"documentcode": null,
"countrycode": null
},
"sha1sum": "7AD8F40DF6331CDD34940FDEF623668063F60C35",
"sha1sumissuer": "F82701F8E04770F3448C19070F9B2158B16621A0"
},
"expired": false,
"expirederror": null,
"untrusted": true,
"untrustederror": "V30 TSL withdrawn (F82701F8E04770F3448C19070F9B2158B16621A0)",
"revoked": false,
"revokederror": null,
"invalidsignature": false,
"invalidsignatureerror": null,
"valid": false,
"validerror": null,
"revocationdata": {
"type": "CRL",
"source": "ONLINE",
"revoked": false,
"revocationdate": null,
"revocationreason": 0,
"certserialnumber": "3408E0627D55E7E42B",
"errormessage": null
},
"issuerverification": {
"certinfo": {
"serial": "01",
"validfrom": "2003-12-04T18:26:41+01:00",
"validto": "2023-12-04T18:26:41+01:00",
"issuer": "CN=AC Camerfirma, O=AC Camerfirma SA, L=Madrid (see current address at www.camerfirma.com/address), SERIALNUMBER=A82743287, E=ac_camerfirma@camerfirma.com, C=ES",
"issuercn": "AC Camerfirma",
"subject": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), E=caracer@camerfirma.com, C=ES",
"subjectcn": "RACER",
"subjectcountry": null,
"signalg": "sha1RSA",
"keyusage": [],
"enhancedkeyusage": [],
"caname": null,
"type": null,
"etsitype": null,
"qscd": false,
"qualified": false,
"userinfo": null,
"orgainfo": null,
"sha1sum": "F82701F8E04770F3448C19070F9B2158B16621A0",
"sha1sumissuer": "A6F77FA47AB32A37E6DB483D7426B7641741601D"
},
"expired": false,
"expirederror": null,
"untrusted": true,
"untrustederror": "V30 TSL withdrawn (F82701F8E04770F3448C19070F9B2158B16621A0)",
"revoked": false,
"revokederror": null,
"invalidsignature": false,
"invalidsignatureerror": null,
"valid": false,
"issuerverification": {
"certinfo": {
"serial": "02",
"validfrom": "2003-11-14T14:49:08+01:00",
"validto": "2033-11-14T14:49:08+01:00",
"issuer": "CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU",
"issuercn": "Global Chambersign Root",
"subject": "CN=AC Camerfirma, O=AC Camerfirma SA, L=Madrid (see current address at www.camerfirma.com/address), SERIALNUMBER=A82743287, E=ac_camerfirma@camerfirma.com, C=ES",
"subjectcn": "AC Camerfirma",
"subjectcountry": null,
"signalg": "sha1RSA",
"keyusage": [],
"enhancedkeyusage": [],
"caname": null,
"type": null,
"etsitype": null,
"qscd": false,
"qualified": false,
"userinfo": null,
"orgainfo": null,
"sha1sum": "A6F77FA47AB32A37E6DB483D7426B7641741601D",
"sha1sumissuer": "339B6B1450249B557A01877284D9E02FC3D2D8E9"
},
"expired": false,
"expirederror": null,
"untrusted": true,
"untrustederror": null,
"revoked": false,
"revokederror": null,
"invalidsignature": false,
"invalidsignatureerror": null,
"valid": false,
"issuerverification": {
"certinfo": {
"serial": "00",
"validfrom": "2003-09-30T18:14:18+02:00",
"validto": "2037-09-30T18:14:18+02:00",
"issuer": "CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU",
"issuercn": "Global Chambersign Root",
"subject": "CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU",
"subjectcn": "Global Chambersign Root",
"subjectcountry": null,
"signalg": "sha1RSA",
"keyusage": [],
"enhancedkeyusage": [],
"caname": null,
"type": null,
"etsitype": null,
"qscd": false,
"qualified": false,
"userinfo": null,
"orgainfo": null,
"sha1sum": "339B6B1450249B557A01877284D9E02FC3D2D8E9",
"sha1sumissuer": null
},
"expired": false,
"expirederror": null,
"untrusted": true,
"untrustederror": null,
"revoked": false,
"revokederror": null,
"invalidsignature": false,
"invalidsignatureerror": null,
"valid": false,
"issuerverification": null,
"revocationdata": null
},
"revocationdata": {
"type": "CRL",
"source": "ONLINE",
"revoked": false,
"revocationdate": null,
"revocationreason": 0,
"certserialnumber": "02",
"errormessage": null
}
},
"revocationdata": {
"type": "CRL",
"source": "ONLINE",
"revoked": false,
"revocationdate": null,
"revocationreason": 0,
"certserialnumber": "01",
"errormessage": null
}
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "ABK5ERJ4XYBHUAAM"
}
}

Verify/CERChain - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/CERChain - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

26.3. IvSign certificate verification [Verify/Cert]

IvSign certificate validations are performed by using the Verify/Cert method.
IvSign certificate ID is needed to perform the Verification.

Verify/Cert - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
querydate	DateTime	No	Request date time moment
type	string	No	Force CRL or OCSP

Verify/Cert - Response
Parameter	Type	Description
certinfo	CertInfo	IvSign certificate information object
expired	bool	True if the certificate has expired, false otherwise
expirederror	string	Message error in case there is no possibility of checking if the certificate is expired
untrusted	bool	True if the certificate is not trusted, false otherwise
untrustederror	string	Message error if the certificate is not trusted
revoked	bool	True if the certificate is revoked, false if it is not, null if it was not possible to verify it
revokederror	string	Message error in case there is no possibility of checking if the certificate is revoked
invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
invalidsignatureerror	string	Message error in case there is no possibility of checking certificate's signature
valid	bool	True if all the not null Verifications are true, false otherwise
validerror	string	Message error in case there is no possibility of checking if the certificate is valid
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "7DC44ZSH24IZI" }, "querydate": "2019-07-09T08:01:53.525Z", "type": "OCSP" }

JSON response

Verify/Cert - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Verify/Cert - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

26.4. IvSign certificate verification [Verify/CertChain]

IvSign certificate chain validations are performed by using the Verify/CertChain method.
IvSign certificate ID is needed to perform the Verification.

Verify/CertChain - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
querydate	DateTime	No	Request date time moment

Verify/CertChain - Response
Parameter	Type	Description
certinfo	CertInfo	IvSign certificate information object
expired	bool	True if the certificate has expired, false otherwise
expirederror	string	Message error in case there is no possibility of checking if the certificate is expired
untrusted	bool	True if the certificate is not trusted, false otherwise
untrustederror	string	Message error if the certificate is not trusted
revoked	bool	True if the certificate is revoked, false if it is not, null if it was not possible to verify it
revokederror	string	Message error in case there is no possibility of checking if the certificate is revoked
invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
invalidsignatureerror	string	Message error in case there is no possibility of checking certificate's signature
valid	bool	True if all the not null Verifications are true, false otherwise
validerror	string	Message error in case there is no possibility of checking if the certificate is valid
revocationdata	RevocationData	IvSign certificate revocation data object
issuerverification	VerifyCert	IvSign certificate chain verification data object
error	Error	IvSign error object

Request and response example:

JSON request
{ "cert": { "certid": "7DC44ZSH24IZI" }, "querydate": "2019-07-09T08:01:53.525Z" }

JSON response

Verify/CertChain - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Verify/CertChain - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

26.5. Signed PDF document verification [Verify/Pades]

Signed PDF document verifications are performed by using the Verify/Pades.

Verify/Pades - Request
Parameter	Type	Requested	Description
document	byte[]	Yes	PDF signed document to verify
password	string	No	Document password
options	string	No	Verification options

Verify/Pades - Response
Parameter	Type	Description
error	Error	IvSign error object
valid	bool	Verification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signatures	SignatureData	IvSign signature data object

Request and response example:

JSON request
{ "document": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9U..." }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
},
"valid": true,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Autenticación del cliente (1.3.6.1.5.5.7.3.2)",
"Correo seguro (1.3.6.1.5.5.7.3.4)"
],
"caname": "ACCV",
"type": "PF",
"userinfo": {
"name": "Nombre3",
"lastname": "Apellido3",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "C88D4165900ACAF8FCEE7949D4CA0EAEBC73D257",
"sha1sumissuer": "9FCDF094368D1B025C4C5574F8C59DB8DF75D0C3"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature1",
"valid": true,
"integrity": true,
"profile": "Enhanced",
"extensions": "t,biometry",
"envelop": "Enveloped",
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQAw...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": false,
"type": "Generic",
"time": "2019-05-21T09:57:09Z",
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": null,
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "",
"valid": false,
"integrity": true,
"profile": "bes",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0BAQsFAD...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
],
"timestampinfo": {
"policyoid": "0.4.0.2023.1.1",
"serialnumber": "16AD9D2C39A",
"gentime": "2019-05-21T09:57:09Z",
"messageimprint": "8OC2PC/glAQszWa0Xf8Y0VuDaNU=",
"messageimprintalgorithm": 2,
"nonce": "3336353231303737",
"ordering": false,
"tsaname": null
},
"calculatedmessagedigest": "8OC2PC/glAQszWa0Xf8Y0VuDaNU="
}
],
"validationtimestamps": null,
"biometrysigninfo": {
"certsubject": "C=ES, O=ACCV, OU=Ciudadanos, SN=CAMARA ESPAÑOL, G=JUEAN, SERIALNUMBER=00000000T, CN=JUAN CAMARA ESPAÑOL - NIF:00000000T",
"certissuer": "C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120",
"signatureimage": null
}
},
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": "NI",
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature2",
"valid": true,
"integrity": true,
"profile": "Timestamp",
"extensions": "timestamp",
"envelop": "Enveloped",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0B...",
"signingtime": "2019-05-21T09:57:15",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
]
}

Verify/Pades - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/Pades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

26.6. Signed XML document verification [Verify/Xades]

Signed XML document verifications are performed by using the Verify/Xades.

Verify/Xades - Request
Parameter	Type	Requested	Description
options	string	No	Verification options
document	byte[]	Yes	XML signed document to verify
detachedsignature	string	No	Signature to verify

Verify/Xades - Response
Parameter	Type	Description
error	Error	IvSign error object
valid	bool	Verification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signatures	SignatureData	IvSign signature data object

Request and response example:

JSON request
{ "document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZ..." }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"valid": true,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "63CF18D0BE03C9315A6992CB81C9C5CB",
"validfrom": "2018-01-25T09:18:19",
"validto": "2022-01-25T09:18:19",
"issuer": "CN=AC FNMT Usuarios, OU=Ceres, O=FNMT-RCM, C=ES",
"issuercn": "AC FNMT Usuarios",
"subject": "CN=Nombre Apellidos - 00000000T, SN=Nombre, G=Apellidos, SERIALNUMBER=IDCES-00000000T, C=ES",
"subjectcn": "Nombre Apellidos - 00000000T",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment (e0)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "FNMT",
"type": "PF",
"userinfo": {
"name": "Nombre",
"lastname": "Apellidos",
"ident": "00000000T",
"email": "miuser@prueba.com",
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "C8005FA82074A9C7D6A9FAC90EA7A717506B30CF"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
},
"signatureid": "Signature-102557316",
"valid": true,
"integrity": true,
"profile": "t",
"extensions": "",
"envelop": "Enveloped",
"cer": "MIIHdDCCBlygAwIBAgIQY88Y0L4DyTFaaZLLgcnFyzANBgkqhki...",
"signingtime": "2018-08-27T07:23:21",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": true,
"type": "Generic",
"time": "2018-08-27T07:23:21",
"signatures": null
}
],
"validationtimestamps": []
}
]
}

Verify/Xades - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/Xades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

26.7. Signed generic document verification [Verify/Cades]

Signed generic document verification are performed by using the Verify/Cades.

Verify/Cades - Request
Parameter	Type	Requested	Description
options	string	No	Verification options
document	byte[]	Yes	Generic signed document to verify
detachedsignature	string	No	Signature to verify

Verify/Cades - Response
Parameter	Type	Description
error	Error	IvSign error object
valid	bool	Verification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signatures	SignatureData	IvSign signature data object

Request and response example:

JSON request
{ "document": "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrD..." }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"valid": false,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha1RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment",
"Data Encipherment",
"Key Agreement (f8)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "Test Root CA",
"type": "PR",
"userinfo": {
"name": "Nombre3",
"lastname": "Apellido3",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": "B666212593",
"name": "Ivnosys Soluciones , S.L."
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "B3332002481F83D126AC0D47E3A7C68834A73438"
},
"expired": false,
"untrusted": true,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
},
"signatureid": "",
"valid": false,
"integrity": true,
"profile": "t",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIE3DCCA8SgAwIBAgIFRvNzDrgwDQYJKoZ...",
"signingtime": "2018-08-27T09:49:19",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": true,
"type": "Generic",
"time": "2018-08-27T09:49:19",
"signatures": null
}
],
"validationtimestamps": null
}
]
}

Verify/Cades - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/Cades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

26.8. Time stamp verification [Verify/TSP]

TSR, Time Stamp Response, verifications are performed by using the TSP/Verify.
To do the verification the TSR is needed. Optionally, the original digest and the signing certificate can be included

The valid parameter will be true if all the non null valid parameters are true.

TSP/Verify - Request
Parameter	Type	Requested	Description
hash	Hash		IvSign hash parameters object
hash.algorithm	string	No	Hash algorithm
hash.digest	byte[]	No	Hash to sign
tsr	byte[]	Yes	TimeStamp to verify
cer	byte[]	No	Signed certificate, in case it is not included into the TSR

TSP/Verify - Response
Parameter	Type	Description
valid	bool	True if all the non null valid parameters are true
valid_digest	bool	Digest validation parameter
valid_tsr	bool	TSR validation parameter
valid_cert	bool	Certificate validation parameter
datetime	DateTime	TimeStamp UTC date time
tsainfo	tsainfo	IvSign TSA information object
hash	Hash	IvSign hash parameters object
message	string	Hash algorithm
error	Error	IvSign error object

Request and response example:

JSON request
{ "hash": { "algorithm": "sha256", "digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ=" }, "tsr": "MIIMFDADAgEAMIAGCSqGSIb3..." }

JSON response

TSP/Verify - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

TSP/Verify - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

27. IvSign common objects definition

IvSign common object definitions are listed below.

27.1. Audit object

The Audit object holds all the information relative to the IvSign auditory.

Audit
Parameter	Type	Description
auditid	int	IvSign auditory ID
date	DateTime	Operation's perform day
userid	string	User on which the operation is performed
orgaid	string	Operation's organization
oper	string	Operation's performer operator
operorgaid	string	Operation's performer operator organization
impersonator	string	Operation impersonator user (if applicable)
certid	string	IvSign used certificate ID (if applicable)
certsha1sum	string	Operation's certificate finger print (if applicable)
category	string	Operation's category
action	string	Operation's performed action
actiondata	string	Operation's performed action data
success	bool	Success performed operation flag
info	string	Operation's additional information
app	string	Operation's used application
location	string	Signature URL (if applicable)
server	string	Signature server (if applicable)
module	string	Operation integration module
modver	string	Operation integration module version
data	string	Operation's additional data
ip	string	Operation's perform user IP
host	string	Operation's perform device or its IP

JSON Example

{
"auditid": "8666",
"date": "2019-07-09T07:14:09.126839Z",
"userid": "myuser",
"orgaid": "MYORGA",
"oper": "ivnosysuser",
"operorgaid": "IVNOSYS",
"impersonator": null,
"certid": null,
"serial": null,
"certidorig": null,
"certsha1sum": null,
"category": "User",
"action": "Add",
"actiondata": null,
"success": true,
"info": "User='myuser' added",
"app": null,
"location": null,
"server": "MYUSER-PC",
"module": "apitest",
"modver": "5.0",
"data": null,
"ip": "127.0.0.1",
"host": "127.0.0.1"
}

27.2. AuditInfo object

The AuditInfo object holds all the information relative to the IvSign auditory categories and actions.

AuditInfo
Parameter	Type	Description
category	string[]	Categories list
action	string[]	Actions list

JSON Example
{ "category": [ "Auth", "Cert", "CertTrash", "Config", "Deleg", "Device", "Notify", "Orga", "Rule", "Sign", "Signature", "TSP", "User", "Verify" ], "action": [ "Accept", "Add", "Cades", "CER", "Del", "DelCert", "Generate", "Impersonate", "ImportPFX", "Login", "Move", "OrgaMove", "Pades", "PinCheck", "PinSet", "RefLink", "Ren", "Rest", "RSA", "Set", "Sign", "UserAdd", "Val", "Xades" ] }

27.3. AuthProviderInfo object

The AuthProviderInfo object holds all the information relative to an IvSign authentication provider.

AuthProviderInfo
Parameter	Type	Description
name	string	Authentication provider name
class	string	Authentication provider class
properties	KeyValue[]	Authentication provider parameters list, currently unused
default	bool	Authentication provider is the default provider of an organization flag

JSON Example
{ "name": "db", "class": "db", "default": true, "properties": null }

27.4. Cert object

The Cert object holds all the information relative to a IvSign certificate.

Cert
Parameter	Type	Description
certid	string	IvSign certificate ID
name	string	Certificate's name
userid	string	Certificate's user
orgaid	string	Certificate's organization
orgachain	string	Certificate's organization chain
descr	string	Certificate's description
custom1	string	Custom field 1
custom2	string	Custom field 2
custom3	string	Custom field 3
disabled	bool	Enabled/disabled flag
disabledownercert	bool	Certificate disabled due to its parent certificate was disabled flag
disabledowneruser	bool	Certificate disabled due to the user owner of its parent certificate was disabled flag
disableddeleg	bool	Certificate disabled due to its parent certificate delegation was disabled flag
disabledadmin	bool	Certificate disabled by an administrator user flag
disableduser	bool	Certificate disabled by its user owner flag
disabledadminreason	string	Disabled certificate reason
createdate	DateTime	Certificate creation/importation to IvSign date time
subject	string	Certificate's subject
subjectcn	string	Certificate's common name
issuer	string	Certificate's issuer
issuercn	string	Certificate's issuer common name
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
serial	string	Serial Number
keysize	string	Certificate's private key size
signalg	string	Signature algorithm used to sign the certificate, SHA1 or SHA256
certprovider	string	Certificate's provider
delegated	bool	Delegation flag
delegid	string	IvSign delegation ID, in case the certificate is a delegated certificate
oper	string	Operator
linked	bool	External certificate which the certificate is linked to
createmethod	string	Certificate creation method
createmodule	string	Certificate creation module
newpin	string	Certificate's new access pin
pin	string	Certificate's access pin
revoked	bool	Revoked certificate flag
expired	bool	Expired certificate flag
sha1sum	string	Certificate's fingerprint
extid	string	Certificate's external identifier
providerdata	string	Certificate provider extra information
replacedby	string	Certificate ID which this certificate has been replaced for
replaceddate	DateTime	Replacement date time
replaces	string	Certificate ID which this certificate replaces
replacement	bool	This certificate replaces a previous one flag
qscd	bool	QSCD certificate flag (Qualified Electronic Signature Creation Device)
type	string	Certificate type

JSON Example

{
"certid": "ABK5CX7CHSEQGABN",
"name": "mycert",
"userid": "myuser",
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"descr": "certdescr",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-06-28T11:46:43Z",
"subject": "mycert subject",
"subjectcn": "mycert subject common name",
"issuer": "mycert issuer",
"issuercn": "mycert issuer common name",
"validfrom": "2019-04-05T08:44:19Z",
"validto": "2023-04-05T08:44:19Z",
"serial": "FDRPC5CQNBAZNH43PQTBE4TXZSV9S24Y",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "myuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "apitest",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "5awcyutkwku5ee7ve3r32e6nbj2yreqhcck2u3bf",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
}

27.5. CertRef object

The CertRef object holds all the information relative to a CA public certificate.

CertRef
Parameter	Type	Description
id	string	IvSign reference certificate object
certprovider	string	Certificate's provider
data	byte[]	Certificate's public key

JSON Example
{ "id": "00BBAAA0CD3482BFCD", "certprovider": "dbsecure", "data": "MIIGDzCCBP...", }

27.6. CertProviderInfo object

The CertProviderInfo object holds all the information relative to a certificate provider.

CertProviderInfo
Parameter	Type	Description
name	string	Certificate provider's name
class	string	Certificate provider's class
deletekey	bool	Certificate provider allows deleting key flag
externalcerts	bool	Certificate provider allows external certificates flag
restorepin	bool	Certificate provider allows restore certificate pin flag
modifykeypass	bool	Certificate provider allows modify key pass flag
qscd	bool	Certificate provider is QSCD flag
available	bool	Certificate provider is available flag

JSON Example
{ "name": "dbsecure", "class": "dbsecure", "deletekey": false, "externalcerts": false, "restorepin": false, "modifykeypass": true, "qscd": false, "available": true }

27.7. CertTrash object

The CertTrash object holds all the information relative to a IvSign certificate placed on the certificate's bin.

CertTrash
Parameter	Type	Description
certid	string	IvSign certificate ID
name	string	Certificate's name
userid	string	Certificate's user
orgaid	string	Certificate's organization
orgachain	string	Certificate's organization chain
descr	string	Certificate's description
custom1	string	Custom field 1
custom2	string	Custom field 2
custom3	string	Custom field 3
disabled	bool	Enabled/disabled flag
disabledownercert	bool	Certificate disabled due to its parent certificate was disabled flag
disabledowneruser	bool	Certificate disabled due to the user owner of its parent certificate was disabled flag
disableddeleg	bool	Certificate disabled due to its parent certificate delegation was disabled flag
disabledadmin	bool	Certificate disabled by an administrator user flag
disableduser	bool	Certificate disabled by its user owner flag
disabledadminreason	string	Disabled certificate reason
createdate	DateTime	Certificate creation/importation to IvSign date time
subject	string	Certificate's subject
subjectcn	string	Certificate's common name
issuer	string	Certificate's issuer
issuercn	string	Certificate's issuer common name
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
serial	string	Serial Number
keysize	string	Certificate's private key size
signalg	string	Signature algorithm used to sign the certificate, SHA1 or SHA256
certprovider	string	Certificate's provider
delegated	bool	Delegation flag
delegid	string	IvSign delegation ID, in case the certificate is a delegated certificate
oper	string	Operator
linked	bool	External certificate which the certificate is linked to
createmethod	string	Certificate creation method
createmodule	string	Certificate creation module
newpin	string	Certificate's new access pin
pin	string	Certificate's access pin
revoked	bool	Revoked certificate flag
expired	bool	Expired certificate flag
sha1sum	string	Certificate's fingerprint
extid	string	Certificate's external identifier
providerdata	string	Certificate provider extra information
replacedby	string	Certificate ID which this certificate has been replaced for
replaceddate	DateTime	Replacement date time
replaces	string	Certificate ID which this certificate replaces
replacement	bool	This certificate replaces a previous one flag
qscd	bool	QSCD certificate flag (Qualified Electronic Signature Creation Device)
type	string	Certificate type

JSON Example

27.8. Config object

The Config object holds all the information relative to a IvSign configuration.

Config
Parameter	Type	Description
configid	int	IvSign configuration ID
orgaid	string	Configuration's organization
section	string	Configuration's section
name	string	Configuration's name inside the configuration's section
opt	string	Configuration's option inside the configuration's name
type	string	Configuration's data value type
value	string	Configuration's value
w	int	Configuration's user level privileges needed to write it
r	int	Configuration's user level privileges needed to read it

JSON Example
{ "orgaid": "MYORGA", "section": "mysection", "name": "myname", "opt": "", "type": "int", "value": "50", "w": 10, "r": 20 }

27.9. Deleg object

The Deleg object holds all the information relative to a IvSign certificate delegation.

Deleg
Parameter	Type	Description
delegid	string	IvSign certificate delegation ID
userid	string	Delegation's owner user
certid	string	Delegation's certificate
serial	string	Certificate's serial number
name	string	Delegation's name
descr	string	Certificate's description
disabled	bool	Enabled/disabled delegation flag
createdate	DateTime	Delegation's create date time
ignorecertrules	bool	Ignore certificate usage rules flag
orgaid	string	Delegation's owner user organization
oper	string	Delegation's operator
needauth	bool	It is required certificate's owner authorization for using it flag

JSON Example
{ "delegid": "ABK5DS2LAREYWAAD", "userid": "myuser", "orgaid": "MYORGA", "certid": "ABK5DR5KP34YOAAH", "serial": "NKFH8Y5P3R", "name": "mydeleg", "descr": "CN=cert", "disabled": false, "createdate": "2019-07-03T13:59:12.2810766Z", "ignorecertrules": false, "oper": "myuser", "data": null }

27.10. Device object

The Device object holds all the information relative to a IvSign device.

Device
Parameter	Type	Description
deviceid	string	IvSign device ID
userid	string	Device's owner
orgaid	string	Device's organization owner
deviceinfo	string[][]	Device information parameters Principal parameters: osuser, osuserid, osver, osid, cpuid, biosid, platform, hwvendor and hwmodel Secondary parameters: netid, diskid, host and domain
lastaccess	DateTime	Device's last access
authorized	bool	Authorized/unauthorized device flag
notifyenabled	bool	Able/unable to recieve operation authorization petitions flag

JSON Example

{
"deviceid": "7DC5AELHYXQNK",
"userid": "myuser",
"orgaid": "MYORGA",
"deviceinfo": [
[
"version",
"5.0"
],
[
"osuser",
"myuser"
],
[
"osuserid",
"S-1-5-78-924425368-6573992865-345865984-9535"
],
[
"host",
"MYUSER-PC"
],
[
"domain",
"GLOBAL"
],
[
"osver",
"Windows 10.0 64bit"
],
[
"osid",
"23473-77557-83232-XEXY3"
],
[
"netid",
"GUnf-5nmrEKa9x64"
],
[
"ips",
"dKaFjJ.PVMsud.ahDZhC"
],
[
"cpuid",
"v-v7_MknYPT"
],
[
"diskid",
"P6ZA6ZGP7SMV7JM"
],
[
"biosid",
"B7E7ZHC"
],
[
"platform",
"windows"
],
[
"hwvendor",
"Vendor Inc."
],
[
"hwmodel",
"GH8LE9U"
],
[
"inquirycapable",
"true"
],
[
"notifycapable",
"true"
]
],
"lastaccess": "2019-06-27 07:37:46",
"authorized": true,
"notifyenabled": true
}

27.11. Inquiry object

The Inquiry object holds all the information relative to a IvSign authorization petition.

Inquiry
Parameter	Type	Description
inquiryid	string	IvSign inquiry ID
type	string	Inquiry's type, only signature authorization available
createdate	DateTime	Inquiry's create date time
validuntil	DateTime	Inquiry's expiry date time
userid	string	User asked for the authorization
orgaid	string	User asked for the authorization organization
pending	bool	Inquiry pending to be approved flag
response	string	Response to the authorization petition

Ejemplo JSON

{
"inquiryid": "7DC5FA5WSOFTE",
"type": "authsign",
"data": "{\"delegacion.delegid\":\"7DC5FAVXCIQGY\",\"delegacion.name\":\"TestInquiry\",\"delegacion.descr"\:\"\",\"cert.certid\":\"7DC5FAV5LFHN6\",...}",
"createdate": "2019-07-12 07:48:57",
"validuntil": "2019-07-12 07:58:57",
"userid": "myuser",
"orgaid": "MYORGA",
"pending": false,
"response": "{\"usagecount\":\"1\",\"hours\":\"1\",\"accepted\":\"true\"}"
}

27.12. Notify object

The Notify object holds all the information relative to a IvSign notification.

Notify
Parameter	Type	Description
notifyid	int	IvSign notification ID en IvSign
subject	string	Notification's subject
body	string	Notification's message
createdate	DateTime	Notification's create date time
userid	string	Notification's addressed user
orgaid	string	Notification's addressed organization
type	string	Notification type
data	string	Notification additional data
required	bool	Required acceptance flag
readeddate	DateTime	Notification's reded date time
accepteddate	DateTime	Notification's acceptance date time
accepteduser	string	Notification's reader user
readed	bool	Notification read flag
accepted	bool	Notification accepted flag
requiredcheck	string	Required check flag

JSON Example
{ "notifyid": 1, "subject": "Encabezado usuario", "body": "cuerpo del mensaje del usuario", "createdate": "2018-05-31T11:09:35", "userid": "miuser", "orgaid": null, "type": null, "data": null, "required": false, "readeddate": "2018-06-04T06:47:11.181291", "accepteddate": "2018-08-28T10:47:38.175698", "accepteduser": "miuser", "readed": true, "accepted": true, "requiredcheck": null }

27.13. Orga object

The Orga object holds all the information relative to an IvSign organization.

Orga
Parameter	Type	Description
orgaid	string	IvSign organization ID
extid	string	Organization's external identifier
descr	string	Organization's description
parent	string	Organization's parent
chain	string	Organization's chain to the root organization
license	string	Organization's license code
createdate	DateTime	Organization's create date time

JSON Example
{ "orgaid": "MYORGA", "extid": null, "descr": "MYORGA", "parent": "ROOT", "chain": "ROOT.MYORGA.", "license": "myorga license code", "createdate": "2018-08-24T06:16:49Z" }

27.14. PKICert object

The PKICert object holds all the information relative to a IvSign PKI certificate.

PKICert
Parameter	Type	Description
sha1sum	string	Certificate's fingerprint
serial	string	Certificate's serial Number
name	string	Certificate's name
subjectcn	string	Certificate's common name
issuercn	string	Certificate's issuer common name
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
isrevoked	bool	Certificate's revoked flag
isexpired	bool	Certificate's expired flag
createdate	DateTime	Certificate's create date time

JSON Example
{ "sha1sum": "MGVYFCN52RMNUH4U8JGELBTGAY463LBRMUFJHZNZ", "serial": "QZDAPP54RNLBWH", "name": "DOC serie318d", "subjectcn": "test1", "issuercn": "Test User CA", "validfrom": "2016-02-15T17:15:16", "validto": "2019-02-14T17:15:16", "isrevoked": false, "isexpired": false, "createdate": "2016-02-15T17:15:16" }

27.15. PubCert object

The PubCert object holds all the information relative to a IvSign public certificate.

PubCert
Parameter	Type	Description
pubcertid	string	IvSign public certificate ID
sha1sum	string	Certificate's fingerprint
sha1sumissuer	string	Certificate's fingerprint issuer
userid	string	Certificate's user
orgaid	string	Certificate's organization
orgachain	string	Certificate's organization chain
subject	string	Certificate's subject
issuer	string	Certificate's issuer
alias	string	Certificate's name
serial	string	Serial Number
createdate	DateTime	Certificate's create date time
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
revokeddate	DateTime	Certificate's revoked date time
revoked	bool	Revoked certificate flag
expired	bool	Expired certificate flag
isroot	bool	Certificate is a root CA public certificate flag
isca	bool	Certificate is a CA public certificate flag

JSON Example

{
"pubcertid": "7DC4K743AGWAU",
"sha1sum": "89210a6ad8658b4c8d4571ff2304e4771e67e720",
"sha1sumissuer": "7f2cb4f769224cb0cf8b692751cbd4cc64a2c450",
"userid": "miuser",
"orgaid": "MYORGA",
"orgachain": "root.MYORGApadre.MYORGA",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"alias": "alias3",
"serial": "59CFFDD12259B3B6",
"createdate": "2019-02-04T08:37:04Z",
"validfrom": "2017-05-18T21:57:10Z",
"validto": "2020-05-17T21:57:10Z",
"revokeddate": null,
"revoked": false,
"expired": null,
"isroot": false,
"isca": false
}

27.16. PubCertBin object

The PubCertBin object holds all the information relative to a IvSign public certificate.

PubCertBin
Parameter	Type	Description
sha1sum	string	Certificate's fingerprint
sha1sumissuer	string	Certificate's fingerprint issuer
cer	string	Certificate's public key
subject	string	Certificate's subject
issuer	string	Certificate's issuer
alias	string	Certificate's name
serial	string	Serial Number
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
revokeddate	DateTime	Certificate's revoked date time
isroot	bool	Certificate is a root CA public certificate flag
isca	bool	Certificate is a CA public certificate flag

JSON Example

{
"sha1sum": "C4FF20C05A66FC57EF1B50882A78AB2852AFC474",
"sha1sumissuer": "A6F77FA47AB32A37E6DB483D7426B7641741601D",
"cer": "MIIGDzCCBP...",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"alias": "certificado publico de pruebas",
"serial": "054C3E61E13981",
"validfrom": "2017-04-03T09:48:18",
"validto": "2022-04-02T09:48:18",
"revokeddate": "2022-04-02T09:48:18",
"isroot": false,
"isca": false
}

27.17. Rule object

The Rule object holds all the information relative to a IvSign delegation usage rules or to a IvSign certificate usage policies.

Rule
Parameter	Type	Description
ruleid	string	IvSign rule ID
delegid	string	IvSign certificate delegation ID
certid	string	IvSign certificate ID
name	string	Rule's name
dayfrom	DateTime	Rule application start date
dayto	DateTime	Rule application end date
hourfrom	int	Rule application start time (08:32 AM -> 0832)
hourto	int	Rule application end time (05:47 PM (17:47) -> 1747)
dow	int	Rule application weekdays, in binary format, for instance: 5 is binary is 101, that means the rule is applied on Monday and Wednesday
host	string	Rule allowed host list (case sensitive)
app	string	Rule allowed/denied applications (process) (case sensitive)
appdeny	bool	Allowed/denied applications list flag
location	string	Rule allowed/denied URL
locationdeny	bool	Allowed/denied URL list flag

JSON Example
{ "ruleid": "7DC4JLF7EXXUI", "delegid": "ABK5DS2LAREYWAAD", "certid": null, "name": "myrule", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 31, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false }

27.18. SignPadesParams object

The SignPadesParams object holds all the optional information relative to PDF document signature performance.

SignPadesParams
Parameter	Type	Description
cause	string	Signature reason
pdfparameters	PDFSignParams	IvSign PDF signature parameters object
tstampservers	TimeStampServerInfo[]	IvSign time stamp server information object list
biometry	Biometry	IvSign biometric data object
policy	SignPolicy	IvSign signature policies object

JSON Example

{
"cause": "test signature",
"pdfparameters": {
"pwd": "documentpassword",
"signvisible": true,
"signbackgroundconfig": {
"signback": "/9j/4RjhRXhpZgAATU0...",
"signbackautostretch": true,
"transparencymask": {
"red": 255,
"green": 255,
"blue": 255,
"tolerance": 10
}
},
"widgetprops": {
"autopos": false,
"offsetx": 0,
"offsety": 0,
"autosize": false,
"width": 150,
"height": 150,
"rotate": 270,
"showonpages": "first,last,3,5-8",
"widgetpageoffset": 0,
"hidetext": false,
"sizeheader": 5.5,
"sizedatetime": 4,
"sizetitlesection": 5,
"sizetextsection": 4.5,
}
}
"tstampservers": [{
"url": "http://www.timestamp.server.net",
"includecertificates": true,
"hashalgorithm": "sha1"
}],
"biometry": {
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQA...",
"data": "AAEAABAAAAAFpwnxeWleeHgOymUHL2tOmBcYBneDA/vtzTXsvKi..."
},
"policy": {
"policyidentifier": "2.16.724.1.3.1.1.2.1.9",
"policyidentifieraddqualifier": true,
"policydescription": "",
"policydigest": "G7roucf600+f03r/o0bAOQ6WAs0=",
"policydigestalgorithm": "sha1",
"policyqualifieruri": "https://sede.060.gob.es/politica_de_firma_anexo_1.pdf"
}
}

27.19. PDFSignParams object

The PDFSignParams object holds all the optional information relative to the signature place on a PDF document signature performance.
It contains parameters to customize the signature place, background mask or the quantity of information showed.

PDFSignParams
Parameter	Type	Description
pwd	string	PDF document password
signvisible	bool	Visible signature enabled/disabled flag
🔒 signbackgroundconfig ( Deprecated )	PdfSignBackground	Visible signature background image properties. USE PdfSignWidgetProps\|
widgetprops	PdfSignWidgetProps	Visible signature box configuration
signfieldname	string	SignatureField name Acrofield

JSON Example

{
"pwd": "1234",
"signvisible": true,
"signbackgroundconfig": {
"signback": "/9j/4RjhRXhpZgAATU0...",
"signbackautostretch": "true",
"stretchx": 0,
"stretchy": 0,
"transparencymask": {
"red": 255,
"redtolerance": 0,
"green": 255,
"greentolerance": 0,
"blue": 255,
"bluetolerance": 0,
"tolerance": 0,
},
},
"widgetprops": {
"sizeheader": 5.5,
"sizedatetime": 4,
"sizetitlesection": 5,
"sizetextsection": 4.5,
"captionsigner": "",
"captionsignerinfo": "",
"captionalgorithm": "",
"captionheader": "",
"autopos": false,
"offsetx": 0,
"offsety": 0,
"autosize": true,
"height": 150,
"width": 150,
"rotate": 270,
"showonpages": "all",
"widgetpageoffset": 0,
"hidetext": false
}
}

27.20. PdfSignWidgetProps object

Visible signature box configuration

PdfSignWidgetProps
Parameter	Type	Description
autopos	bool	Visible signature box auto position enabled/disabled flag
offsetx	int	Visible signature box axis X position
offsety	int	Visible signature box axis Y position
autosize	bool	Visible signature size auto stretch enabled/disabled flag
width	int	Visible signature width size
height	int	Visible signature height size
rotate	int	Visible signature rotation degrees
showonpages	string	Specifies on what pages the visible signature is shown, option list, separated by coma: all = all the pages, first = first page, last = last page, x = specific page, y-z = page range, examples: 'first,last,3,5,10-20,32-50'
hidetext	bool	Certificate data box enabled/disabled flag
sizeheader	float	Certificate data box heather font size
sizedatetime	float	Certificate data box date font size
sizetitlesection	float	Certificate data box section heather font size
sizetextsection	float	Certificate data box content font size
widgetpageoffset	int	Signature box page offset
captionsigner	string	Caption singer field
captionsignerinfo	string	Caption singer information field
captionalgorithm	string	Caption algorithm field
captionheader	string	Caption header field
signaturetextarea	SignatureTextArea[]	Defines a list of text lines (fields)
signatureimage	PdfSignBackground	Visible signature background image properties

27.21. SignatureTextArea object

Defines a list of text lines (fields)

SignatureWidgetTextField
Parameter	Type	Description
position	string	Position inside the signature box, possible values : top, bottom, right, left. Leave empty or'custom' value to occupy the entire surface of the box
signaturewidgettextfields	SignatureWidgetTextField[]	Text area lines

JSON Example

{
"position":"left",
"signaturewidgettextfields":[
{
"fieldtype":"freetext",
"text":"firmante test",
"label":"Fimante : ",
"fontsizex":6,
"fontsizey":6,
"xoffset":5,
"yoffset":5,
"fontresourcename":"Helvetica-BoldOblique",
"customdata":"1.0 1.0 0.0 rg\r\n"
},
{
"fieldtype":"freetext",
"text":"Desarrollador",
"label":"Cargo : ",
"fontsizex":6,
"fontsizey":6,
"xoffset":5,
"yoffset":15,
"fontresourcename":"Courier-Bold",
"customdata":"1.0 0.0 0.0 rg\r\n"
},
{
"fieldtype":"freetext",
"text":"Ivnosys",
"fontsizex":6,
"fontsizey":6,
"xoffset":5,
"yoffset":25,
"fontresourcename":"Times-Italic",
"customdata":"0.0 1.0 0.0 rg\r\n"
},
{
"fieldtype":"subjectcn",
"label":"Firmante :",
"fontsizex":5,
"fontsizey":5,
"xoffset":5,
"yoffset":35,
"fontresourcename":"Helvetica",
"customdata":"0.0 0.0 1.0 rg\r\n"
}
]
}

27.22. SignatureWidgetTextField object

Text line field object from SignatureArea

SignatureWidgetTextField
Parameter	Type	Description
fieldtype	string	Field type, possible values : 'freetext' (free text), 'subjectcn' (recovered from the certificate), 'organization' (recovered from the certificate), 'organizationunit' (recovered from the certificate), 'title' (recovered from the certificate), 'signerserialnumber' (recovered from the certificate), 'issuercn' (recovered from the certificate), 'signingtime' (recovered from signature), 'reason' (parameter 'cause'), 'location' (parameter 'location')
text	string	text value
label	string	field label
fontsizex	int	font axis x size
fontsizey	int	font axis y size
xoffset	int	Axis x offset from origin (0 left, top and bottom, Width/2 right)
yoffset	int	Axis y offset from origin (0 left, right and bottom, Height/2 top)
fontresourcename	string	Pdf viewer font name, possible values : 'Helvetica','Helvetica-Bold','Helvetica-Oblique', 'Helvetica-BoldOblique','Times-Roman', 'Times-Bold', 'Times-Italic', 'Times-BoldItalic', 'Courier', 'Courier-Bold', 'Courier-Oblique', 'Courier-BoldOblique', 'Symbol', 'ZapfDingbats' . The fonts are not embedded in the document
customdata	string	string with pdf graphic operator, example : "1.0 0.0 0.0 rg\r " (changes text line to red)

JSON Example
{ "fieldtype":"freetext", "text":"firmante test", "label":"Fimante : ", "fontsizex":6, "fontsizey":6, "xoffset":5, "yoffset":5, "fontresourcename":"Helvetica-BoldOblique", "customdata":"1.0 1.0 0.0 rg\r\n" }

27.23. PdfSignBackground object

Visible signature background image properties

PdfSignBackground
Parameter	Type	Description
signback	byte[]	Image in bytes (ONLY JPG,PNG,GIF,BMP FORMAT)
maskalphathreshold	int	Alpha threshold for the binary mask ( ONLY image formats with alpha channel png, bmp, gif ) values between 0 y 254
signbackautostretch	bool	Background image auto stretch enabled/disabled flag
strechx	int	Axis X auto stretch
strechy	int	Axis Y auto stretch
transparencymask	TransparencyMask	JPG image transparency mask
position	string	Position inside the signature box, possible values : top, bottom, right, left. Leave empty or'custom' value to occupy the entire surface of the box
xoffset	int	Axis x offset from origin (0 left, top and bottom, Width/2 right)
yoffset	int	Axis y offset from origin (0 left, right and bottom, Height/2 top)
padding	int	Padding between signature box and image.

27.24. TransparencyMask object

Transparency mask for images without alpha layer (JPG)

TransparencyMask
Parameter	Type	Description
red	int	Red channel
redtolerance	int	Red tolerance
green	int	Green channel
greentolerance	int	Green tolerance
blue	int	Blue channel
bluetolerance	int	Blue tolerance
tolerance	int	Image tolerance

27.25. TimeStampServerInfo object

The TimeStampServerInfo object holds all the optional information relative to a time stamp server on a PDF document signature performance.

TimeStampServerInfo
Parameter	Type	Description
name	string	Server's name
url	string	Server's URL
httpauth	bool	Server's authentication required flag
username	string	Server's authentication user
password	string	Server's authentication password
usenonce	bool	Nonce used on the call to the server flag
includecertificates	bool	Server's certificate included into the signature flag
hashalgorithm	string	Hash algorithm, the server must support it
certid	string	Time stamp IvSign certificate ID (if applicable)
pfx	string	Time stamp PFX certificate (if applicable)
pin	string	Certificate's/PFX pin

JSON Example
{ "name": "server1", "url": "https://example.ext", "httpauth": true, "username": "serveruser", "password": "serveruserpassword", "usenonce": false, "includecertificates": false, "hashalgorithm": "sha1", "certid": "", "pfx": "", "pin": "" }

27.26. Biometry object

The Biometry object holds all the optional information relative to biometry data on a document signature performance.

SignLocation
Parameter	Type	Description
data	byte[]	Biometric signature information
cer	byte[]	Certificate`s public key

JSON Example
{ "data": "AAEAABAAAAAFpwnxeWleeHgOymUHL2tOmBcYBneDA/vtzTXsvKi...", "cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQA..." }

27.27. SignPolicy object

The SignPolicy object holds all the optional information relative to signature policies on a document signature performance.

SignPolicy
Parameter	Type	Description
policyidentifier	string	Signature's policy identifier
policyidentifieraddqualifier	bool	Signature's policy add qualifier to the signature flag
policydescription	string	Signature's policy description
policydigest	byte[]	Signature's policy digest
policydigestalgorithm	string	Signature's policy digest algorithm
policyqualifieruri	string	Signature's publication URI

JSON Example
{ "policyidentifier": "2.16.724.1.3.1.1.2.1.9", "policyidentifieraddqualifier": true, "policydescription": "", "policydigest": "G7roucf600+f03r/o0bAOQ6WAs0=", "policydigestalgorithm": "sha1", "policyqualifieruri": "https://sede.060.gob.es/politica_de_firma_anexo_1.pdf" }

27.28. SignXadesParams object

The SignPadesParams object holds all the optional information relative to XML document signature performance.

SignXadesParams
Parameter	Type	Description
signerrole	string	Signer user role
includewholechain	bool	Include or not the whole certificate's certificate chain
includekeyvalue	bool	Include or not certificate's public key
xadesversion	int	XAdES signature version
location	SignLocation	Signature location data, for instance, the city where the signature is performed
policy	SignPolicy	IvSign signature policy object
tstampservers	TimeStampServerInfo[]	IvSign time stamp server information object list
envreferencetosign	string	Internal reference to the original XML document, must start by '#'
envsigdestreference	string	Sets the xmldsign destination node element through document xpath search method
envnamespacelist	string[][]	Sets the envsigdestreference xpath search method referred nodes namespace and its prefixes list
envreferencetosignns	string	ID node namespace to sign, for example, wsu:Id

JSON Example

{
"signerrole": "admin",
"includewholechain": true,
"includekeyvalue": true,
"xadesversion": 1.3,
"location": {
"locality": "Paterna",
"province": "Valencia",
"postalcode": "46980",
"country": "Spain"
},
"policy": {
"policyidentifier": "2.16.724.1.3.1.1.2.1.9",
"policyidentifieraddqualifier": true,
"policydescription": "",
"policydigest": "G7roucf600+f03r/o0bAOQ6WAs0=",
"policydigestalgorithm": "sha1",
"policyqualifieruri": "https://sede.060.gob.es/politica_de_firma_anexo_1.pdf"
},
"tstampservers": {
"url": "http://www.timestamp.server.net",
"includecertificates": true,
"hashalgorithm": "sha1"
},
"envreferencetosign": "string",
"envsigdestreference": "string",
"envnamespacelist": [
[
"string"
]
],
"envreferencetosignns": "string"
}

27.29. SignLocation object

The SignLocation object holds all the optional information relative to the signature's location on a document signature performance.

SignLocation
Parameter	Type	Description
locality	string	Signature's location city
province	string	Signature's location region
postalcode	string	Signature's location city postal code
country	string	Signature's location country

JSON Example
{ "locality": "Paterna", "province": "Valencia", "postalcode": "46980", "country": "Spain" }

27.30. SignCadesParams object

The SignCadesParams object holds all the optional information relative to generic document signature performance.

SignCadesParams
Parameter	Type	Description
tstampservers	TimeStampServerInfo[]	IvSign time stamp server information object list
policy	SignPolicy	IvSign signature policy object
includewholechain	bool	bool to include complete certificate chain in the signature certificates field, default false
addsigningcertificatev2	bool	Bool to add signing certificate hash v2 to the signed attributes

JSON Example

{
"tstampservers": [{
"name": "servidor1",
"url": "https://example.ext",
"httpauth": false,
"username": "miuser",
"password": "123@#Abc",
"usenonce": false,
"includecertificates": true,
"hashalgorithm": "sha1"
"certid": "8B1F1E4B7027",
"pfx": "",
"pin": "Abc#@132"
}],
"policy": {
"policyidentifier": "2.16.724.1.3.1.1.2.1.9",
"policyidentifieraddqualifier": true,
"policydescription": "",
"policydigest": "G7roucf600+f03r/o0bAOQ6WAs0=",
"policydigestalgorithm": "sha1",
"policyqualifieruri": "https://sede.060.gob.es/politica_de_firma_anexo_1.pdf"
}
}

27.31. StatsResult object

The StatsResult object holds all the information relative to IvSign global statistics.

StatsResult
Parameter	Type	Description
currentCount	KeyValue[]	Current month statistics
previousCount	KeyValue[]	Previous month statistics
licenseLimit	KeyValue[]	License limits

JSON Example

{
"currentCount": [
{
"Key": "User",
"Value": "6"
},
{
"Key": "Cert",
"Value": "30"
},
{
"Key": "Deleg",
"Value": "7"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "3"
},
{
"Key": "Sign",
"Value": "102"
},
{
"Key": "Signature",
"Value": "53"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "270"
},
{
"Key": "Signature",
"Value": "180"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}

27.32. StatsDetailResult object

The StatsDetailResult object holds all the information relative to IvSign detailed signature statistic.

StatsDetailResult
Parameter	Type	Description
value	string	Search filter result
owned	int	Searched filter certificate's owner user performed actions number
delegated	int	Searched filter certificate's delegated users performed actions number
fore	int	Searched filter certificate's other users performed actions number

JSON Example
{ "value": "IEXPLORE.EXE", "owned": 5, "delegated": 0, "fore": 0 }

27.33. Stats object

The Stats object holds all the information relative to IvSign detailed signature statistic for an organization.

Stats
Parameter	Type	Description
statsid	int	IvSign statistic ID
orgaid	string	Statistic's organization
orgachain	string	Statistic's organization chain
date_year	int	Statistic's search year
date_month	int	Statistic's search month
stats_type	string	Statistic's search type
value	string	Statistic's search value

JSON Example
{ "statsid": 156, "orgaid": "orgatest", "orgachain": "root.megatest.orgatest.", "date_year": 2019, "date_month": 4, "stats_type": "Sign", "value": "44" }

27.34. User object

The User object holds all the information relative to a IvSign user.

User
Parameter	Type	Description
userid	string	IvSign user ID
extid	string	User's external ID
orgaid	string	User's organization
orgachain	string	User's organization chain
name	string	User's name
lastname	string	User's last name
email	string	User's email
ident	string	User's identifier card
disabled	bool	Enabled/disabled user flag
disabledreason	string	Disabled reason
valid	bool	Valid/invalid user flag
admin	bool	Privileges user level
superadmin	bool	Privileges user level
authprovider	string	Authentication provider
lastlogin	DateTime	User's last access date time
previouslogin	DateTime	User's previous access to the last
lastip	string	User's last access IP
createdate	DateTime	User's creation date time
pass	string	User's password
validation	string	Account recovery validation code
lang	string	User's language
phone	string	User's phone number
guid	string	User's unique identifier

JSON Example

{
"userid": "myuser",
"extid": null,
"orgaid": "MYORGA",
"orgachain": "ROOT.MYORGA.",
"name": "myuser new name",
"lastname": "myuser lastname",
"email": "myuser@ivnosys.com",
"ident": null,
"disabled": true,
"disabledreason": null,
"valid": true,
"admin": true,
"superadmin": false,
"authprovider": "db",
"lastlogin": "2019-07-09T07:23:50Z",
"previouslogin": null,
"lastip": "127.0.0.1",
"createdate": "2019-07-09T07:14:08Z",
"pass": null,
"validation": null,
"lang": "en",
"phone": "666666666",
"guid": "ABK5EQ7MB44AYABQ"
}

27.35. CertInfo object

The CertInfo object holds all the information relative to a certificate used to perform a signature.
The object holds a userinfo object and a orgainfo object. The userinfo object contains information about the certificate's owner and the orgainfo object contains information about the certificate's owner organization. Not always is it possible to obtain all the information this objects can hold.

CertInfo
Parameter	Type	Description
serial	string	Certificate's serial number
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
issuer	string	Certificate's issuer
issuercn	string	Certificate's issuer common name
subject	string	Certificate's subject
subjectcn	string	Certificate's common name
subjectcountry	string	Certificate's country
signalg	string	Signature algorithm used to sign the certificate
keyusage	string[]	Allowed usage case list
enhancedkeyusage	string[]	Allowed usage exception list
caname	string	PSC issuer identifier
type	string	Certificate type NP: Natural person BNP: Natural person belonging to organization GR: General representative APGR: Artificial person general representative (previous law) AP: Artificial person (previous law) SAPGR: State administrations procedures general representative SR: Special representative EB: Electronic bill ES: Electronic stamp TSU: Time stamp UT: Unidentified type
etsitype	string
qscd	bool	QSCD certificate flag
qualified	bool	Qualified certificate flag
userinfo		Certificate's user information
userinfo.name	string	User's name
userinfo.lastname	string	User's last name
userinfo.ident	string	User's identifier card
userinfo.email	string	User's email
userinfo.birthdate	DateTime	User's birth date
orgainfo		Certificate's organization information
orgainfo.ident	string	Organization's identifier
orgainfo.name	string	Organization's name
sha1sum	string	Certificate's fingerprint
sha1sumissuer	string	Certificate's fingerprint issuer

JSON Example

{
"serial": "3408E0627D55E7E42B",
"validfrom": "2018-02-01T11:04:41+01:00",
"validto": "2021-01-31T11:04:41+01:00",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), E=caracer@camerfirma.com, C=ES",
"issuercn": "RACER",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CÁMARA ESPAÑOL, G=JUAN, SN=CÁMARA ESPAÑOL, OID.1.3.6.1.4.1.17326.30.4=DNI, SERIALNUMBER=00000000T, S=ÁVILA, L=ÁVILA",
"subjectcn": "[SOLO PRUEBAS]JUAN CÁMARA ESPAÑOL",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Autenticación del cliente (1.3.6.1.5.5.7.3.2)",
"Correo seguro (1.3.6.1.5.5.7.3.4)"
],
"caname": "Camerfirma",
"type": "PF",
"etsitype": null,
"qscd": false,
"qualified": false,
"userinfo": {
"name": "JUAN",
"lastname": "CÁMARA ESPAÑOL",
"documentcode": null,
"countrycode": null,
"ident": "00000000T",
"email": "email_contacto@camerfirma.com"
},
"orgainfo": {
"ident": null,
"name": null,
"documentcode": null,
"countrycode": null
},
"sha1sum": "7AD8F40DF6331CDD34940FDEF623668063F60C35",
"sha1sumissuer": "F82701F8E04770F3448C19070F9B2158B16621A0"
}

27.36. RevocationData object

The RevocationData object holds all the information relative to a certificate's revocation.

tsainfo
Parameter	Type	Description
type	string	Certificate's type
source	string	Certificate's source
revoked	bool	Certificate's revoked flag
revocationdate	DateTime	Certificate's revoke date
revocationreason	RevocationReason	Certificate's revoke reason
certserialnumber	string	Certificate's serial number
errormessage	string	Error message in case there was an error during the checking

JSON Example
{ "type": "CRL", "source": "ONLINE", "revoked": false, "revocationdate": null, "revocationreason": 0, "certserialnumber": "01", "errormessage": null }

27.37. VerifyCER object

The VerifyCER object holds all the information relative to a CA certificate's verification.

VerifyCER
Parameter	Type	Description
certinfo	CertInfo	IvSign certificate information object
expired	bool	True if the certificate has expired, false otherwise
expirederror	string	Message error in case there is no possibility of checking if the certificate is expired
untrusted	bool	True if the certificate is not trusted, false otherwise
untrustederror	string	Message error if the certificate is not trusted
revoked	bool	True if the certificate is revoked, false if it is not, null if it was not possible to verify it
revokederror	string	Message error in case there is no possibility of checking if the certificate is revoked
invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
invalidsignatureerror	string	Message error in case there is no possibility of checking certificate's signature
valid	bool	True if all the not null Verifications are true, false otherwise
validerror	string	Message error in case there is no possibility of checking if the certificate is valid
revocationdata	RevocationData	IvSign certificate revocation data object
issuerverification	VerifyCER	IvSign CA certificate verification data object

JSON Example

27.38. VerifyCert object

The VerifyCER object holds all the information relative to a IvSign certificate's verification.

VerifyCert
Parameter	Type	Description
certinfo	CertInfo	IvSign certificate information object
expired	bool	True if the certificate has expired, false otherwise
expirederror	string	Message error in case there is no possibility of checking if the certificate is expired
untrusted	bool	True if the certificate is not trusted, false otherwise
untrustederror	string	Message error if the certificate is not trusted
revoked	bool	True if the certificate is revoked, false if it is not, null if it was not possible to verify it
revokederror	string	Message error in case there is no possibility of checking if the certificate is revoked
invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
invalidsignatureerror	string	Message error in case there is no possibility of checking certificate's signature
valid	bool	True if all the not null Verifications are true, false otherwise
validerror	string	Message error in case there is no possibility of checking if the certificate is valid
revocationdata	RevocationData	IvSign certificate revocation data object
issuerverification	VerifyCert	IvSign CA certificate verification data object

JSON Example

27.39. SignatureData object

The SignatureData object holds all the information relative to a document signature.
The object contains information about the signature, the used certificate certification chain or the used time stamp server. Is it possible not all the parameters contain information.

SignatureData
Parameter	Type	Description
signatureid	string	Signature's identifier
valid	bool	Valid signature flag
integrity	bool	Possibility of verifying signature's integrity flag
profile	string	Signature profile: 'basic' or 'enhanced'
extensions	string	Signature extensions, separated by coma: 't'=Include TimeStamp into the signature, 'timestamp'=Add a TimeStamp to the signature (Long Term Validation), 'epes'=Include signature policy, 'biometry'=Include biometric data, 'revinfo'=Include certificate's revocation information
envelop	string	Signature format, 'enveloped'=The signature includes the original document, 'enveloping'=A new document is generated with the original document on one of its nodes
cer	byte[]	Signature's certificate public key
certificatevalidation	VerifyCERResponse	VerifyCER method object response
certificatevalidation.certinfo	CertInfo	IvSign certificate information object
certificatevalidation.expired	bool	True if the certificate has expired, false otherwise
certificatevalidation.expirederror	string	Message error in case there is no possibility of checking if the certificate is expired
certificatevalidation.untrusted	bool	True if the certificate is not trusted, false otherwise
certificatevalidation.untrustederror	string	Message error if the certificate is not trusted
certificatevalidation.revoked	bool	True if the certificate is revoked, false if it is not, null if it was not possible to verify it
certificatevalidation.revokederror	string	Message error in case there is no possibility of checking if the certificate is revoked
certificatevalidation.invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
certificatevalidation.invalidsignatureerror	string	Message error in case there is no possibility of checking certificate's signature
certificatevalidation.valid	bool	True if all the not null Verifications are true, false otherwise
certificatevalidation.validerror	string	Message error in case there is no possibility of checking if the certificate is valid
certificatevalidation.revocationdata	RevocationData	IvSign certificate revocation data object
certificatevalidation.error	Error	IvSign error object
signingtime	DateTime	Signature's date time
hashalgorithm	string	Signature's hash algorithm
timestamps	TimestampData[]	Signature's time stamp data
timestamps.valid	bool	Time stamp valid flag
timestamps.type	string	Time stamp type
timestamps.time	DateTime	Time stamp date time
timestamps.signatures	SignatureData[]	Time stamp signature details
timestamps.timestampinfo	TimeStampInfo	Time stamp server information object
timestampinfo.policyoid	string	Time stamp signature's policy OID
timestampinfo.serialnumber	string	Time stamp token serial number
timestampinfo.gentime	DateTime	Time stamp date time
timestampinfo.messageimprint	byte[]	Time stamp message
timestampinfo.messageimprintalgorithm	DigestAlgorithms	Time stamp encrypt algorithm
timestampinfo.nonce	string	Random numerical sequence time stamp identifier
timestampinfo.ordering	bool	Time stamp sequence ordering by its token and date time flag
timestampinfo.tsaname	string	TSA time stamp name
timestamps.calculatedmessagedigest	byte[]	Calculated digest, must equal with the stamp digest
validationtimestamps	TimestampData[]	Additional time stamp signature data
validationtimestamps.valid	bool	Time stamp valid flag
validationtimestamps.type	string	Time stamp type
validationtimestamps.time	DateTime	Time stamp date time
validationtimestamps.signatures	SignatureData[]	Time stamp signature details
validationtimestamps.timestampinfo	TimeStampInfo	Time stamp server information object
timestampinfo.policyoid	string	Time stamp signature's policy OID
timestampinfo.serialnumber	string	Time stamp token serial number
timestampinfo.gentime	DateTime	Time stamp date time
timestampinfo.messageimprint	byte[]	Time stamp message
timestampinfo.messageimprintalgorithm	DigestAlgorithms	Time stamp encrypt algorithm
timestampinfo.nonce	string	Random numerical sequence time stamp identifier
timestampinfo.ordering	bool	Time stamp sequence ordering by its token and date time flag
timestampinfo.tsaname	string	TSA time stamp name
validationtimestamps.calculatedmessagedigest	byte[]	Calculated digest, must equal with the stamp digest
biometrysigninfo	BiometrySignInfo	Signature's biometric information
biometrysigninfo.certsubject	string	Biometric certificate subject
biometrysigninfo.certissuer	string	Biometric certificate issuer
biometrysigninfo.signatureimage	byte[]	User's signature image, if it is available

JSON Example

{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "WVK5EXYR7CEK2AB2"
},
"valid": true,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "3408E0627D55E7E42B",
"validfrom": "2018-02-01T11:04:41+01:00",
"validto": "2021-01-31T11:04:41+01:00",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), E=caracer@camerfirma.com, C=ES",
"issuercn": "RACER",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CÁMARA ESPAÑOL, G=JUAN, SN=CÁMARA ESPAÑOL, OID.1.3.6.1.4.1.17326.30.4=DNI, SERIALNUMBER=00000000T, S=ÁVILA, L=ÁVILA",
"subjectcn": "[SOLO PRUEBAS]JUAN CÁMARA ESPAÑOL",
"subjectcountry": null,
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Autenticación del cliente (1.3.6.1.5.5.7.3.2)",
"Correo seguro (1.3.6.1.5.5.7.3.4)"
],
"caname": null,
"type": null,
"etsitype": null,
"qscd": false,
"qualified": false,
"userinfo": null,
"orgainfo": null,
"sha1sum": "7AD8F40DF6331CDD34940FDEF623668063F60C35",
"sha1sumissuer": "F82701F8E04770F3448C19070F9B2158B16621A0"
},
"expired": false,
"expirederror": null,
"untrusted": false,
"untrustederror": null,
"revoked": false,
"revokederror": null,
"invalidsignature": false,
"invalidsignatureerror": null,
"valid": true,
"validerror": null,
"revocationdata": {
"type": "OCSP",
"source": "EMBEDDED",
"revoked": false,
"revocationdate": null,
"revocationreason": 0,
"certserialnumber": "3408E0627D55E7E42B",
"errormessage": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "WVK5EXYR7CEK2AB2"
}
},
"signatureid": "Signature1",
"valid": true,
"integrity": true,
"profile": "Enhanced",
"extensions": "epes,t,revinfo",
"envelop": "Enveloped",
"cer": "MIIHLjCCBhagAwIBAgIJNAjgYn1V5+QrMA0GCSqGSIb3DQEBCwUAMIG4MQswCQYDVQQGEwJFUzElMCMGCSqGSIb3DQEJARYWY2FyY...",
"signingtime": "2019-07-10T14:06:56",
"hashalgorithm": "SHA1",
"timestamps": [
{
"timestampinfo": {
"policyoid": "0.4.0.2023.1.1",
"serialnumber": "16BDC356AC3",
"gentime": "2019-07-10T14:06:56Z",
"messageimprint": "k9d+pfTmZyoPZdGRGsX4I1NF2mU=",
"messageimprintalgorithm": 2,
"nonce": "3537323136363338",
"ordering": false,
"tsaname": null
},
"calculatedmessagedigest": "k9d+pfTmZyoPZdGRGsX4I1NF2mU=",
"valid": true,
"type": "Generic",
"time": "2019-07-10T14:06:56Z",
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "57636ADE",
"validfrom": "2016-11-24T13:22:11+01:00",
"validto": "2021-11-24T13:52:11+01:00",
"issuer": "CN=SUBCA GISS01, SERIALNUMBER=Q2827003A, OU=GISS01, OU=GERENCIA DE INFORMATICA DE LA SEGURIDAD SOCIAL, O=TESORERIA GENERAL DE LA SEGURIDAD SOCIAL, L=MADRID, C=ES",
"issuercn": "SUBCA GISS01",
"subject": "SERIALNUMBER=S2819001E + OID.2.5.4.97=VATES-S2819001E + CN=TSA AUTORIDAD DE SELLADO DE TIEMPO, OU=SERVICIOS DE CONFIANZA, O=SECRETARIA DE ESTADO DE LA SEGURIDAD SOCIAL, C=ES",
"subjectcn": "TSA AUTORIDAD DE SELLADO DE TIEMPO",
"subjectcountry": null,
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": null,
"etsitype": null,
"qscd": false,
"qualified": false,
"userinfo": null,
"orgainfo": null,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"expirederror": null,
"untrusted": false,
"untrustederror": null,
"revoked": false,
"revokederror": null,
"invalidsignature": false,
"invalidsignatureerror": null,
"valid": true,
"validerror": null,
"revocationdata": {
"type": "OCSP",
"source": "ONLINE",
"revoked": false,
"revocationdate": null,
"revocationreason": 0,
"certserialnumber": "57636ADE",
"errormessage": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "WVK5EXYR7CEK2AB2"
}
},
"signatureid": "",
"valid": true,
"integrity": true,
"profile": "bes",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCRVMxDzANBgNVBAcMBk1BRFJJRDExMC8GA1UE...",
"signingtime": "2019-07-10T14:06:56",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
]
}
],
"validationtimestamps": null,
"biometrysigninfo": null
},
{
"certificatevalidation": {
"certinfo": {
"serial": "57636ADE",
"validfrom": "2016-11-24T13:22:11+01:00",
"validto": "2021-11-24T13:52:11+01:00",
"issuer": "CN=SUBCA GISS01, SERIALNUMBER=Q2827003A, OU=GISS01, OU=GERENCIA DE INFORMATICA DE LA SEGURIDAD SOCIAL, O=TESORERIA GENERAL DE LA SEGURIDAD SOCIAL, L=MADRID, C=ES",
"issuercn": "SUBCA GISS01",
"subject": "SERIALNUMBER=S2819001E + OID.2.5.4.97=VATES-S2819001E + CN=TSA AUTORIDAD DE SELLADO DE TIEMPO, OU=SERVICIOS DE CONFIANZA, O=SECRETARIA DE ESTADO DE LA SEGURIDAD SOCIAL, C=ES",
"subjectcn": "TSA AUTORIDAD DE SELLADO DE TIEMPO",
"subjectcountry": null,
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": null,
"etsitype": null,
"qscd": false,
"qualified": false,
"userinfo": null,
"orgainfo": null,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"expirederror": null,
"untrusted": false,
"untrustederror": null,
"revoked": false,
"revokederror": null,
"invalidsignature": false,
"invalidsignatureerror": null,
"valid": true,
"validerror": null,
"revocationdata": {
"type": "OCSP",
"source": "EMBEDDED",
"revoked": false,
"revocationdate": null,
"revocationreason": 0,
"certserialnumber": "57636ADE",
"errormessage": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "WVK5EXYR7CEK2AB2"
}
},
"signatureid": "Signature2",
"valid": true,
"integrity": true,
"profile": "Timestamp",
"extensions": "revinfo,timestamp",
"envelop": "Enveloped",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0BAQsFADCBxjELMAkGA1UEBhMCRVMxDzANBgNVBAcMBk1BRFJJRDExMC8GA1UECgwoVEVTT1...",
"signingtime": "2019-07-10T14:06:58",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
]
}

27.40. tsainfo object

The tsainfo object holds all the optional information relative to the time stamp servers used on a document signature performance.

tsainfo
Parameter	Type	Description
subjectcn	string	Time stamp server's identifier
url	string	Time stamp server's URL
serial	string	Time stamp server's SHA1SUM
cer	byte[]	Time stamp server's certificate public key

JSON Example
{ "subjectcn": "servidor.sellado", "url": "http://servidor.sellado", "serial": "73CF40966ECAA1E358984E23F4AA3B7D", "cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..." }

27.41. Caller object

The Caller object holds all the information relative to a call done to IvSign.

Caller
Parameter	Type	Description
app	string	Integration module
host	string	Client host
location	string	Client URL location
remoteuser	string	Client host user

JSON Example
{ "app": "miap", "host": "miuser-pc", "location": "miuser-pc", "remoteuser": "miuser" }

27.42. Hash object

The Caller object holds all the information relative to a basic IvSign signature.

Hash
Parameter	Type	Description
algorithm	string	Signature algorithm
digest	byte[]	Element to sign

JSON Example
{ "algorithm": "SHA512", "digest": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9..." }

27.43. KeyValue object

The KeyValue object holds two key value parameters, as a dictionary element.

KeyValue
Parameter	Type	Description
key	string	Key
value	string	Value

JSON Example
{ "key": "clave", "value": "valor" }

27.44. Page object

The Page object holds all the information relative to IvSign lists.
It appear in all the List methods. The client must set the total elements per page itemspage) and the page to show (id). The server will calculate number of pages (numpages) and the total number of elements (totalitems).

Page
Parameter	Type	Description
id	int	Page number
itemspage	int	Elements per page number
numpages	int	Number of pages
totalitems	int	Total number of elements

JSON Example
{ "id": 1, "itemspage": 10, "numpages": 5, "totalitems": 43 }

27.45. Error object

The Error object holds all the information relative to an error that may happens during a call to IvSign.
It comes in every keyman response. The code K0000 means there was no error during the call. The code K9999 means there was an unknown error during the call.

Error
Parameter	Type	Description
code	string	Error code
message	string	Error description
traceid	string	Keyman operation trace ID

JSON Example
{ "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }

IvSign services technical documentation / API V5

1. Initial considerations

1.1. Authentication

1.2. Modules

1.3. Organization license

1.4. Product license

1.5. User privileges level

2. Request/response protocol

2.1. REST service

2.2. SOAP service

3. Service authentication [Auth]

3.1. Obtaining session token [Auth/Login]

3.2. Obtaining session token [Auth/LoginToken]

3.3. Login check [Auth/Check]

3.4. Check login validation code [Auth/CheckValidation]

3.5. Impersonating user [Auth/Impersonate]

3.6. Password recovery [Auth/PasswordRecovery]

3.7. Check the possibility of changing a password [Auth/ProviderModifiablePass]

3.8. Token check [Auth/TokenCheck]

4. Auditory management [Audit]

4.1. Listing auditory records [Audit/List]

4.2. Obtaining auditory categories and action data [Audit/Info]

5. Authentication provider management [AuthProvider]

5.1. Listing authentication provider [AuthProvider/List]

6. Certificate management [Cert]

6.1. Importing certificates with private key [Cert/ImportPFX]

6.2. Deleting certificates [Cert/Del]

6.3. Obtaining certificate data [Cert/Get]

6.4. Listing certificates [Cert/List]

6.5. Setting certificate data [Cert/Set]

6.6. Getting certificate public key [Cert/CERGet]

6.7. Getting certificate certification chain [Cert/ChainGet]

6.8. Listing available certificates [Cert/ListAvailable]

6.9. Moving certificates [Cert/Move]

6.10. Checking certificate pin [Cert/PinCheck]

6.11. Setting a new pin to a certificate [Cert/PinSet]

6.12. Obtaining certificate provider certificate public key [Cert/RefGetCER]

6.13. Linking reference certificates [Cert/RefLink]

6.14. Listing certificate provider certificates [Cert/RefList]

6.15. Creating and installing certificates (1/3) [Cert/RSAGen]

6.16. Creating and installing certificates (2/3) [Cert/GenCSR]

6.17. Creating and installing certificates (3/3) [Cert/InstallCER]

6.18. Certificate replacement [Cert/Replace]

6.19. Searching certificates [Cert/Search]

7. Certificate providers management [CertProvider]

7.1. Listing certificate provider [CertProvider/List]

8. Bin certificates management [CertTrash]

8.1. Deleting bin certificates [CertTrash/Del]

8.2. Getting bin certificates data [CertTrash/Get]

8.3. Listing bin certificates [CertTrash/List]

8.4. Sending certificates to the certificate bin [CertTrash/Move]

8.5. Restoring bin certificates [CertTrash/Rest]

9. Configuration management [Config]

9.1. Creating configuration [Config/Add]

9.2. Deleting configuration [Config/Del]

9.3. Getting configuration [Config/Get]

9.4. Listing configurations [Config/List]

9.5. Setting configuration [Config/Set]

9.6. Getting public configuration [Config/PublicGet]

9.7. Listing public configuration [Config/PublicList]

10. Delegations management [Deleg]

10.1. Delegation creation [Deleg/Add]

10.2. Deleting delegation [Deleg/Del]

10.3. Getting delegation data [Deleg/Get]

10.4. Listing delegations [Deleg/List]

10.5. Setting delegation [Deleg/Set]

10.6. Listing allowed delegation users [Deleg/AllowedUserList]

10.7. Deleting delegated certificates [Deleg/CertDel]

10.8. Listing delegated certificates [Deleg/CertList]

10.9. Associating user to delegation [Deleg/UserAdd]

10.10. Deleting user from delegation [Deleg/UserDel]

11. Device management [Device]

11.1. Device creation [Device/Add]

11.2. Deleting devices [Device/Del]

11.3. Getting device data [Device/Get]

11.4. Listing devices [Device/List]

11.5. Setting devices [Device/Set]

12. Authorization petition management [Inquiry]

12.1. Getting inquiry [Inquiry/Get]

12.2. Setting inquiry [Inquiry/Set]