IvSign services technical documentation / API V4

  1. Initial considerations
    1. Authentication
    2. Modules
    3. Organization license
    4. Product license
    5. User privileges level
  2. Request/response protocol
    1. REST service
    2. SOAP service
  3. Service authentication [Auth]
    1. Obtaining session token [Auth/Login]
    2. Obtaining session token [Auth/LoginToken]
    3. Impersonating user [Auth/Impersonate]
    4. Password recovery [Auth/PasswordRecovery]
    5. Login check [Auth/LoginCheck]
    6. Check login validation code [Auth/LoginCheck_Validation]
    7. Token check [Auth/TokenCheck]
    8. Check the possibility of changing a password [Auth/ProviderModifiablePass]
  4. User management [User]
    1. User creation [User/Add]
    2. Obtaining user data [User/Get]
    3. Setting user data [User/Set]
    4. Deleting user [User/Del]
    5. Listing users [User/List]
    6. Searching users [User/Find]
    7. Obtaining user level [User/Level]
    8. Moving a user to another organization [User/OrgaMove]
    9. User creation [User/PublicAdd]
    10. Renaming users [User/Ren]
    11. Checking modifiable user fields [User/Modifiablefields]
  5. Certificate management [Cert]
    1. Obtaining certificate data [Cert/Get]
    2. Setting certificate data [Cert/Set]
    3. Deleting certificates [Cert/Del]
    4. Listing available certificates [Cert/ListAvailable]
    5. Checking certificate pin [Cert/PinCheck]
    6. Setting a new pin to a certificate [Cert/PinSet]
    7. Importing certificates with private key [Cert/ImportPFX]
    8. Getting certificate public key [Cert/CERGet]
    9. Getting certificate certification chain [Cert/ChainGet]
    10. Creating and installing certificates (1/3) [Cert/RSAGen]
    11. Creating and installing certificates (2/3) [Cert/GenCSR]
    12. Creating and installing certificates (3/3) [Cert/InstallCER]
    13. Listing certificates [Cert/List]
    14. Obtaining certificate provider certificate public key [Cert/RefCERGet]
    15. Listing certificate provider certificates [Cert/RefList]
    16. Certificate replacement [Cert/Replace]
    17. Searching certificates [Cert/Search]
    18. Linking reference certificates [Cert/RefLink]
    19. Moving certificates [Cert/Move]
  6. Bin certificates management [CertTrash]
    1. Deleting bin certificates [CertTrash/Del]
    2. Getting bin certificates data [CertTrash/Get]
    3. Listing bin certificates [CertTrash/List]
    4. Restoring bin certificates [CertTrash/Rest]
    5. Sending certificates to the certificate bin [CertTrash/Move]
  7. Public certificates management [PubCert]
    1. Creating public certificates [PubCert/Add]
    2. Obtención de certificados públicos [PubCert/Get]
    3. Setting public certificates [PubCert/Set]
    4. Deleting public certificates [PubCert/Del]
    5. Listing public certificates [PubCert/List]
  8. Public certificate management [PubCertBin]
    1. Creating public certificates [PubCertBin/Add]
    2. Getting public certificate data [PubCertBin/Get]
    3. Checking public certificate [PubCertBin/Check]
  9. Organizations management [Orga]
    1. Creating organizations [Orga/Add]
    2. Deleting organizations [Orga/Del]
    3. Getting organization data [Orga/Get]
    4. Listing organizations [Orga/List]
    5. Renaming organization [Orga/Ren]
    6. Setting organization data [Orga/Set]
  10. Device management [Device]
    1. Device creation [Device/Add]
    2. Deleting devices [Device/Del]
    3. Getting device data [Device/Get]
    4. Listing devices [Device/List]
    5. Setting devices [Device/Set]
  11. Authorization petition management [Inquiry]
    1. Getting inquiry [Inquiry/Get]
    2. Setting inquiry [Inquiry/Set]
  12. License management [License]
    1. Getting license data [License/Get]
  13. Auditory management [Audit]
    1. Listing auditory records [Audit/List]
    2. Obtaining auditory categories and action data [Audit/Info]
  14. Simple hashes signatures [Sign]
    1. Hash signature [Sign/Hash] ✍
    2. RSA Signature [Sign/RSA] ✍
    3. TSP signature [Sign/TSP] ✍
    4. PDF signature [Sign/PDF] ✍
  15. Document signatures [Signature]
    1. PDF document signature [Signature/Pades] ✍
    2. XML document signature [Signature/Xades] ✍
    3. Generic document signature [Signature/Cades] ✍
    4. PDF document time stamping [Signature/TimestampPdf] ✍
  16. Time stamp operations [TSP]
    1. Time stamp signature [TSP/Sign]
    2. Time stamp verification [TSP/Verify]
    3. PDF document time stamping [TSP/TimestampPdf]
  17. Verification operations [Verify]
    1. IvSign certificate verification [Verify/Cert]
    2. CA certificate verification [Verify/CER]
    3. Time stamp verification [Verify/TSP]
    4. Signed PDF document verification [Verify/Pades]
    5. Signed generic document verification [Verify/Cades]
    6. Signed XML document verification [Verify/Xades]
  18. External PKI integration management [PKI]
    1. Certificate request [PKI/Petition]
    2. Getting CA certificate's public key [PKI/CACERGet]
    3. Listing CA PKI certificates [PKI/CAList]
    4. Getting PKI certificate public key [PKI/CertCERGet]
    5. Generating PKI certificate [PKI/CertGen]
    6. Listing PKI certificates [PKI/CertList]
    7. Revoking PKI certificate [PKI/Revoke]
  19. Configuration management [Config]
    1. Creating configuration [Config/Add]
    2. Deleting configuration [Config/Del]
    3. Getting configuration [Config/Get]
    4. Listing configurations [Config/List]
    5. Getting public configuration [Config/PublicGet]
    6. Setting configuration [Config/Set]
  20. Delegations management [Deleg]
    1. Delegation creation [Deleg/Add]
    2. Deleting delegated certificates [Deleg/CertDel]
    3. Listing delegated certificates [Deleg/CertList]
    4. Deleting delegation [Deleg/Del]
    5. Getting delegation data [Deleg/Get]
    6. Listing delegations [Deleg/List]
    7. Setting delegation [Deleg/Set]
    8. Associating user to delegation [Deleg/UserAdd]
    9. Deleting user from delegation [Deleg/UserDel]
    10. Listing allowed delegation users [Deleg/UserListAllowed]
  21. Usage rules / Usage policies management [Rule]
    1. Creating usage rule [Rule/Add]
    2. Deleting rule [Rule/Del]
    3. Getting rule data [Rule/Get]
    4. Listing rule [Rule/List]
  22. Notification management [Notify]
    1. Getting notification [Notify/Get]
    2. Listing notification [Notify/List]
    3. Setting notification [Notify/Set]
  23. Statistics management [Stats]
    1. General system statistics [Stats/System]
    2. Organization and its child organization statistics [Stats/OrgaChain]
    3. Organization statistics [Stats/Orga]
    4. User statistics [Stats/User]
    5. Specific system statistic [Stats/DetailSys]
    6. Specific organization statistic [Stats/DetailOrga]
    7. Specific user statistic [Stats/DetailUser]
    8. Yearly organization signature statistic [Stats/OperationYear]
  24. Test [Test]
    1. Test method [Test/Test]
  25. IvSign common objects definition
    1. User object
    2. Cert object
    3. CertTrash object
    4. PubCert object
    5. PubCertBin object
    6. CertInfo object
    7. CertRef object
    8. Orga object
    9. Device object
    10. Inquiry object
    11. Audit object
    12. AuditInfo object
    13. SignPadesParams object
    14. SignXadesParams object
    15. SignCadesParams object
    16. PDFSignParams object
    17. TimeStampServerInfo object
    18. Biometry object
    19. SignLocation object
    20. SignPolicy object
    21. tsainfo object
    22. SignatureData object
    23. PKICert object
    24. Config object
    25. Deleg object
    26. Rule object
    27. Notify object
    28. StatsResult object
    29. StatSignResult object
    30. Stats object
    31. Page object
    32. KeyValue object
    33. Caller object
    34. Hash object
    35. Error object

1. Initial considerations

1.1. Authentication

Authentication on IvSign requires three parameters: user, password and organization. A part from that, as of IvSign version 8 (API 4), the parameters integration module and device are needed. More information about modules will be provided in further sections.
To be able to perform device authentication, the device must be authorized for the user who wants to authenticate. Depending on the user's organization or the authentication module it is possible that the device authorization won't be requested.

1.2. Modules

During user's authentication process, indicating module and its module key will be needed.
Each module has a list of methods and/or groups of methods that allow or deny the access to them. To know which methods are allowed to access or denied to access to depending on a module, please contact with the project manager.

1.3. Organization license

As of IvSign version 8 (API 4) organizations must have a license code. Associated to the license code, there signature privileges and monthly quantity restrictions. As well as limits on the quantity of users and certificates an organization can hold.
Those limits are maximum users and certificates an organization can hold. A part from that, this parameters allows or denies perform several actions: simple hash signatures, document signatures, time stamp signatures and verifications. As well as the monthly quantity allowed to be performed. To know the restrictions of a license code, contact with the project manager.

1.4. Product license

As of IvSign version 8 (API 4) all INHOUSE environments where IvSign is installed must have a product license. This license code has associated a maximum number of users, certificates and organizations a environment can hold. A part from that there are restrictions to perform several actions: simple hash signatures, document signatures, time stamp signatures and verifications. As well as the monthly quantity allowed to be performed. There are also some restrictions referring to IvSign components a environment can hold, such as keyman, certmanager, pscintegration or ivssm.

1.5. User privileges level

As of IvSign version 8 (API 4) the are four level user privileges: basic user, administrator user, super administrator user and system administrator user. Each one of these profiles is allowed to access some methods. On each detail method explanation there is an indication of which level privileges are required to access to it and the requested conditions to do it.

The administrator user is able to perform operations on itself and on its organization other users. As well as manage some aspect of the organization.
The super administrator user is able to perform more operations than an administrator user. A part from manage aspects not only of its organizations but also its child organization and all organizations that come from them. As well as manage their users.
The system administrator user is able to perform any action on any organization or users without restrictions.

2. Request/response protocol

It is possible to connect to IvSign's API through REST and SOAP protocols. Both protocols have the same methods and the same in and out object structure.
The methods are organized in categories. Some of them, such as the signature engine, may require a validation or a license in order to be used.

Consult with your project manager to obtain the URL and the credentials needed for a demo of the product in our demo environments.

2.1. REST service

REST service uses JSON notation for in and out of the service.
It is required a POST request to each operation URL with the request data.
The Auth category operations will return a session token. It will be needed on each operation and must be sent on the Authentication headline.

In order to access to each REST method it is needed to create the URL using the following example:
https://ENVIRONMENT/Keyman/rest/v4/CATEGORY/ACTION

For instance, to do a Login action in Auth category:
https://demo.ivsign.net/Keyman/rest/v4/auth/login

2.2. SOAP service

SOAP service uses WCF Microsoft services, allowing a quick implementation through .NET resources.
The Auth category operations will return a session token. It will be needed on each operation and must be sent as a parameter.

The URL service will depend on the environment it is wanted to access, using the following format:
https://ENVIRONMENT/Keyman/KeymanServiceV4.svc

Once the service is referenced, the operations described below in this document will be available. The name of each method will be the union between the category and the action.
For instance, to do a Login action in Auth category the .NET method would be:
AuthLoginResponse AuthLogin(AuthLoginRequest request);

3. Service authentication [Auth]

3.1. Obtaining session token [Auth/Login]

Obtaining a session token is done trough Auth/Login method using the following parameters.

Auth/Login - Request
ParameterTypeRequestedDescription
orgaidstringYesUser's organization
loginstringYesUser's identifier
passstringYesUser's password
modulestringYesIntegration module identifier
authmethodstringNoAuthentication method (pass, win o federated)
originstringNoConnection device name
modkeystringNoIntegration module key
modverstringNoIntegration module version
deviceinfostringNoConnection device information
Auth/Login - Response
ParameterTypeDescription
tokenstringSession token
userUserIvSign user object, contains authenticated user information
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orgaid": "miorga",
"login": "miuser",
"pass": "mipass",
"module": "testapi",
"authmethod": "pass",
"origin": "equipoprueba",
"modkey": "testapikey",
"modver": "4.0",
"deviceinfo": "{\"osuser\":\"osusertest\",\"osuserid\":\"osuseridtest\"...}"
}
JSON response
{
"token": "KV2BxG3kj5YvgQ3N1AOP7Oj7BNSUQot/T087Z+RdZReo=",
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

In this example the token is: KV2BxG3kj5YvgQ3N1AOP7Oj7BNSUQot/T087Z+RdZReo=

Auth/Login - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Auth/Login - Audits
OperationAudits
CorrectYes
IncorrectYes

3.2. Obtaining session token [Auth/LoginToken]

Obtaining a valid token using a valid token is done through Auth/LoginToken method.
This method allows to re-use valid user credentials through a valid token for generating a new one using another module and device.

Auth/LoginToken - Request
ParameterTypeRequestedDescription
modulestringYesIntegration module identifier
modkeystringNoIntegration module key
modulverstringNoIntegration module version
deviceinfostringNoConnection device information
Auth/LoginToken - Response
ParameterTypeDescription
tokenstringSession token
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"module": "testapi",
"modkey": "testapikey",
"modulver": "4.0",
"deviceinfo": "{\"osuser\":\"osusertest\",\"osuserid\":\"osuseridtest\"...}"
}
JSON response
{
"token": "KMmu6rUyQTUq8fFAxOKM1WR2uDekpGnND3BvAJvScInDF4TfF6rh4CqnayZfHdEiZ",
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

In this example the token is: KMmu6rUyQTUq8fFAxOKM1WR2uDekpGnND3BvAJvScInDF4TfF6rh4CqnayZfHdEiZ

Auth/LoginToken - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Auth/LoginToken - Audits
OperationAudits
CorrectYes
IncorrectYes

3.3. Impersonating user [Auth/Impersonate]

Impersonating other users is done through the [Auth/Impersonate] method.
This method is used to perform actions in the name of the impersonated used. It is not possible to impersonate users with higher privileges.

Auth/Impersonate - Request
ParameterTypeRequestedDescription
loginstringYesImpersonated user identifier
originstringNoConnection device name
Auth/Impersonate - Response
ParameterTypeDescription
tokenstringSession token
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"login": "miuserimpers",
"origin": "equipoprueba"
}
JSON response
{
"token": "KMmu6rUyQTUq8fFAxOKM1WR2uDekpGnND3BvAJvScInDF4TfF6rh4CqnayZfHdEiZ",
"user": {
"userid": "miuserimpers",
"extid": 000000000J,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "NombreImpers",
"lastname": "ApellidosImpers",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Auth/Impersonate - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe impersonated user must belong to the same organization as the agent user
Super AdministratorYesThe impersonated user must belong to the same organization as the agent user or to a child organization of this
Auth/Impersonate - Audits
OperationAudits
CorrectYes
IncorrectYes

3.4. Password recovery [Auth/PasswordRecovery]

Recovering passwords is done through the Auth/PasswordRecovery method.

Auth/PasswordRecovery - Request
ParameterTypeRequestedDescription
orgaidstringYesUser's organization
loginstringYesUser's identifier
modulestringYesIntegration module identifier
modverstringNoIntegration module version
modkeystringNoIntegration module key
Auth/PasswordRecovery - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orgaid": "miorga",
"login": "miuser",
"module": "testapi",
"modver": "4.0",
"modkey": "testapikey"
}
JSON response
{
"result": "true",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Auth/PasswordRecovery - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Auth/PasswordRecovery - Audits
OperationAudits
CorrectNo
IncorrectNo

3.5. Login check [Auth/LoginCheck]

Checking user's login without generating a token is done through Auth/LoginCheck method.
The method allows only Windows authentication or user/password authentication.

Auth/LoginCheck - Request
ParameterTypeRequestedDescription
orgaidstringNoUser's organization
loginstringYesUser's identifier
passstringYesUser's password
modulestringYesIntegration module identifier
authmethodstringNoAuthentication method
originstringNoConnection device name
modverstringNoIntegration module version
modkeystringNoIntegration module key
Auth/LoginCheck - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orgaid": "miorga",
"login": "miuser",
"pass": "mipass",
"module": "testapi",
"authmethod": "pass",
"origin": "equipoprueba",
"modver": "4.0",
"modkey": "testapikey"
}
JSON response
{
"result": "true",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Auth/LoginCheck - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Auth/LoginCheck - Audits
OperationAudits
CorrectNo
IncorrectNo

3.6. Check login validation code [Auth/LoginCheck_Validation]

Checking that the user validation code sent by email is correct is done through the Auth/LoginCheck_Validation method.

Auth/LoginCheck_Validation - Request
ParameterTypeRequestedDescription
orgaidstringYesUser's organization
loginstringYesUser's identifier
validationstringYesValidation code
Auth/LoginCheck_Validation - Response
ParameterTypeDescription
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orgaid": "miorga",
"login": "miuser",
"validation": "mivalidationcode"
}
JSON response
{
"user": {
"userid": "miuse",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "NombreImpers",
"lastname": "ApellidosImpers",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Auth/LoginCheck_Validation - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Auth/LoginCheck_Validation - Audits
OperationAudits
CorrectNo
IncorrectNo

3.7. Token check [Auth/TokenCheck]

Checking tokens is done through the Auth/TokenCheck method.

Auth/TokenCheck - Request
ParameterTypeRequestedDescription
tokenstringYesSession token
Auth/TokenCheck - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"token": "KV2BxG3kj5YvgQ3N1AOP7Oj7BNSUQot/T087Z+RdZReo="
}
JSON response
{
"result": "true",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Auth/TokenCheck - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Auth/TokenCheck - Audits
OperationAudits
CorrectNo
IncorrectNo

3.8. Check the possibility of changing a password [Auth/ProviderModifiablePass]

Checking that the users of an organization, or authentication provider, are able to change their passwords is done through the Auth/ProviderModifiablePass method.

Auth/ProviderModifiablePass - Request
ParameterTypeRequestedDescription
authproviderstringYesAuthentication provider identifier
Auth/ProviderModifiablePass - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"authprovider": "miauthprovider"
}
JSON response
{
"result": "true",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Auth/ProviderModifiablePass - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Auth/ProviderModifiablePass - Audits
OperationAudits
CorrectNo
IncorrectNo

4. User management [User]

4.1. User creation [User/Add]

Creating users is done through the User/Add method.
Administrator privileges or higher are needed.

User/Add - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringYesIvSign user ID
  user.emailstringYesUser's email direction
  user.orgaidstringYesUser's organization
  user.passstringNo (Yes if disablenotify = true)User's password (if not is specified, it will be randomly generated)
  user.namestringNoUser's name
  user.lastnamestringNoUser's last name
  user.phonestringNoUser's phone number
  user.identstringNoUser's identity card
  user.extidstringNoUser external identifier
  user.disabledboolNoEnabled/disabled user flag
  user.createdateDateTimeNoCreation user date
  user.adminboolNoPrivileges user level
  user.superadminboolNoPrivileges user level
disablenotifyboolNoAllows not to send a creation email
User/Add - Response
ParameterTypeDescription
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"userid": "miuser",
"extid": "miextid",
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"ident": "00000000T",
"disabled": false,
"createdate": "2018-08-22T08:49:39.768Z",
"admin": true,
"superadmin": false,
"pass": "123456",
"phone": "666666666"
},
"disablenotify": false
}
JSON response
{
"user": {
"userid": "miuse",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/Add - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe created user must belong to the same organization as the agent user
Super AdministratorYesThe created user must belong to the same organization as the agent user or to a child organization of this
User/Add - Audits
OperationAudits
CorrectYes
IncorrectYes

4.2. Obtaining user data [User/Get]

Obtaining user data is done through the User/Get method.
The method returns a specific user data.

User/Get - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.orgaidstringNoUser's organization
  user.useridstringNoIvSign user ID
  user.emailstringNoUser's email
  user.namestringNoUser's name
  user.lastnamestringNoUser's last name
  user.identstringNoUser's identity card
User/Get - Response
ParameterTypeDescription
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"orgaid": "miorga",
"userid": "miuser"
}
}
JSON response
{
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"valid": true,
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/Get - User permissions
UserAllowedConditions
BasicYesThe user to obtain must be the agent user
AdministratorYesThe user to obtain must belong to same organization as the agent user
Super AdministratorYesThe user to obtain must belong to same organization as the agent user or to a child organization of this
User/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

4.3. Setting user data [User/Set]

Setting user data is done through the User/Set method.
This method allows to change user personal data and its password.
The no null values established will be used to modify data of the user indicated on the user.userid field.

User/Set - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.orgaidstringYesUser's organization
  user.useridstringYesIvSign user ID
  user.langstringNoUser language
  user.emailstringNoUser's email direction
  user.passstringNoNew IvSign user password
  user.namestringNoUser's name
  user.lastnamestringNoUser's last name
  user.identstringNoUser's identity card
  user.phonestringNoUser's phone number
  user.disabledboolNoEnabled/disabled user flag
User/Set - Response
ParameterTypeDescription
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"userid": "miuser",
"orgaid": "miorga",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"ident": "12345678Z",
"disabled": false,
"pass": "123456",
"lang": "es",
"phone": "000000000"
}
}
JSON response
{
"user": {
"userid": "miuse",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/Set - User permissions
UserAllowedConditions
BasicYesThe user to set must be the agent user
AdministratorYesThe user to set must belong to same organization as the agent user
Super AdministratorYesThe user to set must belong to same organization as the agent user or to a child organization of this
User/Set - Audits
OperationAudits
CorrectYes
IncorrectYes

4.4. Deleting user [User/Del]

Deleting user is done through the User/Del method.
Only users without certificates can be deleted. A user can not delete itself. Administrator privileges or higher are needed to delete users

User/Del - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringYesIvSign user ID
  user.orgaidstringYesUser's organization
User/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"userid": "miuser",
"orgaid": "miorga"
}
}
JSON response
{
"result": "true",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/Del - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe user to delete must belong to same organization as the agent user
Super AdministratorYesThe user to delete must belong to same organization as the agent user or to a child organization of this
User/Del - Audits
OperationAudits
CorrectYes
IncorrectYes

4.5. Listing users [User/List]

Listing users is done through the User/List method.
The method list users depending on some filter parameters. Administrator privileges are needed.

User/List - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringNoUser ID filter
  user.orgaidstringNoOrganization ID filter
  user.emailstringNoUser's email filter
  user.namestringNoUser's name filter
  user.lastnamestringNoUser's last name filter
  user.identstringNoUser's identity card filter
  user.disabledboolNoUser enabled state filter
  user.phonestringNoUser's phone number filter
pagePageIvSign page object
User/List - Response
ParameterTypeDescription
userlistUser[]IvSign user object
pagePageIvSign page object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"orgaid": "miorga"
}
}
JSON response
{
"userlist": [
{
"userid": "miuser1",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre1",
"lastname": "Apellidos1",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
{
"userid": "miuser2",
"extid": 000000000P,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre2",
"lastname": "Apellidos2",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
}
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/List - User permissions
UserAllowedConditions
BasicNo
AdministratorYesOnly applicable to agent user organization
Super AdministratorYesOnly applicable to agent user organization or to a child organization of this
User/List - Audits
OperationAudits
CorrectNo
IncorrectNo

4.6. Searching users [User/Find]

Searching user's information is done through the User/Find method.
The difference between User/Get and User/Find is that User/Find search on any available authentication provider and create the user in the database if it doesn't exist.

User/Find - Request
ParameterTypeRequestedDescription
usidstringYesIvSign user ID
orgaidstringYesUser's organization
User/Find - Response
ParameterTypeDescription
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"usid": "miuser",
"orgaid": "miorga"
}
JSON response
{
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/Find - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorYesOnly applicable to agent user organization or to a child organization of this
User/Find - Audits
OperationAudits
CorrectNo
IncorrectNo

4.7. Obtaining user level [User/Level]

Obtaining user privileges level is done through the User/Level method.

User/Level - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringNoIvSign user ID
  user.orgaidstringNoUser's organization
User/Level - Response
ParameterTypeDescription
resultstringUser level: 10 -> basic user, 15 -> impersonated user, 20 -> administrator user, 30 -> super administrator user, 40 -> system administrator user
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"userid": "miuser",
"orgaid": "miorga"
}
}
JSON response
{
"result": "30",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/Level - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorYesOnly applicable to users that belong to same organization as the agent user or to a child organization of this
User/Level - Audits
OperationAudits
CorrectNo
IncorrectNo

4.8. Moving a user to another organization [User/OrgaMove]

Moving a user to another organization is done through the User/OrgaMove method.
Both organizations must belong to the agent user organization chain.

User/OrgaMove - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringYesIvSign user ID
  user.orgaidstringYesUser's organization
orgaOrgaIvSign organization object
  orga.orgaidstringYesNew user organization
User/OrgaMove - Response
ParameterTypeDescription
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"userid": "miuser",
"orgaid": "miorga"
},
"orga": {
"orgaid": "miorga2"
}
}
JSON response
{
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga2",
"orgachain": "root.miorgapadre.miorga2.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/OrgaMove - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorYesOnly applicable to users that belong to same organization as the agent user or to a child organization of this
User/OrgaMove - Audits
OperationAudits
CorrectYes
IncorrectYes

4.9. User creation [User/PublicAdd]

Creating new users without token session is done through the User/PublicAdd method.
All these users aren't valid, they will need to be validated once they will access to IvSign.

User/PublicAdd - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringYesIvSign user ID
  user.emailstringYesUser's email direction
  user.orgaidstringYesUser's organization
  user.passstringNo (Yes if disablenotify = true)Password (if not is specified, it will be randomly generated)
  user.namestringNoUser's name
  user.lastnamestringNoUser's last name
  user.phonestringNoUser's phone number
  user.identstringNoUser's identity card
  user.extidstringNoUser external identifier
  user.disabledboolNoEnabled/disabled user flag
  user.createdateDateTimeNoCreation user date
  user.adminboolNoPrivileges user level
  user.superadminboolNoPrivileges user level
disablenotifyboolNoAllows not to send a creation email
User/PublicAdd - Response
ParameterTypeDescription
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"userid": "miuserpublic",
"extid": "miextidpublic",
"orgaid": "miorga",
"email": "miuserpublic@ivsign.net",
"name": "NombrePublic",
"lastname": "ApellidosPublic",
"ident": "00000000T",
"disabled": false,
"createdate": "2018-08-22T08:49:39.768Z",
"admin": true,
"superadmin": false,
"pass": "123456",
"phone": "666666666"
},
"disablenotify": false
}
JSON response
{
"user": {
"userid": "miuserpublic",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserpublic@ivsign.net",
"name": "NombrePublic",
"lastname": "ApellidosPublic",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/PublicAdd - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
User/PublicAdd - Audits
OperationAudits
CorrectYes
IncorrectYes

4.10. Renaming users [User/Ren]

Renaming users, changing its userid, is done through the User/Ren method.
The renamed user will loose its previous auditory records.

User/Ren - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringYesIvSign user ID
  user.orgaidstringYesUser's organization
newuserUserIvSign user object
  newuser.useridstringYesNew IvSign user ID
User/Ren - Response
ParameterTypeDescription
userUserIvSign user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"userid": "miuser",
"orgaid": "miorga"
},
"newuser": {
"userid": "newmiuser"
}
}
JSON response
{
"user": {
"userid": "newmiuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/Ren - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe renamed user must belong to the same organization as the agent user
Super AdministratorYesThe renamed user must belong to the same organization as the agent user or to a child organization of this
User/Ren - Audits
OperationAudits
CorrectYes
IncorrectYes

4.11. Checking modifiable user fields [User/Modifiablefields]

Checking which user field are allowed to be modified is done through the User/Modifiablefields method.

User/Modifiablefields - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringNoIvSign user ID
  user.orgaidstringNoUser's organization
User/Modifiablefields - Response
ParameterTypeDescription
modifiablefieldsstring[]List of the modifiable fields
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"user": {
"userid": "miuser",
"orgaid": "miorga"
}
}
JSON response
{
"modifiablefields": [
"userid",
"extid",
"name",
"lastname",
"disabled",
"disabledreason",
"admin",
"superadmin",
"pass",
"lang",
"phone"
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
User/Modifiablefields - User permissions
UserAllowedConditions
BasicYesThe checked user must be the agent user
AdministratorYesThe checked user must belong to the same organization as the agent user
Super AdministratorYesThe checked user must belong to the same organization as the agent user or to a child organization of this
User/Modifiablefields - Audits
OperationAudits
CorrectNo
IncorrectNo

5. Certificate management [Cert]

5.1. Obtaining certificate data [Cert/Get]

Obtaining a certificate data is done through the Cert/Get method.

Cert/Get - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringNo (Yes if sha1sum and extid are empty)IvSign certificate ID
  cert.sha1sumstringNo (Yes if certid and extid are empty)Certificate SHA1SUM
  cert.extidstringNo (Yes if certid adn sha1sum are empty)Certificate external identifier
Cert/Get - Response
ParameterTypeDescription
certCertIvSign certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid":"8C41B4F2CC92"
}
}
JSON response
{
"cert": {
"certid": "8A05B4C5CC92",
"name": "testcert",
"orgaid": "TestOrg",
"userid": "testuser",
"descr": "descr cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-02-02T11:32:03",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2016-02-15T17:15:16",
"validto": "2019-02-14T17:15:16",
"serial": "054C3E61E13981",
"keysize": "2048",
"delegated": false,
"delegid": 0,
"oper": "operuser",
"linked": null,
"revoked": null,
"expired": null,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACC",
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/Get - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Cert/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

5.2. Setting certificate data [Cert/Set]

Modifying certificate data is done through the Cert/Set method.

Cert/Set - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.useridstringNoCertificate's user
  cert.orgaidstringNoCertificate's organization
  cert.disabledboolNoCertificate's state
  cert.namestringNoCertificate's name
  cert.descrstringNoCertificate's description
  cert.custom1stringNoCustom field 1
  cert.custom2stringNoCustom field 2
  cert.custom3stringNoCustom field 3
Cert/Set - Response
ParameterTypeDescription
certCertIvSign certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "8C41B4F2CC92",
"name": "DOC serie318d"
}
}
JSON response
{
"cert": {
"certid": "8A05B4C5CC92",
"name": "DOC serie318d",
"orgaid": "TestOrg",
"userid": "testuser",
"descr": "descr cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-02-02T11:32:03",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2016-02-15T17:15:16",
"validto": "2019-02-14T17:15:16",
"serial": "054C3E61E13981",
"keysize": "2048",
"delegated": false,
"delegid": 0,
"oper": "operuser",
"linked": null,
"revoked": null,
"expired": null,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACC",
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/Set - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Cert/Set - Audits
OperationAudits
CorrectYes
IncorrectYes

5.3. Deleting certificates [Cert/Del]

Deleting certificates is done through the Cert/Del method.
Once the certificate is erased, it is not possible to be recovered.

Cert/Del - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
Cert/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "8A05B4C5CC92"
}
}
JSON response
{
"result" : true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/Del - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Cert/Del - Audits
OperationAudits
CorrectYes
IncorrectYes

5.4. Listing available certificates [Cert/ListAvailable]

Listing currently available certificates is done through the Cert/ListAvailable method.
The method list only the certificates allowed to be used on the current application. Only agent user certificates will be listed. Those invalid certificates due to usage rules or policy rules won't be listed. Expired and/or revoked certificates may be omitted during the listing by having the hiderevoked and/or hideexpired configurations enabled.

Cert/ListAvailable - Request
ParameterTypeRequestedDescription
callerCallerIvSign caller object
certCertIvSign certificate object
  cert.linkedboolNoLinked certificate filter
  cert.revokedboolNoRevoked certificate filter
  cert.expiredboolNoExpired certificate filter
  cert.useridstringNoCertificate's user filter
  cert.orgaidstringNoCertificate's organization filter
dateDateTimeNoListing request moment
Cert/ListAvailable - Response
ParameterTypeDescription
certlistCert[]IvSign certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"caller": {
"app": "miapp",
"host": "mipc",
},
"cert": {
"userid":"miuser"
}
}
JSON response
{
"certlist" : [
{
"certid": "100000000001",
"name": "testcert1",
"userid": "miuser",
"orgaid": "MiOrg",
"serial": "054C3E61E13981",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"signalg": "sha256RSA",
"createdate": "2017-09-13T18:45:18",
"validfrom": "2017-04-03T09:48:18",
"validto": "2022-04-02T09:48:18",
"keysize": "2048"
},
{
"certid": "100000000002",
"name": "testcert2",
"userid": "miuser",
"orgaid": "MiOrg",
"serial": "054C6E61F02951",
"subject": "CN=test2, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test2",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"signalg": "sha256RSA",
"createdate": "2017-09-13T18:45:22",
"validfrom": "2017-04-03T09:48:22",
"validto": "2022-04-02T09:48:22",
"keysize": "2048"
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/ListAvailable - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Cert/ListAvailable - Audits
OperationAudits
CorrectNo
IncorrectNo

5.5. Checking certificate pin [Cert/PinCheck]

Checking certificates pin is done through the Cert/PinCheck method.

Cert/PinCheck - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.pinstringYesCertificate's access pin
Cert/PinCheck - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "8C41B4F2CC92",
"pin": "123#@Abc"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/PinCheck - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Cert/PinCheck - Audits
OperationAudits
CorrectNo
IncorrectYes

5.6. Setting a new pin to a certificate [Cert/PinSet]

Setting a new pin to a certificate is done through the Cert/PinSet method.

Cert/PinSet - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.newpinstringYesNew certificate's pin
  cert.pinstringYesCurrent certificate's pin
Cert/Set - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "8C41B4F2CC92",
"pin": "##pinactual##"
"newpin": "##nuevopin##"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/PinSet - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Cert/PinSet - Audits
OperationAudits
CorrectYes
IncorrectYes

5.7. Importing certificates with private key [Cert/ImportPFX]

Importing certificates PFX or P12 with private key is done through the Cert/ImportPFX method.
The method imports the certificate to the agent user or to the specified user.

Cert/ImportPFX - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.namestringYesCertificate's name
  cert.useridstringNoCertificate recipient user
  cert.orgaidstringNoCertificate recipient organization
  cert.descrstringNoCertificate's description
  cert.pinstringNo (Yes if newpin is empty)Certificate's pin
  cert.newpinstringNo (Yes if pin is empty)Certificate's pin
  cert.custom1stringNoCustom field 1
  cert.custom2stringNoCustom field 2
  cert.custom3stringNoCustom field 3
  cert.extidstringNoCertificate external identifier
pfxdatabyte[]YesPFX/P12 certificate
pfxpassstringYesPFX/P12 certificate's password
Cert/ImportPFX - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
certCertIvSign certificate object

Request and response example:

JSON request
{
"cert": {
"userid": "testuser",
"orgaid": "testorga",
"name": "testcert",
"descr": "descr cert",
"newpin": "PinAcceso"
},
"pfxdata": "MIIhJgIBAz...",
"pfxpass": "ContraseñaAcceso"
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"cert": {
"certid": "8A05B4C5CC92",
"name": "testcert",
"orgaid": "TestOrg",
"userid": "testuser",
"descr": "descr cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-02-02T11:32:03",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2016-02-15T17:15:16",
"validto": "2019-02-14T17:15:16",
"serial": "054C3E61E13981",
"keysize": "2048",
"delegated": false,
"delegid": 0,
"oper": "operuser",
"linked": null,
"revoked": null,
"expired": null,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACC",
}
}
Cert/ImportPFX - User permissions
UserAllowedConditions
BasicYesThe recipient user must be the agent user
AdministratorYesThe recipient user must belong to the same organization as the agent user
Super AdministratorYesThe recipient user must belong to the same organization as the agent user or to a child organization of this
Cert/ImportPFX - Audits
OperationAudits
CorrectYes
IncorrectYes

5.8. Getting certificate public key [Cert/CERGet]

Getting certificate public key is done through the Cert/CERGet method.

Cert/CERGet - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
Cert/CERGet - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
cerstringIvSign certificate object

Request and response example:

JSON request
{
"cert": {
"certid": "8C41B4F2CC92"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"cert": "MIIhJgIBAz..."
}
Cert/CERGet - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Cert/CERGet - Audits
OperationAudits
CorrectNo
IncorrectNo

5.9. Getting certificate certification chain [Cert/ChainGet]

Getting certificate certification complete chain, as of its immediate superior CA until root certificate (if it is possible) is done through the Cert/ChainGet method.

Cert/ChainGet - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.useridstringNoCertificate's user
  cert.orgaidstringNoCertificate's organization
Cert/ChainGet - Response
ParameterTypeDescription
certlistPubCert[]IvSign public certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "8C41B4F2CC92"
}
}
JSON response
{
"certlist": [
{
"sha1sum": "F82701F8E04770F3448C19070F9B2158B16621A0",
"sha1sumissuer": "A6F77FA47AB32A37E6DB483D7426B7641741601D",
"cer": "MIIGDzCCBP...",
"subject": "CN=test2, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=AC Camerfirma, O=AC Camerfirma SA, L=Madrid (see current address at www.camerfirma.com/address), SERIALNUMBER=A82743287, E=ac_camerfirma@camerfirma.com, C=ES",
"alias": "",
"serial": "01",
"validfrom": "2003-12-04T18:26:41Z",
"validto": "2023-12-04T18:26:41Z",
"revokeddate": null,
"isroot": false,
"isca": true
},
{
"sha1sum": "A6F77FA47AB32A37E6DB483D7426B7641741601D",
"sha1sumissuer": "339B6B1450249B557A01877284D9E02FC3D2D8E9",
"cer": "MIIFnTCCBI...",
"subject": CN=test2, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU",
"alias": "",
"serial": "02",
"validfrom": "2003-11-14T14:49:08Z",
"validto": "2033-11-14T14:49:08Z",
"revokeddate": null,
"isroot": false,
"isca": true
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/ChainGet - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Cert/ChainGet - Audits
OperationAudits
CorrectNo
IncorrectNo

5.10. Creating and installing certificates (1/3) [Cert/RSAGen]

Creating and installing certificates is done through 3 methods. The first one is the Cert/RSAGen.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method generates certificate public and private key.

Cert/RSAGen - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.useridstringNoCertificate's user
  cert.orgaidstringNoCertificate's organization
  cert.pinstringNo (Yes if newpin is empty)Certificate's pin
  cert.newpinstringNo (Yes if pin is empty)Certificate's pin
  cert.keysizestringNoCertificate's private key size
  cert.namestringNoCertificate's name
  cert.descrstringNoCertificate's description
  cert.certproviderstringNoCertificate's provider
  cert.typestringNoIvSign certificate type
Cert/RSAGen - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
certCertIvSign public certificate object

Request and response example:

JSON request
{
"cert": {
"pin": "123@#Abc",
"keysize": "2048"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"cert": {
"certid": "8B9BC4CC3CA2",
"name": null,
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": true,
"createdate": "2018-08-23T08:02:59Z",
"subject": "CN=None",
"subjectcn": "None",
"issuer": "CN=None",
"issuercn": "None",
"validfrom": "2018-08-23T08:02:59Z",
"validto": "2018-08-23T08:02:59Z",
"serial": "0x0",
"keysize": "2048",
"signalg": "None",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "user1",
"linked": false,
"createmethod": "Generate",
"createmodule": "unknown",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": null,
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
}
Cert/RSAGen - User permissions
UserAllowedConditions
BasicYesThe recipient user must be the agent user
AdministratorYesThe recipient user must belong to the same organization as the agent user
Super AdministratorYesThe recipient user must belong to the same organization as the agent user or to a child organization of this
Cert/RSAGen - Audits
OperationAudits
CorrectNo
IncorrectYes

5.11. Creating and installing certificates (2/3) [Cert/GenCSR]

Creating and installing certificates is done through 3 methods. The second one is the Cert/GenCSR.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method sets subject parameter to the certificate.

Cert/GenCSR - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID en IvSign
  cert.useridstringNoCertificate's user
  cert.orgaidstringNoCertificate's organization
  cert.pinstringYesCertificate's pin
subjectstring[]YesCertificate's subject parameters
Cert/GenCSR - Response
ParameterTypeDescription
databyte[]Certificate's public key
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "8B9BC4CC3CA2",
"pin": "123@#Abc"
},
"subject":
[
"CN=test2",
"OU=User",
"O=Test S.L.",
"L=Valencia",
"C=ES"
]
}
JSON response
{
"data": "MIICUjCCAToCAQAwDz...",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/GenCSR - User permissions
UserAllowedConditions
BasicYesThe recipient user must be the agent user
AdministratorYesThe recipient user must belong to the same organization as the agent user
Super AdministratorYesThe recipient user must belong to the same organization as the agent user or to a child organization of this
Cert/GenCSR - Audits
OperationAudits
CorrectNo
IncorrectYes

5.12. Creating and installing certificates (3/3) [Cert/InstallCER]

Creating and installing certificates is done through 3 methods. The third one is the Cert/InstallCER.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method installs the public certificate key into IvSign. This public key must be signed by the proper CA.

Cert/InstallCER - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID en IvSign
  cert.useridstringNoCertificate's user
  cert.orgaidstringNoCertificate's organization
  cert.pinstringYesCertificate's pin
cerbinbyte[]YesCertificate's public key
Cert/InstallCER - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "8B9BE8769658",
"pin": "Abc123"
},
"cerbin": "MIID/zCCAuegAwIBAgIFR0FzcWQwDQYJ..."
}
JSON response
{
"result": "true",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/InstallCER - User permissions
UserAllowedConditions
BasicYesThe recipient user must be the agent user
AdministratorYesThe recipient user must belong to the same organization as the agent user
Super AdministratorYesThe recipient user must belong to the same organization as the agent user or to a child organization of this
Cert/InstallCER - Audits
OperationAudits
CorrectYes
IncorrectYes

5.13. Listing certificates [Cert/List]

Listing certificates is done through the Cert/List method.
The list can contain from a user's certificates up to all system's certificates, depending on agent user privileges.

Cert/List - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.useridstringNoUser ID filter
  cert.orgaidstringNoOrganization ID filter
pagePageIvSign page object
Cert/List - Response
ParameterTypeDescription
certlistCert[]IvSign certificate object
errorErrorIvSign error object, contains keyman operation error code result
pagePageIvSign page object

Request and response example:

JSON request
{
"cert":{
"userid": "miuser",
"orgaid": "miorga"
}
}
JSON response
{
"certlist": [
{
"certid": "8A62437FBF89",
"name": "Juanito",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 8.0",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACF",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
},
{
"certid": "8A62437FBF85",
"name": "Juanito",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 8.0",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "6D8174240C8120A934C11804F555F213DE955555",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}
Cert/List - User permissions
UserAllowedConditions
BasicYesThe certificates must belong to the agent user
AdministratorYesThe certificates must belong to the same organization as the agent user
Super AdministratorYesThe certificates must belong to the same organization as the agent user or to a child organization of this
Cert/List - Audits
OperationAudits
CorrectNo
IncorrectNo

5.14. Obtaining certificate provider certificate public key [Cert/RefCERGet]

Obtaining certificate provider, CA, certificate public key is done through the Cert/RefCERGet method.

Cert/RefCERGet - Request
ParameterTypeRequestedDescription
certproviderstringYesCertificate's provider
idstringYesIvSign certificate ID
Cert/RefCERGet - Response
ParameterTypeDescription
cerbyte[]Certificates public key
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"certprovider": "dbsecure",
"id": "8A62437FBF85"
}
JSON response
{
"data": "MIICUjCCAToCAQAwDz...",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/RefCERGet - User permissions
UserAllowedConditions
BasicNo
AdministratorYes
Super AdministratorYes
Cert/RefCERGet - Audits
OperationAudits
CorrectNo
IncorrectNo

5.15. Listing certificate provider certificates [Cert/RefList]

Listing certificate provider certificates, CA, is done through the Cert/RefList method.

Cert/RefList - Request
ParameterTypeRequestedDescription
Without request parameters
Cert/RefList - Response
ParameterTypeDescription
certreflistCertRef[]IvSign reference certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{}
JSON response
{
"certreflist": [
{
"id": "61376F3768372D65636473612D3139303732303138",
"certprovider": "realsec",
"data": "MIIBMDCB5qADAgECAg..."
},
{
"id": "617061636865327465737431",
"certprovider": "realsec",
"data": "MIIDRDCCAiygAwIBAg..."
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/RefList - User permissions
UserAllowedConditions
BasicNo
AdministratorYes
Super AdministratorYes
Cert/RefList - Audits
OperationAudits
CorrectNo
IncorrectNo

5.16. Certificate replacement [Cert/Replace]

Certificate replacement is done through the Cert/Replace method.
This method can be used, for instance, when a certificate is about to expire. It can be replaced for its substitute and all the delegations and referred properties will be assigned to the new one.

Cert/Replace - Request
ParameterTypeRequestedDescription
newCertCertIvSign certificate object
  newCert.certidstringYesIvSign certificate ID en IvSign
  newCert.pinstringYesCertificate's pin
oldCertCertIvSign certificate object
  oldCert.certidstringYesIvSign certificate ID en IvSign
  oldCert.pinstringYesCertificate's pin
undoboolNoIndicates if the operation is a certificate replacement or back to the original one
Cert/Replace - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
replacedboolResult, correct or incorrect

Request and response example:

JSON request
{
"newCert": {
"certid": "8A62437FBF89",
"pin": "123#@Abc"
},
"oldCert": {
"certid": "8A62437FBF85",
"pin": "Abc@#123"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"replaced": true
}
Cert/Replace - User permissions
UserAllowedConditions
BasicYesThe certificates must belong to the agent user
AdministratorYesThe certificates must belong to a user that belong to the same organization as the agent user
Super AdministratorYesThe certificates must belong to a user that belong to the same organization as the agent user or to a child organization of this
Cert/Replace - Audits
OperationAudits
CorrectYes
IncorrectYes

5.17. Searching certificates [Cert/Search]

Searching certificates by its public key is done through the Cert/Search method.

Cert/Search - Request
ParameterTypeRequestedDescription
certbinbyte[]YesCertificate public key
Cert/Search - Response
ParameterTypeDescription
certlistCert[]IvSign certificate object
errorErrorIvSign error object, contains keyman operation error code result
pagePageIvSign page object

Request and response example:

JSON request
{
"certbin": "MIIKzjCCCLagAwIBAgIIFdG9GevW/cEwD..."
}
JSON response
{
"certlist": [
{
"certid": "882D1394205D",
"name": "NOMBRE PROPIETARIO",
"orgaid": "orgavisabuelo",
"userid": "user6",
"descr": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2017-06-12T12:50:33Z",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555...",
"subjectcn": "NOMBRE PROPIETARIO - 00000000",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"issuercn": "Camerfirma AAPP II - 2014",
"validfrom": "2017-06-12T12:50:48Z",
"validto": "2020-06-11T12:50:48Z",
"serial": "15D1BD19EBD6FDC1",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "user1",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": true,
"expired": false,
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": null
}
Cert/Search - User permissions
UserAllowedConditions
BasicNo
AdministratorYes
Super AdministratorYes
Cert/Search - Audits
OperationAudits
CorrectNo
IncorrectNo

5.18. Linking reference certificates [Cert/RefLink]

Linking reference certificates, CA certificates, to a user is done through the Cert/RefLink method.

Cert/RefLink - Request
ParameterTypeRequestedDescription
certrefCertRefIvSign reference certificate object
  certref.certproviderstringYesCertificate's provider
certCertIvSign certificate object
  cert.useridstringNoIvSign user ID, recipient user
  cert.orgaidstringNoUser's organization
  cert.pinstringNo (Yes if newpin is empty)Certificate's pin
  cert.newpinstringNo (Yes if pin is empty)Certificate's pin
Cert/RefLink - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
certCertIvSign certificate object

Request and response example:

JSON request
{
"certref": {
"certprovider": "dbsecure"
},
"cert": {
"orgaid": "miorga",
"userid": "miuser",
"pin": "Abc@#123"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"cert": {
"certid": "882D1394205D",
"name": "NOMBRE PROPIETARIO",
"orgaid": "miorga",
"userid": "miuser",
"descr": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2017-06-12T12:50:33Z",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555...",
"subjectcn": "NOMBRE PROPIETARIO - 00000000",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"issuercn": "Camerfirma AAPP II - 2014",
"validfrom": "2017-06-12T12:50:48Z",
"validto": "2020-06-11T12:50:48Z",
"serial": "15D1BD19EBD6FDC1",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": true,
"createmethod": "",
"createmodule": "",
"newpin": null,
"pin": null,
"revoked": true,
"expired": false,
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
}
Cert/RefLink - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe recipient user must belong to the same organization as the agent user
Super AdministratorYesThe recipient user must belong to the same organization as the agent user or to a child organization of this
Cert/RefLink - Audits
OperationAudits
CorrectYes
IncorrectYes

5.19. Moving certificates [Cert/Move]

Moving certificates from one user to another is done through the Cert/Move method.

Cert/Move - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
userUserIvSign user object
  user.useridstringYesUser's ID
  user.orgaidstringNoUser's organization
Cert/Move - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
certCertIvSign certificate object

Request and response example:

JSON request
{
"cert": {
"certid": "882D1394205D"
},
"user": {
"userid": "user6"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
"cert": {
"certid": "882D1394205D",
"name": "NOMBRE PROPIETARIO",
"orgaid": "orgavisabuelo",
"userid": "user6",
"descr": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2017-06-12T12:50:33Z",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555...",
"subjectcn": "NOMBRE PROPIETARIO - 00000000",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"issuercn": "Camerfirma AAPP II - 2014",
"validfrom": "2017-06-12T12:50:48Z",
"validto": "2020-06-11T12:50:48Z",
"serial": "15D1BD19EBD6FDC1",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "user1",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": true,
"expired": false,
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}

}
Cert/Move - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe recipient user must belong to the same organization as the agent user
Super AdministratorYesThe recipient user must belong to the same organization as the agent user or to a child organization of this
Cert/Move - Audits
OperationAudits
CorrectYes
IncorrectYes

6. Bin certificates management [CertTrash]

6.1. Deleting bin certificates [CertTrash/Del]

Deleting certificates from the certificate's bin is done through the CertTrash/Del method.
Once the certificate is erased, it is not possible to be recovered.

CertTrash/Del - Request
ParameterTypeRequestedDescription
certtrashCertTrashIvSign trash certificate object
  certtrash.certidstringYesIvSign trash certificate ID
CertTrash/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"certtrash": {
"certid": "882D1394205D"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
CertTrash/Del - User permissions
UserAllowedConditions
BasicYesThe certificate must belong the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
CertTrash/Del - Audits
OperationAudits
CorrectYes
IncorrectYes

6.2. Getting bin certificates data [CertTrash/Get]

Getting bin certificates data is done through the CertTrash/Get method.

CertTrash/Get - Request
ParameterTypeRequestedDescription
certtrashCertTrashIvSign trash certificate object
  certtrash.certidstringYesIvSign trash certificate ID
CertTrash/Get - Response
ParameterTypeDescription
certtrashCertTrashIvSign trash certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"certtrash": {
"certid": "882D1394205D"
}
}
JSON response
{
"certtrash": {
"certid": "882D1394205D",
"name": "miuser",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL, G=JUAN,...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA,...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACB",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": "0001-01-01T00:00:00",
"replaces": null,
"replacement": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
CertTrash/Get - User permissions
UserAllowedConditions
BasicYesThe certificate must belong the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
CertTrash/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

6.3. Listing bin certificates [CertTrash/List]

Listing certificate bin certificates is done through the CertTrash/List.
The list can contain from a user's certificates up to all system's certificates, depending on agent user privileges.

CertTrash/List - Request
ParameterTypeRequestedDescription
certtrashCertTrashIvSign trash certificate object
  certtrash.useridstringNoCertificate's user
  certtrash.orgaidstringNoCertificate's organization
CertTrash/List - Response
ParameterTypeDescription
certtrashlistCertTrash[]IvSign trash certificate object
errorErrorIvSign error object, contains keyman operation error code result
pagePageIvSign page object

Request and response example:

JSON request
{
"certtrash": {
"userid": "miuser",
"orgaid": "miorga"
}
}
JSON response
{
"certtrashlist": [
{
"certid": "8A62437FBF81",
"name": "miuser",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL, G=JUAN,...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287, L=Valencia,...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACB",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": "0001-01-01T00:00:00",
"replaces": null,
"replacement": false
},
{
"certid": "8A62437FBF82",
"name": "miuser",
"orgaid": "miorgas",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL, G=JUAN,...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287, L=Valencia,...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": null,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": null,
"expired": null,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACB",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": "0001-01-01T00:00:00",
"replaces": null,
"replacement": false
},
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}
CertTrash/List - User permissions
UserAllowedConditions
BasicYesThe certificates must belong the agent user
AdministratorYesThe certificates must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificates must belong to a user that belongs to the same organization as the agent user or to a child organization of this
CertTrash/List - Audits
OperationAudits
CorrectNo
IncorrectNo

6.4. Restoring bin certificates [CertTrash/Rest]

Restoring certificates from the certificates bin is done through the CertTrash/Rest method.
The CertTrash object becomes a Cert object.

CertTrash/Rest - Request
ParameterTypeRequestedDescription
certtrashCertTrashIvSign trash certificate object
  certtrash.certidstringYesIvSign trash certificate ID
CertTrash/Rest - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"certtrash": {
"certid": "882D1394205D"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
CertTrash/Rest - User permissions
UserAllowedConditions
BasicYesThe certificate must belong the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
CertTrash/Rest - Audits
OperationAudits
CorrectYes
IncorrectYes

6.5. Sending certificates to the certificate bin [CertTrash/Move]

Sending certificates to the certificate bin is done through the CertTrash/Move method.
The Cert object becomes a CertTrash object.

Cert/Move - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
Cert/Move - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert":{
"certid": "8A62437FBF85"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Cert/Move - User permissions
UserAllowedConditions
BasicYesThe certificate must belong the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Cert/Move - Audits
OperationAudits
CorrectYes
IncorrectYes

7. Public certificates management [PubCert]

7.1. Creating public certificates [PubCert/Add]

Creating new public certificates on IvSing using its public key is done through the PubCert/Add method.

PubCert/Add - Request
ParameterTypeRequestedDescription
pubcertPubCertIvSign public certificate object
  pubcert.useridstringNoPublic certificate's user
  pubcert.orgaidstringNoPublic certificate's organization
  pubcert.aliasstringYesPublic certificate's alias
cerbyte[]YesPublic certificate
PubCert/Add - Response
ParameterTypeDescription
resultPubCertIvSign public certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pubcer":{
"userid": "miuser",
"orgaid": "miorga",
"alias": "mipubcert"
}
"cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev..."
}
JSON response
{
"result": {
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PubCert/Add - User permissions
UserAllowedConditions
BasicYesThe recipient user must be the agent user
AdministratorYesThe recipient user must belong to the same organization as the agent user
Super AdministratorYesThe recipient user must belong to the same organization as the agent user or to a child organization of this
PubCert/Add - Audits
OperationAudits
CorrectNo
IncorrectNo

7.2. Obtención de certificados públicos [PubCert/Get]

Método para obtener un certificado público de IvSign.

PubCert/Get - Request
ParameterTypeRequestedDescription
pubcertPubCertIvSign public certificate object
  pubcert.pubcertidstringNoIvSign public certificate ID
  pubcert.useridstringNoPublic certificate's user
  pubcert.orgaidstringNoUser's organization
  pubcert.sha1sumstringNoCertificate's SHA1SUM
PubCert/Get - Response
ParameterTypeDescription
resultPubCertIvSign public certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pubcert": {
"pubcertid": "8C7792DAA0A5"
}
}
JSON response
{
"result": {
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PubCert/Get - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
PubCert/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

7.3. Setting public certificates [PubCert/Set]

Setting public certificates is done through the PubCert/Set method.

PubCert/Set - Request
ParameterTypeRequestedDescription
pubcertPubCertIvSign public certificate object
  pubcert.pubcertidstringYesIvSign public certificate ID
  pubcert.aliasstringYesPublic certificate's alias
  pubcert.useridstringNoPublic certificate's user
  pubcert.orgaidstringNoPublic certificate's organization
  pubcert.sha1sumstringNoCertificate's SHA1SUM
PubCert/Set - Response
ParameterTypeDescription
resultPubCertIvSign public certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pubcert": {
"pubcertid": "8C7792DAA0A5",
"alias": "mipubcert modificado"
}
}
JSON response
{
"result": {
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert modificado",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PubCert/Set - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
PubCert/Set - Audits
OperationAudits
CorrectNo
IncorrectNo

7.4. Deleting public certificates [PubCert/Del]

Deleting public certificates is done through the PubCert/Del method.

PubCert/Del - Request
ParameterTypeRequestedDescription
pubcertPubCertIvSign public certificate object
  pubcert.pubcertidstringYesIvSign public certificate ID
PubCert/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pubcert": {
"pubcertid": "8C7792DAA0A5"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PubCert/Del - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
PubCert/Del - Audits
OperationAudits
CorrectNo
IncorrectNo

7.5. Listing public certificates [PubCert/List]

Listing public certificates is done through the PubCert/List method.

PubCert/List - Request
ParameterTypeRequestedDescription
pubcertPubCertIvSign public certificate object
  pubcert.pubcertidstringNoIvSign public certificate ID
  pubcert.useridstringNoPublic certificate's user
  pubcert.orgaidstringNoPublic certificate's organization
  pubcert.sha1sumstringNoCertificate's SHA1SUM
pagePageIvSign page object
PubCert/List - Response
ParameterTypeDescription
resultPubCert[]IvSign public certificate object
errorErrorIvSign error object, contains keyman operation error code result
pagePageIvSign page object

Request and response example:

JSON request
{
"pubcert": {
"userid": "miuser"
}
}
JSON response
{
"result": [
{
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
{
"pubcertid": "8C7792DAA0A6",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf15",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26f",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}
PubCert/List - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
PubCert/List - Audits
OperationAudits
CorrectNo
IncorrectNo

8. Public certificate management [PubCertBin]

8.1. Creating public certificates [PubCertBin/Add]

Creating public certificates is done through the PubCertBin/Add method.

PubCertBin/Add - Request
ParameterTypeRequestedDescription
cerbyte[]YesCertificate's public key
PubCertBin/Add - Response
ParameterTypeDescription
resultPubCertBinIvSign public bin certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev..."
}
JSON response
{
"result": {
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev...",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PubCertBin/Add - User permissions
UserAllowedConditions
BasicNo
AdministratorYes
Super AdministratorYes
PubCertBin/Add - Audits
OperationAudits
CorrectNo
IncorrectNo

8.2. Getting public certificate data [PubCertBin/Get]

Getting public certificate data using its fingerprint is done through the PubCertBin/Get method.

PubCertBin/Get - Request
ParameterTypeRequestedDescription
fingerprintstringYesPublic bin certificate's fingerprint
PubCertBin/Get - Response
ParameterTypeDescription
resultPubCertBinIvSign public bin certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"fingerprint": "09931e3ecdb89c5f4750987797af9324ad1adf14"
}
JSON response
{
"result": {
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev...",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PubCertBin/Get - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
PubCertBin/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

8.3. Checking public certificate [PubCertBin/Check]

Checking if a public certificate exists in IvSing is done through the PubCertBin/Check method.

PubCertBin/Check - Request
ParameterTypeRequestedDescription
fingerprintstringYesPublic bin certificate's fingerprint
PubCertBin/Check - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"fingerprint": "09931e3ecdb89c5f4750987797af9324ad1adf14"
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PubCertBin/Check - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
PubCertBin/Check - Audits
OperationAudits
CorrectNo
IncorrectNo

9. Organizations management [Orga]

9.1. Creating organizations [Orga/Add]

Creating organizations in IvSign is done through the Orga/Add method.

Orga/Add - Request
ParameterTypeRequestedDescription
orgaOrgaIvSign organization object
  orga.orgaidstringYesIvSign organization ID
  orga.descrstringNoOrganization's description
  orga.parentstringNoOrganization's parent
  orga.extidstringNoOrganization's external identifier
  orga.licensestringNoOrganization's license code
Orga/Add - Response
ParameterTypeDescription
orgaOrgaIvSign organization object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orga": {
"orgaid": "miorga",
"parent": "miorgapadre"
}
}
JSON response
{
"orga": {
"orgaid": "miorga",
"extid": null,
"descr": "miorga",
"parent": "miorgapadre",
"chain": "root.miorgapadre.miorga.",
"license": null,
"createdate": "2018-08-24T06:16:49Z"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Orga/Add - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorYesThe created organization must have agent user organization on its organization chain
Orga/Add - Audits
OperationAudits
CorrectYes
IncorrectYes

9.2. Deleting organizations [Orga/Del]

Deleting organizations is done through the Orga/Del method.
The organization must hold no users nor certificates.

Orga/Del - Request
ParameterTypeRequestedDescription
orgaOrgaIvSign organization object
  orga.orgaidstringYesIvSign organization ID
Orga/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orga": {
"orgaid": "miorga"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Orga/Del - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorYesThe organization must have agent user organization on its organization chain
Orga/Del - Audits
OperationAudits
CorrectYes
IncorrectYes

9.3. Getting organization data [Orga/Get]

Getting organization data is done through the Orga/Get method.

Orga/Get - Request
ParameterTypeRequestedDescription
orgaOrgaIvSign organization object
  orga.orgaidstringNo (Yes if extid and license are empty)IvSign organization ID
  orga.extidstringNo (Yes if orgaid and license are empty)Organization's external identifier
  orga.licensestringNo (Yes if orgaid and extid are empty)Organization's license code
Orga/Get - Response
ParameterTypeDescription
orgaOrgaIvSign organization object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orga": {
"orgaid": "miorga"
}
}
JSON response
{
"orga": {
"orgaid": "miorga",
"extid": null,
"descr": "miorga",
"parent": "miorgapadre",
"chain": "root.miorgapadre.miorga.",
"license": null,
"createdate": "2018-08-24T06:16:49Z"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Orga/Get - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe agent user must belong to the organization
Super AdministratorYesThe organization must have agent user organization on its organization chain
Orga/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

9.4. Listing organizations [Orga/List]

Listing organizations is done through the Orga/List method.
The method lists from only agent user organization up to all system organizations, depending on agent user privileges.

Orga/List - Request
ParameterTypeRequestedDescription
orgaOrgaIvSign organization object
  orga.orgaidstringNoIvSign certificate ID en IvSign
pagePageNoIvSign page object
Orga/List - Response
ParameterTypeDescription
orgalistOrga[]IvSign organization object
pagePageIvSign page object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orga": {},
"page": null
}
JSON response
{
"orgalist": [
{
"orgaid": "miorga",
"extid": null,
"descr": "Mi organización",
"parent": "miorgapadre",
"chain": "root.miorgapadre.miorga.",
"license": null,
"createdate": "2018-04-06T08:00:41Z"
},
{
"orgaid": "miorgahija1",
"extid": null,
"descr": "Mi organización hija 1",
"parent": "miorga",
"chain": "root.miorgapadre.miorga.miorgahija1.",
"license": "1127BE26-1EA5-45ED-B001-06762F450D6D",
"createdate": "2018-04-06T08:09:25Z"
},
{
"orgaid": "miorgahija2",
"extid": null,
"descr": "Mi organización hija 2",
"parent": "miorga",
"chain": "root.miorgapadre.miorga.miorgahija1.",
"license": null,
"createdate": "2018-04-06T08:11:26Z"
},
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Orga/List - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe listed organization must be agent user organization
Super AdministratorYesThe listed organization must have agent user organization on its organization chain
Orga/List - Audits
OperationAudits
CorrectNo
IncorrectNo

9.5. Renaming organization [Orga/Ren]

Renaming an organization, changing its orgaid, is done through the Orga/Ren method.
The renamed organization will loose its previous auditory records.

Orga/Ren - Request
ParameterTypeRequestedDescription
orgaOrgaIvSign organization object
  orga.orgaidstringYesIvSign organization ID
neworgaOrgaIvSign organization object
  neworga.orgaidstringYesIvSign organization ID
Orga/Ren - Response
ParameterTypeDescription
orgaOrgaIvSign organization object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orga": {
"orgaid": "miorga"
},
"neworga": {
"orgaid": "mineworga"
}
}
JSON response
{
"orga": {
"orgaid": "mineworga",
"extid": null,
"descr": "miorga",
"parent": "miorgapadre",
"chain": "root.miorgapadre.miorga.",
"license": null,
"createdate": "2018-08-24T06:16:49Z"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Orga/Ren - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe renamed organization must be agent user organization
Super AdministratorYesThe renamed organization must have agent user organization on its organization chain
Orga/Ren - Audits
OperationAudits
CorrectYes
IncorrectYes

9.6. Setting organization data [Orga/Set]

Setting organization data is done through the Orga/Set method.

Orga/Set - Request
ParameterTypeRequestedDescription
orgaOrgaIvSign organization object
  orga.orgaidstringYesIvSign organization ID
  orga.descrstringNoOrganization's description
  orga.extidstringNoOrganization's external identifier
  orga.licensestringNoOrganization's license code
Orga/Set - Response
ParameterTypeDescription
orgaOrgaIvSign organization object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"orga": {
"orgaid": "miorga",
"descr": "miorga descripción nueva",
"license": "nueva licencia"
}
}
JSON response
{
"orga": {
"orgaid": "minorga",
"extid": null,
"descr": "miorga descripción nueva",
"parent": "miorgapadre",
"chain": "root.miorgapadre.miorga.",
"license": "nueva licencia",
"createdate": "2018-08-24T06:16:49Z"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Orga/Set - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe renamed organization must be agent user organization
Super AdministratorYesThe renamed organization must have agent user organization on its organization chain
Orga/Set - Audits
OperationAudits
CorrectYes
IncorrectYes

10. Device management [Device]

10.1. Device creation [Device/Add]

Device creation can be done through the Device/Add method. It can be also created during user authentication.
If more than one user authenticates using the same device, the device will registered for all the users.

Device/Add - Request
ParameterTypeRequestedDescription
deviceDeviceIvSign device object
  device.deviceinfostring[][]YesDevice information parameters
  device.useridstringNoDevice's owner
  device.orgaidstringNoDevice's owner organization
  device.authorizedboolNoAuthorized / unauthorized device flag
  device.notifyenabledboolNoReceive push notification enabled / disabled flag
Device/Add - Response
ParameterTypeDescription
deviceDeviceIvSign device object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"device": {
"deviceinfo": [
[
"equipo",
"equipoprueba"
],
[
"ip",
"172.0.0.1"
]
],
"authorized": true,
"notifyenabled": false
}
}
JSON response
{
"device": {
"deviceid": "7DC4UILIWUFY4",
"userid": "miuser",
"orgaid": "miorga",
"deviceinfo": [
[
"equipo",
"equipoprueba"
],
[
"ip",
"172.0.0.1"
]
],
"lastaccess": "2018-08-24T07:29:19.6678975Z",
"authorized": true,
"notifyenabled": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Device/Add - User permissions
UserAllowedConditions
BasicYesThe device must belong to the agent user
AdministratorYesThe device must belong to a user that belongs to the same organization as the user agent
Super AdministratorYesThe device must belong to a user that belongs to the same organization as the user agent or to a child organization of this
Device/Add - Audits
OperationAudits
CorrectYes
IncorrectYes

10.2. Deleting devices [Device/Del]

Deleting devices is done through the Device/Del method.

Device/Del - Request
ParameterTypeRequestedDescription
deviceDeviceIvSign device object
  device.deviceidstringYesIvSign device ID
Device/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"device": {
"deviceid": "7DC4UILIWUFY4"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Device/Del - User permissions
UserAllowedConditions
BasicYesThe device must belong to the agent user
AdministratorYesThe device must belong to a user that belongs to the same organization as the user agent
Super AdministratorYesThe device must belong to a user that belongs to the same organization as the user agent or to a child organization of this
Device/Del - Audits
OperationAudits
CorrectYes
IncorrectYes

10.3. Getting device data [Device/Get]

Getting device data is done through the Device/Get method.
There two ways of asking the device data, by using its deviceid or by using a combination of its userid, orgaid and deviceinfo.

Device/Get - Request
ParameterTypeRequestedDescription
deviceDeviceIvSign device object
  device.deviceidstringNo (Yes if deviceinfo, userid and orgaid are empty)IvSign device ID
  device.deviceinfostring[][]No (Yes if deviceid is empty)Device information parameters
  device.useridstringNo (Yes if devideid is empty)Device's owner
  device.orgaidstringNo (Yes if devideid is empty)Device's organization
Device/Get - Response
ParameterTypeDescription
deviceDeviceIvSign device object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"device": {
"userid": "miuser",
"orgaid": "miorga",
"deviceinfo": [
[
"equipo",
"equipoprueba"
],
[
"ip",
"172.0.0.1"
]
]
}
}
JSON response
{
"device": {
"deviceid": "7DC4UILIWUFY4",
"userid": "miuser",
"orgaid": "miorga",
"deviceinfo": [
[
"equipo",
"equipoprueba"
],
[
"ip",
"172.0.0.1"
]
],
"lastaccess": "2018-08-24T08:01:45.0216337Z",
"authorized": true,
"notifyenabled": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Device/Get - User permissions
UserAllowedConditions
BasicYesThe device must belong to the agent user
AdministratorYesThe device must belong to a user that belongs to the same organization as the user agent
Super AdministratorYesThe device must belong to a user that belongs to the same organization as the user agent or to a child organization of this
Device/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

10.4. Listing devices [Device/List]

Listing devices is done through the Device/List method.

Device/List - Request
ParameterTypeRequestedDescription
deviceDeviceIvSign device object
  device.useridstringNoDevice's owner
  device.orgaidstringNoDevice's organization
pagePageNoIvSign page object
Device/List - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
devicelistDevice[]IvSign device object
pagePageIvSign page object

Request and response example:

JSON request
{
"device": {
"userid": "miuser",
"orgaid": "miorga"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"devicelist": [
{
"deviceid": "7DC4UILIWUFY4",
"userid": "miuser",
"orgaid": "miorga"
"deviceinfo": [
[
"equipo",
"equipoprueba1"
],
[
"ip",
"172.0.0.1"
]
],
"lastaccess": "2018-08-24T07:53:45.5817337Z",
"authorized": true,
"notifyenabled": false
},
{
"deviceid": "7DC4UILIWUFY5",
"userid": "miuser",
"orgaid": "miorga"
"deviceinfo": [
[
"equipo",
"equipoprueba2"
],
[
"ip",
"172.0.0.2"
]
],
"lastaccess": "2018-08-24T07:53:45.5817337Z",
"authorized": true,
"notifyenabled": false
},
],
"page": null
}
Device/List - User permissions
UserAllowedConditions
BasicYesThe listed devices must belong to the agent user
AdministratorYesThe listed devices must belong to a user that belongs to the same organization as the user agent
Super AdministratorYesThe listed devices must belong to a user that belongs to the same organization as the user agent or to a child organization of this
Device/List - Audits
OperationAudits
CorrectNo
IncorrectNo

10.5. Setting devices [Device/Set]

Setting devices is done through the Device/Set method.

Device/Set - Request
ParameterTypeRequestedDescription
deviceDeviceIvSign device object
  device.deviceidstringYesIvSign device ID
  device.useridstringNoDevice's owner
  device.deviceinfostring[][]NoDevice information parameters
  device.lastaccessDateTimeNoDevice's last access
  device.authorizedboolNoAuthorized / unauthorized device flag
  device.notifyenabledboolNoReceive push notification enabled / disabled flag
Device/Set - Response
ParameterTypeDescription
deviceDeviceIvSign device object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"device": {
"deviceid": "7DC4UILIWUFY4",
"userid": "miuser",
"authorized": false
}
}
JSON response
{
"device": {
"deviceid": "7DC4UILIWUFY4",
"userid": "miuser",
"deviceinfo": [
[
"equipo",
"equipoprueba"
],
[
"ip",
"172.0.0.1"
]
],
"lastaccess": "2018-08-24T08:01:45.0216337Z",
"authorized": false,
"notifyenabled": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Device/Set - User permissions
UserAllowedConditions
BasicYesThe device must belong to the agent user
AdministratorYesThe device must belong to a user that belongs to the same organization as the user agent
Super AdministratorYesThe device must belong to a user that belongs to the same organization as the user agent or to a child organization of this
Device/Set - Audits
OperationAudits
CorrectYes
IncorrectYes

11. Authorization petition management [Inquiry]

11.1. Getting inquiry [Inquiry/Get]

Getting an IvSign inquiry is done through the Inquiry/Get method.

Inquiry/Get - Request
ParameterTypeRequestedDescription
inquiryInquiryIvSign inquiry object
  inquiry.inquiryidstringYesIvSign inquiry ID
Inquiry/Get - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
inquiryInquiryIvSign inquiry object

Request and response example:

JSON request
{
"inquiry": {
"inquiryid": "7DC5FA5WSOFTE"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"inquiry": {
"inquiryid": "7DC5FA5WSOFTE",
"type": "authsign",
"data": "{\"delegacion.delegid\":\"7DC5FAVXCIQGY\",\"delegacion.name\":\"TestInquiry\",\"delegacion.descr"\:\"\",\"cert.certid\":\"7DC5FAV5LFHN6\",...}",
"createdate": "2019-07-12 07:48:57",
"validuntil": "2019-07-12 07:58:57",
"userid": "myuser",
"orgaid": "MYORGA",
"pending": true,
"response": null
}
}
Inquiry/Get - User permissions
UserAllowedConditions
BasicYesThe inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
AdministratorYesThe inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Super AdministratorYesThe inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Inquiry/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

11.2. Setting inquiry [Inquiry/Set]

Setting devices is done through the Inquiry/Set method.

Inquiry/Set - Request
ParameterTypeRequestedDescription
inquiryInquiryIvSign inquiry object
  inquiry.inquiryidstringYesIvSign inquiry ID
  inquiry.responsestringYesInquiry response to the authorization petition
Inquiry/Set - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
inquiryInquiryIvSign inquiry object

Request and response example:

JSON request
{
"inquiry": {
"inquiryid": "7DC44PFZOEPUQ",
"response": "{\"usagecount\":\"1\",\"hours\":\"1\",\"accepted\":\"true\"}"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"inquiry": {
"inquiryid": "7DC5FA5WSOFTE",
"type": "authsign",
"data": "{\"delegacion.delegid\":\"7DC5FAVXCIQGY\",\"delegacion.name\":\"TestInquiry\",\"delegacion.descr"\:\"\",\"cert.certid\":\"7DC5FAV5LFHN6\",...}",
"createdate": "2019-07-12 07:48:57",
"validuntil": "2019-07-12 07:58:57",
"userid": "myuser",
"orgaid": "MYORGA",
"pending": false,
"response": "{\"usagecount\":\"1\",\"hours\":\"1\",\"accepted\":\"true\"}"
}
}
Inquiry/Set - User permissions
UserAllowedConditions
BasicYesThe inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
AdministratorYesThe inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Super AdministratorYesThe inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Inquiry/Set - Audits
OperationAudits
CorrectYes
IncorrectYes

12. License management [License]

12.1. Getting license data [License/Get]

Getting an organization license data or an environment license data is done through the License/Get method.

License/Get - Request
ParameterTypeRequestedDescription
licensestringYesLicense code
License/Get - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
licenseinfoKeyValue[]A parameters list

Request and response example:

JSON request
{
"license": "milicenia"
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"licenseinfo": [
{
"Key": "maxCerts",
"Value": "-1"
},
{
"Key": "maxUsers",
"Value": "-1"
},
{
"Key": "signatureBiometricEnable",
"Value": "False"
},
{
"Key": "signatureEnable",
"Value": "False"
},
{
"Key": "tspEnable",
"Value": "True"
},
{
"Key": "verifyEnable",
"Value": "True"
},
{
"Key": "expireDate",
"Value": "24/05/2019 9:17:54"
}
]
}
License/Get - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
License/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

13. Auditory management [Audit]

13.1. Listing auditory records [Audit/List]

Listing auditory records is done through the Audit/List method.
The method returns the auditory records based on the request parameters and the pagination.

Audit/List - Request
ParameterTypeRequestedDescription
startdateDateTimeYesUTC request start date time
enddateDateTimeYesUTC request end date time
auditAuditIvSign auditory object
  audit.useridstringNoUser ID filter
  audit.orgaidstringNoOrganization ID filter
  audit.operstringNoOperator user filter
  audit.categorystringNoCategory filter
  audit.actionstringNoPerformed action filter
  audit.seccessboolNoSuccess / failure filter
  audit.certidstringNoCertificate ID filter
  audit.serialstringNoCertificate serial number filter
  audit.modulestringNoModule filter
pagePageNoIvSign page object
limitintNoElement per page limit number on IvSign page object
foruserstringNoUser ID for looking up at the auditory, all the direct actions performed for the user and the indirect actions performed on the user
fororgastringNoOrganization ID for looking up at the auditory, all the direct actions performed for its members and the indirect actions performed on them
Audit/List - Response
ParameterTypeDescription
auditlistAudit[]IvSign auditory object
pagePageIvSign page object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"startdate": "2018-08-20T00:00:00.000Z",
"enddate": "2018-08-24T23:59:59.999Z",
"auditlist": {
"oper": "miuser",
"module": "mimodulo",
}
}
JSON response
{
"auditlist": [
{
"auditid": 2452,
"date": "2018-08-22T11:29:15.374386Z",
"ip": "127.0.0.1",
"host": "127.0.0.1",
"certid": null,
"serial": null,
"certidorig": null,
"orgaid": "miorga",
"category": "Auth",
"action": "Login",
"actiondata": null,
"success": true,
"info": "Login successfully",
"app": null,
"oper": "miuser",
"userid": "miuser",
"impersonator": null,
"location": null,
"server": "miuser-pc",
"module": "mimodulo",
"modver": "8.0",
"data": null,
"certsha1sum": null,
"operorgaid": "miorga"
},
{
"auditid": 2451,
"date": "2018-08-22T11:04:45.903185Z",
"ip": "127.0.0.1",
"host": "127.0.0.1",
"certid": null,
"serial": null,
"certidorig": null,
"orgaid": "miorga",
"category": "Notify",
"action": "Accept",
"actiondata": null,
"success": true,
"info": "Notification accepted \"Notificación miuser\"",
"app": null,
"oper": "miuser",
"userid": "miuser",
"impersonator": null,
"location": null,
"server": "miuser-pc",
"module": "mimodulo",
"modver": "8.0",
"data": "2",
"certsha1sum": null,
"operorgaid": "miorga"
},
...
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Audit/List - User permissions
UserAllowedConditions
BasicYesThe searched user must be the agent user
AdministratorYesThe searched users must belong to the same organization as the agent user
Super AdministratorYesThe searched users must belong to the same organization as the agent user or to a child organization of this
Audit/List - Audits
OperationAudits
CorrectNo
IncorrectNo

13.2. Obtaining auditory categories and action data [Audit/Info]

Obtaining auditory categories and action data is done through the Audit/Info method.
The returned data depends on the recorded performed operations.

Audit/Info - Request
ParameterTypeRequestedDescription
Without request parameters
Audit/Info - Response
ParameterTypeDescription
auditinfoAuditInfoIvSign auditory information object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{}
JSON response
{
"data": {
"category": [
"Auth",
"Cert",
"CertTrash",
"Config",
"Deleg",
"Device",
"Notify",
"Orga",
"Rule",
"Sign",
"Signature",
"TSP",
"User",
"Verify"
],
"action": [
"Accept",
"Add",
"Cades",
"CER",
"Del",
"DelCert",
"Generate",
"Impersonate",
"ImportPFX",
"Login",
"Move",
"OrgaMove",
"Pades",
"PinCheck",
"PinSet",
"RefLink",
"Ren",
"Rest",
"RSA",
"Set",
"Sign",
"UserAdd",
"Val",
"Xades"
]
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Audit/Info - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Audit/Info - Audits
OperationAudits
CorrectNo
IncorrectNo

14. Simple hashes signatures [Sign]

14.1. Hash signature [Sign/Hash] ✍

Hash signature are performed by using the Sign/Hash method.

Sign/Hash - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.pinstringYesCertificate's pin
hashHashIvSign hash parameters object
  hash.algorithmstringYesHash algorithm
  hash.digestbyte[]YesHash to sign
callerCallerIvSign caller object
  caller.appstringNoApplication caller
  caller.hoststringNoHost caller
Sign/Hash - Response
ParameterTypeDescription
databyte[]Hash signature
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "100000000001",
"pin": "PinAcceso"
},
"hash": {
"algorithm": "SHA512",
"digest": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9..."
},
"caller": {
"host": "devhost",
"app": "apitest"
}
}
JSON response
{
"data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Sign/Hash - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Sign/Hash - Audits
OperationAudits
CorrectYes
IncorrectYes

14.2. RSA Signature [Sign/RSA] ✍

RSA signature are performed by using the Sign/RSA method.

Sign/RSA - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.pinstringYesCertificate's pin
databyte[]YesObject to sign
extradatastring[][]NoSignature extra information
callerCallerIvSign caller object
  caller.appstringNoApplication caller
  caller.hoststringNoHost caller
Sign/RSA - Response
ParameterTypeDescription
databyte[]RSA signature
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "100000000001",
"pin": "PinAcceso"
},
"data": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9...",
"caller": {
"host": "devhost",
"app": "apitest"
}
}
JSON response
{
"data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Sign/RSA - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Sign/RSA - Audits
OperationAudits
CorrectYes
IncorrectYes

14.3. TSP signature [Sign/TSP] ✍

TSP signature are performed by using the Sign/TSP method.

Sign/TSP - Request
ParameterTypeRequestedDescription
tsuliststring[]YesTime stamp servers URL list
includecertboolNoInclude time stamp server certificate into the signature
extradatastring[][]NoSignature extra information
hashHashIvSign hash parameters object
  hash.algorithmstringYesHash algorithm
  hash.digestbyte[]YesHash to sign
Sign/TSP - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
tsainfotsainfoIvSign TSA information object
tsrbyte[]Signed object

Request and response example:

JSON request
{
"tsulist": [
"http://usuario:password@servidor.sellado"
],
"includecert": true,
"hash": {
"algorithm": "sha256",
"digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ="
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"tsainfo": {
"subjectcn": "servidor.sellado",
"url": "http://servidor.sellado",
"serial": "73CF40966ECAA1E358984E23F4AA3B7D",
"cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..."
},
"tsr": "MIIMFDADAgEAMIAGCSqGSIb3..."
}
Sign/TSP - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Sign/TSP - Audits
OperationAudits
CorrectYes
IncorrectYes

14.4. PDF signature [Sign/PDF] ✍

PDF basic signature are performed by using the Sign/PDF method.

Sign/PDF - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.pinstringYesCertificate's pin
documentbyte[]YesPDF to sign
algorithmstringNoHash algorithm
extradatastring[][]NoSignature extra information
callerCallerIvSign caller object
  caller.appstringNoApplication caller
  caller.hoststringNoHost caller
Sign/PDF - Response
ParameterTypeDescription
databyte[]Signed PDF
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"cert": {
"certid": "100000000001",
"pin": "PinAcceso"
},
"data": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9...",
"caller": {
"host": "devhost",
"app": "apitest"
}
}
JSON response
{
"data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Sign/PDF - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Sign/PDF - Audits
OperationAudits
CorrectYes
IncorrectYes

15. Document signatures [Signature]

15.1. PDF document signature [Signature/Pades] ✍

PDF document signature are performed by using the Signature/Pades method.
The signature is highly customizable.

Signature/Pades - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.pinstringYesCertificate's access pin
documentbyte[]YesPDF document to sign
asyncdatabyte[]NoSignature in detached mode
profilestringYesSignature profile: 'basic' or 'enhanced'
hashalgorithmstringNoHash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
extensionsstringNoSignature extensions, separated by coma: 't'=Include TimeStamp into the signature, 'timestamp'=Add a TimeStamp to the signature (Long Term Validation), 'epes'=Include signature policy, 'biometry'=Include biometric data, 'revinfo'=Include certificate's revocation information
operationstringNoKind of operation to perform: sign, cosign, upgrade, append...
extradatastring[][]NoSignature extra information
parametersSignPadesParamsIvSign signature complementary PAdES parameters
  causestringNoSignature reason
  tstampserversTimeStampServerInfo[]NoIvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
  pdfparametersPDFSignParamsNoIvSign PDF signature parameters object
  biometryBiometryNoIvSign biometric data object
Signature/Pades - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
databyte[]Signed PDF document

Request and response example:

JSON request
{
"cert": {
"certid": "7DC4U45K5FG3K",
"pin": "Abc@#123"
},
"document": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0Nh...",
"profile": "enhanced",
"extensions": "t,timestamp,biometry",
"parameters": {
"tstampservers": [
{
"name": "seg-social",
"url": "https://w6.seg-social.es/tspTSA/input/RequestTSA",
"httpauth": false,
"hashalgorithm": "SHA256",
"includecertificates": true,
"usenonce": true
}
],
"biometry": {
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQA...",
"data": "AAEAABAAAAAFpwnxeWleeHgOymUHL2tOmBcYBneDA/vtzTXsvKi..."
},
"policy": {
"policyidentifier": "2.16.724.1.3.1.1.2.1.9",
"policydigest": "G7roucf600+f03r/o0bAOQ6WAs0=",
"policydigestalgorithm": "sha1",
"policyidentifieraddqualifier": true,
"policyqualifieruri": "https://sede.060.gob.es/politica_de_firma_anexo_1.pdf"
}
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"data": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9U..."
}
Signature/Pades - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Signature/Pades - Audits
OperationAudits
CorrectYes
IncorrectYes

15.2. XML document signature [Signature/Xades] ✍

XML document signature are performed by using the Signature/Xades method.
The signature is highly customizable.

Signature/Xades - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.pinstringYesCertificate's access pin
documentbyte[]YesXML document to sign
signdatabyte[]NoSignature in detached mode
profilestringYesSignature profile: 'bes'=basic, 't'=Include TimeStamp into the signature, 'c'=Add references to the signature for future Verifications, 'x'=Add TimeStamp to the references, 'xl'=Current revocation information for long term Verifications
extensionstringYesSignature options, for example: T include TimeStamp into the signature, EPES include signature policy o LTV re stamp the signature
hashalgorithmstringNoHash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
envelopstringYesSignature format: 'enveloped'=The signature includes the original XML document, 'enveloping'=A new XML document is generated with the original XML document on one of its nodes
operationstringNoKind of operation to perform: sign, cosign, upgrade, append...
extradatastring[][]NoSignature extra information
parametersSignXadesParamsIvSign signature complementary XAdES parameters
  tstampserverTimeStampServerInfoNoIvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
  locationSignLocationNoSignature location data, for instance, the city where the signature is performed
  policySignPolicyNoIvSign signature policy object
  signerrolestringNoSigner user role
  includewholechainboolNoInclude or not the whole certificate's certificate chain
  includekeyvalueboolNoInclude or not certificate's public key
  xadesversionintNoXAdES signature version
  envreferencetosignstringNo (Yes if envelop = enveloped)Internal reference to the original XML document, must start by '#'
  envsigdestreferencestringNoSets the xmldsign destination node element through document xpath search method
  envnamespaceliststring[][]NoSets the envsigdestreference xpath search method referred nodes namespace and its prefixes list
  envreferencetosignnsstringNoID node namespace to sign, for example, wsu:Id
Signature/Xades - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
databyte[]XML signed document

Request and response example:

JSON request
{
"cert": {
"certid": "8B1F1E544F20",
"pin": "123#@Abc"
},
"document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...",
"profile": "t",
"envelop": "enveloping",
"parameters": {
"tstampserver": {
"url": "http://usuario:password@servidor.sellado",
"httpauth": false,
"usenonce": true,
"includecertificates": true,
"hashalgorithm": "sha1"
}
}

**JSON response**
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"data": "77u/PD94bWwg..."
}
Signature/Xades - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Signature/Xades - Audits
OperationAudits
CorrectYes
IncorrectYes

15.3. Generic document signature [Signature/Cades] ✍

Generic document signature are performed by using the Signature/Cades method.
The signature is highly customizable.

Signature/Cades - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
  cert.pinstringYesCertificate's access pin
documentbyte[]YesGeneric document to sign
signdatabyte[]NoSignature in detached mode
profilestringYesSignature profile: 'cms'=Without encapsulation, 'bes'=Basic, 't'=Include TimeStamp into the signature, 'c'=Add references to the signature for future Verifications, 'x'=Extended, 'xl'=Long term extended
extensionsstringNoSignature options, for example: T include TimeStamp into the signature, EPES include signature policy o LTV re stamp the signature
hashalgorithmstringNoHash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
envelopstringNoSignature format: 'enveloped'=The signature includes the original document, 'enveloping'=A new XML document is generated with the original document on one of its nodes
operationstringNoKind of operation to perform: sign, cosign, upgrade, append...
parametersSignCadesParamsIvSign signature complementary CAdES parameters
extradatastring[][]NoSignature extra information
tstampserverTimeStampServerInfoNoIvSign time stamp server information object if it is not specified and the signature requires it, the default one will be used
Signature/Cades - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
databyte[]Generic signed document

Request and response example:

JSON request
{
"cert": {
"certid": "8B1F1E544F20",
"pin": "123#@Abc"
},
"document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...",
"profile": "t",
"parameters": {
"tstampserver": {
"url": "http://usuario:password@servidor.sellado",
"httpauth": false,
"usenonce": true,
"includecertificates": true,
"hashalgorithm": "sha1"
}
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"data": "77u/PD94bWwg..."
}
Signature/Cades - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Signature/Cades - Audits
OperationAudits
CorrectYes
IncorrectYes

15.4. PDF document time stamping [Signature/TimestampPdf] ✍

PDF documents time stamping are performed by using the Signature/Cades method.
The time stamp is highly customizable.

Signature/TimestampPdf - Request
ParameterTypeRequestedDescription
documentbyte[]YesPDF document to stamp
algorithmstringYesAlgorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
extradatastring[][]NoSignature extra information
parametersSignPadesParamsIvSign signature complementary PAdES parameters
  causestringNoTime stamp reason
  pdfparametersPDFSignParamsNoIvSign PDF signature parameters object
  tstampserverTimeStampServerInfoNoIvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
  biometryBiometryNoIvSign biometric data object
Signature/TimestampPdf - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
databyte[]Time stamped PDF document

Request and response example:

JSON request
{
"document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...",
"algorithm": "sha256",
"parameters": {
"tstampserver": {
"url": "http://usuario:password@servidor.sellado",
"httpauth": false,
"usenonce": true,
"includecertificates": true,
"hashalgorithm": "sha1"
}
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"data": "77u/PD94bWwg..."
}
Signature/TimestampPdf - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Signature/TimestampPdf - Audits
OperationAudits
CorrectYes
IncorrectYes

16. Time stamp operations [TSP]

16.1. Time stamp signature [TSP/Sign]

TSP signature are performed by using the Sign/TSP method.

TSP/Sign - Request
ParameterTypeRequestedDescription
tsuliststring[]YesTime stamp servers URL list
includecertboolNoInclude time stamp server certificate into the signature
extradatastring[][]NoSignature extra information
hashHashIvSign hash parameters object
  hash.algorithmstringYesHash algorithm
  hash.digestbyte[]YesHash to sign
STSP/Sign - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
tsainfotsainfoIvSign TSA information object
tsrbyte[]Signed object

Request and response example:

JSON request
{
"tsulist": [
"http://usuario:password@servidor.sellado"
],
"includecert": true,
"hash": {
"algorithm": "sha256",
"digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ="
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"tsainfo": {
"subjectcn": "servidor.sellado",
"url": "http://servidor.sellado",
"serial": "73CF40966ECAA1E358984E23F4AA3B7D",
"cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..."
},
"tsr": "MIIMFDADAgEAMIAGCSqGSIb3..."
}
TSP/Sign - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
TSP/Sign - Audits
OperationAudits
CorrectYes
IncorrectYes

16.2. Time stamp verification [TSP/Verify]

TSR, Time Stamp Response, verification are performed by using the TSP/Verify.
To do the verification the TSR is needed. Optionally, the original digest and the signing certificate can be included.

If the original digest is included, the method will compare it with the TSR digest and will return true or false on the valid_digest parameter according to the result.
Otherwise, valid_digest will be null.

If the signing certificate is included, the method will compare it with the TSR certificate and will return true or false on the valid_cert parameter according to the result.
Note: In case signing certificate is not included into the TSP, it will be needed to be provided.

The valid parameter will be true if all the non null valid parameters are true.

TSP/Verify - Request
ParameterTypeRequestedDescription
hashHashIvSign hash parameters object
  hash.algorithmstringNoHash algorithm
  hash.digestbyte[]NoHash to sign
tsrbyte[]YesTimeStamp to verify
cerbyte[]NoSigned certificate, in case it is not included into the TSR
TSP/Verify - Response
ParameterTypeDescription
validboolTrue if all the non null valid parameters are true
valid_digestboolDigest validation parameter
valid_tsrboolTSR validation parameter
valid_certboolCertificate validation parameter
datetimeDateTimeTimeStamp UTC date time
tsainfotsainfoIvSign TSA information object
hashHashIvSign hash parameters object
messagestringHash algorithm
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"hash": {
"algorithm": "sha256",
"digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ="
},
"tsr": "MIIMFDADAgEAMIAGCSqGSIb3..."
}
JSON response
{
"valid": true,
"valid_digest": true,
"valid_tsr": true,
"valid_cert": true,
"datetime": "2018-02-22T11:57:08Z",
"tsainfo": {
"subjectcn": "servidor.sellado",
"url": null,
"serial": "73CF40966ECAA1E358984E23F4AA3B7D",
"cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7Ko..."
},
"hash": {
"algorithm": "sha256",
"digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ="
},
"message": "",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
TSP/Verify - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
TSP/Verify - Audits
OperationAudits
CorrectYes
IncorrectYes

16.3. PDF document time stamping [TSP/TimestampPdf]

PDF documents time stamping are performed by using the Signature/Cades method.
The time stamp is highly customizable.

TSP/TimestampPdf - Request
ParameterTypeRequestedDescription
documentbyte[]YesPDF document to stamp
algorithmstringYesAlgorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
extradatastring[][]NoSignature extra information
parametersSignPadesParamsIvSign signature complementary PAdES parameters
  causestringNoTime stamp reason
  pdfparametersPDFSignParamsNoIvSign PDF signature parameters object
  tstampserverTimeStampServerInfoNoIvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
  biometryBiometryNoIvSign biometric data object
TSP/TimestampPdf - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
databyte[]Time stamped PDF document

Request and response example:

JSON request
{
"document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...",
"algorithm": "sha256",
"parameters": {
"tstampserver": {
"url": "http://usuario:password@servidor.sellado",
"httpauth": false,
"usenonce": true,
"includecertificates": true,
"hashalgorithm": "sha1"
}
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"data": "77u/PD94bWwg..."
}
TSP/TimestampPdf - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
TSP/TimestampPdf - Audits
OperationAudits
CorrectYes
IncorrectYes

17. Verification operations [Verify]

17.1. IvSign certificate verification [Verify/Cert]

IvSign certificate validation are performed by using the Verify/Cert method.
IvSign certificate ID is needed to perform the Verification.

Verify/Cert - Request
ParameterTypeRequestedDescription
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID
querydateDateTimeNoRequest date time moment
Verify/Cert - Response
ParameterTypeDescription
certinfoCertinfoIvSign certificate information object
expiredboolTrue if the certificate has expired, false otherwise
untrustedboolTrue if the certificate is not trusted, false otherwise
revokedboolTrue if the certificate has been revoked, false if ti is not, null otherwise
invalidsignatureboolTrue if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
validboolTrue if all the not null Verifications are true, false otherwise

Request and response example:

JSON request
{
"cert": {
"certid": "8B4569DC873F"
}
}
JSON response
{
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO,...",
"subjectcn": "Nombre Apellidos (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha1RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment",
"Data Encipherment",
"Key Agreement (f8)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "Test Root CA",
"type": "PR",
"userinfo": {
"name": "Nombre",
"lastname": "Apellidos",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": "B666212593",
"name": "Ivnosys Soluciones , S.L."
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "B3332002481F83D126AC0D47E3A7C68834A73438"
},
"expired": false,
"untrusted": true,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Verify/Cert - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Verify/Cert - Audits
OperationAudits
CorrectYes
IncorrectYes

17.2. CA certificate verification [Verify/CER]

CA certificate verifications are performed by using the Verify/CER method.
It is needed the certificate as a binary DER certificate in order to verify it.

Verify/Cer - Request
ParameterTypeRequestedDescription
cerbyte[]YesCertificate in DER format
querydateDateTimeNoRequest date time moment
Verify/Cer - Response
ParameterTypeDescription
certinfoCertinfoIvSign certificate information object
expiredboolTrue if the certificate has expired, false otherwise
untrustedboolTrue if the certificate is not trusted, false otherwise
revokedboolTrue if the certificate is revoked, false if it is not, null if it was not possible to verify it
invalidsignatureboolTrue if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
validboolTrue if all the not null Verifications are true, false otherwise

Request and response example:

JSON request
{
"cer": "MIIH0zCCBrugAwIBAgIJALuqibv..."
}
JSON response
{
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO,...",
"subjectcn": "Nombre Apellidos (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha1RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment",
"Data Encipherment",
"Key Agreement (f8)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "Test Root CA",
"type": "PR",
"userinfo": {
"name": "Nombre",
"lastname": "Apellidos",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": "B666212593",
"name": "Ivnosys Soluciones , S.L."
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "B3332002481F83D126AC0D47E3A7C68834A73438"
},
"expired": false,
"untrusted": true,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Verify/Cer - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Verify/Cer - Audits
OperationAudits
CorrectYes
IncorrectYes

17.3. Time stamp verification [Verify/TSP]

TSR, Time Stamp Response, verification are performed by using the TSP/Verify.
To do the verification the TSR is needed. Optionally, the original digest and the signing certificate can be included

If the original digest is included, the method will compare it with the TSR digest and will return true or false on the valid_digest parameter according to the result.
Otherwise, valid_digest will be null.

If the signing certificate is included, the method will compare it with the TSR certificate and will return true or false on the valid_cert parameter according to the result.
Note: In case signing certificate is not included into the TSP, it will be needed to be provided.

The valid parameter will be true if all the non null valid parameters are true.

Verify/TSP - Request
ParameterTypeRequestedDescription
hashHashIvSign hash parameters object
  hash.algorithmstringNoHash algorithm
  hash.digestbyte[]NoHash to sign
tsrbyte[]YesTimeStamp to verify
cerbyte[]NoSigned certificate, in case it is not included into the TSR
Verify/TSP - Response
ParameterTypeDescription
validboolTrue if all the non null valid parameters are true
valid_digestboolDigest validation parameter
valid_tsrboolTSR validation parameter
valid_certboolCertificate validation parameter
datetimeDateTimeTimeStamp UTC date time
tsainfotsainfoIvSign TSA information object
hashHashIvSign hash parameters object
messagestringHash algorithm
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"hash": {
"algorithm": "sha256",
"digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ="
},
"tsr": "MIIMFDADAgEAMIAGCSqGSIb3..."
}
JSON response
{
"valid": true,
"valid_digest": true,
"valid_tsr": true,
"valid_cert": true,
"datetime": "2018-02-22T11:57:08Z",
"tsainfo": {
"subjectcn": "servidor.sellado",
"url": null,
"serial": "73CF40966ECAA1E358984E23F4AA3B7D",
"cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7Ko..."
},
"hash": {
"algorithm": "sha256",
"digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ="
},
"message": "",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Verify/TSP - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Verify/TSP - Audits
OperationAudits
CorrectYes
IncorrectYes

17.4. Signed PDF document verification [Verify/Pades]

Signed PDF document verification are performed by using the Verify/Pades.

Verify/Pades - Request
ParameterTypeRequestedDescription
documentbyte[]YesPDF signed document to verify
passwordstringNoDocument password
optionsstringNoVerification options
Verify/Pades - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
validboolVerification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signaturesSignatureDataIvSign signature data object

Request and response example:

JSON request
{
"document": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9U..."
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
},
"valid": true,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Autenticación del cliente (1.3.6.1.5.5.7.3.2)",
"Correo seguro (1.3.6.1.5.5.7.3.4)"
],
"caname": "ACCV",
"type": "PF",
"userinfo": {
"name": "Nombre3",
"lastname": "Apellido3",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "C88D4165900ACAF8FCEE7949D4CA0EAEBC73D257",
"sha1sumissuer": "9FCDF094368D1B025C4C5574F8C59DB8DF75D0C3"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature1",
"valid": true,
"integrity": true,
"profile": "Enhanced",
"extensions": "t,biometry",
"envelop": "Enveloped",
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQAw...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": false,
"type": "Generic",
"time": "2019-05-21T09:57:09Z",
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": null,
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "",
"valid": false,
"integrity": true,
"profile": "bes",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0BAQsFAD...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
],
"timestampinfo": {
"policyoid": "0.4.0.2023.1.1",
"serialnumber": "16AD9D2C39A",
"gentime": "2019-05-21T09:57:09Z",
"messageimprint": "8OC2PC/glAQszWa0Xf8Y0VuDaNU=",
"messageimprintalgorithm": 2,
"nonce": "3336353231303737",
"ordering": false,
"tsaname": null
},
"calculatedmessagedigest": "8OC2PC/glAQszWa0Xf8Y0VuDaNU="
}
],
"validationtimestamps": null,
"biometrysigninfo": {
"certsubject": "C=ES, O=ACCV, OU=Ciudadanos, SN=CAMARA ESPAÑOL, G=JUEAN, SERIALNUMBER=00000000T, CN=JUAN CAMARA ESPAÑOL - NIF:00000000T",
"certissuer": "C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120",
"signatureimage": null
}
},
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": "NI",
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature2",
"valid": true,
"integrity": true,
"profile": "Timestamp",
"extensions": "timestamp",
"envelop": "Enveloped",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0B...",
"signingtime": "2019-05-21T09:57:15",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
]
}
Verify/Pades - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Verify/Pades - Audits
OperationAudits
CorrectYes
IncorrectYes

17.5. Signed generic document verification [Verify/Cades]

Signed generic document verification are performed by using the Verify/Cades.

Verify/Cades - Request
ParameterTypeRequestedDescription
optionsstringNoVerification options
documentbyte[]YesGeneric signed document to verify
detachedsignaturestringNoSignature to verify
Verify/Cades - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
validboolVerification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signaturesSignatureDataIvSign signature data object

Request and response example:

JSON request
{
"document": "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrD..."
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"valid": false,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha1RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment",
"Data Encipherment",
"Key Agreement (f8)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "Test Root CA",
"type": "PR",
"userinfo": {
"name": "Nombre3",
"lastname": "Apellido3",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": "B666212593",
"name": "Ivnosys Soluciones , S.L."
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "B3332002481F83D126AC0D47E3A7C68834A73438"
},
"expired": false,
"untrusted": true,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
},
"signatureid": "",
"valid": false,
"integrity": true,
"profile": "t",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIE3DCCA8SgAwIBAgIFRvNzDrgwDQYJKoZ...",
"signingtime": "2018-08-27T09:49:19",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": true,
"type": "Generic",
"time": "2018-08-27T09:49:19",
"signatures": null
}
],
"validationtimestamps": null
}
]
}
Verify/Cades - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Verify/Cades - Audits
OperationAudits
CorrectYes
IncorrectYes

17.6. Signed XML document verification [Verify/Xades]

Signed XML document verification are performed by using the Verify/Xades.

Verify/Xades - Request
ParameterTypeRequestedDescription
optionsstringNoVerification options
documentbyte[]YesXML signed document to verify
detachedsignaturestringNoSignature to verify
Verify/Xades - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
validboolVerification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signaturesSignatureDataIvSign signature data object

Request and response example:

JSON request
{
"document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZ..."
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"valid": true,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "63CF18D0BE03C9315A6992CB81C9C5CB",
"validfrom": "2018-01-25T09:18:19",
"validto": "2022-01-25T09:18:19",
"issuer": "CN=AC FNMT Usuarios, OU=Ceres, O=FNMT-RCM, C=ES",
"issuercn": "AC FNMT Usuarios",
"subject": "CN=Nombre Apellidos - 00000000T, SN=Nombre, G=Apellidos, SERIALNUMBER=IDCES-00000000T, C=ES",
"subjectcn": "Nombre Apellidos - 00000000T",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment (e0)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "FNMT",
"type": "PF",
"userinfo": {
"name": "Nombre",
"lastname": "Apellidos",
"ident": "00000000T",
"email": "miuser@prueba.com",
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "C8005FA82074A9C7D6A9FAC90EA7A717506B30CF"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
},
"signatureid": "Signature-102557316",
"valid": true,
"integrity": true,
"profile": "t",
"extensions": "",
"envelop": "Enveloped",
"cer": "MIIHdDCCBlygAwIBAgIQY88Y0L4DyTFaaZLLgcnFyzANBgkqhki...",
"signingtime": "2018-08-27T07:23:21",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": true,
"type": "Generic",
"time": "2018-08-27T07:23:21",
"signatures": null
}
],
"validationtimestamps": []
}
]
}
Verify/Xades - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Verify/Xades - Audits
OperationAudits
CorrectYes
IncorrectYes

18. External PKI integration management [PKI]

18.1. Certificate request [PKI/Petition]

Requesting certificates with associated PKI is done through PKI/Petition method.
Administrator privileges are needed to use this method.
The authentication will be provided on the pkiauth parameter. It changes according to the specified PKI.
The parameter fields will contain a key value array (dictionary). Its parameters will changes according to the specified PKI.

PKI/Petition - Request
ParameterTypeRequestedDescription
pkistringYesPKI identifier
pkiauthstringYesCertificate's pin
fieldsstring[][]YesRequest parameters
PKI/Petition - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pki": "status",
"pkiauth": "sign|8981CEC30B43|pin",
"fields": [
[
"nombre",
"Juan"
],
[
"dni",
"12345678Z"
],
]
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PKI/Petition - User permissions
UserAllowedConditions
BasicNo
AdministratorYes
Super AdministratorYes
PKI/Petition - Audits
OperationAudits
CorrectYes
IncorrectYes

18.2. Getting CA certificate's public key [PKI/CACERGet]

Getting CA certificate's public key is done through the PKI/CACERGet method.

PKI/CACERGet - Request
ParameterTypeRequestedDescription
pkistringYesAssociated PKI identifier
fieldsstring[][]YesRequest parameters
PKI/CACERGet - Response
ParameterTypeDescription
cerbyte[]Certificate`s public key
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pki": "prueba",
"fields": [
[
"nombre",
"Juan"
],
[
"dni",
"12345678Z"
],
]
}
JSON response
{
"cer": "MIIH0zCCBrugAwIBAgIJALuqibvbQhjqMA0G...",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PKI/CACERGet - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe PKI must belong to the agent user organization
Super AdministratorYesThe PKI must belong to the agent user organization or to a child organization of this
PKI/CACERGet - Audits
OperationAudits
CorrectNo
IncorrectNo

18.3. Listing CA PKI certificates [PKI/CAList]

Listing CA PKI certificates is done through the PKI/CAList method.

PKI/CAList - Request
ParameterTypeRequestedDescription
pkistringYesAssociated PKI identifier
pkicertPKICertIvSign PKI certificate object
  pkicert.sha1sumstringNoPKI certificate's SHA1SUM
pagePageNoIvSign page object
PKI/CAList - Response
ParameterTypeDescription
resultPKICert[]IvSign PKI certificate object
pagePageIvSign page object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pki": "prueba"
}
JSON response
{
"result": [
{
"sha1sum": "3F444680E87112F588545EF641B9F1D63896519E",
"serial": "0DEA554E52F5",
"name": "Mica root",
"subjectcn": "MICA_CA_INTERMEDIA",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
},
{
"sha1sum": "1E2DA01D7BB6B8C1ADBDE84C3C9458F4F707CC16",
"serial": "0DEA5541B7DF",
"name": "ROOT",
"subjectcn": "IvPKI Root",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
}
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PKI/CAList - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe PKI must belong to the agent user organization
Super AdministratorYesThe PKI must belong to the agent user organization or to a child organization of this
PKI/CAList - Audits
OperationAudits
CorrectNo
IncorrectNo

18.4. Getting PKI certificate public key [PKI/CertCERGet]

Getting a PKI certificate's public key is done through the PKI/CertCERGet method.

PKI/CertCERGet - Request
ParameterTypeRequestedDescription
pkistringYesAssociated PKI identifier
fieldsstring[][]NoRequest parameters
PKI/CertCERGet - Response
ParameterTypeDescription
cerbyte[]Certificate`s public key
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pki": "prueba"
}
JSON response
{
"cer": "MIIH0zCCBrugAwIBAgIJALuqibvbQhjqMA0G...",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PKI/CertCERGet - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe PKI must belong to the agent user organization
Super AdministratorYesThe PKI must belong to the agent user organization or to a child organization of this
PKI/CertCERGet - Audits
OperationAudits
CorrectNo
IncorrectNo

18.5. Generating PKI certificate [PKI/CertGen]

Generating new PKI certificates is done through the PKI/CertGen method.

PKI/CertGen - Request
ParameterTypeRequestedDescription
pkistringYesAssociated PKI identifier
fieldsstring[][]YesRequest parameters
certCertIvSign certificate object
  cert.namestringNoCertificate's name
  cert.descrstringNoCertificate's description
  cert.pinstringNoCertificate's pin
userUserIvSign user object
  user.useridstringYesCertificate's user
  user.orgaidstringYesCertificate's organization
PKI/CertGen - Response
ParameterTypeDescription
certCertIvSign certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pki": "prueba",
"fields": [
[
"subject", "{\"cn\":\"miuser\"}"
],
[
"validfrom", "2019-05-22T08:01:49.902Z"
],
[
"validto", "2020-05-22T08:01:49.902Z"
]
],
"user": {
"userid": "miuser",
"orgaid": "miorga"
},
"cert": {
"name": "miuser",
"pin": "Abc#@123"
}
}
JSON response
{
"cert": {
"certid": "7DC44VS2IJMMW",
"name": "dgarcia",
"userid": "dgarcia",
"orgaid": "ivnosys",
"orgachain": "root.ivnosys.",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-05-22T15:07:16Z",
"subject": "CN=dgarcia",
"subjectcn": "dgarcia",
"issuer": "OU=IvSign, O=Ivnosys, L=Paterna, S=Valencia, C=ES, CN=TEST_CA_INTERMEDIA",
"issuercn": "TEST_CA_INTERMEDIA",
"validfrom": "2019-05-22T08:01:49Z",
"validto": "2020-05-22T08:01:49Z",
"serial": "0E2CC0D249C5",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "dgarcia",
"linked": false,
"createmethod": "PKICertGen",
"createmodule": "swagger",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "299aa5c65a4f48c4f81b182a23728ab6c57bfee4",
"extid": null,
"providerdata": "{\"pkiprovider\":\"prueba\"}",
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44VS2HFYAG"
}
}
PKI/CertGen - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe PKI must belong to the agent user organization
Super AdministratorYesThe PKI must belong to the agent user organization or to a child organization of this
PKI/CertGen - Audits
OperationAudits
CorrectYes
IncorrectYes

18.6. Listing PKI certificates [PKI/CertList]

Listing PKI certificates is done through the PKI/CertList method.

PKI/CertList - Request
ParameterTypeRequestedDescription
pkicertPKICertIvSign PKI certificate object
  pkicert.sha1sumstringNoCertificate SHA1SUM
pkistringYesAssociated PKI identifier
pagePageNoIvSign page object
PKI/CertList - Response
ParameterTypeDescription
resultPKICert[]IvSign PKI certificate object
pagePageIvSign page object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pki": "prueba"
}
JSON response
{
"result": [
{
"sha1sum": "3F444680E87112F588545EF641B9F1D63896519E",
"serial": "0DEA554E52F5",
"name": "Mica root",
"subjectcn": "MICA_CA_INTERMEDIA",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
},
{
"sha1sum": "1E2DA01D7BB6B8C1ADBDE84C3C9458F4F707CC16",
"serial": "0DEA5541B7DF",
"name": "ROOT",
"subjectcn": "IvPKI Root",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
}
...
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 6
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
PKI/CertList - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe PKI must belong to the agent user organization
Super AdministratorYesThe PKI must belong to the agent user organization or to a child organization of this
PKI/CertList - Audits
OperationAudits
CorrectNo
IncorrectNo

18.7. Revoking PKI certificate [PKI/Revoke]

Revoking a PKI certificate is done through the PKI/Revoke method.

PKI/Revoke - Request
ParameterTypeRequestedDescription
pkistringYesAssociated PKI identifier
fieldsstring[][]YesRequest parameters
PKI/Revoke - Response
ParameterTypeDescription
resultstringResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"pki": "prueba",
"fields": [
[
"sha1sum", "299aa5c65a4f48c4f81b182a23728ab6c57bfee4"
]
]
}
JSON response
{
"result": "299aa5c65a4f48c4f81b182a23728ab6c57bfee4 REVOKED",
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44VTOE5IAY"
}
}
PKI/Revoke - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe PKI must belong to the agent user organization
Super AdministratorYesThe PKI must belong to the agent user organization or to a child organization of this
PKI/Revoke - Audits
OperationAudits
CorrectNo
IncorrectNo

19. Configuration management [Config]

19.1. Creating configuration [Config/Add]

Creating a new configuration is done through the Config/Add method.

Config/Add - Request
ParameterTypeRequestedDescription
configConfigIvSign configuration object
  config.orgaidstringYesConfiguration's organization
  config.sectionstringYesConfiguration's section
  config.namestringYesConfiguration's name inside the configuration's section
  config.optstringNoConfiguration's option inside the configuration's name
  config.valuestringYesConfiguration's value
  config.typestringYesConfiguration's data value type
  config.wintYesConfiguration's user level privileges needed to write it
  config.rintYesConfiguration's user level privileges needed to read it
Config/Add - Response
ParameterTypeDescription
configConfigIvSign configuration object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"config": {
"orgaid": "miorga",
"section": "auth",
"name": "passtries",
"value": "50"
}
}
JSON response
{
"config": {
"configid": 2586,
"orgaid": "miorga",
"section": "auth",
"name": "passtries",
"opt": "",
"type": "int",
"value": "50"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Config/Add - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorYesThe created configuration must belong to organization of the agent user or to a child organization of this
Config/Add - Audits
OperationAudits
CorrectYes
IncorrectYes

19.2. Deleting configuration [Config/Del]

Deleting a configuration is done through the Config/Del method.

Config/Del - Request
ParameterTypeRequestedDescription
configConfigIvSign configuration object
  config.configidstringYesIvSign configuration ID
Config/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"config": {
"configid": 2586
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Config/Del - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe deleted configuration must belong to organization of the agent user
Super AdministratorYesThe deleted configuration must belong to organization of the agent user or to a child organization of this
Config/Del - Audits
OperationAudits
CorrectYes
IncorrectYes

19.3. Getting configuration [Config/Get]

Getting a configuration is done through the Config/Get method.

Config/Get - Request
ParameterTypeRequestedDescription
configConfigIvSign configuration object
  config.sectionstringYesConfiguration's section
  config.namestringYesConfiguration's name inside the configuration's section
  config.orgaidstringNoConfiguration's organization
Config/Get - Response
ParameterTypeDescription
configConfigIvSign configuration object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"config": {
"orgaid": "miorga",
"section": "auth",
"name": "passtries",
}
}
JSON response
{
"config": {
"configid": 2586,
"orgaid": "miorga",
"section": "auth",
"name": "passtries",
"opt": "",
"type": "int",
"value": "50"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Config/Get - User permissions
UserAllowedConditions
BasicYesThe requested configuration's reading level value must be equal or lower than the agent user
AdministratorYesThe requested configuration's reading level value must be equal or lower than the agent user
Super AdministratorYesThe requested configuration's reading level value must be equal or lower than the agent user
Config/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

19.4. Listing configurations [Config/List]

Listing configurations is done through the Config/List method.
Only the allowed configurations to the agent user will be listed, according to the agent user privileges level.

Config/List - Request
ParameterTypeRequestedDescription
configConfigIvSign configuration object
  config.sectionstringNo (Yes if name, type and opt are empty)Configuration's section
  config.namestringNo (Yes if section, type and opt are empty)Configuration's name inside the configuration's section
  config.typestringNo (Yes if section, name and opt are empty)Configuration's data value type
  config.optstringNo (Yes if section, name and type are empty)Configuration's option inside the configuration's name
  config.orgaidstringNoConfiguration's organization
Config/List - Response
ParameterTypeDescription
configConfig[]IvSign configuration object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"config": {
"section": "auth"
}
}
JSON response
{
"configlist": [
{
"configid": 2586,
"orgaid": "orgavisabuelo",
"section": "auth",
"name": "passtries",
"opt": "",
"type": "int",
"value": "50"
},
{
"configid": 86,
"orgaid": "default",
"section": "auth",
"name": "searchprovider",
"opt": "",
"type": "text",
"value": "artic"
},
{
"configid": 2485,
"orgaid": "#SYSTEM",
"section": "auth",
"name": "defaultprovider",
"opt": "",
"type": "text",
"value": "db"
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Config/List - User permissions
UserAllowedConditions
BasicYesThe requested configuration's reading level value must be equal or lower than the agent user
AdministratorYesThe requested configuration's reading level value must be equal or lower than the agent user
Super AdministratorYesThe requested configuration's reading level value must be equal or lower than the agent user
Config/List - Audits
OperationAudits
CorrectNo
IncorrectNo

19.5. Getting public configuration [Config/PublicGet]

Getting public configuration is done through the Config/PublicGet method.
The difference between configuration and public configuration is that public configuration has no user level privileges restrictions.

Config/PublicGet - Request
ParameterTypeRequestedDescription
configConfigIvSign configuration object
  config.sectionstringYesConfiguration's section
  config.namestringYesConfiguration's name inside the configuration's section
  config.orgaidstringYesConfiguration's organization
Config/PublicGet - Response
ParameterTypeDescription
configConfigIvSign configuration object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"config": {
"orgaid": "miorga",
"section": "auth",
"name": "passtries"
}
}
JSON response
{
"config": {
"configid": 2586,
"orgaid": "miorga",
"section": "auth",
"name": "passtries",
"opt": "",
"type": "int",
"value": "50"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Config/PublicGet - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Config/PublicGet - Audits
OperationAudits
CorrectNo
IncorrectNo

19.6. Setting configuration [Config/Set]

Setting a configuration's value is done through the Config/Set method.

Config/Set - Request
ParameterTypeRequestedDescription
configConfigIvSign configuration object
  config.orgaidstringNoConfiguration's organization
  config.sectionstringYesConfiguration's section
  config.namestringYesConfiguration's name inside the configuration's section
  config.optstringNoConfiguration's option inside the configuration's name
  config.valuestringYesConfiguration's value
Config/Set - Response
ParameterTypeDescription
configConfigIvSign configuration object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"config": {
"section": "auth",
"name": "passtries",
"value": 20
}
}
JSON response
{
"config": {
"configid": 2586,
"orgaid": "miorga",
"section": "auth",
"name": "passtries",
"opt": "",
"type": "int",
"value": "20"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Config/Set - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe modified configuration must belong to the organization of the agent user and its writing level value must be equal or lower than the agent user
Super AdministratorYesThe modified configuration must belong to the organization of the agent user or to a child organization of this and its writing level value must be equal or lower than the agent user
Config/Set - Audits
OperationAudits
CorrectNo
IncorrectNo

20. Delegations management [Deleg]

20.1. Delegation creation [Deleg/Add]

IvSign certificate delegations are done through the Deleg/Add method.
Once the delegation is created, users can be assigned to it. For each user assigned a copy certificate of the delegation certificate will be created.

Deleg/Add - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.certidstringYesIvSign certificate ID
  deleg.namestringYesDelegation's name
  deleg.orgaidstringNoDelegation's organization
Deleg/Add - Response
ParameterTypeDescription
delegDelegIvSign certificate delegation object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"certid": 42,
"name": "mideleg"
}
}
JSON response
{
"deleg": {
"delegid": 42,
"userid": "miuser",
"certid": "8B1F1E4B7027",
"serial": "46F3730EB8",
"name": "mideleg",
"descr": "decripción del certificado",
"disabled": false,
"createdate": "2018-08-28T06:42:34.5705501Z",
"ignorecertrules": false,
"orgaid": "miorga",
"oper": "miuser"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/Add - User permissions
UserAllowedConditions
BasicYesThe certificate must belong to the agent user
AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Deleg/Add - Audits
OperationAudits
CorrectYes
IncorrectYes

20.2. Deleting delegated certificates [Deleg/CertDel]

Deleting delegated certificates from its delegation is done through the Deleg/CertDel method.

Deleg/CertDel - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.delegidintYesIvSign certificate delegation ID
certCertIvSign certificate object
  cert.certidstringYesIvSign certificate ID, the delegated certificate ID
Deleg/CertDel - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"delegid": "7DC4LGMRCIIX4"
},
"cert": {
"certid": "8B1F1E4B7027"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/CertDel - User permissions
UserAllowedConditions
BasicYesThe delegation must belong to the agent user
AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Deleg/CertDel - Audits
OperationAudits
CorrectYes
IncorrectYes

20.3. Listing delegated certificates [Deleg/CertList]

Listing all the delegated certificates created by a delegation is done through the Deleg/CertList method.

Deleg/CertList - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.delegidintYesIvSign certificate delegation ID
Deleg/CertList - Response
ParameterTypeDescription
certlistCert[]IvSign certificate object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"delegid": 42
}
}
JSON response
{
"certlist": [
{
"certid": "8B1F1E4B7027",
"name": "micertificado",
"orgaid": "miorga",
"userid": "miuser",
"descr": "decripción del certificado",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-06-22T08:54:45Z",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO,...",
"subjectcn": "NombreN Apellidos",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2018-06-22T08:55:18Z",
"validto": "2023-06-21T08:55:18Z",
"serial": "46F3730EB8",
"keysize": "2048",
"signalg": "sha1RSA",
"certprovider": "dbsecure",
"delegated": true,
"delegid": 40,
"oper": "user1",
"linked": false,
"createmethod": "metodocreacion",
"createmodule": "moduleprueba",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "b3332002481f83d126ac0d47e3a7c68834a73438",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/CertList - User permissions
UserAllowedConditions
BasicYesThe delegation must belong to the agent user
AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Deleg/CertList - Audits
OperationAudits
CorrectNo
IncorrectNo

20.4. Deleting delegation [Deleg/Del]

Deleting a delegation is done through the Deleg/Del method.
The delegation must have no users associated to it.

Deleg/Del - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.delegidintYesIvSign certificate delegation ID
Deleg/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"delegid": 42
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/Del - User permissions
UserAllowedConditions
BasicYesThe delegation must belong to the agent user
AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Deleg/Del - Audits
OperationAudits
CorrectYes
IncorrectYes

20.5. Getting delegation data [Deleg/Get]

Getting delegation data is done through the Deleg/Get method.

Deleg/Get - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.delegidintYesIvSign certificate delegation ID
Deleg/Get - Response
ParameterTypeDescription
delegDelegIvSign certificate delegation object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"delegid": 42
}
}
JSON response
{
"deleg": {
"delegid": 42,
"userid": "miuser",
"certid": "8B1F1E4B7027",
"serial": "46F3730EB8",
"name": "mideleg",
"descr": "decripción del certificado",
"disabled": false,
"createdate": "2018-08-28T06:42:34.5705501Z",
"ignorecertrules": false,
"orgaid": "miorga",
"oper": "miuser"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/Get - User permissions
UserAllowedConditions
BasicYesThe delegation must belong to the agent user
AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Deleg/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

20.6. Listing delegations [Deleg/List]

Listing delegations a user delegations or an organization delegations is done through the Deleg/List method.

Deleg/List - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.orgaidstringNoDelegation's organization
  deleg.useridstringNoDelegation's user
pagePageIvSign page object
Deleg/List - Response
ParameterTypeDescription
delegDeleg[]IvSign certificate delegation object
pagePageIvSign page object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"orgaid": "miorga",
"userid": "miuser"
},
"page": null
}
JSON response
{
"deleglist": [
{
"delegid": 36,
"userid": "miuser",
"certid": "8A62437FBF85",
"serial": "00BBAA89BBDB4218EA",
"name": "Prueba",
"descr": null,
"disabled": false,
"createdate": "2018-06-07T14:31:05Z",
"ignorecertrules": false,
"orgaid": "miorga",
"oper": "miuser"
},
{
"delegid": 42,
"userid": "miuser",
"certid": "8B1F1E4B7027",
"serial": "46F3730EB8",
"name": "mideleg",
"descr": null,
"disabled": false,
"createdate": "2018-08-28T06:42:34Z",
"ignorecertrules": false,
"orgaid": "miorga",
"oper": "miuser"
}
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/List - User permissions
UserAllowedConditions
BasicYesThe listed delegations must belong to the agent user
AdministratorYesThe listed delegations must belong to users that belong to the same organizations as the agent user
Super AdministratorYesThe listed delegations must belong to users that belong to the same organizations as the agent user or to a child organization of this
Deleg/List - Audits
OperationAudits
CorrectNo
IncorrectNo

20.7. Setting delegation [Deleg/Set]

Setting a delegation parameters is done through the Deleg/Set method.

Deleg/Set - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.delegidintYesIvSign certificate delegation ID
  deleg.namestringNoDelegation's name
  deleg.disabledboolNoEnabled / disabled delegation flag
Deleg/Set - Response
ParameterTypeDescription
delegDelegIvSign certificate delegation object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"delegid": 42,
"name": "cocoa",
"disabled": true
}
}
JSON response
{
"deleg": {
"delegid": 42,
"userid": "miuser",
"certid": "8B1F1E4B7027",
"serial": "46F3730EB8",
"name": "cocoa",
"descr": "cocoa",
"disabled": true,
"createdate": "2018-08-28T06:42:34Z",
"ignorecertrules": false,
"orgaid": "miorga",
"oper": "miuser"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/Set - User permissions
UserAllowedConditions
BasicYesThe delegation must belong to the agent user
AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Deleg/Set - Audits
OperationAudits
CorrectYes
IncorrectYes

20.8. Associating user to delegation [Deleg/UserAdd]

Associating a user to a delegation is done through the Deleg/UserAdd method.
This method creates a delegation certificate copy to each user assigned to it. The copy certificates are marked as it.

Deleg/UserAdd - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.delegidintYesIvSign certificate delegation ID
certCertIvSign certificate object
  cert.useridstringYesRecipient user
  cert.orgaidstringNoRecipient user organization
  cert.pinstringYesCertificate's pin
  cert.newpinstringYesDelegated certificate's pin
disablenotifyboolNoEnabled / disabled notification flag
Deleg/UserAdd - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"delegid": 42
},
"cert": {
"userid": "miuserdeleg",
"orgaid": "miorga",
"pin": "123#@Abc",
"newpin": "Abc1#@23"
},
"disablenotify": true
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/UserAdd - User permissions
UserAllowedConditions
BasicYesThe delegation must belong to the agent user
AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this, and the user and the must belong to the same organization
Deleg/UserAdd - Audits
OperationAudits
CorrectYes
IncorrectYes

20.9. Deleting user from delegation [Deleg/UserDel]

Deleting a user from a delegation is done through the Deleg/UserDel method.
This method deletes the delegated certificate, removing the user from the delegation.

Deleg/UserDel - Request
ParameterTypeRequestedDescription
delegDelegIvSign certificate delegation object
  deleg.delegidintYesIvSign certificate delegation ID
userUserIvSign user object
  user.useridstringYesPublic certificate's user
  user.orgaidstringNoUser's organization
Deleg/UserDel - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"deleg": {
"delegid": 42
},
"user": {
"userid": "miuserdeleg",
"orgaid": "miorga"
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/UserDel - User permissions
UserAllowedConditions
BasicYesThe delegation must belong to the agent user
AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this, and the user and the must belong to the same organization
Deleg/UserDel - Audits
OperationAudits
CorrectYes
IncorrectYes

20.10. Listing allowed delegation users [Deleg/UserListAllowed]

Listing which users are allowed to be assigned to a delegation is done through the Deleg/UserListAllowed method.
Usually these users are the enabled ones that belong to the same organization as the agent user.

Deleg/UserListAllowed - Request
ParameterTypeRequestedDescription
Without request parameters
Deleg/UserListAllowed - Response
ParameterTypeDescription
userlistUser[]IvSing user object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{}
JSON response
{
"userlist": [
{
"userid": "miuser2",
"extid": null,
"orgaid": null,
"email": null,
"name": "Nombre2",
"lastname": "Apellidos2",
"lastip": null,
"ident": null,
"disabled": false,
"createdate": null,
"lastlogin": null,
"previouslogin": null,
"authprovider": null,
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": null,
"valid": null,
"phone": null
},
{
"userid": "miuser3",
"extid": null,
"orgaid": null,
"email": null,
"name": "Nombre3",
"lastname": "Apellidos3",
"lastip": null,
"ident": null,
"disabled": false,
"createdate": null,
"lastlogin": null,
"previouslogin": null,
"authprovider": null,
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": null,
"valid": null,
"phone": null
},
...
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Deleg/UserListAllowed - User permissions
UserAllowedConditions
BasicNo
AdministratorYes
Super AdministratorYes
Deleg/UserListAllowed - Audits
OperationAudits
CorrectNo
IncorrectNo

21. Usage rules / Usage policies management [Rule]

21.1. Creating usage rule [Rule/Add]

Creating usage rules or usage policies is done through the Rule/Add method.
The rules can be applied to a certificate or to a delegation. If the rule is applied to certificate is called policy. Once a rule is applied to a delegation, its effect is applied to all the delegated certificates as well.

Rule/Add - Request
ParameterTypeRequestedDescription
ruleRuleIvSign rule object
  rule.delegidintNo (Yes if certid is empty)IvSign certificate delegation ID
  rule.certidstringNo (Yes if delegid is empty)IvSign certificate ID
  rule.namestringYesRule's name
  rule.dayfromDateTimeNoRule application start date
  rule.daytoDateTimeNoRule application end date
  rule.hourfromintNoRule application start time
  rule.hourtointNoRule application end time
  rule.dowintNoRule application weekdays, in binary format, for instance: 5 is binary is 101, that means the rule is applied on Monday and Wednesday
Rule/Add - Response
ParameterTypeDescription
ruleRuleIvSign rule object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"rule": {
"delegid": 42,
"name": "miregla",
"dayfrom": "2018-08-01T00:00:00",
"dayto": "2018-08-31T23:59:59",
"hourfrom": 8,
"hourto": 20,
"dow": 31
}
}

JSON response
{
"rule": {
"ruleid": 5,
"delegid": 42,
"certid": null,
"name": "miregla",
"dayfrom": "2018-08-01T00:00:00",
"dayto": "2018-08-31T23:59:59",
"hourfrom": 8,
"hourto": 20,
"dow": 31,
"host": null,
"app": null,
"appdeny": false,
"location": null,
"locationdeny": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Rule/Add - User permissions
UserAllowedConditions
BasicYesThe certificate or the delegation must belong to the agent user
AdministratorYesThe certificate or the delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate or the delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Rule/Add - Audits
OperationAudits
CorrectYes
IncorrectYes

21.2. Deleting rule [Rule/Del]

Deleting a usage rule or usage policy is done through the Rule/Del method.

Rule/Del - Request
ParameterTypeRequestedDescription
ruleRuleIvSign rule object
  rule.ruleidintYesIvSign rule ID
Rule/Del - Response
ParameterTypeDescription
resultboolResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"rule": {
"ruleid": 5
}
}
JSON response
{
"result": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Rule/Del - User permissions
UserAllowedConditions
BasicYesThe deleted rule must belong to a certificate or delegation that belongs to the agent user
AdministratorYesThe deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user
Super AdministratorYesThe deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user or to a child organization of this
Rule/Del - Audits
OperationAudits
CorrectYes
IncorrectYes

21.3. Getting rule data [Rule/Get]

Getting usage rule data is done through the Rule/Get method.

Rule/Get - Request
ParameterTypeRequestedDescription
ruleRuleIvSign rule object
  rule.ruleidintYesIvSign rule ID
Rule/Get - Response
ParameterTypeDescription
ruleRuleIvSign rule object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"rule": {
"ruleid": 5
}
}
JSON response
{
"rule": {
"ruleid": 5,
"delegid": 42,
"certid": null,
"name": "miregla",
"dayfrom": "2018-08-01T00:00:00",
"dayto": "2018-08-31T23:59:59",
"hourfrom": 8,
"hourto": 20,
"dow": 31,
"host": null,
"app": null,
"appdeny": false,
"location": null,
"locationdeny": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Rule/Get - User permissions
UserAllowedConditions
BasicYesThe deleted rule must belong to a certificate or delegation that belongs to the agent user
AdministratorYesThe deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user
Super AdministratorYesThe deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user or to a child organization of this
Rule/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

21.4. Listing rule [Rule/List]

Listing a delegation usage rules or a certificate usage policies is done through the Rule/List method.

Rule/List - Request
ParameterTypeRequestedDescription
ruleRuleIvSign rule object
  rule.delegidintNo (Yes if certid is empty)IvSign certificate delegation ID
  rule.certidstringNo (Yes if delegid is empty)IvSign certificate ID
Rule/List - Response
ParameterTypeDescription
ruleRule[]IvSign rule object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"rule": {
"delegid": 42
}
}
JSON response
{
"rulelist": [
{
"ruleid": 5,
"delegid": 42,
"certid": null,
"name": "miregla",
"dayfrom": "2018-08-01T00:00:00Z",
"dayto": "2018-08-31T00:00:00Z",
"hourfrom": 8,
"hourto": 20,
"dow": 31,
"host": null,
"app": null,
"appdeny": false,
"location": null,
"locationdeny": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Rule/List - User permissions
UserAllowedConditions
BasicYesThe certificate or the delegation must belong to the agent user
AdministratorYesThe certificate or the delegation must belong to a user that belongs to the same organization as the agent user
Super AdministratorYesThe certificate or the delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this
Rule/List - Audits
OperationAudits
CorrectNo
IncorrectNo

22. Notification management [Notify]

22.1. Getting notification [Notify/Get]

Getting a notification data is done through the Notify/Get method.

Notify/Get - Request
ParameterTypeRequestedDescription
notifyNotifyIvSign notification object
  notify.notifyidintYesIvSign notification ID
Notify/Get - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
notifyNotifyIvSign notification object

Request and response example:

JSON request
{
"notify": {
"notifyid": 1
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"notify": {
"notifyid": 1,
"subject": "Encabezado usuario",
"body": "cuerpo del mensaje del usuario",
"createdate": "2018-05-31T11:09:35",
"userid": "miuser",
"orgaid": null,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": "2018-08-28T10:47:38.175698",
"accepteduser": "miuser",
"readed": true,
"accepted": true,
"requiredcheck": null
}
}
Notify/Get - User permissions
UserAllowedConditions
BasicYesThe notification must be addressed to the agent user
AdministratorYesThe notification must be addressed to a user that belongs to the same organization as the agent user
Super AdministratorYesThe notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this
Notify/Get - Audits
OperationAudits
CorrectNo
IncorrectNo

22.2. Listing notification [Notify/List]

Listing the notifications addressed to a user or to an organization is done through the Notify/List method.

Notify/List - Request
ParameterTypeRequestedDescription
notifyNotifyIvSign notification object
  notify.useridstringNoNotification's addressed user
  notify.orgaidstringNoNotification's addressed organization
pagePageNoIvSign page object
Notify/List - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
notifylistNotify[]IvSign notification object
pagePageIvSign page object

Request and response example:

JSON request
{
"notify": {
"userid": "miuser",
"orgaid": "miorga"
},
"page": null
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"notifylist": [
{
"notifyid": 1,
"subject": "Encabezado usuario",
"body": "cuerpo del mensaje del usuario",
"createdate": "2018-05-31T11:09:35",
"userid": "miuser",
"orgaid": null,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": "2018-08-28T10:47:38.175698",
"accepteduser": "miuser",
"readed": true,
"accepted": true,
"requiredcheck": null
},
{
"notifyid": 2,
"subject": "Encabezado organización",
"body": "cuerpo del mensaje de la organización",
"createdate": "2018-05-31T11:09:35",
"userid": null,
"orgaid": "miorga",
"required": true,
"readeddate": "2018-05-31T09:20:09.597372",
"accepteddate": "2018-05-31T09:20:27.100567",
"accepteduser": "miuser",
"readed": true,
"accepted": true,
"requiredcheck": "Aceptar"
},
...
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": null
}
}
Notify/List - User permissions
UserAllowedConditions
BasicYesThe notification must be addressed to the agent user
AdministratorYesThe notification must be addressed to a user that belongs to the same organization as the agent user
Super AdministratorYesThe notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this
Notify/List - Audits
OperationAudits
CorrectNo
IncorrectNo

22.3. Setting notification [Notify/Set]

Setting a notification parameters is done through the Notify/Set method.
This method is also used to accept a notification.

Notify/Set - Request
ParameterTypeRequestedDescription
notifyNotifyIvSign notification object
  notify.notifyidintYesIvSign notification ID
  notify.subjectstringNoNotification's subject
  notify.bodystringNoNotification's message
  notify.requiredboolNoRequired acceptance flag
  notify.readedboolNoNotification read flag
  notify.acceptedboolNoNotification accepted flag
Notify/Set - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
notifyNotifyIvSign notification object

Request and response example:

JSON request
{
"notify": {
"notifyid": 1,
"subject": "Nuevo asunto",
"body": "Nuevo cuerpo"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"notify": {
"notifyid": 1,
"subject": "Nuevo asunto",
"body": "Nuevo cuerpo",
"createdate": "2018-05-31T11:09:35",
"userid": null,
"orgaid": "miorga",
"required": false,
"readeddate": "2018-06-04T06:47:20.954299",
"accepteddate": null,
"accepteduser": null,
"readed": true,
"accepted": false,
"requiredcheck": null
}
}
Notify/Set - User permissions
UserAllowedConditions
BasicYesThe notification must be addressed to the agent user
AdministratorYesThe notification must be addressed to a user that belongs to the same organization as the agent user
Super AdministratorYesThe notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this
Notify/Set - Audits
OperationAudits
CorrectYes
IncorrectYes

23. Statistics management [Stats]

23.1. General system statistics [Stats/System]

Getting general system statistics is done through the Stats/System method.

Stats/System - Request
ParameterTypeRequestedDescription
Without request parameters
Stats/System - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
statslistStatsResultIvSign common statistics object

Request and response example:

JSON request
{}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "10"
},
{
"Key": "Cert",
"Value": "50"
},
{
"Key": "Deleg",
"Value": "20"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "6"
},
{
"Key": "Sign",
"Value": "240"
},
{
"Key": "Signature",
"Value": "150"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "320"
},
{
"Key": "Signature",
"Value": "210"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Orga",
"Value": "10"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}
Stats/System - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorNo
Stats/System - Audits
OperationAudits
CorrectNo
IncorrectNo

23.2. Organization and its child organization statistics [Stats/OrgaChain]

Getting an organization and its child organization statistics is done through the Stats/OrgaChain method.

Stats/OrgaChain - Request
ParameterTypeRequestedDescription
orgaOrgaIvSign organization object
  orga.orgaidstringNoIvSign organization ID
Stats/OrgaChain - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
statslistStatsResultIvSign common statistics object

Request and response example:

JSON request
{
"orga": {
"orgaid": "miorga"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "6"
},
{
"Key": "Cert",
"Value": "30"
},
{
"Key": "Deleg",
"Value": "7"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "3"
},
{
"Key": "Sign",
"Value": "102"
},
{
"Key": "Signature",
"Value": "53"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "270"
},
{
"Key": "Signature",
"Value": "180"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}
Stats/OrgaChain - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorYesThe searched organization must be the agent user's organization or a child organization of this
Stats/OrgaChain - Audits
OperationAudits
CorrectNo
IncorrectNo

23.3. Organization statistics [Stats/Orga]

Getting an organization statistics is done through the Stats/Orga method.

Stats/Orga - Request
ParameterTypeRequestedDescription
orgaOrgaIvSign organization object
  orga.orgaidstringYesIvSign organization ID
Stats/Orga - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
statslistStatsResultIvSign common statistics object

Request and response example:

JSON request
{
"orga": {
"orgaid": "miorga"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "2"
},
{
"Key": "Cert",
"Value": "5"
},
{
"Key": "Deleg",
"Value": "1"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Sign",
"Value": "58"
},
{
"Key": "Signature",
"Value": "26"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "157"
},
{
"Key": "Signature",
"Value": "103"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}
Stats/Orga - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe searched organization must be the agent user's organization
Super AdministratorYesThe searched organization must be the agent user's organization or a child organization of this
Stats/Orga - Audits
OperationAudits
CorrectNo
IncorrectNo

23.4. User statistics [Stats/User]

Getting a user statistics is done through the Stats/User method.

Stats/User - Request
ParameterTypeRequestedDescription
userUserIvSign user object
  user.useridstringYesIvSign user ID
  user.orgaidstringNoUser's organization
Stats/User - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
statslistStatsResultIvSign common statistics object

Request and response example:

JSON request
{
"user": {
"userid": "miuser",
"orgaid": "miorga"
}
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "Cert",
"Value": "2"
},
{
"Key": "Deleg",
"Value": "1"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Sign",
"Value": "22"
},
{
"Key": "Signature",
"Value": "3"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "27"
},
{
"Key": "Signature",
"Value": "4"
}
],
"licenseLimit": null
}
}
Stats/User - User permissions
UserAllowedConditions
BasicYesThe searched user must be the agent user
AdministratorYesThe searched user must belong to the same organization as the agent user
Super AdministratorYesThe searched user must belong to the same organization as the agent user or to a child organization of this
Stats/User - Audits
OperationAudits
CorrectNo
IncorrectNo

23.5. Specific system statistic [Stats/DetailSys]

Getting a specific detailed system statistic is done through the Stats/DetailSys method.

Stats/DetailSys - Request
ParameterTypeRequestedDescription
datefromDateTimeYesSearch start date
datetoDateTimeYesSearch end date
categorystringYesCategory filter (auth, sign, deleg...)
typestringYesType filter (location, app, module, host)
Stats/DetailSys - Response
ParameterTypeDescription
statsdetailStatDetailResult[]IvSign specific statistics object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"datefrom": "2018-08-01T00:00:00",
"dateto": "2018-08-31T00:00:00",
"category": "sign",
"type": "app"
}
JSON response
{
"statssign": [
{
"value": "app prueba",
"owned": 1,
"delegated": 0,
"fore": 0
},
{
"value": "IEXPLORE.EXE",
"owned": 5,
"delegated": 0,
"fore": 0
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Stats/DetailSys - User permissions
UserAllowedConditions
BasicNo
AdministratorNo
Super AdministratorNo
Stats/DetailSys - Audits
OperationAudits
CorrectNo
IncorrectNo

23.6. Specific organization statistic [Stats/DetailOrga]

Getting a specific detailed organization statistic is done through the Stats/DetailSys method.

Stats/DetailOrga - Request
ParameterTypeRequestedDescription
datefromDateTimeYesSearch start date
datetoDateTimeYesSearch end date
orgaOrgaIvSign organization object
  orga.orgaidstringNoIvSign organization ID
categorystringYesCategory filter (auth, sign, deleg...)
typestringYesType filter (location, app, module, host)
Stats/DetailOrga - Response
ParameterTypeDescription
statsdetailStatDetailResult[]IvSign specific statistics object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"datefrom": "2018-08-01T00:00:00",
"dateto": "2018-08-31T00:00:00",
"category": "sign",
"type": "module"
}
JSON response
{
"statssign": [
{
"value": "KeyController",
"owned": 5,
"delegated": 0,
"fore": 0
},
{
"value": "unknown",
"owned": 1,
"delegated": 0,
"fore": 0
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Stats/DetailOrga - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe searched organization must be the agent user's organization
Super AdministratorYesThe searched organization must be the agent user's organization or a child organization of this
Stats/DetailOrga - Audits
OperationAudits
CorrectNo
IncorrectNo

23.7. Specific user statistic [Stats/DetailUser]

Getting a specific detailed user statistic is done through the Stats/DetailSys method.

Stats/DetailUser - Request
ParameterTypeRequestedDescription
datefromDateTimeYesSearch start date
datetoDateTimeYesSearch end date
userUserIvSign organization object
  user.useridstringYesIvSign user ID
categorystringYesCategory filter (auth, sign, deleg...)
typestringYesType filter (location, app, module, host)
Stats/DetailUser - Response
ParameterTypeDescription
statsdetailStatDetailResult[]IvSign specific statistics object
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{
"datefrom": "2018-08-01T00:00:00",
"dateto": "2018-08-31T00:00:00",
"user": {
"userid": "miuser"
},
"category": "sign",
"type": "host"
}
JSON response
{
"statssign": [
{
"value": "MIUSER-PC",
"owned": 3,
"delegated": 0,
"fore": 0
},
{
"value": "host prueba",
"owned": 1,
"delegated": 0,
"fore": 0
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Stats/DetailUser - User permissions
UserAllowedConditions
BasicYesThe searched user must be the agent user
AdministratorYesThe searched user must belong to the same organization as the agent user
Super AdministratorYesThe searched user must belong to the same organization as the agent user or to a child organization of this
Stats/DetailUser - Audits
OperationAudits
CorrectNo
IncorrectNo

23.8. Yearly organization signature statistic [Stats/OperationYear]

Getting an organization signature statistics for periods no longer than a year is done through the Stats/OperationYear method.

Stats/OperationYear - Request
ParameterTypeRequestedDescription
yearfromintYesSearch start year
monthfromintYesSearch start month
yeartointYesSearch end year
monthtointYesSearch end month
orgaidstringYesSelected organization
Stats/OperationYear - Response
ParameterTypeDescription
errorErrorIvSign error object, contains keyman operation error code result
statslistStats[][]IvSign statistics object

Request and response example:

JSON request
{
"yearfrom": 2019,
"monthfrom": 4,
"yearto": 2019,
"monthto": 5,
"orgaid": "orgatest"
}
JSON response
{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "DMS44QJBTHJ4O"
},
"statslist": [
[
{
"statsid": 156,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Sign",
"value": "44"
},
{
"statsid": 206,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Sign",
"value": "900"
}
],
[
{
"statsid": 157,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Signature",
"value": "4"
},
{
"statsid": 207,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Signature",
"value": "584"
}
],
[
null,
null
],
[
{
"statsid": 158,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Verify",
"value": "4"
},
{
"statsid": 208,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Verify",
"value": "579"
}
]
]
}
Stats/OperationYear - User permissions
UserAllowedConditions
BasicNo
AdministratorYesThe searched organization must be the agent user's organization
Super AdministratorYesThe searched organization must be the agent user's organization or a child organization of this
Stats/OperationYear - Audits
OperationAudits
CorrectNo
IncorrectNo

24. Test [Test]

24.1. Test method [Test/Test]

Checking the correct keyman installation and database creation is done through the Test/Test method.

Test/Test - Request
ParameterTypeRequestedDescription
Without request parameters
Test/Test - Response
ParameterTypeDescription
resultstringResult, correct or incorrect
errorErrorIvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{}
JSON response
{
"result": "ok",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}
Test/Test - User permissions
UserAllowedConditions
BasicYes
AdministratorYes
Super AdministratorYes
Test/Test - Audits
OperationAudits
CorrectNo
IncorrectNo

25. IvSign common objects definition

IvSign common object definitions are listed below.

25.1. User object

The User object holds all the information relative a IvSign user.

User
ParameterTypeDescription
useridstringIvSign user ID
extidstringUser's external ID
orgaidstringUser's organization
orgachainstringUser's organization chain
emailstringUser's email
namestringUser's name
lastnamestringUser's last name
lastipstringUser's last access IP
identstringUser's identifier card
disabledboolEnabled/disabled user flag
createdateDateTimeUser's creation date time
lastloginDateTimeUser's last access date time
previousloginDateTimeUser's previous access to the last
authproviderstringAuthentication provider
adminboolPrivileges user level
superadminboolPrivileges user level
passstringUser's password
validationstringAccount recovery validation code
langstringUser's language
phonestringUser's phone number
validboolValid/invalid user flag
disabledreasonstringDisabled reason
Ejemplo JSON
{
"userid": "miuser",
"extid": "idexterno",
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": "12345678Z",
"disabled": false,
"createdate": "2017-10-11T15:25:44",
"lastlogin": "2017-10-16T09:18:25",
"previouslogin": "2017-10-16T09:15:43",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "600600600",
"valid": true,
"disabledreason": ""
}

25.2. Cert object

The Cert object holds all the information relative a IvSign certificate.

Cert
ParameterTypeDescription
certidstringIvSign certificate ID
namestringCertificate's name
orgaidstringCertificate's organization
useridstringCertificate's user
descrstringCertificate's description
custom1stringCustom field 1
custom2stringCustom field 2
custom3stringCustom field 3
disabledboolEnabled/disabled flag
createdateDateTimeCertificate creation/importation to IvSign date time
subjectstringCertificate's subject
subjectcnstringCertificate's common name
issuerstringCertificate's issuer
issuercnstringCertificate's issuer common name
validfromDateTimeCertificate's issue date time
validtoDateTimeCertificate's expiry date time
serialstringSerial Number
keysizestringCertificate's private key size
certproviderstringCertificate's provider
delegatedboolDelegation flag
delegidintIvSign delegation ID, in case the certificate is a delegated certificate
operstringOperator
linkedintExternal certificate which the certificate is linked to
createmethodstringCertificate creation method
createmodulestringCertificate creation module
pinstringCertificate's access pin
newpinstringCertificate's new access pin
revokedboolRevoked certificate flag
expiredboolExpired certificate flag
sha1sumstringCertificate's fingerprint
extidstringCertificate's external identifier
providerdatastringCertificate provider extra information
replacedbystringCertificate ID which this certificate has been replaced for
replaceddateDateTimeReplacement date time
replacesstringCertificate ID which this certificate replaces
replacementboolThis certificate replaces a previous one flag
signalgstringSignature algorithm used to sign the certificate, SHA1 or SHA256
orgachainstringCertificate's organization chain
disabledownercertboolCertificate disabled due to its parent certificate was disabled flag
disabledowneruserboolCertificate disabled due to the user owner of its parent certificate was disabled flag
disableddelegboolCertificate disabled due to its parent certificate delegation was disabled flag
disabledadminboolCertificate disabled by an administrator user flag
disableduserboolCertificate disabled by its user owner flag
qscdboolQSCD certificate flag (Qualified Electronic Signature Creation Device)
typestringCertificate type
disabledadminreasonstringDisabled certificate reason
needauthboolIt is required certificate's owner authorization for using it flag
Ejemplo JSON
{
"certid": "7DC4USMQ7DNM4",
"name": "testcert1",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2019-04-03T11:29:19Z",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2018-04-17T08:05:10Z",
"validto": "2021-04-16T08:05:10Z",
"serial": "6E2A23C76D8AA8E0",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "basico",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "c88d4165900acaf8fcee7949d4ca0eaebc73d257",
"extid": null,
"providerdata": null,
"orgachain": "root.miorgapadre.miorga.",
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null,
"disabledadminreason": null,
"needauth": null
}

25.3. CertTrash object

The CertTrash object holds all the information relative a IvSign certificate placed on the certificate's bin.

CertTrash
ParameterTypeDescription
certidstringIvSign certificate ID
namestringCertificate's name
orgaidstringCertificate's organization
useridstringIvSign user ID
descrstringCertificate's description
custom1stringCustom field
custom2stringCustom field
custom3stringCustom field
disabledboolEnabled/disabled flag
createdateDateTimeCertificate creation/importation to IvSign date time
subjectstringCertificate's subject
subjectcnstringCertificate's common name
issuerstringCertificate's issuer
issuercnstringCertificate's issuer common name
validfromDateTimeCertificate's issue date time
validtoDateTimeCertificate's expiry date time
serialstringSerial Number
keysizestringCertificate's private key size
certproviderstringCertificate's provider
delegatedboolDelegation flag
delegidintIvSign delegation ID, in case the certificate is a delegated certificate
operstringOperator
linkedintExternal certificate which the certificate is linked to
createmethodstringCertificate creation method
createmodulestringCertificate creation module
pinstringCertificate's access pin
newpinstringCertificate's new access pin
revokedboolRevoked certificate flag
expiredboolExpired certificate flag
sha1sumstringCertificate's fingerprint
extidstringCertificate's external identifier
providerdatastringCertificate provider extra information
replacedbystringCertificate ID which this certificate has been replaced for
replaceddateDateTimeReplacement date time
replacesstringCertificate ID which this certificate replaces
replacementboolThis certificate replaces a previous one flag
signalgstringSignature algorithm used to sign the certificate, SHA1 or SHA256
orgachainstringCertificate's organization chain
disabledownercertboolCertificate disabled due to the parent certificate is disabled flag
disabledowneruserboolCertificate disabled due to the user owner of the parent certificate is disabled flag
disableddelegboolCertificate disabled due to its parent certificate delegation was disabled flag
disabledadminboolCertificate disabled by an administrator user flag
disableduserboolCertificate disabled by its user owner flag
qscdboolQSCD certificate flag (Qualified Electronic Signature Creation Device)
typestringCertificate type
disabledadminreasonstringDisabled certificate reason
needauthboolIt is required certificate's owner authorization for using it flag
Ejemplo JSON
{
"certid": "7DC4USMQ7DNM4",
"name": "testcert1",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2019-04-03T11:29:19Z",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2018-04-17T08:05:10Z",
"validto": "2021-04-16T08:05:10Z",
"serial": "6E2A23C76D8AA8E0",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "basico",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "c88d4165900acaf8fcee7949d4ca0eaebc73d257",
"extid": null,
"providerdata": null,
"orgachain": "root.miorgapadre.miorga.",
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null,
"disabledadminreason": null,
"needauth": null
}

25.4. PubCert object

The PubCert object holds all the information relative a IvSign public certificate.

PubCert
ParameterTypeDescription
pubcertidstringIvSign public certificate ID
sha1sumstringCertificate's fingerprint
sha1sumissuerstringCertificate's fingerprint issuer
useridstringCertificate's user
orgaidstringCertificate's organization
orgachainstringCertificate's organization chain
subjectstringCertificate's subject
issuerstringCertificate's issuer
aliasstringCertificate's name
serialstringSerial Number
createdateDateTimeCertificate's create date time
validfromDateTimeCertificate's issue date time
validtoDateTimeCertificate's expiry date time
revokeddateDateTimeCertificate's revoked date time
revokedboolRevoked certificate flag
expiredboolExpired certificate flag
isrootboolCertificate is a root CA public certificate flag
iscaboolCertificate is a CA public certificate flag
Ejemplo JSON
{
"pubcertid": "7DC4K743AGWAU",
"sha1sum": "89210a6ad8658b4c8d4571ff2304e4771e67e720",
"sha1sumissuer": "7f2cb4f769224cb0cf8b692751cbd4cc64a2c450",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"alias": "alias3",
"serial": "59CFFDD12259B3B6",
"createdate": "2019-02-04T08:37:04Z",
"validfrom": "2017-05-18T21:57:10Z",
"validto": "2020-05-17T21:57:10Z",
"revokeddate": null,
"revoked": false,
"expired": null,
"isroot": false,
"isca": false
}

25.5. PubCertBin object

The PubCertBin object holds all the information relative a IvSign public certificate.

PubCertBin
ParameterTypeDescription
sha1sumstringCertificate's fingerprint
sha1sumissuerstringCertificate's fingerprint issuer
cerstringCertificate's public key
subjectstringCertificate's subject
issuerstringCertificate's issuer
aliasstringCertificate's name
serialstringSerial Number
validfromDateTimeCertificate's issue date time
validtoDateTimeCertificate's expiry date time
revokeddateDateTimeCertificate's revoked date time
isrootboolCertificate is a root CA public certificate flag
iscaboolCertificate is a CA public certificate flag
Ejemplo JSON
{
"sha1sum": "C4FF20C05A66FC57EF1B50882A78AB2852AFC474",
"sha1sumissuer": "A6F77FA47AB32A37E6DB483D7426B7641741601D",
"cer": "MIIGDzCCBP...",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"alias": "certificado publico de pruebas",
"serial": "054C3E61E13981",
"validfrom": "2017-04-03T09:48:18",
"validto": "2022-04-02T09:48:18",
"revokeddate": "2022-04-02T09:48:18",
"isroot": false,
"isca": false
}

25.6. CertInfo object

The CertInfo object holds all the information certificate used to perform a signature.
The object holds a userinfo object and a orgainfo object. The userinfo object contains information about the certificate's owner and the orgainfo object contains information about the certificate's owner organization. Not always is it possible to obtain all the information this objects can hold.

CertInfo
ParameterTypeDescription
serialstringCertificate's serial number
validfromDateTimeCertificate's issue date time
validtoDateTimeCertificate's expiry date time
issuerstringCertificate's issuer
issuercnstringCertificate's issuer common name
subjectstringCertificate's subject
subjectcnstringCertificate's common name
subjectcountrystringCertificate's country
signalgstringSignature algorithm used to sign the certificate
keyusagestring[]Allowed usage case list
enhancedkeyusagestring[]Allowed usage exception list
canamestringPSC issuer identifier
typestringCertificate type
NP: Natural person
BNP: Natural person belonging to organization
GR: General representative
APGR: Artificial person general representative (previous law)
AP: Artificial person (previous law)
SAPGR: State administrations procedures general representative
SR: Special representative
EB: Electronic bill
ES: Electronic stamp
TSU: Time stamp
UT: Unidentified type
userinfoCertificate's user information
  namestringUser's name
  lastnamestringUser's last name
  identstringUser's identifier card
  emailstringUser's email
  birthdateDateTimeUser's birth date
orgainfoCertificate's organization information
  identstringOrganization's identifier
  namestringOrganization's name
qualifiedboolQualified certificate flag
qualifiedclassificationintQualification classification:
0: Natural person
1: Artificial person
2: Components (web site)
sha1sumstringCertificate's fingerprint
sha1sumissuerstringCertificate's fingerprint issuer
Ejemplo JSON
{
"serial": "00BBAAA0CD3482BFCD",
"validfrom": "2016-10-27T14:47:24",
"validto": "2018-10-27T14:47:24",
"issuer": "CN=AC Camerfirma Certificados Camerales, C=ES, L=Madrid",
"issuercn": "AC Camerfirma Certificados Camerales",
"subject": "C=ES, OU=TEST, CN=12345678K TEST USER",
"subjectcn": "CN=12345678K TEST USER",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [
"Digital Signature",
"Non Repudiation",
"Key Encipherment"
],
"enhancedkeyusage": [
"1.3.6.1.5.5.7.3.2 TLS Web Client Autentication,
"1.3.6.1.5.5.7.3.4 E-mail Protection",
],
"caname": "Camerfirma",
"type": "PRAP",
"userinfo": {
"name": "Juan",
"lastname": "Apellidos",
"ident": "12345678J",
"email": "usuario@correo.ext",
"birthdate": null
},
"orgainfo": {
"ident": "B12345678",
"name": "EMPRESA SOLUCIONES S.L.",
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "C4FF20C05A66FC57EF1B50882A78AB2852AFC474",
"sha1sumissuer": "A6F77FA47AB32A37E6DB483D7426B7641741601D"
}

25.7. CertRef object

The CertRef object holds all the information relative to a CA public certificate.

CertRef
ParameterTypeDescription
idstringIvSign reference certificate object
certproviderstringCertificate's provider
databyte[]Certificate's public key
Ejemplo JSON
{
"id": "00BBAAA0CD3482BFCD",
"certprovider": "dbsecure",
"data": "MIIGDzCCBP...",
}

25.8. Orga object

The Orga object holds all the information relative to an IvSign organization.

Orga
ParameterTypeDescription
orgaidstringIvSign organization ID
extidstringOrganization's external identifier
descrstringOrganization's description
parentstringOrganization's parent
chainstringOrganization's chain to the root organization
licensestringOrganization's license code
createdateDateTimeOrganization's create date time
Ejemplo JSON
{
"orgaid": "miorga",
"extid": null,
"descr": "miorga",
"parent": "miorgapadre",
"chain": "root.miorgapadre.miorga.",
"license": null,
"createdate": "2018-08-24T06:16:49Z"
}

25.9. Device object

The Device object holds all the information relative to a IvSign device.

Device
ParameterTypeDescription
deviceidstringIvSign device ID
useridstringDevice's owner
deviceinfostring[][]Device information parameters
lastaccessDateTimeDevice's last access
authorizedboolAuthorized/unauthorized device flag
Ejemplo JSON
{
"deviceid": 1,
"userid": "miuser",
"deviceinfo": [
[
"equipo",
"equipoprueba"
],
[
"ip",
"172.0.0.1"
]
],
"lastaccess": "2018-08-24T07:29:19.6678975Z",
"authorized": true
}

25.10. Inquiry object

The Inquiry object holds all the information relative to a IvSign authorization petition.

Inquiry
ParameterTypeDescription
inquiryidstringIvSign inquiry ID
typestringInquiry's type, only signature authorization available
createdateDateTimeInquiry's create date time
validuntilDateTimeInquiry's expiry date time
useridstringUser asked for the authorization
orgaidstringUser asked for the authorization organization
pendingboolInquiry pending to be approved flag
responsestringResponse to the authorization petition
Ejemplo JSON
{
"inquiryid": "7DC5FA5WSOFTE",
"type": "authsign",
"data": "{\"delegacion.delegid\":\"7DC5FAVXCIQGY\",\"delegacion.name\":\"TestInquiry\",\"delegacion.descr"\:\"\",\"cert.certid\":\"7DC5FAV5LFHN6\",...}",
"createdate": "2019-07-12 07:48:57",
"validuntil": "2019-07-12 07:58:57",
"userid": "myuser",
"orgaid": "MYORGA",
"pending": false,
"response": "{\"usagecount\":\"1\",\"hours\":\"1\",\"accepted\":\"true\"}"
}

25.11. Audit object

The Audit object holds all the information relative to the IvSign auditory.

Audit
ParameterTypeDescription
auditidintIvSign auditory ID
dateDateTimeOperation's perform day
ipstringOperation's perform user IP
hoststringOperation's perform device or its IP
certidstringIvSign used certificate ID (if applicable)
serialstringUsed certificate's serial number (if applicable)
certidorigstringIvSign parent certificate ID (if applicable)
orgaidstringOperation's organization
categorystringOperation's category
actionstringOperation's performed action
actiondatastringOperation's performed action data
successboolSuccess performed operation flag
infostringOperation's additional information
appstringOperation's used application
operstringOperation's performer operator
useridstringUser on which the operation is performed
impersonatorstringOperation impersonator user (if applicable)
locationstringSignature URL (if applicable)
serverstringSignature server (if applicable)
modulestringOperation integration module
modverstringOperation integration module version
datastringOperation's additional data
certsha1sumstringOperation's certificate finger print (if applicable)
operorgaidstringOperation's performer operator organization
Ejemplo JSON
{
"auditid": 0,
"date": "2018-05-15T13:47:45.045Z",
"ip": "127.0.0.1",
"host": "miuser-pc",
"certid": "",
"serial": "",
"certidorig": "",
"orgaid": "miorga",
"category": "auth",
"action": "login",
"actiondata": "",
"success": true,
"app": "miapp",
"info": "",
"oper": "miuser",
"userid": "miuser",
"impersonator": "",
"location": "miuser-pc",
"server": "",
"module": "",
"modver": "",
"data": "",
"certsha1sum": "",
"operorgaid": "miorga"
}

25.12. AuditInfo object

The AuditInfo object holds all the information relative to the IvSign auditory categories and actions.

AuditInfo
ParameterTypeDescription
categorystring[]Categories list
actionstring[]Actions list
Ejemplo JSON
{
"category": [
"Auth",
"Cert",
"CertTrash",
"Config",
"Deleg",
"Device",
"Notify",
"Orga",
"Rule",
"Sign",
"Signature",
"TSP",
"User",
"Verify"
],
"action": [
"Accept",
"Add",
"Cades",
"CER",
"Del",
"DelCert",
"Generate",
"Impersonate",
"ImportPFX",
"Login",
"Move",
"OrgaMove",
"Pades",
"PinCheck",
"PinSet",
"RefLink",
"Ren",
"Rest",
"RSA",
"Set",
"Sign",
"UserAdd",
"Val",
"Xades"
]
}

25.13. SignPadesParams object

The SignPadesParams object holds all the optional information relative to PDF document signature performance.

SignPadesParams
ParameterTypeDescription
causestringSignature reason
pdfparametersPDFSignParamsIvSign PDF signature parameters object
tstampserversTimeStampServerInfo[]IvSign time stamp server information object
biometryBiometryIvSign biometric data object
Ejemplo JSON
{
"cause": "firma de prueba",
"pdfparameters": {
"pwd": "claveEnTextoPlano",
"signvisible": true,
"signbackgroundconfig": {
"signback": "/9j/4RjhRXhpZgAATU0...",
"signbackautostretch": true,
"transparencymask": {
"red": 255,
"green": 255,
"blue": 255,
"tolerance": 10
}
},
"widgetprops": {
"autopos": false,
"offsetx": 0,
"offsety": 0,
"autosize": false,
"width": 150,
"height": 150,
"rotate": 270,
"showonpages": "first,last,3,5-8",
"widgetpageoffset": 0,
"hidetext": false,
"sizeheader": 5.5,
"sizedatetime": 4,
"sizetitlesection": 5,
"sizetextsection": 4.5,
}
}
"tstampservers": [{
"url": "http://servidor.sellado",
"includecertificates": true,
"hashalgorithm": "sha1"
}],
"biometry": {
"data": "MIIMFDA...",
"cer": "MIIHyDCC...",
}
}

25.14. SignXadesParams object

The SignPadesParams object holds all the optional information relative to XML document signature performance.

SignXadesParams
ParameterTypeDescription
signerrolestringSigner user role
includewholechainboolInclude or not the whole certificate's certificate chain
includekeyvalueboolInclude or not certificate's public key
xadesversionintXAdES signature version
locationSignLocationSignature location data, for instance, the city where the signature is performed
policySignPolicyIvSign signature policy object
tstampserverTimeStampServerInfoIvSign time stamp server information object
envreferencetosignstringInternal reference to the original XML document, must start by '#'
envsigdestreferencestringSets the xmldsign destination node element through document xpath search method
envnamespaceliststring[][]Sets the envsigdestreference xpath search method referred nodes namespace and its prefixes list
envreferencetosignnsstringID node namespace to sign, for example, wsu:Id
Ejemplo JSON
{
"signerrole": "admin",
"includewholechain": true,
"includekeyvalue": true,
"xadesversion": 1.5,
"location": {
"locality": "Paterna",
"province": "Valencia",
"postalcode": "46980",
"country": "Spain"
},
"policy": {
"policyidentifier": "string",
"policyidentifieraddqualifier": true,
"policydescription": "string",
"policydigest": "string",
"policyqualifieruri": "string"
},
"tstampserver": {
"url": "http://servidor.sellado",
"includecertificates": true,
"hashalgorithm": "sha1"
},
"envreferencetosign": "string",
"envsigdestreference": "string",
"envnamespacelist": [
[
"string"
]
],
"envreferencetosignns": "string"
}

25.15. SignCadesParams object

The SignCadesParams object holds all the optional information relative to generic document signature performance.

SignCadesParams
ParameterTypeDescription
tstampserverTimeStampServerInfoIvSign time stamp server information object
Ejemplo JSON
{
"tstampserver": {
"name": "servidor1",
"url": "https://example.ext",
"httpauth": false,
"username": "miuser",
"password": "123@#Abc",
"usenonce": false,
"includecertificates": true,
"hashalgorithm": "sha1"
"certid": "8B1F1E4B7027",
"pfx": "",
"pin": "Abc#@132"
}
}

25.16. PDFSignParams object

The PDFSignParams object holds all the optional information relative to the signature place on a PDF document signature performance.
It contains parameters to customize the signature place, background mask or the quantity of information showed.

PDFSignParams
ParameterTypeDescription
pwdstringPDF document password
signvisibleboolVisible signature enabled/disabled flag
signbackgroundconfigVisible signature background image properties
  signbackbyte[]Image in bytes (ONLY JPG FORMAT)
  signbackautostretchboolBackground image auto stretch enabled/disabled flag
  strechxintAxis X auto stretch
  strechyintAxis Y auto stretch
  transparencymaskJPG image transparency mask
    redintRed channel
    redtoleranceintRed tolerance
    greenintGreen channel
    greentoleranceintGreen tolerance
    blueintBlue channel
    bluetoleranceintBlue tolerance
    toleranceintImage tolerance
widgetpropsVisible signature box configuration
  autoposboolVisible signature box auto position enabled/disabled flag
  offsetxintVisible signature box axis X position
  offsetyintVisible signature box axis Y position
  autosizeboolVisible signature size auto stretch enabled/disabled flag
  widthintVisible signature width size
  heightintVisible signature height size
  rotateintVisible signature rotation degrees
  showonpagesstringSpecifies on what pages the visible signature is shown, option list, separated by coma:
all = all the pages, first = first page, last = last page, x = specific page, y-z = page range, examples: 'first,last,3,5,10-20,32-50'
  hidetextboolCertificate data box enabled/disabled flag
  sizeheaderfloatCertificate data box heather font size
  sizedatetimefloatCertificate data box date font size
  sizetitlesectionfloatCertificate data box section heather font size
  sizetextsectionfloatCertificate data box content font size
  widgetpageoffsetintSignature box page offset
  captionsignerstringCaption singer field
  captionsignerinfostringCaption singer information field
  captionalgorithmstringCaption algorithm field
  captionheaderstringCaption header field
Ejemplo JSON
{
"pwd": "1234",
"signvisible": true,
"signbackgroundconfig": {
"signback": "/9j/4RjhRXhpZgAATU0...",
"signbackautostretch": "true",
"stretchx": 0,
"stretchy": 0,
"transparencymask": {
"red": 255,
"redtolerance": 0,
"green": 255,
"greentolerance": 0,
"blue": 255,
"bluetolerance": 0,
"tolerance": 0,
},
},
"widgetprops": {
"sizeheader": 5.5,
"sizedatetime": 4,
"sizetitlesection": 5,
"sizetextsection": 4.5,
"captionsigner": "",
"captionsignerinfo": "",
"captionalgorithm": "",
"captionheader": "",
"autopos": false,
"offsetx": 0,
"offsety": 0,
"autosize": true,
"height": 150,
"width": 150,
"rotate": 270,
"showonpages": "all",
"widgetpageoffset": 0,
"hidetext": false
}
}

25.17. TimeStampServerInfo object

The TimeStampServerInfo object holds all the optional information relative to a time stamp server on a PDF document signature performance.

TimeStampServerInfo
ParameterTypeDescription
namestringServer's name
urlstringServer's URL
httpauthboolServer's authentication required flag
usernamestringServer's authentication user
passwordstringServer's authentication password
usenonceboolNonce used on the call to the server flag
includecertificatesboolServer's certificate included into the signature flag
hashalgorithmstringHash algorithm, the server must support it
certidstringTime stamp IvSign certificate ID (if applicable)
pfxstringTime stamp PFX certificate (if applicable)
pinstringCertificate's/PFX pin
Ejemplo JSON
{
"name": "servidor1",
"url": "https://example.ext",
"httpauth": true,
"username": "miuser",
"password": "123@#Abc",
"usenonce": false,
"includecertificates": false,
"hashalgorithm": "sha1",
"certid": "",
"pfx": "",
"pin": ""
}

25.18. Biometry object

The Biometry object holds all the optional information relative to biometry data on a document signature performance.

SignLocation
ParameterTypeDescription
databyte[]Biometric signature information
csrbyte[]Certificate`s public key
Ejemplo JSON
{
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQA...",
"data": "AAEAABAAAAAFpwnxeWleeHgOymUHL2tOmBcYBneDA/vtzTXsvKi..."
}

25.19. SignLocation object

The SignLocation object holds all the optional information relative to the signature's location on a document signature performance.

SignLocation
ParameterTypeDescription
localitystringSignature's location city
provincestringSignature's location region
postalcodestringSignature's location city postal code
countrystringSignature's location country
Ejemplo JSON
{
"locality": "Paterna",
"province": "Valencia",
"postalcode": "46980",
"country": "Spain"
}

25.20. SignPolicy object

The SignPolicy object holds all the optional information relative to the signature policies on a document signature performance.

SignPolicy
ParameterTypeDescription
policyidentifierstringSignature's policy identifier
policyidentifieraddqualifierboolSignature's policy add qualifier to the signature flag
policydescriptionstringSignature's policy description
policydigeststringSignature's policy digest
policyqualifieruristringSignature's publication URI
Ejemplo JSON
{
"policyidentifier": "Identificador",
"policyidentifieraddqualifier": true,
"policydescription": "Descripción de la poítica de firma",
"policydigest": "73CF40966ECAA1E358984E23F4AA3B7D",
"policyqualifieruri": "http://servidor.sellado"
}

25.21. tsainfo object

The tsainfo object holds all the optional information relative to the time stamp servers used on a document signature performance.

tsainfo
ParameterTypeDescription
subjectcnstringTime stamp server's identifier
urlstringTime stamp server's URL
serialstringTime stamp server's SHA1SUM
cerbyte[]Time stamp server's certificate public key
Ejemplo JSON
{
"subjectcn": "servidor.sellado",
"url": "http://servidor.sellado",
"serial": "73CF40966ECAA1E358984E23F4AA3B7D",
"cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..."
}

25.22. SignatureData object

The SignatureData object holds all the information relative to a document signature.
The object contains information about the signature, the used certificate certification chain or the used time stamp server. Is it possible not all the parameters contain information.

SignatureData
ParameterTypeDescription
signatureidstringSignature's identifier
validboolValid signature flag
integrityboolPossibility of verifying signature's integrity flag
profilestringSignature profile: 'basic' or 'enhanced'
extensionsstringSignature extensions, separated by coma: 't'=Include TimeStamp into the signature, 'timestamp'=Add a TimeStamp to the signature (Long Term Validation), 'epes'=Include signature policy, 'biometry'=Include biometric data, 'revinfo'=Include certificate's revocation information
envelopstringSignature format, 'enveloped'=The signature includes the original document, 'enveloping'=A new document is generated with the original document on one of its nodes
cerbyte[]Signature's certificate public key
certificatevalidationVerifyCERResponseVerifyCER method object response
  certinfoCertInfoIvSign certificate information object
  expiredboolSignature's expired certificate flag
  untrustedboolSignature's trusted certificate flag
  revokedboolSignature's revoked certificate flag
  invalidsignatureboolSignature's valid certificate CA signature flag
  validboolSignature's valid certificate flag
  errorErrorIvSign error object
signingtimeDateTimeSignature's date time
hashalgorithmstringSignature's hash algorithm
timestampsTimestampData[]Signature's time stamp data
  validboolTime stamp valid flag
  typestringTime stamp type
  timeDateTimeTime stamp date time
  signaturesSignatureData[]Time stamp signature details
  timestampinfoTimeStampInfoTime stamp server information object
    policyoidstringTime stamp signature's policy OID
    serialnumberstringTime stamp token serial number
    gentimeDateTimeTime stamp date time
    messageimprintbyte[]Time stamp message
    messageimprintalgorithmDigestAlgorithmsTime stamp encrypt algorithm
    noncestringRandom numerical sequence time stamp identifier
    orderingboolTime stamp sequence ordering by its token and date time flag
    tsanamestringTSA time stamp name
  calculatedmessagedigestbyte[]Calculated digest, must equal with the stamp digest
validationtimestampsTimestampData[]Additional time stamp signature data
  validboolTime stamp valid flag
  typestringTime stamp type
  timeDateTimeTime stamp date time
  signaturesSignatureData[]Time stamp signature details
  timestampinfoTimeStampInfoTime stamp server information object
    policyoidstringTime stamp signature's policy OID
    serialnumberstringTime stamp token serial number
    gentimeDateTimeTime stamp date time
    messageimprintbyte[]Time stamp message
    messageimprintalgorithmDigestAlgorithmsTime stamp encrypt algorithm
    noncestringRandom numerical sequence time stamp identifier
    orderingboolTime stamp sequence ordering by its token and date time flag
    tsanamestringTSA time stamp name
  calculatedmessagedigestbyte[]Calculated digest, must equal with the stamp digest
biometrysigninfoBiometrySignInfoSignature's biometric information
  certsubjectstringBiometric certificate subject
  certissuerstringBiometric certificate issuer
  signatureimagebyte[]User's signature image, if it is available
Ejemplo JSON
{
[
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Autenticación del cliente (1.3.6.1.5.5.7.3.2)",
"Correo seguro (1.3.6.1.5.5.7.3.4)"
],
"caname": "ACCV",
"type": "PF",
"userinfo": {
"name": "Nombre3",
"lastname": "Apellido3",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "C88D4165900ACAF8FCEE7949D4CA0EAEBC73D257",
"sha1sumissuer": "9FCDF094368D1B025C4C5574F8C59DB8DF75D0C3"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature1",
"valid": true,
"integrity": true,
"profile": "Enhanced",
"extensions": "t,biometry",
"envelop": "Enveloped",
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQAw...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": false,
"type": "Generic",
"time": "2019-05-21T09:57:09Z",
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": null,
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "",
"valid": false,
"integrity": true,
"profile": "bes",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0BAQsFAD...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
],
"timestampinfo": {
"policyoid": "0.4.0.2023.1.1",
"serialnumber": "16AD9D2C39A",
"gentime": "2019-05-21T09:57:09Z",
"messageimprint": "8OC2PC/glAQszWa0Xf8Y0VuDaNU=",
"messageimprintalgorithm": 2,
"nonce": "3336353231303737",
"ordering": false,
"tsaname": null
},
"calculatedmessagedigest": "8OC2PC/glAQszWa0Xf8Y0VuDaNU="
}
],
"validationtimestamps": null,
"biometrysigninfo": {
"certsubject": "C=ES, O=ACCV, OU=Ciudadanos, SN=CAMARA ESPAÑOL, G=JUEAN, SERIALNUMBER=00000000T, CN=JUAN CAMARA ESPAÑOL - NIF:00000000T",
"certissuer": "C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120",
"signatureimage": null
}
},
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": "NI",
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature2",
"valid": true,
"integrity": true,
"profile": "Timestamp",
"extensions": "timestamp",
"envelop": "Enveloped",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0B...",
"signingtime": "2019-05-21T09:57:15",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
]
}

25.23. PKICert object

The PKICert object holds all the information relative to a IvSign PKI certificate.

PKICert
ParameterTypeDescription
sha1sumstringCertificate's fingerprint
serialstringCertificate's serial Number
namestringCertificate's name
subjectcnstringCertificate's common name
issuercnstringCertificate's issuer common name
validfromDateTimeCertificate's issue date time
validtoDateTimeCertificate's expiry date time
isrevokedboolCertificate's revoked flag
isexpiredboolCertificate's expired flag
createdateDateTimeCertificate's create date time
Ejemplo JSON
{
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACC",
"serial": "054C3E61E13981",
"name": "DOC serie318d",
"subjectcn": "test1",
"issuercn": "Test User CA",
"validfrom": "2016-02-15T17:15:16",
"validto": "2019-02-14T17:15:16",
"isrevoked": false,
"isexpired": false,
"createdate": "2016-02-15T17:15:16"
}

25.24. Config object

The Config object holds all the information relative to a IvSign configuration.

Config
ParameterTypeDescription
configidintIvSign configuration ID
orgaidstringConfiguration's organization
sectionstringConfiguration's section
namestringConfiguration's name inside the configuration's section
optstringConfiguration's option inside the configuration's name
typestringConfiguration's data value type
valuestringConfiguration's value
wintConfiguration's user level privileges needed to write it
rintConfiguration's user level privileges needed to read it
Ejemplo JSON
{
"configid": 2586,
"orgaid": "miorga",
"section": "auth",
"name": "passtries",
"opt": "",
"type": "int",
"value": "50"
}

25.25. Deleg object

The Deleg object holds all the information relative to a IvSign certificate delegation.

Deleg
ParameterTypeDescription
delegidintIvSign certificate delegation ID
useridstringDelegation's owner user
certidstringDelegation's certificate
serialstringCertificate's serial number
namestringDelegation's name
descrstringCertificate's description
disabledboolEnabled/disabled delegation flag
createdateDateTimeDelegation's create date time
ignorecertrulesboolIgnore certificate usage rules flag
orgaidstringDelegation's owner user organization
operstringDelegation's operator
needauthboolIt is required certificate's owner authorization for using it flag
Ejemplo JSON
{
"delegid": 42,
"userid": "miuser",
"certid": "8B1F1E4B7027",
"serial": "46F3730EB8",
"name": "mideleg",
"descr": "decripción del certificado",
"disabled": false,
"createdate": "2018-08-28T06:42:34.5705501Z",
"ignorecertrules": false,
"orgaid": "miorga",
"oper": "miuser",
"needauth": false
}

25.26. Rule object

The Rule object holds all the information relative to a IvSign delegation usage rules or to a IvSign certificate usage policies.

Rule
ParameterTypeDescription
ruleidintIvSign rule ID
delegidintIvSign certificate delegation ID
certidstringIvSign certificate ID
namestringRule's name
dayfromDateTimeRule application start date
daytoDateTimeRule application end date
hourfromintRule application start time (08:32 AM -> 0832)
hourtointRule application end time (05:47 PM (17:47) -> 1747)
dowintRule application weekdays, in binary format, for instance: 5 is binary is 101, that means the rule is applied on Monday and Wednesday
hoststringRule allowed host list (case sensitive)
appstringRule allowed/denied applications (process) (case sensitive)
appdenyboolAllowed/denied applications list flag
locationstringRule allowed/denied URL
locationdenyboolAllowed/denied URL list flag
Ejemplo JSON
{
"ruleid": 5,
"delegid": 42,
"certid": null,
"name": "miregla",
"dayfrom": "2018-08-01T00:00:00",
"dayto": "2018-08-31T23:59:59",
"hourfrom": 8,
"hourto": 20,
"dow": 31,
"host": null,
"app": null,
"appdeny": false,
"location": null,
"locationdeny": false
}

25.27. Notify object

The Notify object holds all the information relative to a IvSign notification.

Notify
ParameterTypeDescription
notifyidintIvSign notification ID en IvSign
subjectstringNotification's subject
bodystringNotification's message
createdateDateTimeNotification's create date time
useridstringNotification's addressed user
orgaidstringNotification's addressed organization
typestringNotification type
datastringNotification additional data
requiredboolRequired acceptance flag
readeddateDateTimeNotification's reded date time
accepteddateDateTimeNotification's acceptance date time
accepteduserstringNotification's reader user
readedboolNotification read flag
acceptedboolNotification accepted flag
requiredcheckstringRequired check flag
Ejemplo JSON
{
"notifyid": 1,
"subject": "Encabezado usuario",
"body": "cuerpo del mensaje del usuario",
"createdate": "2018-05-31T11:09:35",
"userid": "miuser",
"orgaid": null,
"type": null,
"data": null,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": "2018-08-28T10:47:38.175698",
"accepteduser": "miuser",
"readed": true,
"accepted": true,
"requiredcheck": null
}

25.28. StatsResult object

The StatsResult object holds all the information relative to IvSign global statistics.

StatsResult
ParameterTypeDescription
currentCountKeyValue[]Current month statistics
previousCountKeyValue[]Previous month statistics
licenseLimitKeyValue[]License limits
Ejemplo JSON
{
"currentCount": [
{
"Key": "User",
"Value": "6"
},
{
"Key": "Cert",
"Value": "30"
},
{
"Key": "Deleg",
"Value": "7"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "3"
},
{
"Key": "Sign",
"Value": "102"
},
{
"Key": "Signature",
"Value": "53"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "270"
},
{
"Key": "Signature",
"Value": "180"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}

25.29. StatSignResult object

The StatSignResult object holds all the information relative to IvSign detailed signature statistic.

StatSignResult
ParameterTypeDescription
valuestringSearch filter result
ownedintSearched filter certificate's owner user performed actions number
delegatedintSearched filter certificate's delegated users performed actions number
foreintSearched filter certificate's other users performed actions number
Ejemplo JSON
{
"value": "IEXPLORE.EXE",
"owned": 5,
"delegated": 0,
"fore": 0
}

25.30. Stats object

The Stats object holds all the information relative to IvSign detailed signature statistic for an organization.

Stats
ParameterTypeDescription
statsidintIvSign statistic ID
orgaidstringStatistic's organization
orgachainstringStatistic's organization chain
date_yearintStatistic's search year
date_monthintStatistic's search month
stats_typestringStatistic's search type
valuestringStatistic's search value
Ejemplo JSON
{
"statsid": 156,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Sign",
"value": "44"
}

25.31. Page object

The Page object holds all the information relative to IvSign lists.
It appear in all the List methods. The client must set the total elements per page itemspage) and the page to show (id). The server will calculate number of pages (numpages) and the total number of elements (totalitems).

Page
ParameterTypeDescription
idintPage number
itemspageintElements per page number
numpagesintNumber of pages
totalitemsintTotal number of elements
Ejemplo JSON
{
"id": 1,
"itemspage": 10,
"numpages": 5,
"totalitems": 43
}

25.32. KeyValue object

The KeyValue object holds two key value parameters, as a dictionary element.

KeyValue
ParameterTypeDescription
keystringKey
valuestringValue
Ejemplo JSON
{
"key": "clave",
"value": "valor"
}

25.33. Caller object

The Caller object holds all the information relative to a call done to IvSign.

Caller
ParameterTypeDescription
appstringIntegration module
hoststringClient host
locationstringClient URL location
remoteuserstringClient host user
Ejemplo JSON
{
"app": "miap",
"host": "miuser-pc",
"location": "miuser-pc",
"remoteuser": "miuser"
}

25.34. Hash object

The Caller object holds all the information relative to a basic IvSign signature.

Hash
ParameterTypeDescription
algorithmstringSignature algorithm
digestbyte[]Element to sign
Ejemplo JSON
{
"algorithm": "SHA512",
"digest": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9..."
}

25.35. Error object

The Error object holds all the information relative to an error that may happens during a call to IvSign.
It comes in every keyman response. The code K0000 means there was no error during the call. The code K9999 means there was an unknown error during the call.

Error
ParameterTypeDescription
codestringError code
messagestringError description
traceidstringKeyman operation trace ID
Ejemplo JSON
{
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}