Initial considerations
1. Authentication
2. Modules
3. Organization license
4. Product license
5. User privileges level
Request/response protocol
1. REST service
2. SOAP service
Service authentication [Auth]
1. Obtaining session token [Auth/Login]
2. Obtaining session token [Auth/LoginToken]
3. Impersonating user [Auth/Impersonate]
4. Password recovery [Auth/PasswordRecovery]
5. Login check [Auth/LoginCheck]
6. Check login validation code [Auth/LoginCheck_Validation]
7. Token check [Auth/TokenCheck]
8. Check the possibility of changing a password [Auth/ProviderModifiablePass]
User management [User]
1. User creation [User/Add]
2. Obtaining user data [User/Get]
3. Setting user data [User/Set]
4. Deleting user [User/Del]
5. Listing users [User/List]
6. Searching users [User/Find]
7. Obtaining user level [User/Level]
8. Moving a user to another organization [User/OrgaMove]
9. User creation [User/PublicAdd]
10. Renaming users [User/Ren]
11. Checking modifiable user fields [User/Modifiablefields]
Certificate management [Cert]
1. Obtaining certificate data [Cert/Get]
2. Setting certificate data [Cert/Set]
3. Deleting certificates [Cert/Del]
4. Listing available certificates [Cert/ListAvailable]
5. Checking certificate pin [Cert/PinCheck]
6. Setting a new pin to a certificate [Cert/PinSet]
7. Importing certificates with private key [Cert/ImportPFX]
8. Getting certificate public key [Cert/CERGet]
9. Getting certificate certification chain [Cert/ChainGet]
10. Creating and installing certificates (1/3) [Cert/RSAGen]
11. Creating and installing certificates (2/3) [Cert/GenCSR]
12. Creating and installing certificates (3/3) [Cert/InstallCER]
13. Listing certificates [Cert/List]
14. Obtaining certificate provider certificate public key [Cert/RefCERGet]
15. Listing certificate provider certificates [Cert/RefList]
16. Certificate replacement [Cert/Replace]
17. Searching certificates [Cert/Search]
18. Linking reference certificates [Cert/RefLink]
19. Moving certificates [Cert/Move]
Bin certificates management [CertTrash]
1. Deleting bin certificates [CertTrash/Del]
2. Getting bin certificates data [CertTrash/Get]
3. Listing bin certificates [CertTrash/List]
4. Restoring bin certificates [CertTrash/Rest]
5. Sending certificates to the certificate bin [CertTrash/Move]
Public certificates management [PubCert]
1. Creating public certificates [PubCert/Add]
2. Obtención de certificados públicos [PubCert/Get]
3. Setting public certificates [PubCert/Set]
4. Deleting public certificates [PubCert/Del]
5. Listing public certificates [PubCert/List]
Public certificate management [PubCertBin]
1. Creating public certificates [PubCertBin/Add]
2. Getting public certificate data [PubCertBin/Get]
3. Checking public certificate [PubCertBin/Check]
Organizations management [Orga]
1. Creating organizations [Orga/Add]
2. Deleting organizations [Orga/Del]
3. Getting organization data [Orga/Get]
4. Listing organizations [Orga/List]
5. Renaming organization [Orga/Ren]
6. Setting organization data [Orga/Set]
Device management [Device]
1. Device creation [Device/Add]
2. Deleting devices [Device/Del]
3. Getting device data [Device/Get]
4. Listing devices [Device/List]
5. Setting devices [Device/Set]
Authorization petition management [Inquiry]
1. Getting inquiry [Inquiry/Get]
2. Setting inquiry [Inquiry/Set]
License management [License]
1. Getting license data [License/Get]
Auditory management [Audit]
1. Listing auditory records [Audit/List]
2. Obtaining auditory categories and action data [Audit/Info]
Simple hashes signatures [Sign]
1. Hash signature [Sign/Hash] ✍
2. RSA Signature [Sign/RSA] ✍
3. TSP signature [Sign/TSP] ✍
4. PDF signature [Sign/PDF] ✍
Document signatures [Signature]
1. PDF document signature [Signature/Pades] ✍
2. XML document signature [Signature/Xades] ✍
3. Generic document signature [Signature/Cades] ✍
4. PDF document time stamping [Signature/TimestampPdf] ✍
Time stamp operations [TSP]
1. Time stamp signature [TSP/Sign]
2. Time stamp verification [TSP/Verify]
3. PDF document time stamping [TSP/TimestampPdf]
Verification operations [Verify]
1. IvSign certificate verification [Verify/Cert]
2. CA certificate verification [Verify/CER]
3. Time stamp verification [Verify/TSP]
4. Signed PDF document verification [Verify/Pades]
5. Signed generic document verification [Verify/Cades]
6. Signed XML document verification [Verify/Xades]
External PKI integration management [PKI]
1. Certificate request [PKI/Petition]
2. Getting CA certificate's public key [PKI/CACERGet]
3. Listing CA PKI certificates [PKI/CAList]
4. Getting PKI certificate public key [PKI/CertCERGet]
5. Generating PKI certificate [PKI/CertGen]
6. Listing PKI certificates [PKI/CertList]
7. Revoking PKI certificate [PKI/Revoke]
Configuration management [Config]
1. Creating configuration [Config/Add]
2. Deleting configuration [Config/Del]
3. Getting configuration [Config/Get]
4. Listing configurations [Config/List]
5. Getting public configuration [Config/PublicGet]
6. Setting configuration [Config/Set]
Delegations management [Deleg]
1. Delegation creation [Deleg/Add]
2. Deleting delegated certificates [Deleg/CertDel]
3. Listing delegated certificates [Deleg/CertList]
4. Deleting delegation [Deleg/Del]
5. Getting delegation data [Deleg/Get]
6. Listing delegations [Deleg/List]
7. Setting delegation [Deleg/Set]
8. Associating user to delegation [Deleg/UserAdd]
9. Deleting user from delegation [Deleg/UserDel]
10. Listing allowed delegation users [Deleg/UserListAllowed]
Usage rules / Usage policies management [Rule]
1. Creating usage rule [Rule/Add]
2. Deleting rule [Rule/Del]
3. Getting rule data [Rule/Get]
4. Listing rule [Rule/List]
Notification management [Notify]
1. Getting notification [Notify/Get]
2. Listing notification [Notify/List]
3. Setting notification [Notify/Set]
Statistics management [Stats]
1. General system statistics [Stats/System]
2. Organization and its child organization statistics [Stats/OrgaChain]
3. Organization statistics [Stats/Orga]
4. User statistics [Stats/User]
5. Specific system statistic [Stats/DetailSys]
6. Specific organization statistic [Stats/DetailOrga]
7. Specific user statistic [Stats/DetailUser]
8. Yearly organization signature statistic [Stats/OperationYear]
Test [Test]
1. Test method [Test/Test]
IvSign common objects definition
1. User object
2. Cert object
3. CertTrash object
4. PubCert object
5. PubCertBin object
6. CertInfo object
7. CertRef object
8. Orga object
9. Device object
10. Inquiry object
11. Audit object
12. AuditInfo object
13. SignPadesParams object
14. SignXadesParams object
15. SignCadesParams object
16. PDFSignParams object
17. TimeStampServerInfo object
18. Biometry object
19. SignLocation object
20. SignPolicy object
21. tsainfo object
22. SignatureData object
23. PKICert object
24. Config object
25. Deleg object
26. Rule object
27. Notify object
28. StatsResult object
29. StatSignResult object
30. Stats object
31. Page object
32. KeyValue object
33. Caller object
34. Hash object
35. Error object

1. Initial considerations

1.1. Authentication

Authentication on IvSign requires three parameters: user, password and organization. A part from that, as of IvSign version 8 (API 4), the parameters integration module and device are needed. More information about modules will be provided in further sections.
To be able to perform device authentication, the device must be authorized for the user who wants to authenticate. Depending on the user's organization or the authentication module it is possible that the device authorization won't be requested.

1.2. Modules

During user's authentication process, indicating module and its module key will be needed.
Each module has a list of methods and/or groups of methods that allow or deny the access to them. To know which methods are allowed to access or denied to access to depending on a module, please contact with the project manager.

1.3. Organization license

As of IvSign version 8 (API 4) organizations must have a license code. Associated to the license code, there signature privileges and monthly quantity restrictions. As well as limits on the quantity of users and certificates an organization can hold.
Those limits are maximum users and certificates an organization can hold. A part from that, this parameters allows or denies perform several actions: simple hash signatures, document signatures, time stamp signatures and verifications. As well as the monthly quantity allowed to be performed. To know the restrictions of a license code, contact with the project manager.

1.4. Product license

As of IvSign version 8 (API 4) all INHOUSE environments where IvSign is installed must have a product license. This license code has associated a maximum number of users, certificates and organizations a environment can hold. A part from that there are restrictions to perform several actions: simple hash signatures, document signatures, time stamp signatures and verifications. As well as the monthly quantity allowed to be performed. There are also some restrictions referring to IvSign components a environment can hold, such as keyman, certmanager, pscintegration or ivssm.

1.5. User privileges level

As of IvSign version 8 (API 4) the are four level user privileges: basic user, administrator user, super administrator user and system administrator user. Each one of these profiles is allowed to access some methods. On each detail method explanation there is an indication of which level privileges are required to access to it and the requested conditions to do it.

The administrator user is able to perform operations on itself and on its organization other users. As well as manage some aspect of the organization.
The super administrator user is able to perform more operations than an administrator user. A part from manage aspects not only of its organizations but also its child organization and all organizations that come from them. As well as manage their users.
The system administrator user is able to perform any action on any organization or users without restrictions.

2. Request/response protocol

It is possible to connect to IvSign's API through REST and SOAP protocols. Both protocols have the same methods and the same in and out object structure.
The methods are organized in categories. Some of them, such as the signature engine, may require a validation or a license in order to be used.

Consult with your project manager to obtain the URL and the credentials needed for a demo of the product in our demo environments.

2.1. REST service

REST service uses JSON notation for in and out of the service.
It is required a POST request to each operation URL with the request data.
The Auth category operations will return a session token. It will be needed on each operation and must be sent on the Authentication headline.

In order to access to each REST method it is needed to create the URL using the following example:
https://ENVIRONMENT/Keyman/rest/v4/CATEGORY/ACTION

For instance, to do a Login action in Auth category:
https://demo.ivsign.net/Keyman/rest/v4/auth/login

2.2. SOAP service

SOAP service uses WCF Microsoft services, allowing a quick implementation through .NET resources.
The Auth category operations will return a session token. It will be needed on each operation and must be sent as a parameter.

The URL service will depend on the environment it is wanted to access, using the following format:
https://ENVIRONMENT/Keyman/KeymanServiceV4.svc

Once the service is referenced, the operations described below in this document will be available. The name of each method will be the union between the category and the action.
For instance, to do a Login action in Auth category the .NET method would be:
AuthLoginResponse AuthLogin(AuthLoginRequest request);

3. Service authentication [Auth]

3.1. Obtaining session token [Auth/Login]

Obtaining a session token is done trough Auth/Login method using the following parameters.

Auth/Login - Request
Parameter	Type	Requested	Description
orgaid	string	Yes	User's organization
login	string	Yes	User's identifier
pass	string	Yes	User's password
module	string	Yes	Integration module identifier
authmethod	string	No	Authentication method (pass, win o federated)
origin	string	No	Connection device name
modkey	string	No	Integration module key
modver	string	No	Integration module version
deviceinfo	string	No	Connection device information

Auth/Login - Response
Parameter	Type	Description
token	string	Session token
user	User	IvSign user object, contains authenticated user information
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orgaid": "miorga", "login": "miuser", "pass": "mipass", "module": "testapi", "authmethod": "pass", "origin": "equipoprueba", "modkey": "testapikey", "modver": "4.0", "deviceinfo": "{\"osuser\":\"osusertest\",\"osuserid\":\"osuseridtest\"...}" }

JSON response
{ "token": "KV2BxG3kj5YvgQ3N1AOP7Oj7BNSUQot/T087Z+RdZReo=", "user": { "userid": "miuser", "extid": 000000000T, "orgaid": "miorga", "orgachain": "root.miorgapadre.miorga.", "email": "miuser@ivsign.net", "name": "Nombre", "lastname": "Apellidos", "lastip": "127.0.0.1", "ident": null, "disabled": false, "createdate": "2018-03-16T09:25:45Z", "lastlogin": "2018-08-21T07:40:57Z", "previouslogin": "2018-08-21T07:40:45Z", "authprovider": "db", "admin": false, "superadmin": false, "pass": null, "validation": null, "lang": "es", "phone": "666666666" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

JSON response

{
"token": "KV2BxG3kj5YvgQ3N1AOP7Oj7BNSUQot/T087Z+RdZReo=",
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

In this example the token is: KV2BxG3kj5YvgQ3N1AOP7Oj7BNSUQot/T087Z+RdZReo=

Auth/Login - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/Login - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

3.2. Obtaining session token [Auth/LoginToken]

Obtaining a valid token using a valid token is done through Auth/LoginToken method.
This method allows to re-use valid user credentials through a valid token for generating a new one using another module and device.

Auth/LoginToken - Request
Parameter	Type	Requested	Description
module	string	Yes	Integration module identifier
modkey	string	No	Integration module key
modulver	string	No	Integration module version
deviceinfo	string	No	Connection device information

Auth/LoginToken - Response
Parameter	Type	Description
token	string	Session token
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "module": "testapi", "modkey": "testapikey", "modulver": "4.0", "deviceinfo": "{\"osuser\":\"osusertest\",\"osuserid\":\"osuseridtest\"...}" }

JSON response
{ "token": "KMmu6rUyQTUq8fFAxOKM1WR2uDekpGnND3BvAJvScInDF4TfF6rh4CqnayZfHdEiZ", "user": { "userid": "miuser", "extid": 000000000T, "orgaid": "miorga", "orgachain": "root.miorgapadre.miorga.", "email": "miuser@ivsign.net", "name": "Nombre", "lastname": "Apellidos", "lastip": "127.0.0.1", "ident": null, "disabled": false, "createdate": "2018-03-16T09:25:45Z", "lastlogin": "2018-08-21T07:40:57Z", "previouslogin": "2018-08-21T07:40:45Z", "authprovider": "db", "admin": false, "superadmin": false, "pass": null, "validation": null, "lang": "es", "phone": "666666666" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

JSON response

{
"token": "KMmu6rUyQTUq8fFAxOKM1WR2uDekpGnND3BvAJvScInDF4TfF6rh4CqnayZfHdEiZ",
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

In this example the token is: KMmu6rUyQTUq8fFAxOKM1WR2uDekpGnND3BvAJvScInDF4TfF6rh4CqnayZfHdEiZ

Auth/LoginToken - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/LoginToken - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

3.3. Impersonating user [Auth/Impersonate]

Impersonating other users is done through the [Auth/Impersonate] method.
This method is used to perform actions in the name of the impersonated used. It is not possible to impersonate users with higher privileges.

Auth/Impersonate - Request
Parameter	Type	Requested	Description
login	string	Yes	Impersonated user identifier
origin	string	No	Connection device name

Auth/Impersonate - Response
Parameter	Type	Description
token	string	Session token
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "login": "miuserimpers", "origin": "equipoprueba" }

JSON response
{ "token": "KMmu6rUyQTUq8fFAxOKM1WR2uDekpGnND3BvAJvScInDF4TfF6rh4CqnayZfHdEiZ", "user": { "userid": "miuserimpers", "extid": 000000000J, "orgaid": "miorga", "orgachain": "root.miorgapadre.miorga.", "email": "miuserimpers@ivsign.net", "name": "NombreImpers", "lastname": "ApellidosImpers", "lastip": "127.0.0.1", "ident": null, "disabled": false, "createdate": "2018-03-16T09:25:45Z", "lastlogin": "2018-08-21T07:40:57Z", "previouslogin": "2018-08-21T07:40:45Z", "authprovider": "db", "admin": false, "superadmin": false, "pass": null, "validation": null, "lang": "es", "phone": "666666666" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

JSON response

{
"token": "KMmu6rUyQTUq8fFAxOKM1WR2uDekpGnND3BvAJvScInDF4TfF6rh4CqnayZfHdEiZ",
"user": {
"userid": "miuserimpers",
"extid": 000000000J,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "NombreImpers",
"lastname": "ApellidosImpers",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Auth/Impersonate - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The impersonated user must belong to the same organization as the agent user
Super Administrator	Yes	The impersonated user must belong to the same organization as the agent user or to a child organization of this

Auth/Impersonate - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

3.4. Password recovery [Auth/PasswordRecovery]

Recovering passwords is done through the Auth/PasswordRecovery method.

Auth/PasswordRecovery - Request
Parameter	Type	Requested	Description
orgaid	string	Yes	User's organization
login	string	Yes	User's identifier
module	string	Yes	Integration module identifier
modver	string	No	Integration module version
modkey	string	No	Integration module key

Auth/PasswordRecovery - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orgaid": "miorga", "login": "miuser", "module": "testapi", "modver": "4.0", "modkey": "testapikey" }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Auth/PasswordRecovery - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/PasswordRecovery - Audits
Operation	Audits
Correct	No
Incorrect	No

3.5. Login check [Auth/LoginCheck]

Checking user's login without generating a token is done through Auth/LoginCheck method.
The method allows only Windows authentication or user/password authentication.

Auth/LoginCheck - Request
Parameter	Type	Requested	Description
orgaid	string	No	User's organization
login	string	Yes	User's identifier
pass	string	Yes	User's password
module	string	Yes	Integration module identifier
authmethod	string	No	Authentication method
origin	string	No	Connection device name
modver	string	No	Integration module version
modkey	string	No	Integration module key

Auth/LoginCheck - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orgaid": "miorga", "login": "miuser", "pass": "mipass", "module": "testapi", "authmethod": "pass", "origin": "equipoprueba", "modver": "4.0", "modkey": "testapikey" }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Auth/LoginCheck - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/LoginCheck - Audits
Operation	Audits
Correct	No
Incorrect	No

3.6. Check login validation code [Auth/LoginCheck_Validation]

Checking that the user validation code sent by email is correct is done through the Auth/LoginCheck_Validation method.

Auth/LoginCheck_Validation - Request
Parameter	Type	Requested	Description
orgaid	string	Yes	User's organization
login	string	Yes	User's identifier
validation	string	Yes	Validation code

Auth/LoginCheck_Validation - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orgaid": "miorga", "login": "miuser", "validation": "mivalidationcode" }

JSON response
{ "user": { "userid": "miuse", "extid": 000000000T, "orgaid": "miorga", "orgachain": "root.miorgapadre.miorga.", "email": "miuserimpers@ivsign.net", "name": "NombreImpers", "lastname": "ApellidosImpers", "lastip": "127.0.0.1", "ident": null, "disabled": false, "createdate": "2018-03-16T09:25:45Z", "lastlogin": "2018-08-21T07:40:57Z", "previouslogin": "2018-08-21T07:40:45Z", "authprovider": "db", "admin": false, "superadmin": false, "pass": null, "validation": null, "lang": "es", "phone": "666666666" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

JSON response

{
"user": {
"userid": "miuse",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "NombreImpers",
"lastname": "ApellidosImpers",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Auth/LoginCheck_Validation - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/LoginCheck_Validation - Audits
Operation	Audits
Correct	No
Incorrect	No

3.7. Token check [Auth/TokenCheck]

Checking tokens is done through the Auth/TokenCheck method.

Auth/TokenCheck - Request
Parameter	Type	Requested	Description
token	string	Yes	Session token

Auth/TokenCheck - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "token": "KV2BxG3kj5YvgQ3N1AOP7Oj7BNSUQot/T087Z+RdZReo=" }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Auth/TokenCheck - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/TokenCheck - Audits
Operation	Audits
Correct	No
Incorrect	No

3.8. Check the possibility of changing a password [Auth/ProviderModifiablePass]

Checking that the users of an organization, or authentication provider, are able to change their passwords is done through the Auth/ProviderModifiablePass method.

Auth/ProviderModifiablePass - Request
Parameter	Type	Requested	Description
authprovider	string	Yes	Authentication provider identifier

Auth/ProviderModifiablePass - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "authprovider": "miauthprovider" }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Auth/ProviderModifiablePass - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Auth/ProviderModifiablePass - Audits
Operation	Audits
Correct	No
Incorrect	No

4. User management [User]

4.1. User creation [User/Add]

Creating users is done through the User/Add method.
Administrator privileges or higher are needed.

User/Add - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.email	string	Yes	User's email direction
user.orgaid	string	Yes	User's organization
user.pass	string	No (Yes if disablenotify = true)	User's password (if not is specified, it will be randomly generated)
user.name	string	No	User's name
user.lastname	string	No	User's last name
user.phone	string	No	User's phone number
user.ident	string	No	User's identity card
user.extid	string	No	User external identifier
user.disabled	bool	No	Enabled/disabled user flag
user.createdate	DateTime	No	Creation user date
user.admin	bool	No	Privileges user level
user.superadmin	bool	No	Privileges user level
disablenotify	bool	No	Allows not to send a creation email

User/Add - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "userid": "miuser", "extid": "miextid", "orgaid": "miorga", "orgachain": "root.miorgapadre.miorga.", "email": "miuser@ivsign.net", "name": "Nombre", "lastname": "Apellidos", "ident": "00000000T", "disabled": false, "createdate": "2018-08-22T08:49:39.768Z", "admin": true, "superadmin": false, "pass": "123456", "phone": "666666666" }, "disablenotify": false }

JSON response

{
"user": {
"userid": "miuse",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/Add - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The created user must belong to the same organization as the agent user
Super Administrator	Yes	The created user must belong to the same organization as the agent user or to a child organization of this

User/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

4.2. Obtaining user data [User/Get]

Obtaining user data is done through the User/Get method.
The method returns a specific user data.

User/Get - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.orgaid	string	No	User's organization
user.userid	string	No	IvSign user ID
user.email	string	No	User's email
user.name	string	No	User's name
user.lastname	string	No	User's last name
user.ident	string	No	User's identity card

User/Get - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "orgaid": "miorga", "userid": "miuser" } }

JSON response

{
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"valid": true,
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The user to obtain must be the agent user
Administrator	Yes	The user to obtain must belong to same organization as the agent user
Super Administrator	Yes	The user to obtain must belong to same organization as the agent user or to a child organization of this

User/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

4.3. Setting user data [User/Set]

Setting user data is done through the User/Set method.
This method allows to change user personal data and its password.
The no null values established will be used to modify data of the user indicated on the user.userid field.

User/Set - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.orgaid	string	Yes	User's organization
user.userid	string	Yes	IvSign user ID
user.lang	string	No	User language
user.email	string	No	User's email direction
user.pass	string	No	New IvSign user password
user.name	string	No	User's name
user.lastname	string	No	User's last name
user.ident	string	No	User's identity card
user.phone	string	No	User's phone number
user.disabled	bool	No	Enabled/disabled user flag

User/Set - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "userid": "miuser", "orgaid": "miorga", "email": "miuser@ivsign.net", "name": "Nombre", "lastname": "Apellidos", "ident": "12345678Z", "disabled": false, "pass": "123456", "lang": "es", "phone": "000000000" } }

JSON response

{
"user": {
"userid": "miuse",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The user to set must be the agent user
Administrator	Yes	The user to set must belong to same organization as the agent user
Super Administrator	Yes	The user to set must belong to same organization as the agent user or to a child organization of this

User/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

4.4. Deleting user [User/Del]

Deleting user is done through the User/Del method.
Only users without certificates can be deleted. A user can not delete itself. Administrator privileges or higher are needed to delete users

User/Del - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	Yes	User's organization

User/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "userid": "miuser", "orgaid": "miorga" } }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

User/Del - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The user to delete must belong to same organization as the agent user
Super Administrator	Yes	The user to delete must belong to same organization as the agent user or to a child organization of this

User/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

4.5. Listing users [User/List]

Listing users is done through the User/List method.
The method list users depending on some filter parameters. Administrator privileges are needed.

User/List - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	No	User ID filter
user.orgaid	string	No	Organization ID filter
user.email	string	No	User's email filter
user.name	string	No	User's name filter
user.lastname	string	No	User's last name filter
user.ident	string	No	User's identity card filter
user.disabled	bool	No	User enabled state filter
user.phone	string	No	User's phone number filter
page	Page		IvSign page object

User/List - Response
Parameter	Type	Description
userlist	User[]	IvSign user object
page	Page	IvSign page object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "orgaid": "miorga" } }

JSON response

{
"userlist": [
{
"userid": "miuser1",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre1",
"lastname": "Apellidos1",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
{
"userid": "miuser2",
"extid": 000000000P,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre2",
"lastname": "Apellidos2",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
}
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/List - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	Only applicable to agent user organization
Super Administrator	Yes	Only applicable to agent user organization or to a child organization of this

User/List - Audits
Operation	Audits
Correct	No
Incorrect	No

4.6. Searching users [User/Find]

Searching user's information is done through the User/Find method.
The difference between User/Get and User/Find is that User/Find search on any available authentication provider and create the user in the database if it doesn't exist.

User/Find - Request
Parameter	Type	Requested	Description
usid	string	Yes	IvSign user ID
orgaid	string	Yes	User's organization

User/Find - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "usid": "miuser", "orgaid": "miorga" }

JSON response

{
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/Find - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	Only applicable to agent user organization or to a child organization of this

User/Find - Audits
Operation	Audits
Correct	No
Incorrect	No

4.7. Obtaining user level [User/Level]

Obtaining user privileges level is done through the User/Level method.

User/Level - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	No	IvSign user ID
user.orgaid	string	No	User's organization

User/Level - Response
Parameter	Type	Description
result	string	User level: 10 -> basic user, 15 -> impersonated user, 20 -> administrator user, 30 -> super administrator user, 40 -> system administrator user
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "userid": "miuser", "orgaid": "miorga" } }

JSON response
{ "result": "30", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

User/Level - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	Only applicable to users that belong to same organization as the agent user or to a child organization of this

User/Level - Audits
Operation	Audits
Correct	No
Incorrect	No

4.8. Moving a user to another organization [User/OrgaMove]

Moving a user to another organization is done through the User/OrgaMove method.
Both organizations must belong to the agent user organization chain.

User/OrgaMove - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	Yes	User's organization
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	New user organization

User/OrgaMove - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "userid": "miuser", "orgaid": "miorga" }, "orga": { "orgaid": "miorga2" } }

JSON response

{
"user": {
"userid": "miuser",
"extid": 000000000T,
"orgaid": "miorga2",
"orgachain": "root.miorgapadre.miorga2.",
"email": "miuserimpers@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/OrgaMove - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	Only applicable to users that belong to same organization as the agent user or to a child organization of this

User/OrgaMove - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

4.9. User creation [User/PublicAdd]

Creating new users without token session is done through the User/PublicAdd method.
All these users aren't valid, they will need to be validated once they will access to IvSign.

User/PublicAdd - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.email	string	Yes	User's email direction
user.orgaid	string	Yes	User's organization
user.pass	string	No (Yes if disablenotify = true)	Password (if not is specified, it will be randomly generated)
user.name	string	No	User's name
user.lastname	string	No	User's last name
user.phone	string	No	User's phone number
user.ident	string	No	User's identity card
user.extid	string	No	User external identifier
user.disabled	bool	No	Enabled/disabled user flag
user.createdate	DateTime	No	Creation user date
user.admin	bool	No	Privileges user level
user.superadmin	bool	No	Privileges user level
disablenotify	bool	No	Allows not to send a creation email

User/PublicAdd - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "userid": "miuserpublic", "extid": "miextidpublic", "orgaid": "miorga", "email": "miuserpublic@ivsign.net", "name": "NombrePublic", "lastname": "ApellidosPublic", "ident": "00000000T", "disabled": false, "createdate": "2018-08-22T08:49:39.768Z", "admin": true, "superadmin": false, "pass": "123456", "phone": "666666666" }, "disablenotify": false }

JSON response

{
"user": {
"userid": "miuserpublic",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuserpublic@ivsign.net",
"name": "NombrePublic",
"lastname": "ApellidosPublic",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/PublicAdd - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

User/PublicAdd - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

4.10. Renaming users [User/Ren]

Renaming users, changing its userid, is done through the User/Ren method.
The renamed user will loose its previous auditory records.

User/Ren - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	Yes	User's organization
newuser	User		IvSign user object
newuser.userid	string	Yes	New IvSign user ID

User/Ren - Response
Parameter	Type	Description
user	User	IvSign user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "userid": "miuser", "orgaid": "miorga" }, "newuser": { "userid": "newmiuser" } }

JSON response

{
"user": {
"userid": "newmiuser",
"extid": 000000000T,
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": null,
"disabled": false,
"createdate": "2018-03-16T09:25:45Z",
"lastlogin": "2018-08-21T07:40:57Z",
"previouslogin": "2018-08-21T07:40:45Z",
"authprovider": "db",
"admin": false,
"superadmin": true,
"pass": null,
"validation": null,
"lang": "es",
"phone": "666666666"
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

User/Ren - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The renamed user must belong to the same organization as the agent user
Super Administrator	Yes	The renamed user must belong to the same organization as the agent user or to a child organization of this

User/Ren - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

4.11. Checking modifiable user fields [User/Modifiablefields]

Checking which user field are allowed to be modified is done through the User/Modifiablefields method.

User/Modifiablefields - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	No	IvSign user ID
user.orgaid	string	No	User's organization

User/Modifiablefields - Response
Parameter	Type	Description
modifiablefields	string[]	List of the modifiable fields
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "user": { "userid": "miuser", "orgaid": "miorga" } }

JSON response
{ "modifiablefields": [ "userid", "extid", "name", "lastname", "disabled", "disabledreason", "admin", "superadmin", "pass", "lang", "phone" ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

User/Modifiablefields - User permissions
User	Allowed	Conditions
Basic	Yes	The checked user must be the agent user
Administrator	Yes	The checked user must belong to the same organization as the agent user
Super Administrator	Yes	The checked user must belong to the same organization as the agent user or to a child organization of this

User/Modifiablefields - Audits
Operation	Audits
Correct	No
Incorrect	No

5. Certificate management [Cert]

5.1. Obtaining certificate data [Cert/Get]

Obtaining a certificate data is done through the Cert/Get method.

Cert/Get - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	No (Yes if sha1sum and extid are empty)	IvSign certificate ID
cert.sha1sum	string	No (Yes if certid and extid are empty)	Certificate SHA1SUM
cert.extid	string	No (Yes if certid adn sha1sum are empty)	Certificate external identifier

Cert/Get - Response
Parameter	Type	Description
cert	Cert	IvSign certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid":"8C41B4F2CC92" } }

JSON response

{
"cert": {
"certid": "8A05B4C5CC92",
"name": "testcert",
"orgaid": "TestOrg",
"userid": "testuser",
"descr": "descr cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-02-02T11:32:03",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2016-02-15T17:15:16",
"validto": "2019-02-14T17:15:16",
"serial": "054C3E61E13981",
"keysize": "2048",
"delegated": false,
"delegid": 0,
"oper": "operuser",
"linked": null,
"revoked": null,
"expired": null,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACC",
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Cert/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

5.2. Setting certificate data [Cert/Set]

Modifying certificate data is done through the Cert/Set method.

Cert/Set - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization
cert.disabled	bool	No	Certificate's state
cert.name	string	No	Certificate's name
cert.descr	string	No	Certificate's description
cert.custom1	string	No	Custom field 1
cert.custom2	string	No	Custom field 2
cert.custom3	string	No	Custom field 3

Cert/Set - Response
Parameter	Type	Description
cert	Cert	IvSign certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "8C41B4F2CC92", "name": "DOC serie318d" } }

JSON response

{
"cert": {
"certid": "8A05B4C5CC92",
"name": "DOC serie318d",
"orgaid": "TestOrg",
"userid": "testuser",
"descr": "descr cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-02-02T11:32:03",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2016-02-15T17:15:16",
"validto": "2019-02-14T17:15:16",
"serial": "054C3E61E13981",
"keysize": "2048",
"delegated": false,
"delegid": 0,
"oper": "operuser",
"linked": null,
"revoked": null,
"expired": null,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACC",
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Cert/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

5.3. Deleting certificates [Cert/Del]

Deleting certificates is done through the Cert/Del method.
Once the certificate is erased, it is not possible to be recovered.

Cert/Del - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID

Cert/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "8A05B4C5CC92" } }

JSON response
{ "result" : true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

5.4. Listing available certificates [Cert/ListAvailable]

Listing currently available certificates is done through the Cert/ListAvailable method.
The method list only the certificates allowed to be used on the current application. Only agent user certificates will be listed. Those invalid certificates due to usage rules or policy rules won't be listed. Expired and/or revoked certificates may be omitted during the listing by having the hiderevoked and/or hideexpired configurations enabled.

Cert/ListAvailable - Request
Parameter	Type	Requested	Description
caller	Caller		IvSign caller object
cert	Cert		IvSign certificate object
cert.linked	bool	No	Linked certificate filter
cert.revoked	bool	No	Revoked certificate filter
cert.expired	bool	No	Expired certificate filter
cert.userid	string	No	Certificate's user filter
cert.orgaid	string	No	Certificate's organization filter
date	DateTime	No	Listing request moment

Cert/ListAvailable - Response
Parameter	Type	Description
certlist	Cert[]	IvSign certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "caller": { "app": "miapp", "host": "mipc", }, "cert": { "userid":"miuser" } }

JSON response

{
"certlist" : [
{
"certid": "100000000001",
"name": "testcert1",
"userid": "miuser",
"orgaid": "MiOrg",
"serial": "054C3E61E13981",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"signalg": "sha256RSA",
"createdate": "2017-09-13T18:45:18",
"validfrom": "2017-04-03T09:48:18",
"validto": "2022-04-02T09:48:18",
"keysize": "2048"
},
{
"certid": "100000000002",
"name": "testcert2",
"userid": "miuser",
"orgaid": "MiOrg",
"serial": "054C6E61F02951",
"subject": "CN=test2, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test2",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"signalg": "sha256RSA",
"createdate": "2017-09-13T18:45:22",
"validfrom": "2017-04-03T09:48:22",
"validto": "2022-04-02T09:48:22",
"keysize": "2048"
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Cert/ListAvailable - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Cert/ListAvailable - Audits
Operation	Audits
Correct	No
Incorrect	No

5.5. Checking certificate pin [Cert/PinCheck]

Checking certificates pin is done through the Cert/PinCheck method.

Cert/PinCheck - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's access pin

Cert/PinCheck - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "8C41B4F2CC92", "pin": "123#@Abc" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/PinCheck - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/PinCheck - Audits
Operation	Audits
Correct	No
Incorrect	Yes

5.6. Setting a new pin to a certificate [Cert/PinSet]

Setting a new pin to a certificate is done through the Cert/PinSet method.

Cert/PinSet - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.newpin	string	Yes	New certificate's pin
cert.pin	string	Yes	Current certificate's pin

Cert/Set - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "8C41B4F2CC92", "pin": "##pinactual##" "newpin": "##nuevopin##" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/PinSet - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/PinSet - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

5.7. Importing certificates with private key [Cert/ImportPFX]

Importing certificates PFX or P12 with private key is done through the Cert/ImportPFX method.
The method imports the certificate to the agent user or to the specified user.

Cert/ImportPFX - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.name	string	Yes	Certificate's name
cert.userid	string	No	Certificate recipient user
cert.orgaid	string	No	Certificate recipient organization
cert.descr	string	No	Certificate's description
cert.pin	string	No (Yes if newpin is empty)	Certificate's pin
cert.newpin	string	No (Yes if pin is empty)	Certificate's pin
cert.custom1	string	No	Custom field 1
cert.custom2	string	No	Custom field 2
cert.custom3	string	No	Custom field 3
cert.extid	string	No	Certificate external identifier
pfxdata	byte[]	Yes	PFX/P12 certificate
pfxpass	string	Yes	PFX/P12 certificate's password

Cert/ImportPFX - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
cert	Cert	IvSign certificate object

Request and response example:

JSON request
{ "cert": { "userid": "testuser", "orgaid": "testorga", "name": "testcert", "descr": "descr cert", "newpin": "PinAcceso" }, "pfxdata": "MIIhJgIBAz...", "pfxpass": "ContraseñaAcceso" }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"cert": {
"certid": "8A05B4C5CC92",
"name": "testcert",
"orgaid": "TestOrg",
"userid": "testuser",
"descr": "descr cert",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-02-02T11:32:03",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2016-02-15T17:15:16",
"validto": "2019-02-14T17:15:16",
"serial": "054C3E61E13981",
"keysize": "2048",
"delegated": false,
"delegid": 0,
"oper": "operuser",
"linked": null,
"revoked": null,
"expired": null,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACC",
}
}

Cert/ImportPFX - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/ImportPFX - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

5.8. Getting certificate public key [Cert/CERGet]

Getting certificate public key is done through the Cert/CERGet method.

Cert/CERGet - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID

Cert/CERGet - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
cer	string	IvSign certificate object

Request and response example:

JSON request
{ "cert": { "certid": "8C41B4F2CC92" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "cert": "MIIhJgIBAz..." }

Cert/CERGet - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/CERGet - Audits
Operation	Audits
Correct	No
Incorrect	No

5.9. Getting certificate certification chain [Cert/ChainGet]

Getting certificate certification complete chain, as of its immediate superior CA until root certificate (if it is possible) is done through the Cert/ChainGet method.

Cert/ChainGet - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization

Cert/ChainGet - Response
Parameter	Type	Description
certlist	PubCert[]	IvSign public certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "8C41B4F2CC92" } }

JSON response

{
"certlist": [
{
"sha1sum": "F82701F8E04770F3448C19070F9B2158B16621A0",
"sha1sumissuer": "A6F77FA47AB32A37E6DB483D7426B7641741601D",
"cer": "MIIGDzCCBP...",
"subject": "CN=test2, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=AC Camerfirma, O=AC Camerfirma SA, L=Madrid (see current address at www.camerfirma.com/address), SERIALNUMBER=A82743287, E=ac_camerfirma@camerfirma.com, C=ES",
"alias": "",
"serial": "01",
"validfrom": "2003-12-04T18:26:41Z",
"validto": "2023-12-04T18:26:41Z",
"revokeddate": null,
"isroot": false,
"isca": true
},
{
"sha1sum": "A6F77FA47AB32A37E6DB483D7426B7641741601D",
"sha1sumissuer": "339B6B1450249B557A01877284D9E02FC3D2D8E9",
"cer": "MIIFnTCCBI...",
"subject": CN=test2, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU",
"alias": "",
"serial": "02",
"validfrom": "2003-11-14T14:49:08Z",
"validto": "2033-11-14T14:49:08Z",
"revokeddate": null,
"isroot": false,
"isca": true
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Cert/ChainGet - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/ChainGet - Audits
Operation	Audits
Correct	No
Incorrect	No

5.10. Creating and installing certificates (1/3) [Cert/RSAGen]

Creating and installing certificates is done through 3 methods. The first one is the Cert/RSAGen.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method generates certificate public and private key.

Cert/RSAGen - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization
cert.pin	string	No (Yes if newpin is empty)	Certificate's pin
cert.newpin	string	No (Yes if pin is empty)	Certificate's pin
cert.keysize	string	No	Certificate's private key size
cert.name	string	No	Certificate's name
cert.descr	string	No	Certificate's description
cert.certprovider	string	No	Certificate's provider
cert.type	string	No	IvSign certificate type

Cert/RSAGen - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
cert	Cert	IvSign public certificate object

Request and response example:

JSON request
{ "cert": { "pin": "123@#Abc", "keysize": "2048" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"cert": {
"certid": "8B9BC4CC3CA2",
"name": null,
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": true,
"createdate": "2018-08-23T08:02:59Z",
"subject": "CN=None",
"subjectcn": "None",
"issuer": "CN=None",
"issuercn": "None",
"validfrom": "2018-08-23T08:02:59Z",
"validto": "2018-08-23T08:02:59Z",
"serial": "0x0",
"keysize": "2048",
"signalg": "None",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "user1",
"linked": false,
"createmethod": "Generate",
"createmodule": "unknown",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": null,
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
}

Cert/RSAGen - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/RSAGen - Audits
Operation	Audits
Correct	No
Incorrect	Yes

5.11. Creating and installing certificates (2/3) [Cert/GenCSR]

Creating and installing certificates is done through 3 methods. The second one is the Cert/GenCSR.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method sets subject parameter to the certificate.

Cert/GenCSR - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID en IvSign
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization
cert.pin	string	Yes	Certificate's pin
subject	string[]	Yes	Certificate's subject parameters

Cert/GenCSR - Response
Parameter	Type	Description
data	byte[]	Certificate's public key
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "8B9BC4CC3CA2", "pin": "123@#Abc" }, "subject": [ "CN=test2", "OU=User", "O=Test S.L.", "L=Valencia", "C=ES" ] }

JSON response
{ "data": "MIICUjCCAToCAQAwDz...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/GenCSR - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/GenCSR - Audits
Operation	Audits
Correct	No
Incorrect	Yes

5.12. Creating and installing certificates (3/3) [Cert/InstallCER]

Creating and installing certificates is done through 3 methods. The third one is the Cert/InstallCER.
The combining of the 3 methods allows to centralize a extern CA certificate into IvSign.
This method installs the public certificate key into IvSign. This public key must be signed by the proper CA.

Cert/InstallCER - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID en IvSign
cert.userid	string	No	Certificate's user
cert.orgaid	string	No	Certificate's organization
cert.pin	string	Yes	Certificate's pin
cerbin	byte[]	Yes	Certificate's public key

Cert/InstallCER - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "8B9BE8769658", "pin": "Abc123" }, "cerbin": "MIID/zCCAuegAwIBAgIFR0FzcWQwDQYJ..." }

JSON response
{ "result": "true", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/InstallCER - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/InstallCER - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

5.13. Listing certificates [Cert/List]

Listing certificates is done through the Cert/List method.
The list can contain from a user's certificates up to all system's certificates, depending on agent user privileges.

Cert/List - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.userid	string	No	User ID filter
cert.orgaid	string	No	Organization ID filter
page	Page		IvSign page object

Cert/List - Response
Parameter	Type	Description
certlist	Cert[]	IvSign certificate object
error	Error	IvSign error object, contains keyman operation error code result
page	Page	IvSign page object

Request and response example:

JSON request
{ "cert":{ "userid": "miuser", "orgaid": "miorga" } }

JSON response

{
"certlist": [
{
"certid": "8A62437FBF89",
"name": "Juanito",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 8.0",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACF",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
},
{
"certid": "8A62437FBF85",
"name": "Juanito",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 8.0",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "6D8174240C8120A934C11804F555F213DE955555",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}

Cert/List - User permissions
User	Allowed	Conditions
Basic	Yes	The certificates must belong to the agent user
Administrator	Yes	The certificates must belong to the same organization as the agent user
Super Administrator	Yes	The certificates must belong to the same organization as the agent user or to a child organization of this

Cert/List - Audits
Operation	Audits
Correct	No
Incorrect	No

5.14. Obtaining certificate provider certificate public key [Cert/RefCERGet]

Obtaining certificate provider, CA, certificate public key is done through the Cert/RefCERGet method.

Cert/RefCERGet - Request
Parameter	Type	Requested	Description
certprovider	string	Yes	Certificate's provider
id	string	Yes	IvSign certificate ID

Cert/RefCERGet - Response
Parameter	Type	Description
cer	byte[]	Certificates public key
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "certprovider": "dbsecure", "id": "8A62437FBF85" }

JSON response
{ "data": "MIICUjCCAToCAQAwDz...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/RefCERGet - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

Cert/RefCERGet - Audits
Operation	Audits
Correct	No
Incorrect	No

5.15. Listing certificate provider certificates [Cert/RefList]

Listing certificate provider certificates, CA, is done through the Cert/RefList method.

Cert/RefList - Request
Parameter	Type	Requested	Description
Without request parameters

Cert/RefList - Response
Parameter	Type	Description
certreflist	CertRef[]	IvSign reference certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{}

JSON response
{ "certreflist": [ { "id": "61376F3768372D65636473612D3139303732303138", "certprovider": "realsec", "data": "MIIBMDCB5qADAgECAg..." }, { "id": "617061636865327465737431", "certprovider": "realsec", "data": "MIIDRDCCAiygAwIBAg..." } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/RefList - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

Cert/RefList - Audits
Operation	Audits
Correct	No
Incorrect	No

5.16. Certificate replacement [Cert/Replace]

Certificate replacement is done through the Cert/Replace method.
This method can be used, for instance, when a certificate is about to expire. It can be replaced for its substitute and all the delegations and referred properties will be assigned to the new one.

Cert/Replace - Request
Parameter	Type	Requested	Description
newCert	Cert		IvSign certificate object
newCert.certid	string	Yes	IvSign certificate ID en IvSign
newCert.pin	string	Yes	Certificate's pin
oldCert	Cert		IvSign certificate object
oldCert.certid	string	Yes	IvSign certificate ID en IvSign
oldCert.pin	string	Yes	Certificate's pin
undo	bool	No	Indicates if the operation is a certificate replacement or back to the original one

Cert/Replace - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
replaced	bool	Result, correct or incorrect

Request and response example:

JSON request
{ "newCert": { "certid": "8A62437FBF89", "pin": "123#@Abc" }, "oldCert": { "certid": "8A62437FBF85", "pin": "Abc@#123" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "replaced": true }

Cert/Replace - User permissions
User	Allowed	Conditions
Basic	Yes	The certificates must belong to the agent user
Administrator	Yes	The certificates must belong to a user that belong to the same organization as the agent user
Super Administrator	Yes	The certificates must belong to a user that belong to the same organization as the agent user or to a child organization of this

Cert/Replace - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

5.17. Searching certificates [Cert/Search]

Searching certificates by its public key is done through the Cert/Search method.

Cert/Search - Request
Parameter	Type	Requested	Description
certbin	byte[]	Yes	Certificate public key

Cert/Search - Response
Parameter	Type	Description
certlist	Cert[]	IvSign certificate object
error	Error	IvSign error object, contains keyman operation error code result
page	Page	IvSign page object

Request and response example:

JSON request
{ "certbin": "MIIKzjCCCLagAwIBAgIIFdG9GevW/cEwD..." }

JSON response

{
"certlist": [
{
"certid": "882D1394205D",
"name": "NOMBRE PROPIETARIO",
"orgaid": "orgavisabuelo",
"userid": "user6",
"descr": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2017-06-12T12:50:33Z",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555...",
"subjectcn": "NOMBRE PROPIETARIO - 00000000",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"issuercn": "Camerfirma AAPP II - 2014",
"validfrom": "2017-06-12T12:50:48Z",
"validto": "2020-06-11T12:50:48Z",
"serial": "15D1BD19EBD6FDC1",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "user1",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": true,
"expired": false,
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": null
}

Cert/Search - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

Cert/Search - Audits
Operation	Audits
Correct	No
Incorrect	No

5.18. Linking reference certificates [Cert/RefLink]

Linking reference certificates, CA certificates, to a user is done through the Cert/RefLink method.

Cert/RefLink - Request
Parameter	Type	Requested	Description
certref	CertRef		IvSign reference certificate object
certref.certprovider	string	Yes	Certificate's provider
cert	Cert		IvSign certificate object
cert.userid	string	No	IvSign user ID, recipient user
cert.orgaid	string	No	User's organization
cert.pin	string	No (Yes if newpin is empty)	Certificate's pin
cert.newpin	string	No (Yes if pin is empty)	Certificate's pin

Cert/RefLink - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
cert	Cert	IvSign certificate object

Request and response example:

JSON request
{ "certref": { "certprovider": "dbsecure" }, "cert": { "orgaid": "miorga", "userid": "miuser", "pin": "Abc@#123" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"cert": {
"certid": "882D1394205D",
"name": "NOMBRE PROPIETARIO",
"orgaid": "miorga",
"userid": "miuser",
"descr": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2017-06-12T12:50:33Z",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555...",
"subjectcn": "NOMBRE PROPIETARIO - 00000000",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"issuercn": "Camerfirma AAPP II - 2014",
"validfrom": "2017-06-12T12:50:48Z",
"validto": "2020-06-11T12:50:48Z",
"serial": "15D1BD19EBD6FDC1",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": true,
"createmethod": "",
"createmodule": "",
"newpin": null,
"pin": null,
"revoked": true,
"expired": false,
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
}

Cert/RefLink - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/RefLink - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

5.19. Moving certificates [Cert/Move]

Moving certificates from one user to another is done through the Cert/Move method.

Cert/Move - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
user	User		IvSign user object
user.userid	string	Yes	User's ID
user.orgaid	string	No	User's organization

Cert/Move - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
cert	Cert	IvSign certificate object

Request and response example:

JSON request
{ "cert": { "certid": "882D1394205D" }, "user": { "userid": "user6" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
"cert": {
"certid": "882D1394205D",
"name": "NOMBRE PROPIETARIO",
"orgaid": "orgavisabuelo",
"userid": "user6",
"descr": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2017-06-12T12:50:33Z",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555...",
"subjectcn": "NOMBRE PROPIETARIO - 00000000",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"issuercn": "Camerfirma AAPP II - 2014",
"validfrom": "2017-06-12T12:50:48Z",
"validto": "2020-06-11T12:50:48Z",
"serial": "15D1BD19EBD6FDC1",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "user1",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": true,
"expired": false,
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}

}

Cert/Move - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

Cert/Move - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6. Bin certificates management [CertTrash]

6.1. Deleting bin certificates [CertTrash/Del]

Deleting certificates from the certificate's bin is done through the CertTrash/Del method.
Once the certificate is erased, it is not possible to be recovered.

CertTrash/Del - Request
Parameter	Type	Requested	Description
certtrash	CertTrash		IvSign trash certificate object
certtrash.certid	string	Yes	IvSign trash certificate ID

CertTrash/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "certtrash": { "certid": "882D1394205D" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

CertTrash/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

CertTrash/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.2. Getting bin certificates data [CertTrash/Get]

Getting bin certificates data is done through the CertTrash/Get method.

CertTrash/Get - Request
Parameter	Type	Requested	Description
certtrash	CertTrash		IvSign trash certificate object
certtrash.certid	string	Yes	IvSign trash certificate ID

CertTrash/Get - Response
Parameter	Type	Description
certtrash	CertTrash	IvSign trash certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "certtrash": { "certid": "882D1394205D" } }

JSON response

{
"certtrash": {
"certid": "882D1394205D",
"name": "miuser",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL, G=JUAN,...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA,...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACB",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": "0001-01-01T00:00:00",
"replaces": null,
"replacement": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

CertTrash/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

CertTrash/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

6.3. Listing bin certificates [CertTrash/List]

Listing certificate bin certificates is done through the CertTrash/List.
The list can contain from a user's certificates up to all system's certificates, depending on agent user privileges.

CertTrash/List - Request
Parameter	Type	Requested	Description
certtrash	CertTrash		IvSign trash certificate object
certtrash.userid	string	No	Certificate's user
certtrash.orgaid	string	No	Certificate's organization

CertTrash/List - Response
Parameter	Type	Description
certtrashlist	CertTrash[]	IvSign trash certificate object
error	Error	IvSign error object, contains keyman operation error code result
page	Page	IvSign page object

Request and response example:

JSON request
{ "certtrash": { "userid": "miuser", "orgaid": "miorga" } }

JSON response

{
"certtrashlist": [
{
"certid": "8A62437FBF81",
"name": "miuser",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL, G=JUAN,...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287, L=Valencia,...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACB",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": "0001-01-01T00:00:00",
"replaces": null,
"replacement": false
},
{
"certid": "8A62437FBF82",
"name": "miuser",
"orgaid": "miorgas",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2018-03-20T11:47:18Z",
"subject": "C=ES, CN=[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL, G=JUAN,...",
"subjectcn": "[SOLO PRUEBAS]JUAN CAMARA ESPAÑOL",
"issuer": "CN=RACER, O=AC Camerfirma SA, SERIALNUMBER=A82743287, L=Valencia,...",
"issuercn": "RACER",
"validfrom": "2016-02-15T16:15:16Z",
"validto": "2019-02-14T16:15:16Z",
"serial": "00BBAA89BBDB4218EA",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": 0,
"oper": "miuser",
"linked": null,
"createmethod": "ImportPFX",
"createmodule": "CertManager 7.0",
"newpin": null,
"pin": null,
"revoked": null,
"expired": null,
"sha1sum": "6D8174240C8120A934C11804F555F213DE99AACB",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": "0001-01-01T00:00:00",
"replaces": null,
"replacement": false
},
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}

CertTrash/List - User permissions
User	Allowed	Conditions
Basic	Yes	The certificates must belong the agent user
Administrator	Yes	The certificates must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificates must belong to a user that belongs to the same organization as the agent user or to a child organization of this

CertTrash/List - Audits
Operation	Audits
Correct	No
Incorrect	No

6.4. Restoring bin certificates [CertTrash/Rest]

Restoring certificates from the certificates bin is done through the CertTrash/Rest method.
The CertTrash object becomes a Cert object.

CertTrash/Rest - Request
Parameter	Type	Requested	Description
certtrash	CertTrash		IvSign trash certificate object
certtrash.certid	string	Yes	IvSign trash certificate ID

CertTrash/Rest - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "certtrash": { "certid": "882D1394205D" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

CertTrash/Rest - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

CertTrash/Rest - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

6.5. Sending certificates to the certificate bin [CertTrash/Move]

Sending certificates to the certificate bin is done through the CertTrash/Move method.
The Cert object becomes a CertTrash object.

Cert/Move - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID

Cert/Move - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert":{ "certid": "8A62437FBF85" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Cert/Move - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Cert/Move - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

7. Public certificates management [PubCert]

7.1. Creating public certificates [PubCert/Add]

Creating new public certificates on IvSing using its public key is done through the PubCert/Add method.

PubCert/Add - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.userid	string	No	Public certificate's user
pubcert.orgaid	string	No	Public certificate's organization
pubcert.alias	string	Yes	Public certificate's alias
cer	byte[]	Yes	Public certificate

PubCert/Add - Response
Parameter	Type	Description
result	PubCert	IvSign public certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pubcer":{ "userid": "miuser", "orgaid": "miorga", "alias": "mipubcert" } "cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev..." }

JSON response

{
"result": {
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PubCert/Add - User permissions
User	Allowed	Conditions
Basic	Yes	The recipient user must be the agent user
Administrator	Yes	The recipient user must belong to the same organization as the agent user
Super Administrator	Yes	The recipient user must belong to the same organization as the agent user or to a child organization of this

PubCert/Add - Audits
Operation	Audits
Correct	No
Incorrect	No

7.2. Obtención de certificados públicos [PubCert/Get]

Método para obtener un certificado público de IvSign.

PubCert/Get - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.pubcertid	string	No	IvSign public certificate ID
pubcert.userid	string	No	Public certificate's user
pubcert.orgaid	string	No	User's organization
pubcert.sha1sum	string	No	Certificate's SHA1SUM

PubCert/Get - Response
Parameter	Type	Description
result	PubCert	IvSign public certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pubcert": { "pubcertid": "8C7792DAA0A5" } }

JSON response

PubCert/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

PubCert/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

7.3. Setting public certificates [PubCert/Set]

Setting public certificates is done through the PubCert/Set method.

PubCert/Set - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.pubcertid	string	Yes	IvSign public certificate ID
pubcert.alias	string	Yes	Public certificate's alias
pubcert.userid	string	No	Public certificate's user
pubcert.orgaid	string	No	Public certificate's organization
pubcert.sha1sum	string	No	Certificate's SHA1SUM

PubCert/Set - Response
Parameter	Type	Description
result	PubCert	IvSign public certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pubcert": { "pubcertid": "8C7792DAA0A5", "alias": "mipubcert modificado" } }

JSON response

{
"result": {
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert modificado",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PubCert/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

PubCert/Set - Audits
Operation	Audits
Correct	No
Incorrect	No

7.4. Deleting public certificates [PubCert/Del]

Deleting public certificates is done through the PubCert/Del method.

PubCert/Del - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.pubcertid	string	Yes	IvSign public certificate ID

PubCert/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pubcert": { "pubcertid": "8C7792DAA0A5" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PubCert/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

PubCert/Del - Audits
Operation	Audits
Correct	No
Incorrect	No

7.5. Listing public certificates [PubCert/List]

Listing public certificates is done through the PubCert/List method.

PubCert/List - Request
Parameter	Type	Requested	Description
pubcert	PubCert		IvSign public certificate object
pubcert.pubcertid	string	No	IvSign public certificate ID
pubcert.userid	string	No	Public certificate's user
pubcert.orgaid	string	No	Public certificate's organization
pubcert.sha1sum	string	No	Certificate's SHA1SUM
page	Page		IvSign page object

PubCert/List - Response
Parameter	Type	Description
result	PubCert[]	IvSign public certificate object
error	Error	IvSign error object, contains keyman operation error code result
page	Page	IvSign page object

Request and response example:

JSON request
{ "pubcert": { "userid": "miuser" } }

JSON response

{
"result": [
{
"pubcertid": "8C7792DAA0A5",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
},
{
"pubcertid": "8C7792DAA0A6",
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf15",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26f",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorga",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "mipubcert",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"revoked": false,
"expired": false,
"isroot": false,
"isca": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
}
}

PubCert/List - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

PubCert/List - Audits
Operation	Audits
Correct	No
Incorrect	No

8. Public certificate management [PubCertBin]

8.1. Creating public certificates [PubCertBin/Add]

Creating public certificates is done through the PubCertBin/Add method.

PubCertBin/Add - Request
Parameter	Type	Requested	Description
cer	byte[]	Yes	Certificate's public key

PubCertBin/Add - Response
Parameter	Type	Description
result	PubCertBin	IvSign public bin certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev..." }

JSON response

{
"result": {
"sha1sum": "09931e3ecdb89c5f4750987797af9324ad1adf14",
"sha1sumissuer": "e95ecc414d56452ae35409acd23f34a27bdbd26e",
"cer": "MIIKzjCCCLagAwIBAgIIFdG9Gev...",
"subject": "C=ES, O=CENTRO PARA EL DESARROLLO TECNOLOGICO INDUSTRIAL, OU=555,...",
"issuer": "CN=Camerfirma AAPP II - 2014, L=Valencia...",
"alias": "",
"serial": "15D1BD19EBD6FDC1",
"validfrom": "2017-06-12T12:50:48+02:00",
"validto": "2020-06-11T12:50:48+02:00",
"revokeddate": null,
"isroot": false,
"isca": false
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PubCertBin/Add - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

PubCertBin/Add - Audits
Operation	Audits
Correct	No
Incorrect	No

8.2. Getting public certificate data [PubCertBin/Get]

Getting public certificate data using its fingerprint is done through the PubCertBin/Get method.

PubCertBin/Get - Request
Parameter	Type	Requested	Description
fingerprint	string	Yes	Public bin certificate's fingerprint

PubCertBin/Get - Response
Parameter	Type	Description
result	PubCertBin	IvSign public bin certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "fingerprint": "09931e3ecdb89c5f4750987797af9324ad1adf14" }

JSON response

PubCertBin/Get - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

PubCertBin/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

8.3. Checking public certificate [PubCertBin/Check]

Checking if a public certificate exists in IvSing is done through the PubCertBin/Check method.

PubCertBin/Check - Request
Parameter	Type	Requested	Description
fingerprint	string	Yes	Public bin certificate's fingerprint

PubCertBin/Check - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "fingerprint": "09931e3ecdb89c5f4750987797af9324ad1adf14" }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PubCertBin/Check - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

PubCertBin/Check - Audits
Operation	Audits
Correct	No
Incorrect	No

9. Organizations management [Orga]

9.1. Creating organizations [Orga/Add]

Creating organizations in IvSign is done through the Orga/Add method.

Orga/Add - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID
orga.descr	string	No	Organization's description
orga.parent	string	No	Organization's parent
orga.extid	string	No	Organization's external identifier
orga.license	string	No	Organization's license code

Orga/Add - Response
Parameter	Type	Description
orga	Orga	IvSign organization object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orga": { "orgaid": "miorga", "parent": "miorgapadre" } }

JSON response
{ "orga": { "orgaid": "miorga", "extid": null, "descr": "miorga", "parent": "miorgapadre", "chain": "root.miorgapadre.miorga.", "license": null, "createdate": "2018-08-24T06:16:49Z" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Add - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	The created organization must have agent user organization on its organization chain

Orga/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

9.2. Deleting organizations [Orga/Del]

Deleting organizations is done through the Orga/Del method.
The organization must hold no users nor certificates.

Orga/Del - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID

Orga/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orga": { "orgaid": "miorga" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Del - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	The organization must have agent user organization on its organization chain

Orga/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

9.3. Getting organization data [Orga/Get]

Getting organization data is done through the Orga/Get method.

Orga/Get - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	No (Yes if extid and license are empty)	IvSign organization ID
orga.extid	string	No (Yes if orgaid and license are empty)	Organization's external identifier
orga.license	string	No (Yes if orgaid and extid are empty)	Organization's license code

Orga/Get - Response
Parameter	Type	Description
orga	Orga	IvSign organization object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orga": { "orgaid": "miorga" } }

JSON response
{ "orga": { "orgaid": "miorga", "extid": null, "descr": "miorga", "parent": "miorgapadre", "chain": "root.miorgapadre.miorga.", "license": null, "createdate": "2018-08-24T06:16:49Z" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Get - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The agent user must belong to the organization
Super Administrator	Yes	The organization must have agent user organization on its organization chain

Orga/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

9.4. Listing organizations [Orga/List]

Listing organizations is done through the Orga/List method.
The method lists from only agent user organization up to all system organizations, depending on agent user privileges.

Orga/List - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	No	IvSign certificate ID en IvSign
page	Page	No	IvSign page object

Orga/List - Response
Parameter	Type	Description
orgalist	Orga[]	IvSign organization object
page	Page	IvSign page object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orga": {}, "page": null }

JSON response

{
"orgalist": [
{
"orgaid": "miorga",
"extid": null,
"descr": "Mi organización",
"parent": "miorgapadre",
"chain": "root.miorgapadre.miorga.",
"license": null,
"createdate": "2018-04-06T08:00:41Z"
},
{
"orgaid": "miorgahija1",
"extid": null,
"descr": "Mi organización hija 1",
"parent": "miorga",
"chain": "root.miorgapadre.miorga.miorgahija1.",
"license": "1127BE26-1EA5-45ED-B001-06762F450D6D",
"createdate": "2018-04-06T08:09:25Z"
},
{
"orgaid": "miorgahija2",
"extid": null,
"descr": "Mi organización hija 2",
"parent": "miorga",
"chain": "root.miorgapadre.miorga.miorgahija1.",
"license": null,
"createdate": "2018-04-06T08:11:26Z"
},
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Orga/List - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The listed organization must be agent user organization
Super Administrator	Yes	The listed organization must have agent user organization on its organization chain

Orga/List - Audits
Operation	Audits
Correct	No
Incorrect	No

9.5. Renaming organization [Orga/Ren]

Renaming an organization, changing its orgaid, is done through the Orga/Ren method.
The renamed organization will loose its previous auditory records.

Orga/Ren - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID
neworga	Orga		IvSign organization object
neworga.orgaid	string	Yes	IvSign organization ID

Orga/Ren - Response
Parameter	Type	Description
orga	Orga	IvSign organization object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orga": { "orgaid": "miorga" }, "neworga": { "orgaid": "mineworga" } }

JSON response
{ "orga": { "orgaid": "mineworga", "extid": null, "descr": "miorga", "parent": "miorgapadre", "chain": "root.miorgapadre.miorga.", "license": null, "createdate": "2018-08-24T06:16:49Z" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Ren - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The renamed organization must be agent user organization
Super Administrator	Yes	The renamed organization must have agent user organization on its organization chain

Orga/Ren - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

9.6. Setting organization data [Orga/Set]

Setting organization data is done through the Orga/Set method.

Orga/Set - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID
orga.descr	string	No	Organization's description
orga.extid	string	No	Organization's external identifier
orga.license	string	No	Organization's license code

Orga/Set - Response
Parameter	Type	Description
orga	Orga	IvSign organization object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "orga": { "orgaid": "miorga", "descr": "miorga descripción nueva", "license": "nueva licencia" } }

JSON response
{ "orga": { "orgaid": "minorga", "extid": null, "descr": "miorga descripción nueva", "parent": "miorgapadre", "chain": "root.miorgapadre.miorga.", "license": "nueva licencia", "createdate": "2018-08-24T06:16:49Z" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Orga/Set - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The renamed organization must be agent user organization
Super Administrator	Yes	The renamed organization must have agent user organization on its organization chain

Orga/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

10. Device management [Device]

10.1. Device creation [Device/Add]

Device creation can be done through the Device/Add method. It can be also created during user authentication.
If more than one user authenticates using the same device, the device will registered for all the users.

Device/Add - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.deviceinfo	string[][]	Yes	Device information parameters
device.userid	string	No	Device's owner
device.orgaid	string	No	Device's owner organization
device.authorized	bool	No	Authorized / unauthorized device flag
device.notifyenabled	bool	No	Receive push notification enabled / disabled flag

Device/Add - Response
Parameter	Type	Description
device	Device	IvSign device object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "device": { "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "authorized": true, "notifyenabled": false } }

JSON response
{ "device": { "deviceid": "7DC4UILIWUFY4", "userid": "miuser", "orgaid": "miorga", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "lastaccess": "2018-08-24T07:29:19.6678975Z", "authorized": true, "notifyenabled": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Device/Add - User permissions
User	Allowed	Conditions
Basic	Yes	The device must belong to the agent user
Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

10.2. Deleting devices [Device/Del]

Deleting devices is done through the Device/Del method.

Device/Del - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.deviceid	string	Yes	IvSign device ID

Device/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "device": { "deviceid": "7DC4UILIWUFY4" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Device/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The device must belong to the agent user
Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

10.3. Getting device data [Device/Get]

Getting device data is done through the Device/Get method.
There two ways of asking the device data, by using its deviceid or by using a combination of its userid, orgaid and deviceinfo.

Device/Get - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.deviceid	string	No (Yes if deviceinfo, userid and orgaid are empty)	IvSign device ID
device.deviceinfo	string[][]	No (Yes if deviceid is empty)	Device information parameters
device.userid	string	No (Yes if devideid is empty)	Device's owner
device.orgaid	string	No (Yes if devideid is empty)	Device's organization

Device/Get - Response
Parameter	Type	Description
device	Device	IvSign device object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "device": { "userid": "miuser", "orgaid": "miorga", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ] } }

JSON response
{ "device": { "deviceid": "7DC4UILIWUFY4", "userid": "miuser", "orgaid": "miorga", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "lastaccess": "2018-08-24T08:01:45.0216337Z", "authorized": true, "notifyenabled": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Device/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The device must belong to the agent user
Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

10.4. Listing devices [Device/List]

Listing devices is done through the Device/List method.

Device/List - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.userid	string	No	Device's owner
device.orgaid	string	No	Device's organization
page	Page	No	IvSign page object

Device/List - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
devicelist	Device[]	IvSign device object
page	Page	IvSign page object

Request and response example:

JSON request
{ "device": { "userid": "miuser", "orgaid": "miorga" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"devicelist": [
{
"deviceid": "7DC4UILIWUFY4",
"userid": "miuser",
"orgaid": "miorga"
"deviceinfo": [
[
"equipo",
"equipoprueba1"
],
[
"ip",
"172.0.0.1"
]
],
"lastaccess": "2018-08-24T07:53:45.5817337Z",
"authorized": true,
"notifyenabled": false
},
{
"deviceid": "7DC4UILIWUFY5",
"userid": "miuser",
"orgaid": "miorga"
"deviceinfo": [
[
"equipo",
"equipoprueba2"
],
[
"ip",
"172.0.0.2"
]
],
"lastaccess": "2018-08-24T07:53:45.5817337Z",
"authorized": true,
"notifyenabled": false
},
],
"page": null
}

Device/List - User permissions
User	Allowed	Conditions
Basic	Yes	The listed devices must belong to the agent user
Administrator	Yes	The listed devices must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The listed devices must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/List - Audits
Operation	Audits
Correct	No
Incorrect	No

10.5. Setting devices [Device/Set]

Setting devices is done through the Device/Set method.

Device/Set - Request
Parameter	Type	Requested	Description
device	Device		IvSign device object
device.deviceid	string	Yes	IvSign device ID
device.userid	string	No	Device's owner
device.deviceinfo	string[][]	No	Device information parameters
device.lastaccess	DateTime	No	Device's last access
device.authorized	bool	No	Authorized / unauthorized device flag
device.notifyenabled	bool	No	Receive push notification enabled / disabled flag

Device/Set - Response
Parameter	Type	Description
device	Device	IvSign device object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "device": { "deviceid": "7DC4UILIWUFY4", "userid": "miuser", "authorized": false } }

JSON response
{ "device": { "deviceid": "7DC4UILIWUFY4", "userid": "miuser", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "lastaccess": "2018-08-24T08:01:45.0216337Z", "authorized": false, "notifyenabled": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Device/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The device must belong to the agent user
Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent
Super Administrator	Yes	The device must belong to a user that belongs to the same organization as the user agent or to a child organization of this

Device/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

11. Authorization petition management [Inquiry]

11.1. Getting inquiry [Inquiry/Get]

Getting an IvSign inquiry is done through the Inquiry/Get method.

Inquiry/Get - Request
Parameter	Type	Requested	Description
inquiry	Inquiry		IvSign inquiry object
inquiry.inquiryid	string	Yes	IvSign inquiry ID

Inquiry/Get - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
inquiry	Inquiry	IvSign inquiry object

Request and response example:

JSON request
{ "inquiry": { "inquiryid": "7DC5FA5WSOFTE" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"inquiry": {
"inquiryid": "7DC5FA5WSOFTE",
"type": "authsign",
"data": "{\"delegacion.delegid\":\"7DC5FAVXCIQGY\",\"delegacion.name\":\"TestInquiry\",\"delegacion.descr"\:\"\",\"cert.certid\":\"7DC5FAV5LFHN6\",...}",
"createdate": "2019-07-12 07:48:57",
"validuntil": "2019-07-12 07:58:57",
"userid": "myuser",
"orgaid": "MYORGA",
"pending": true,
"response": null
}
}

Inquiry/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Administrator	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Super Administrator	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user

Inquiry/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

11.2. Setting inquiry [Inquiry/Set]

Setting devices is done through the Inquiry/Set method.

Inquiry/Set - Request
Parameter	Type	Requested	Description
inquiry	Inquiry		IvSign inquiry object
inquiry.inquiryid	string	Yes	IvSign inquiry ID
inquiry.response	string	Yes	Inquiry response to the authorization petition

Inquiry/Set - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
inquiry	Inquiry	IvSign inquiry object

Request and response example:

JSON request
{ "inquiry": { "inquiryid": "7DC44PFZOEPUQ", "response": "{\"usagecount\":\"1\",\"hours\":\"1\",\"accepted\":\"true\"}" } }

JSON response

Inquiry/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Administrator	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user
Super Administrator	Yes	The inquiry organization must equal to the agent user organization or the inquiry user must be the agent user

Inquiry/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

12. License management [License]

12.1. Getting license data [License/Get]

Getting an organization license data or an environment license data is done through the License/Get method.

License/Get - Request
Parameter	Type	Requested	Description
license	string	Yes	License code

License/Get - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
licenseinfo	KeyValue[]	A parameters list

Request and response example:

JSON request
{ "license": "milicenia" }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"licenseinfo": [
{
"Key": "maxCerts",
"Value": "-1"
},
{
"Key": "maxUsers",
"Value": "-1"
},
{
"Key": "signatureBiometricEnable",
"Value": "False"
},
{
"Key": "signatureEnable",
"Value": "False"
},
{
"Key": "tspEnable",
"Value": "True"
},
{
"Key": "verifyEnable",
"Value": "True"
},
{
"Key": "expireDate",
"Value": "24/05/2019 9:17:54"
}
]
}

License/Get - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

License/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

13. Auditory management [Audit]

13.1. Listing auditory records [Audit/List]

Listing auditory records is done through the Audit/List method.
The method returns the auditory records based on the request parameters and the pagination.

Audit/List - Request
Parameter	Type	Requested	Description
startdate	DateTime	Yes	UTC request start date time
enddate	DateTime	Yes	UTC request end date time
audit	Audit		IvSign auditory object
audit.userid	string	No	User ID filter
audit.orgaid	string	No	Organization ID filter
audit.oper	string	No	Operator user filter
audit.category	string	No	Category filter
audit.action	string	No	Performed action filter
audit.seccess	bool	No	Success / failure filter
audit.certid	string	No	Certificate ID filter
audit.serial	string	No	Certificate serial number filter
audit.module	string	No	Module filter
page	Page	No	IvSign page object
limit	int	No	Element per page limit number on IvSign page object
foruser	string	No	User ID for looking up at the auditory, all the direct actions performed for the user and the indirect actions performed on the user
fororga	string	No	Organization ID for looking up at the auditory, all the direct actions performed for its members and the indirect actions performed on them

Audit/List - Response
Parameter	Type	Description
auditlist	Audit[]	IvSign auditory object
page	Page	IvSign page object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "startdate": "2018-08-20T00:00:00.000Z", "enddate": "2018-08-24T23:59:59.999Z", "auditlist": { "oper": "miuser", "module": "mimodulo", } }

JSON response

{
"auditlist": [
{
"auditid": 2452,
"date": "2018-08-22T11:29:15.374386Z",
"ip": "127.0.0.1",
"host": "127.0.0.1",
"certid": null,
"serial": null,
"certidorig": null,
"orgaid": "miorga",
"category": "Auth",
"action": "Login",
"actiondata": null,
"success": true,
"info": "Login successfully",
"app": null,
"oper": "miuser",
"userid": "miuser",
"impersonator": null,
"location": null,
"server": "miuser-pc",
"module": "mimodulo",
"modver": "8.0",
"data": null,
"certsha1sum": null,
"operorgaid": "miorga"
},
{
"auditid": 2451,
"date": "2018-08-22T11:04:45.903185Z",
"ip": "127.0.0.1",
"host": "127.0.0.1",
"certid": null,
"serial": null,
"certidorig": null,
"orgaid": "miorga",
"category": "Notify",
"action": "Accept",
"actiondata": null,
"success": true,
"info": "Notification accepted \"Notificación miuser\"",
"app": null,
"oper": "miuser",
"userid": "miuser",
"impersonator": null,
"location": null,
"server": "miuser-pc",
"module": "mimodulo",
"modver": "8.0",
"data": "2",
"certsha1sum": null,
"operorgaid": "miorga"
},
...
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Audit/List - User permissions
User	Allowed	Conditions
Basic	Yes	The searched user must be the agent user
Administrator	Yes	The searched users must belong to the same organization as the agent user
Super Administrator	Yes	The searched users must belong to the same organization as the agent user or to a child organization of this

Audit/List - Audits
Operation	Audits
Correct	No
Incorrect	No

13.2. Obtaining auditory categories and action data [Audit/Info]

Obtaining auditory categories and action data is done through the Audit/Info method.
The returned data depends on the recorded performed operations.

Audit/Info - Request
Parameter	Type	Requested	Description
Without request parameters

Audit/Info - Response
Parameter	Type	Description
auditinfo	AuditInfo	IvSign auditory information object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{}

JSON response

{
"data": {
"category": [
"Auth",
"Cert",
"CertTrash",
"Config",
"Deleg",
"Device",
"Notify",
"Orga",
"Rule",
"Sign",
"Signature",
"TSP",
"User",
"Verify"
],
"action": [
"Accept",
"Add",
"Cades",
"CER",
"Del",
"DelCert",
"Generate",
"Impersonate",
"ImportPFX",
"Login",
"Move",
"OrgaMove",
"Pades",
"PinCheck",
"PinSet",
"RefLink",
"Ren",
"Rest",
"RSA",
"Set",
"Sign",
"UserAdd",
"Val",
"Xades"
]
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Audit/Info - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Audit/Info - Audits
Operation	Audits
Correct	No
Incorrect	No

14. Simple hashes signatures [Sign]

14.1. Hash signature [Sign/Hash] ✍

Hash signature are performed by using the Sign/Hash method.

Sign/Hash - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's pin
hash	Hash		IvSign hash parameters object
hash.algorithm	string	Yes	Hash algorithm
hash.digest	byte[]	Yes	Hash to sign
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller

Sign/Hash - Response
Parameter	Type	Description
data	byte[]	Hash signature
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "100000000001", "pin": "PinAcceso" }, "hash": { "algorithm": "SHA512", "digest": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9..." }, "caller": { "host": "devhost", "app": "apitest" } }

JSON response
{ "data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Sign/Hash - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Sign/Hash - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

14.2. RSA Signature [Sign/RSA] ✍

RSA signature are performed by using the Sign/RSA method.

Sign/RSA - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's pin
data	byte[]	Yes	Object to sign
extradata	string[][]	No	Signature extra information
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller

Sign/RSA - Response
Parameter	Type	Description
data	byte[]	RSA signature
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "100000000001", "pin": "PinAcceso" }, "data": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9...", "caller": { "host": "devhost", "app": "apitest" } }

JSON response
{ "data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Sign/RSA - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Sign/RSA - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

14.3. TSP signature [Sign/TSP] ✍

TSP signature are performed by using the Sign/TSP method.

Sign/TSP - Request
Parameter	Type	Requested	Description
tsulist	string[]	Yes	Time stamp servers URL list
includecert	bool	No	Include time stamp server certificate into the signature
extradata	string[][]	No	Signature extra information
hash	Hash		IvSign hash parameters object
hash.algorithm	string	Yes	Hash algorithm
hash.digest	byte[]	Yes	Hash to sign

Sign/TSP - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
tsainfo	tsainfo	IvSign TSA information object
tsr	byte[]	Signed object

Request and response example:

JSON request
{ "tsulist": [ "http://usuario:password@servidor.sellado" ], "includecert": true, "hash": { "algorithm": "sha256", "digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ=" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "tsainfo": { "subjectcn": "servidor.sellado", "url": "http://servidor.sellado", "serial": "73CF40966ECAA1E358984E23F4AA3B7D", "cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..." }, "tsr": "MIIMFDADAgEAMIAGCSqGSIb3..." }

Sign/TSP - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Sign/TSP - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

14.4. PDF signature [Sign/PDF] ✍

PDF basic signature are performed by using the Sign/PDF method.

Sign/PDF - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's pin
document	byte[]	Yes	PDF to sign
algorithm	string	No	Hash algorithm
extradata	string[][]	No	Signature extra information
caller	Caller		IvSign caller object
caller.app	string	No	Application caller
caller.host	string	No	Host caller

Sign/PDF - Response
Parameter	Type	Description
data	byte[]	Signed PDF
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "cert": { "certid": "100000000001", "pin": "PinAcceso" }, "data": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9...", "caller": { "host": "devhost", "app": "apitest" } }

JSON response
{ "data": "IdzQHKgw0J+IT2/XO3VY7s760s8rVkj5YvgQ3N1AOP7Oj7BNSUQot/T087Z...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Sign/PDF - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Sign/PDF - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

15. Document signatures [Signature]

15.1. PDF document signature [Signature/Pades] ✍

PDF document signature are performed by using the Signature/Pades method.
The signature is highly customizable.

Signature/Pades - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's access pin
document	byte[]	Yes	PDF document to sign
asyncdata	byte[]	No	Signature in detached mode
profile	string	Yes	Signature profile: 'basic' or 'enhanced'
hashalgorithm	string	No	Hash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
extensions	string	No	Signature extensions, separated by coma: 't'=Include TimeStamp into the signature, 'timestamp'=Add a TimeStamp to the signature (Long Term Validation), 'epes'=Include signature policy, 'biometry'=Include biometric data, 'revinfo'=Include certificate's revocation information
operation	string	No	Kind of operation to perform: sign, cosign, upgrade, append...
extradata	string[][]	No	Signature extra information
parameters	SignPadesParams		IvSign signature complementary PAdES parameters
cause	string	No	Signature reason
tstampservers	TimeStampServerInfo[]	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
pdfparameters	PDFSignParams	No	IvSign PDF signature parameters object
biometry	Biometry	No	IvSign biometric data object

Signature/Pades - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
data	byte[]	Signed PDF document

Request and response example:

JSON request

{
"cert": {
"certid": "7DC4U45K5FG3K",
"pin": "Abc@#123"
},
"document": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9UeXBlL0Nh...",
"profile": "enhanced",
"extensions": "t,timestamp,biometry",
"parameters": {
"tstampservers": [
{
"name": "seg-social",
"url": "https://w6.seg-social.es/tspTSA/input/RequestTSA",
"httpauth": false,
"hashalgorithm": "SHA256",
"includecertificates": true,
"usenonce": true
}
],
"biometry": {
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQA...",
"data": "AAEAABAAAAAFpwnxeWleeHgOymUHL2tOmBcYBneDA/vtzTXsvKi..."
},
"policy": {
"policyidentifier": "2.16.724.1.3.1.1.2.1.9",
"policydigest": "G7roucf600+f03r/o0bAOQ6WAs0=",
"policydigestalgorithm": "sha1",
"policyidentifieraddqualifier": true,
"policyqualifieruri": "https://sede.060.gob.es/politica_de_firma_anexo_1.pdf"
}
}
}

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9U..." }

Signature/Pades - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Signature/Pades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

15.2. XML document signature [Signature/Xades] ✍

XML document signature are performed by using the Signature/Xades method.
The signature is highly customizable.

Signature/Xades - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's access pin
document	byte[]	Yes	XML document to sign
signdata	byte[]	No	Signature in detached mode
profile	string	Yes	Signature profile: 'bes'=basic, 't'=Include TimeStamp into the signature, 'c'=Add references to the signature for future Verifications, 'x'=Add TimeStamp to the references, 'xl'=Current revocation information for long term Verifications
extension	string	Yes	Signature options, for example: T include TimeStamp into the signature, EPES include signature policy o LTV re stamp the signature
hashalgorithm	string	No	Hash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
envelop	string	Yes	Signature format: 'enveloped'=The signature includes the original XML document, 'enveloping'=A new XML document is generated with the original XML document on one of its nodes
operation	string	No	Kind of operation to perform: sign, cosign, upgrade, append...
extradata	string[][]	No	Signature extra information
parameters	SignXadesParams		IvSign signature complementary XAdES parameters
tstampserver	TimeStampServerInfo	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
location	SignLocation	No	Signature location data, for instance, the city where the signature is performed
policy	SignPolicy	No	IvSign signature policy object
signerrole	string	No	Signer user role
includewholechain	bool	No	Include or not the whole certificate's certificate chain
includekeyvalue	bool	No	Include or not certificate's public key
xadesversion	int	No	XAdES signature version
envreferencetosign	string	No (Yes if envelop = enveloped)	Internal reference to the original XML document, must start by '#'
envsigdestreference	string	No	Sets the xmldsign destination node element through document xpath search method
envnamespacelist	string[][]	No	Sets the envsigdestreference xpath search method referred nodes namespace and its prefixes list
envreferencetosignns	string	No	ID node namespace to sign, for example, wsu:Id

Signature/Xades - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
data	byte[]	XML signed document

Request and response example:

JSON request

{
"cert": {
"certid": "8B1F1E544F20",
"pin": "123#@Abc"
},
"document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...",
"profile": "t",
"envelop": "enveloping",
"parameters": {
"tstampserver": {
"url": "http://usuario:password@servidor.sellado",
"httpauth": false,
"usenonce": true,
"includecertificates": true,
"hashalgorithm": "sha1"
}
}

**JSON response**


{
    "error": {
        "code": "K0000",
        "message": "OK",
        "traceid":"7DC44PFZOEPUQ"
    },
    "data": "77u/PD94bWwg..."
}

Signature/Xades - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Signature/Xades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

15.3. Generic document signature [Signature/Cades] ✍

Generic document signature are performed by using the Signature/Cades method.
The signature is highly customizable.

Signature/Cades - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
cert.pin	string	Yes	Certificate's access pin
document	byte[]	Yes	Generic document to sign
signdata	byte[]	No	Signature in detached mode
profile	string	Yes	Signature profile: 'cms'=Without encapsulation, 'bes'=Basic, 't'=Include TimeStamp into the signature, 'c'=Add references to the signature for future Verifications, 'x'=Extended, 'xl'=Long term extended
extensions	string	No	Signature options, for example: T include TimeStamp into the signature, EPES include signature policy o LTV re stamp the signature
hashalgorithm	string	No	Hash algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
envelop	string	No	Signature format: 'enveloped'=The signature includes the original document, 'enveloping'=A new XML document is generated with the original document on one of its nodes
operation	string	No	Kind of operation to perform: sign, cosign, upgrade, append...
parameters	SignCadesParams		IvSign signature complementary CAdES parameters
extradata	string[][]	No	Signature extra information
tstampserver	TimeStampServerInfo	No	IvSign time stamp server information object if it is not specified and the signature requires it, the default one will be used

Signature/Cades - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
data	byte[]	Generic signed document

Request and response example:

JSON request
{ "cert": { "certid": "8B1F1E544F20", "pin": "123#@Abc" }, "document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...", "profile": "t", "parameters": { "tstampserver": { "url": "http://usuario:password@servidor.sellado", "httpauth": false, "usenonce": true, "includecertificates": true, "hashalgorithm": "sha1" } } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "77u/PD94bWwg..." }

Signature/Cades - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Signature/Cades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

15.4. PDF document time stamping [Signature/TimestampPdf] ✍

PDF documents time stamping are performed by using the Signature/Cades method.
The time stamp is highly customizable.

Signature/TimestampPdf - Request
Parameter	Type	Requested	Description
document	byte[]	Yes	PDF document to stamp
algorithm	string	Yes	Algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
extradata	string[][]	No	Signature extra information
parameters	SignPadesParams		IvSign signature complementary PAdES parameters
cause	string	No	Time stamp reason
pdfparameters	PDFSignParams	No	IvSign PDF signature parameters object
tstampserver	TimeStampServerInfo	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
biometry	Biometry	No	IvSign biometric data object

Signature/TimestampPdf - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
data	byte[]	Time stamped PDF document

Request and response example:

JSON request
{ "document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...", "algorithm": "sha256", "parameters": { "tstampserver": { "url": "http://usuario:password@servidor.sellado", "httpauth": false, "usenonce": true, "includecertificates": true, "hashalgorithm": "sha1" } } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "77u/PD94bWwg..." }

Signature/TimestampPdf - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Signature/TimestampPdf - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

16. Time stamp operations [TSP]

16.1. Time stamp signature [TSP/Sign]

TSP signature are performed by using the Sign/TSP method.

TSP/Sign - Request
Parameter	Type	Requested	Description
tsulist	string[]	Yes	Time stamp servers URL list
includecert	bool	No	Include time stamp server certificate into the signature
extradata	string[][]	No	Signature extra information
hash	Hash		IvSign hash parameters object
hash.algorithm	string	Yes	Hash algorithm
hash.digest	byte[]	Yes	Hash to sign

STSP/Sign - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
tsainfo	tsainfo	IvSign TSA information object
tsr	byte[]	Signed object

Request and response example:

JSON request
{ "tsulist": [ "http://usuario:password@servidor.sellado" ], "includecert": true, "hash": { "algorithm": "sha256", "digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ=" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "tsainfo": { "subjectcn": "servidor.sellado", "url": "http://servidor.sellado", "serial": "73CF40966ECAA1E358984E23F4AA3B7D", "cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..." }, "tsr": "MIIMFDADAgEAMIAGCSqGSIb3..." }

TSP/Sign - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

TSP/Sign - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

16.2. Time stamp verification [TSP/Verify]

TSR, Time Stamp Response, verification are performed by using the TSP/Verify.
To do the verification the TSR is needed. Optionally, the original digest and the signing certificate can be included.

If the original digest is included, the method will compare it with the TSR digest and will return true or false on the valid_digest parameter according to the result.
Otherwise, valid_digest will be null.

If the signing certificate is included, the method will compare it with the TSR certificate and will return true or false on the valid_cert parameter according to the result.
Note: In case signing certificate is not included into the TSP, it will be needed to be provided.

The valid parameter will be true if all the non null valid parameters are true.

TSP/Verify - Request
Parameter	Type	Requested	Description
hash	Hash		IvSign hash parameters object
hash.algorithm	string	No	Hash algorithm
hash.digest	byte[]	No	Hash to sign
tsr	byte[]	Yes	TimeStamp to verify
cer	byte[]	No	Signed certificate, in case it is not included into the TSR

TSP/Verify - Response
Parameter	Type	Description
valid	bool	True if all the non null valid parameters are true
valid_digest	bool	Digest validation parameter
valid_tsr	bool	TSR validation parameter
valid_cert	bool	Certificate validation parameter
datetime	DateTime	TimeStamp UTC date time
tsainfo	tsainfo	IvSign TSA information object
hash	Hash	IvSign hash parameters object
message	string	Hash algorithm
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "hash": { "algorithm": "sha256", "digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ=" }, "tsr": "MIIMFDADAgEAMIAGCSqGSIb3..." }

JSON response

{
"valid": true,
"valid_digest": true,
"valid_tsr": true,
"valid_cert": true,
"datetime": "2018-02-22T11:57:08Z",
"tsainfo": {
"subjectcn": "servidor.sellado",
"url": null,
"serial": "73CF40966ECAA1E358984E23F4AA3B7D",
"cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7Ko..."
},
"hash": {
"algorithm": "sha256",
"digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ="
},
"message": "",
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

TSP/Verify - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

TSP/Verify - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

16.3. PDF document time stamping [TSP/TimestampPdf]

PDF documents time stamping are performed by using the Signature/Cades method.
The time stamp is highly customizable.

TSP/TimestampPdf - Request
Parameter	Type	Requested	Description
document	byte[]	Yes	PDF document to stamp
algorithm	string	Yes	Algorithm: 'SHA1', 'SHA256', 'SHA512' or 'MD5', SH1 by default
extradata	string[][]	No	Signature extra information
parameters	SignPadesParams		IvSign signature complementary PAdES parameters
cause	string	No	Time stamp reason
pdfparameters	PDFSignParams	No	IvSign PDF signature parameters object
tstampserver	TimeStampServerInfo	No	IvSign time stamp server information object, if it is not specified and the signature requires it, the default one will be used
biometry	Biometry	No	IvSign biometric data object

TSP/TimestampPdf - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
data	byte[]	Time stamped PDF document

Request and response example:

JSON request
{ "document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmN...", "algorithm": "sha256", "parameters": { "tstampserver": { "url": "http://usuario:password@servidor.sellado", "httpauth": false, "usenonce": true, "includecertificates": true, "hashalgorithm": "sha1" } } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "data": "77u/PD94bWwg..." }

TSP/TimestampPdf - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

TSP/TimestampPdf - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

17. Verification operations [Verify]

17.1. IvSign certificate verification [Verify/Cert]

IvSign certificate validation are performed by using the Verify/Cert method.
IvSign certificate ID is needed to perform the Verification.

Verify/Cert - Request
Parameter	Type	Requested	Description
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID
querydate	DateTime	No	Request date time moment

Verify/Cert - Response
Parameter	Type	Description
certinfo	Certinfo	IvSign certificate information object
expired	bool	True if the certificate has expired, false otherwise
untrusted	bool	True if the certificate is not trusted, false otherwise
revoked	bool	True if the certificate has been revoked, false if ti is not, null otherwise
invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
valid	bool	True if all the not null Verifications are true, false otherwise

Request and response example:

JSON request
{ "cert": { "certid": "8B4569DC873F" } }

JSON response

{
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO,...",
"subjectcn": "Nombre Apellidos (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha1RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment",
"Data Encipherment",
"Key Agreement (f8)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "Test Root CA",
"type": "PR",
"userinfo": {
"name": "Nombre",
"lastname": "Apellidos",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": "B666212593",
"name": "Ivnosys Soluciones , S.L."
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "B3332002481F83D126AC0D47E3A7C68834A73438"
},
"expired": false,
"untrusted": true,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Verify/Cert - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Verify/Cert - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

17.2. CA certificate verification [Verify/CER]

CA certificate verifications are performed by using the Verify/CER method.
It is needed the certificate as a binary DER certificate in order to verify it.

Verify/Cer - Request
Parameter	Type	Requested	Description
cer	byte[]	Yes	Certificate in DER format
querydate	DateTime	No	Request date time moment

Verify/Cer - Response
Parameter	Type	Description
certinfo	Certinfo	IvSign certificate information object
expired	bool	True if the certificate has expired, false otherwise
untrusted	bool	True if the certificate is not trusted, false otherwise
revoked	bool	True if the certificate is revoked, false if it is not, null if it was not possible to verify it
invalidsignature	bool	True if the certificate intermediate CA signature is not valid, false in case it is valid, null if it was not possible to verify it
valid	bool	True if all the not null Verifications are true, false otherwise

Request and response example:

JSON request
{ "cer": "MIIH0zCCBrugAwIBAgIJALuqibv..." }

JSON response

Verify/Cer - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/Cer - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

17.3. Time stamp verification [Verify/TSP]

TSR, Time Stamp Response, verification are performed by using the TSP/Verify.
To do the verification the TSR is needed. Optionally, the original digest and the signing certificate can be included

The valid parameter will be true if all the non null valid parameters are true.

Verify/TSP - Request
Parameter	Type	Requested	Description
hash	Hash		IvSign hash parameters object
hash.algorithm	string	No	Hash algorithm
hash.digest	byte[]	No	Hash to sign
tsr	byte[]	Yes	TimeStamp to verify
cer	byte[]	No	Signed certificate, in case it is not included into the TSR

Verify/TSP - Response
Parameter	Type	Description
valid	bool	True if all the non null valid parameters are true
valid_digest	bool	Digest validation parameter
valid_tsr	bool	TSR validation parameter
valid_cert	bool	Certificate validation parameter
datetime	DateTime	TimeStamp UTC date time
tsainfo	tsainfo	IvSign TSA information object
hash	Hash	IvSign hash parameters object
message	string	Hash algorithm
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "hash": { "algorithm": "sha256", "digest": "Ez7piSk/knNjASgMbxTInVISAMF9zc7MowzSBwUzLUQ=" }, "tsr": "MIIMFDADAgEAMIAGCSqGSIb3..." }

JSON response

Verify/TSP - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/TSP - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

17.4. Signed PDF document verification [Verify/Pades]

Signed PDF document verification are performed by using the Verify/Pades.

Verify/Pades - Request
Parameter	Type	Requested	Description
document	byte[]	Yes	PDF signed document to verify
password	string	No	Document password
options	string	No	Verification options

Verify/Pades - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
valid	bool	Verification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signatures	SignatureData	IvSign signature data object

Request and response example:

JSON request
{ "document": "JVBERi0xLjcNCiW1tbW1DQoxIDAgb2JqDQo8PC9U..." }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
},
"valid": true,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Autenticación del cliente (1.3.6.1.5.5.7.3.2)",
"Correo seguro (1.3.6.1.5.5.7.3.4)"
],
"caname": "ACCV",
"type": "PF",
"userinfo": {
"name": "Nombre3",
"lastname": "Apellido3",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "C88D4165900ACAF8FCEE7949D4CA0EAEBC73D257",
"sha1sumissuer": "9FCDF094368D1B025C4C5574F8C59DB8DF75D0C3"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature1",
"valid": true,
"integrity": true,
"profile": "Enhanced",
"extensions": "t,biometry",
"envelop": "Enveloped",
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQAw...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": false,
"type": "Generic",
"time": "2019-05-21T09:57:09Z",
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": null,
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "",
"valid": false,
"integrity": true,
"profile": "bes",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0BAQsFAD...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
],
"timestampinfo": {
"policyoid": "0.4.0.2023.1.1",
"serialnumber": "16AD9D2C39A",
"gentime": "2019-05-21T09:57:09Z",
"messageimprint": "8OC2PC/glAQszWa0Xf8Y0VuDaNU=",
"messageimprintalgorithm": 2,
"nonce": "3336353231303737",
"ordering": false,
"tsaname": null
},
"calculatedmessagedigest": "8OC2PC/glAQszWa0Xf8Y0VuDaNU="
}
],
"validationtimestamps": null,
"biometrysigninfo": {
"certsubject": "C=ES, O=ACCV, OU=Ciudadanos, SN=CAMARA ESPAÑOL, G=JUEAN, SERIALNUMBER=00000000T, CN=JUAN CAMARA ESPAÑOL - NIF:00000000T",
"certissuer": "C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120",
"signatureimage": null
}
},
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": "NI",
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature2",
"valid": true,
"integrity": true,
"profile": "Timestamp",
"extensions": "timestamp",
"envelop": "Enveloped",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0B...",
"signingtime": "2019-05-21T09:57:15",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
]
}

Verify/Pades - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/Pades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

17.5. Signed generic document verification [Verify/Cades]

Signed generic document verification are performed by using the Verify/Cades.

Verify/Cades - Request
Parameter	Type	Requested	Description
options	string	No	Verification options
document	byte[]	Yes	Generic signed document to verify
detachedsignature	string	No	Signature to verify

Verify/Cades - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
valid	bool	Verification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signatures	SignatureData	IvSign signature data object

Request and response example:

JSON request
{ "document": "MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrD..." }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"valid": false,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha1RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment",
"Data Encipherment",
"Key Agreement (f8)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "Test Root CA",
"type": "PR",
"userinfo": {
"name": "Nombre3",
"lastname": "Apellido3",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": "B666212593",
"name": "Ivnosys Soluciones , S.L."
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "B3332002481F83D126AC0D47E3A7C68834A73438"
},
"expired": false,
"untrusted": true,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
},
"signatureid": "",
"valid": false,
"integrity": true,
"profile": "t",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIE3DCCA8SgAwIBAgIFRvNzDrgwDQYJKoZ...",
"signingtime": "2018-08-27T09:49:19",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": true,
"type": "Generic",
"time": "2018-08-27T09:49:19",
"signatures": null
}
],
"validationtimestamps": null
}
]
}

Verify/Cades - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/Cades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

17.6. Signed XML document verification [Verify/Xades]

Signed XML document verification are performed by using the Verify/Xades.

Verify/Xades - Request
Parameter	Type	Requested	Description
options	string	No	Verification options
document	byte[]	Yes	XML signed document to verify
detachedsignature	string	No	Signature to verify

Verify/Xades - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
valid	bool	Verification result, if the signature was not manipulated, the certificate is trustable and it is not expired nor revoked, the answer will be true
signatures	SignatureData	IvSign signature data object

Request and response example:

JSON request
{ "document": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZ..." }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"valid": true,
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "63CF18D0BE03C9315A6992CB81C9C5CB",
"validfrom": "2018-01-25T09:18:19",
"validto": "2022-01-25T09:18:19",
"issuer": "CN=AC FNMT Usuarios, OU=Ceres, O=FNMT-RCM, C=ES",
"issuercn": "AC FNMT Usuarios",
"subject": "CN=Nombre Apellidos - 00000000T, SN=Nombre, G=Apellidos, SERIALNUMBER=IDCES-00000000T, C=ES",
"subjectcn": "Nombre Apellidos - 00000000T",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [
"Digital Signature",
"Non-Repudiation",
"Key Encipherment (e0)"
],
"enhancedkeyusage": [
"Secure Email (1.3.6.1.5.5.7.3.4)",
"Client Authentication (1.3.6.1.5.5.7.3.2)"
],
"caname": "FNMT",
"type": "PF",
"userinfo": {
"name": "Nombre",
"lastname": "Apellidos",
"ident": "00000000T",
"email": "miuser@prueba.com",
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "C8005FA82074A9C7D6A9FAC90EA7A717506B30CF"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
},
"signatureid": "Signature-102557316",
"valid": true,
"integrity": true,
"profile": "t",
"extensions": "",
"envelop": "Enveloped",
"cer": "MIIHdDCCBlygAwIBAgIQY88Y0L4DyTFaaZLLgcnFyzANBgkqhki...",
"signingtime": "2018-08-27T07:23:21",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": true,
"type": "Generic",
"time": "2018-08-27T07:23:21",
"signatures": null
}
],
"validationtimestamps": []
}
]
}

Verify/Xades - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Verify/Xades - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

18. External PKI integration management [PKI]

18.1. Certificate request [PKI/Petition]

Requesting certificates with associated PKI is done through PKI/Petition method.
Administrator privileges are needed to use this method.
The authentication will be provided on the pkiauth parameter. It changes according to the specified PKI.
The parameter fields will contain a key value array (dictionary). Its parameters will changes according to the specified PKI.

PKI/Petition - Request
Parameter	Type	Requested	Description
pki	string	Yes	PKI identifier
pkiauth	string	Yes	Certificate's pin
fields	string[][]	Yes	Request parameters

PKI/Petition - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pki": "status", "pkiauth": "sign\|8981CEC30B43\|pin", "fields": [ [ "nombre", "Juan" ], [ "dni", "12345678Z" ], ] }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PKI/Petition - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

PKI/Petition - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

18.2. Getting CA certificate's public key [PKI/CACERGet]

Getting CA certificate's public key is done through the PKI/CACERGet method.

PKI/CACERGet - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
fields	string[][]	Yes	Request parameters

PKI/CACERGet - Response
Parameter	Type	Description
cer	byte[]	Certificate`s public key
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pki": "prueba", "fields": [ [ "nombre", "Juan" ], [ "dni", "12345678Z" ], ] }

JSON response
{ "cer": "MIIH0zCCBrugAwIBAgIJALuqibvbQhjqMA0G...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PKI/CACERGet - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CACERGet - Audits
Operation	Audits
Correct	No
Incorrect	No

18.3. Listing CA PKI certificates [PKI/CAList]

Listing CA PKI certificates is done through the PKI/CAList method.

PKI/CAList - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
pkicert	PKICert		IvSign PKI certificate object
pkicert.sha1sum	string	No	PKI certificate's SHA1SUM
page	Page	No	IvSign page object

PKI/CAList - Response
Parameter	Type	Description
result	PKICert[]	IvSign PKI certificate object
page	Page	IvSign page object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pki": "prueba" }

JSON response

{
"result": [
{
"sha1sum": "3F444680E87112F588545EF641B9F1D63896519E",
"serial": "0DEA554E52F5",
"name": "Mica root",
"subjectcn": "MICA_CA_INTERMEDIA",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
},
{
"sha1sum": "1E2DA01D7BB6B8C1ADBDE84C3C9458F4F707CC16",
"serial": "0DEA5541B7DF",
"name": "ROOT",
"subjectcn": "IvPKI Root",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
}
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 2
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PKI/CAList - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CAList - Audits
Operation	Audits
Correct	No
Incorrect	No

18.4. Getting PKI certificate public key [PKI/CertCERGet]

Getting a PKI certificate's public key is done through the PKI/CertCERGet method.

PKI/CertCERGet - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
fields	string[][]	No	Request parameters

PKI/CertCERGet - Response
Parameter	Type	Description
cer	byte[]	Certificate`s public key
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pki": "prueba" }

JSON response
{ "cer": "MIIH0zCCBrugAwIBAgIJALuqibvbQhjqMA0G...", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

PKI/CertCERGet - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CertCERGet - Audits
Operation	Audits
Correct	No
Incorrect	No

18.5. Generating PKI certificate [PKI/CertGen]

Generating new PKI certificates is done through the PKI/CertGen method.

PKI/CertGen - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
fields	string[][]	Yes	Request parameters
cert	Cert		IvSign certificate object
cert.name	string	No	Certificate's name
cert.descr	string	No	Certificate's description
cert.pin	string	No	Certificate's pin
user	User		IvSign user object
user.userid	string	Yes	Certificate's user
user.orgaid	string	Yes	Certificate's organization

PKI/CertGen - Response
Parameter	Type	Description
cert	Cert	IvSign certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pki": "prueba", "fields": [ [ "subject", "{\"cn\":\"miuser\"}" ], [ "validfrom", "2019-05-22T08:01:49.902Z" ], [ "validto", "2020-05-22T08:01:49.902Z" ] ], "user": { "userid": "miuser", "orgaid": "miorga" }, "cert": { "name": "miuser", "pin": "Abc#@123" } }

JSON response

{
"cert": {
"certid": "7DC44VS2IJMMW",
"name": "dgarcia",
"userid": "dgarcia",
"orgaid": "ivnosys",
"orgachain": "root.ivnosys.",
"descr": null,
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"disabledadminreason": null,
"createdate": "2019-05-22T15:07:16Z",
"subject": "CN=dgarcia",
"subjectcn": "dgarcia",
"issuer": "OU=IvSign, O=Ivnosys, L=Paterna, S=Valencia, C=ES, CN=TEST_CA_INTERMEDIA",
"issuercn": "TEST_CA_INTERMEDIA",
"validfrom": "2019-05-22T08:01:49Z",
"validto": "2020-05-22T08:01:49Z",
"serial": "0E2CC0D249C5",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "dgarcia",
"linked": false,
"createmethod": "PKICertGen",
"createmodule": "swagger",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "299aa5c65a4f48c4f81b182a23728ab6c57bfee4",
"extid": null,
"providerdata": "{\"pkiprovider\":\"prueba\"}",
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null
},
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44VS2HFYAG"
}
}

PKI/CertGen - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CertGen - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

18.6. Listing PKI certificates [PKI/CertList]

Listing PKI certificates is done through the PKI/CertList method.

PKI/CertList - Request
Parameter	Type	Requested	Description
pkicert	PKICert		IvSign PKI certificate object
pkicert.sha1sum	string	No	Certificate SHA1SUM
pki	string	Yes	Associated PKI identifier
page	Page	No	IvSign page object

PKI/CertList - Response
Parameter	Type	Description
result	PKICert[]	IvSign PKI certificate object
page	Page	IvSign page object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pki": "prueba" }

JSON response

{
"result": [
{
"sha1sum": "3F444680E87112F588545EF641B9F1D63896519E",
"serial": "0DEA554E52F5",
"name": "Mica root",
"subjectcn": "MICA_CA_INTERMEDIA",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
},
{
"sha1sum": "1E2DA01D7BB6B8C1ADBDE84C3C9458F4F707CC16",
"serial": "0DEA5541B7DF",
"name": "ROOT",
"subjectcn": "IvPKI Root",
"issuercn": "IvPKI Root",
"validfrom": "2018-01-01T00:00:00",
"validto": "2042-12-31T23:59:59",
"isrevoked": false,
"isexpired": false,
"createdate": "2018-06-26T00:00:00"
}
...
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": 6
},
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

PKI/CertList - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/CertList - Audits
Operation	Audits
Correct	No
Incorrect	No

18.7. Revoking PKI certificate [PKI/Revoke]

Revoking a PKI certificate is done through the PKI/Revoke method.

PKI/Revoke - Request
Parameter	Type	Requested	Description
pki	string	Yes	Associated PKI identifier
fields	string[][]	Yes	Request parameters

PKI/Revoke - Response
Parameter	Type	Description
result	string	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "pki": "prueba", "fields": [ [ "sha1sum", "299aa5c65a4f48c4f81b182a23728ab6c57bfee4" ] ] }

JSON response
{ "result": "299aa5c65a4f48c4f81b182a23728ab6c57bfee4 REVOKED", "error": { "code": "K0000", "message": "OK", "traceid": "7DC44VTOE5IAY" } }

PKI/Revoke - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The PKI must belong to the agent user organization
Super Administrator	Yes	The PKI must belong to the agent user organization or to a child organization of this

PKI/Revoke - Audits
Operation	Audits
Correct	No
Incorrect	No

19. Configuration management [Config]

19.1. Creating configuration [Config/Add]

Creating a new configuration is done through the Config/Add method.

Config/Add - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.orgaid	string	Yes	Configuration's organization
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.opt	string	No	Configuration's option inside the configuration's name
config.value	string	Yes	Configuration's value
config.type	string	Yes	Configuration's data value type
config.w	int	Yes	Configuration's user level privileges needed to write it
config.r	int	Yes	Configuration's user level privileges needed to read it

Config/Add - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "config": { "orgaid": "miorga", "section": "auth", "name": "passtries", "value": "50" } }

JSON response
{ "config": { "configid": 2586, "orgaid": "miorga", "section": "auth", "name": "passtries", "opt": "", "type": "int", "value": "50" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Config/Add - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	The created configuration must belong to organization of the agent user or to a child organization of this

Config/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

19.2. Deleting configuration [Config/Del]

Deleting a configuration is done through the Config/Del method.

Config/Del - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.configid	string	Yes	IvSign configuration ID

Config/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "config": { "configid": 2586 } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Config/Del - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The deleted configuration must belong to organization of the agent user
Super Administrator	Yes	The deleted configuration must belong to organization of the agent user or to a child organization of this

Config/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

19.3. Getting configuration [Config/Get]

Getting a configuration is done through the Config/Get method.

Config/Get - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.orgaid	string	No	Configuration's organization

Config/Get - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "config": { "orgaid": "miorga", "section": "auth", "name": "passtries", } }

JSON response
{ "config": { "configid": 2586, "orgaid": "miorga", "section": "auth", "name": "passtries", "opt": "", "type": "int", "value": "50" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Config/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The requested configuration's reading level value must be equal or lower than the agent user
Administrator	Yes	The requested configuration's reading level value must be equal or lower than the agent user
Super Administrator	Yes	The requested configuration's reading level value must be equal or lower than the agent user

Config/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

19.4. Listing configurations [Config/List]

Listing configurations is done through the Config/List method.
Only the allowed configurations to the agent user will be listed, according to the agent user privileges level.

Config/List - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.section	string	No (Yes if name, type and opt are empty)	Configuration's section
config.name	string	No (Yes if section, type and opt are empty)	Configuration's name inside the configuration's section
config.type	string	No (Yes if section, name and opt are empty)	Configuration's data value type
config.opt	string	No (Yes if section, name and type are empty)	Configuration's option inside the configuration's name
config.orgaid	string	No	Configuration's organization

Config/List - Response
Parameter	Type	Description
config	Config[]	IvSign configuration object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "config": { "section": "auth" } }

JSON response

{
"configlist": [
{
"configid": 2586,
"orgaid": "orgavisabuelo",
"section": "auth",
"name": "passtries",
"opt": "",
"type": "int",
"value": "50"
},
{
"configid": 86,
"orgaid": "default",
"section": "auth",
"name": "searchprovider",
"opt": "",
"type": "text",
"value": "artic"
},
{
"configid": 2485,
"orgaid": "#SYSTEM",
"section": "auth",
"name": "defaultprovider",
"opt": "",
"type": "text",
"value": "db"
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Config/List - User permissions
User	Allowed	Conditions
Basic	Yes	The requested configuration's reading level value must be equal or lower than the agent user
Administrator	Yes	The requested configuration's reading level value must be equal or lower than the agent user
Super Administrator	Yes	The requested configuration's reading level value must be equal or lower than the agent user

Config/List - Audits
Operation	Audits
Correct	No
Incorrect	No

19.5. Getting public configuration [Config/PublicGet]

Getting public configuration is done through the Config/PublicGet method.
The difference between configuration and public configuration is that public configuration has no user level privileges restrictions.

Config/PublicGet - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.orgaid	string	Yes	Configuration's organization

Config/PublicGet - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "config": { "orgaid": "miorga", "section": "auth", "name": "passtries" } }

JSON response
{ "config": { "configid": 2586, "orgaid": "miorga", "section": "auth", "name": "passtries", "opt": "", "type": "int", "value": "50" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Config/PublicGet - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Config/PublicGet - Audits
Operation	Audits
Correct	No
Incorrect	No

19.6. Setting configuration [Config/Set]

Setting a configuration's value is done through the Config/Set method.

Config/Set - Request
Parameter	Type	Requested	Description
config	Config		IvSign configuration object
config.orgaid	string	No	Configuration's organization
config.section	string	Yes	Configuration's section
config.name	string	Yes	Configuration's name inside the configuration's section
config.opt	string	No	Configuration's option inside the configuration's name
config.value	string	Yes	Configuration's value

Config/Set - Response
Parameter	Type	Description
config	Config	IvSign configuration object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "config": { "section": "auth", "name": "passtries", "value": 20 } }

JSON response
{ "config": { "configid": 2586, "orgaid": "miorga", "section": "auth", "name": "passtries", "opt": "", "type": "int", "value": "20" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Config/Set - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The modified configuration must belong to the organization of the agent user and its writing level value must be equal or lower than the agent user
Super Administrator	Yes	The modified configuration must belong to the organization of the agent user or to a child organization of this and its writing level value must be equal or lower than the agent user

Config/Set - Audits
Operation	Audits
Correct	No
Incorrect	No

20. Delegations management [Deleg]

20.1. Delegation creation [Deleg/Add]

IvSign certificate delegations are done through the Deleg/Add method.
Once the delegation is created, users can be assigned to it. For each user assigned a copy certificate of the delegation certificate will be created.

Deleg/Add - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.certid	string	Yes	IvSign certificate ID
deleg.name	string	Yes	Delegation's name
deleg.orgaid	string	No	Delegation's organization

Deleg/Add - Response
Parameter	Type	Description
deleg	Deleg	IvSign certificate delegation object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "certid": 42, "name": "mideleg" } }

JSON response
{ "deleg": { "delegid": 42, "userid": "miuser", "certid": "8B1F1E4B7027", "serial": "46F3730EB8", "name": "mideleg", "descr": "decripción del certificado", "disabled": false, "createdate": "2018-08-28T06:42:34.5705501Z", "ignorecertrules": false, "orgaid": "miorga", "oper": "miuser" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/Add - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate must belong to the agent user
Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.2. Deleting delegated certificates [Deleg/CertDel]

Deleting delegated certificates from its delegation is done through the Deleg/CertDel method.

Deleg/CertDel - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID
cert	Cert		IvSign certificate object
cert.certid	string	Yes	IvSign certificate ID, the delegated certificate ID

Deleg/CertDel - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "delegid": "7DC4LGMRCIIX4" }, "cert": { "certid": "8B1F1E4B7027" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/CertDel - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/CertDel - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.3. Listing delegated certificates [Deleg/CertList]

Listing all the delegated certificates created by a delegation is done through the Deleg/CertList method.

Deleg/CertList - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID

Deleg/CertList - Response
Parameter	Type	Description
certlist	Cert[]	IvSign certificate object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "delegid": 42 } }

JSON response

{
"certlist": [
{
"certid": "8B1F1E4B7027",
"name": "micertificado",
"orgaid": "miorga",
"userid": "miuser",
"descr": "decripción del certificado",
"custom1": null,
"custom2": null,
"custom3": null,
"disabled": false,
"createdate": "2018-06-22T08:54:45Z",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO,...",
"subjectcn": "NombreN Apellidos",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2018-06-22T08:55:18Z",
"validto": "2023-06-21T08:55:18Z",
"serial": "46F3730EB8",
"keysize": "2048",
"signalg": "sha1RSA",
"certprovider": "dbsecure",
"delegated": true,
"delegid": 40,
"oper": "user1",
"linked": false,
"createmethod": "metodocreacion",
"createmodule": "moduleprueba",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "b3332002481f83d126ac0d47e3a7c68834a73438",
"extid": null,
"providerdata": null,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false
}
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Deleg/CertList - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/CertList - Audits
Operation	Audits
Correct	No
Incorrect	No

20.4. Deleting delegation [Deleg/Del]

Deleting a delegation is done through the Deleg/Del method.
The delegation must have no users associated to it.

Deleg/Del - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID

Deleg/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "delegid": 42 } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.5. Getting delegation data [Deleg/Get]

Getting delegation data is done through the Deleg/Get method.

Deleg/Get - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID

Deleg/Get - Response
Parameter	Type	Description
deleg	Deleg	IvSign certificate delegation object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "delegid": 42 } }

JSON response
{ "deleg": { "delegid": 42, "userid": "miuser", "certid": "8B1F1E4B7027", "serial": "46F3730EB8", "name": "mideleg", "descr": "decripción del certificado", "disabled": false, "createdate": "2018-08-28T06:42:34.5705501Z", "ignorecertrules": false, "orgaid": "miorga", "oper": "miuser" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

20.6. Listing delegations [Deleg/List]

Listing delegations a user delegations or an organization delegations is done through the Deleg/List method.

Deleg/List - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.orgaid	string	No	Delegation's organization
deleg.userid	string	No	Delegation's user
page	Page		IvSign page object

Deleg/List - Response
Parameter	Type	Description
deleg	Deleg[]	IvSign certificate delegation object
page	Page	IvSign page object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "orgaid": "miorga", "userid": "miuser" }, "page": null }

JSON response

{
"deleglist": [
{
"delegid": 36,
"userid": "miuser",
"certid": "8A62437FBF85",
"serial": "00BBAA89BBDB4218EA",
"name": "Prueba",
"descr": null,
"disabled": false,
"createdate": "2018-06-07T14:31:05Z",
"ignorecertrules": false,
"orgaid": "miorga",
"oper": "miuser"
},
{
"delegid": 42,
"userid": "miuser",
"certid": "8B1F1E4B7027",
"serial": "46F3730EB8",
"name": "mideleg",
"descr": null,
"disabled": false,
"createdate": "2018-08-28T06:42:34Z",
"ignorecertrules": false,
"orgaid": "miorga",
"oper": "miuser"
}
],
"page": null,
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Deleg/List - User permissions
User	Allowed	Conditions
Basic	Yes	The listed delegations must belong to the agent user
Administrator	Yes	The listed delegations must belong to users that belong to the same organizations as the agent user
Super Administrator	Yes	The listed delegations must belong to users that belong to the same organizations as the agent user or to a child organization of this

Deleg/List - Audits
Operation	Audits
Correct	No
Incorrect	No

20.7. Setting delegation [Deleg/Set]

Setting a delegation parameters is done through the Deleg/Set method.

Deleg/Set - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID
deleg.name	string	No	Delegation's name
deleg.disabled	bool	No	Enabled / disabled delegation flag

Deleg/Set - Response
Parameter	Type	Description
deleg	Deleg	IvSign certificate delegation object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "delegid": 42, "name": "cocoa", "disabled": true } }

JSON response
{ "deleg": { "delegid": 42, "userid": "miuser", "certid": "8B1F1E4B7027", "serial": "46F3730EB8", "name": "cocoa", "descr": "cocoa", "disabled": true, "createdate": "2018-08-28T06:42:34Z", "ignorecertrules": false, "orgaid": "miorga", "oper": "miuser" }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Deleg/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.8. Associating user to delegation [Deleg/UserAdd]

Associating a user to a delegation is done through the Deleg/UserAdd method.
This method creates a delegation certificate copy to each user assigned to it. The copy certificates are marked as it.

Deleg/UserAdd - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID
cert	Cert		IvSign certificate object
cert.userid	string	Yes	Recipient user
cert.orgaid	string	No	Recipient user organization
cert.pin	string	Yes	Certificate's pin
cert.newpin	string	Yes	Delegated certificate's pin
disablenotify	bool	No	Enabled / disabled notification flag

Deleg/UserAdd - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "delegid": 42 }, "cert": { "userid": "miuserdeleg", "orgaid": "miorga", "pin": "123#@Abc", "newpin": "Abc1#@23" }, "disablenotify": true }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/UserAdd - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this, and the user and the must belong to the same organization

Deleg/UserAdd - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.9. Deleting user from delegation [Deleg/UserDel]

Deleting a user from a delegation is done through the Deleg/UserDel method.
This method deletes the delegated certificate, removing the user from the delegation.

Deleg/UserDel - Request
Parameter	Type	Requested	Description
deleg	Deleg		IvSign certificate delegation object
deleg.delegid	int	Yes	IvSign certificate delegation ID
user	User		IvSign user object
user.userid	string	Yes	Public certificate's user
user.orgaid	string	No	User's organization

Deleg/UserDel - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "deleg": { "delegid": 42 }, "user": { "userid": "miuserdeleg", "orgaid": "miorga" } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Deleg/UserDel - User permissions
User	Allowed	Conditions
Basic	Yes	The delegation must belong to the agent user
Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this, and the user and the must belong to the same organization

Deleg/UserDel - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

20.10. Listing allowed delegation users [Deleg/UserListAllowed]

Listing which users are allowed to be assigned to a delegation is done through the Deleg/UserListAllowed method.
Usually these users are the enabled ones that belong to the same organization as the agent user.

Deleg/UserListAllowed - Request
Parameter	Type	Requested	Description
Without request parameters

Deleg/UserListAllowed - Response
Parameter	Type	Description
userlist	User[]	IvSing user object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{}

JSON response

{
"userlist": [
{
"userid": "miuser2",
"extid": null,
"orgaid": null,
"email": null,
"name": "Nombre2",
"lastname": "Apellidos2",
"lastip": null,
"ident": null,
"disabled": false,
"createdate": null,
"lastlogin": null,
"previouslogin": null,
"authprovider": null,
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": null,
"valid": null,
"phone": null
},
{
"userid": "miuser3",
"extid": null,
"orgaid": null,
"email": null,
"name": "Nombre3",
"lastname": "Apellidos3",
"lastip": null,
"ident": null,
"disabled": false,
"createdate": null,
"lastlogin": null,
"previouslogin": null,
"authprovider": null,
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": null,
"valid": null,
"phone": null
},
...
],
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
}
}

Deleg/UserListAllowed - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes
Super Administrator	Yes

Deleg/UserListAllowed - Audits
Operation	Audits
Correct	No
Incorrect	No

21. Usage rules / Usage policies management [Rule]

21.1. Creating usage rule [Rule/Add]

Creating usage rules or usage policies is done through the Rule/Add method.
The rules can be applied to a certificate or to a delegation. If the rule is applied to certificate is called policy. Once a rule is applied to a delegation, its effect is applied to all the delegated certificates as well.

Rule/Add - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.delegid	int	No (Yes if certid is empty)	IvSign certificate delegation ID
rule.certid	string	No (Yes if delegid is empty)	IvSign certificate ID
rule.name	string	Yes	Rule's name
rule.dayfrom	DateTime	No	Rule application start date
rule.dayto	DateTime	No	Rule application end date
rule.hourfrom	int	No	Rule application start time
rule.hourto	int	No	Rule application end time
rule.dow	int	No	Rule application weekdays, in binary format, for instance: 5 is binary is 101, that means the rule is applied on Monday and Wednesday

Rule/Add - Response
Parameter	Type	Description
rule	Rule	IvSign rule object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "rule": { "delegid": 42, "name": "miregla", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 31 } }

JSON response
{ "rule": { "ruleid": 5, "delegid": 42, "certid": null, "name": "miregla", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 31, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/Add - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate or the delegation must belong to the agent user
Administrator	Yes	The certificate or the delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate or the delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/Add - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

21.2. Deleting rule [Rule/Del]

Deleting a usage rule or usage policy is done through the Rule/Del method.

Rule/Del - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.ruleid	int	Yes	IvSign rule ID

Rule/Del - Response
Parameter	Type	Description
result	bool	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "rule": { "ruleid": 5 } }

JSON response
{ "result": true, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/Del - User permissions
User	Allowed	Conditions
Basic	Yes	The deleted rule must belong to a certificate or delegation that belongs to the agent user
Administrator	Yes	The deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/Del - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

21.3. Getting rule data [Rule/Get]

Getting usage rule data is done through the Rule/Get method.

Rule/Get - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.ruleid	int	Yes	IvSign rule ID

Rule/Get - Response
Parameter	Type	Description
rule	Rule	IvSign rule object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "rule": { "ruleid": 5 } }

JSON response
{ "rule": { "ruleid": 5, "delegid": 42, "certid": null, "name": "miregla", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 31, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false }, "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The deleted rule must belong to a certificate or delegation that belongs to the agent user
Administrator	Yes	The deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The deleted rule must belong to a certificate or delegation that belongs to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

21.4. Listing rule [Rule/List]

Listing a delegation usage rules or a certificate usage policies is done through the Rule/List method.

Rule/List - Request
Parameter	Type	Requested	Description
rule	Rule		IvSign rule object
rule.delegid	int	No (Yes if certid is empty)	IvSign certificate delegation ID
rule.certid	string	No (Yes if delegid is empty)	IvSign certificate ID

Rule/List - Response
Parameter	Type	Description
rule	Rule[]	IvSign rule object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "rule": { "delegid": 42 } }

JSON response
{ "rulelist": [ { "ruleid": 5, "delegid": 42, "certid": null, "name": "miregla", "dayfrom": "2018-08-01T00:00:00Z", "dayto": "2018-08-31T00:00:00Z", "hourfrom": 8, "hourto": 20, "dow": 31, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Rule/List - User permissions
User	Allowed	Conditions
Basic	Yes	The certificate or the delegation must belong to the agent user
Administrator	Yes	The certificate or the delegation must belong to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The certificate or the delegation must belong to a user that belongs to the same organization as the agent user or to a child organization of this

Rule/List - Audits
Operation	Audits
Correct	No
Incorrect	No

22. Notification management [Notify]

22.1. Getting notification [Notify/Get]

Getting a notification data is done through the Notify/Get method.

Notify/Get - Request
Parameter	Type	Requested	Description
notify	Notify		IvSign notification object
notify.notifyid	int	Yes	IvSign notification ID

Notify/Get - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
notify	Notify	IvSign notification object

Request and response example:

JSON request
{ "notify": { "notifyid": 1 } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"notify": {
"notifyid": 1,
"subject": "Encabezado usuario",
"body": "cuerpo del mensaje del usuario",
"createdate": "2018-05-31T11:09:35",
"userid": "miuser",
"orgaid": null,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": "2018-08-28T10:47:38.175698",
"accepteduser": "miuser",
"readed": true,
"accepted": true,
"requiredcheck": null
}
}

Notify/Get - User permissions
User	Allowed	Conditions
Basic	Yes	The notification must be addressed to the agent user
Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this

Notify/Get - Audits
Operation	Audits
Correct	No
Incorrect	No

22.2. Listing notification [Notify/List]

Listing the notifications addressed to a user or to an organization is done through the Notify/List method.

Notify/List - Request
Parameter	Type	Requested	Description
notify	Notify		IvSign notification object
notify.userid	string	No	Notification's addressed user
notify.orgaid	string	No	Notification's addressed organization
page	Page	No	IvSign page object

Notify/List - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
notifylist	Notify[]	IvSign notification object
page	Page	IvSign page object

Request and response example:

JSON request
{ "notify": { "userid": "miuser", "orgaid": "miorga" }, "page": null }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"notifylist": [
{
"notifyid": 1,
"subject": "Encabezado usuario",
"body": "cuerpo del mensaje del usuario",
"createdate": "2018-05-31T11:09:35",
"userid": "miuser",
"orgaid": null,
"required": false,
"readeddate": "2018-06-04T06:47:11.181291",
"accepteddate": "2018-08-28T10:47:38.175698",
"accepteduser": "miuser",
"readed": true,
"accepted": true,
"requiredcheck": null
},
{
"notifyid": 2,
"subject": "Encabezado organización",
"body": "cuerpo del mensaje de la organización",
"createdate": "2018-05-31T11:09:35",
"userid": null,
"orgaid": "miorga",
"required": true,
"readeddate": "2018-05-31T09:20:09.597372",
"accepteddate": "2018-05-31T09:20:27.100567",
"accepteduser": "miuser",
"readed": true,
"accepted": true,
"requiredcheck": "Aceptar"
},
...
],
"page": {
"id": 1,
"itemspage": 0,
"numpages": 1,
"totalitems": null
}
}

Notify/List - User permissions
User	Allowed	Conditions
Basic	Yes	The notification must be addressed to the agent user
Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this

Notify/List - Audits
Operation	Audits
Correct	No
Incorrect	No

22.3. Setting notification [Notify/Set]

Setting a notification parameters is done through the Notify/Set method.
This method is also used to accept a notification.

Notify/Set - Request
Parameter	Type	Requested	Description
notify	Notify		IvSign notification object
notify.notifyid	int	Yes	IvSign notification ID
notify.subject	string	No	Notification's subject
notify.body	string	No	Notification's message
notify.required	bool	No	Required acceptance flag
notify.readed	bool	No	Notification read flag
notify.accepted	bool	No	Notification accepted flag

Notify/Set - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
notify	Notify	IvSign notification object

Request and response example:

JSON request
{ "notify": { "notifyid": 1, "subject": "Nuevo asunto", "body": "Nuevo cuerpo" } }

JSON response
{ "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }, "notify": { "notifyid": 1, "subject": "Nuevo asunto", "body": "Nuevo cuerpo", "createdate": "2018-05-31T11:09:35", "userid": null, "orgaid": "miorga", "required": false, "readeddate": "2018-06-04T06:47:20.954299", "accepteddate": null, "accepteduser": null, "readed": true, "accepted": false, "requiredcheck": null } }

Notify/Set - User permissions
User	Allowed	Conditions
Basic	Yes	The notification must be addressed to the agent user
Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user
Super Administrator	Yes	The notification must be addressed to a user that belongs to the same organization as the agent user or to a child organization of this

Notify/Set - Audits
Operation	Audits
Correct	Yes
Incorrect	Yes

23. Statistics management [Stats]

23.1. General system statistics [Stats/System]

Getting general system statistics is done through the Stats/System method.

Stats/System - Request
Parameter	Type	Requested	Description
Without request parameters

Stats/System - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
statslist	StatsResult	IvSign common statistics object

Request and response example:

JSON request
{}

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "10"
},
{
"Key": "Cert",
"Value": "50"
},
{
"Key": "Deleg",
"Value": "20"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "6"
},
{
"Key": "Sign",
"Value": "240"
},
{
"Key": "Signature",
"Value": "150"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "320"
},
{
"Key": "Signature",
"Value": "210"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Orga",
"Value": "10"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}

Stats/System - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	No

Stats/System - Audits
Operation	Audits
Correct	No
Incorrect	No

23.2. Organization and its child organization statistics [Stats/OrgaChain]

Getting an organization and its child organization statistics is done through the Stats/OrgaChain method.

Stats/OrgaChain - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	No	IvSign organization ID

Stats/OrgaChain - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
statslist	StatsResult	IvSign common statistics object

Request and response example:

JSON request
{ "orga": { "orgaid": "miorga" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "6"
},
{
"Key": "Cert",
"Value": "30"
},
{
"Key": "Deleg",
"Value": "7"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "3"
},
{
"Key": "Sign",
"Value": "102"
},
{
"Key": "Signature",
"Value": "53"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "270"
},
{
"Key": "Signature",
"Value": "180"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}

Stats/OrgaChain - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	Yes	The searched organization must be the agent user's organization or a child organization of this

Stats/OrgaChain - Audits
Operation	Audits
Correct	No
Incorrect	No

23.3. Organization statistics [Stats/Orga]

Getting an organization statistics is done through the Stats/Orga method.

Stats/Orga - Request
Parameter	Type	Requested	Description
orga	Orga		IvSign organization object
orga.orgaid	string	Yes	IvSign organization ID

Stats/Orga - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
statslist	StatsResult	IvSign common statistics object

Request and response example:

JSON request
{ "orga": { "orgaid": "miorga" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "User",
"Value": "2"
},
{
"Key": "Cert",
"Value": "5"
},
{
"Key": "Deleg",
"Value": "1"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Sign",
"Value": "58"
},
{
"Key": "Signature",
"Value": "26"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "157"
},
{
"Key": "Signature",
"Value": "103"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}
}

Stats/Orga - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The searched organization must be the agent user's organization
Super Administrator	Yes	The searched organization must be the agent user's organization or a child organization of this

Stats/Orga - Audits
Operation	Audits
Correct	No
Incorrect	No

23.4. User statistics [Stats/User]

Getting a user statistics is done through the Stats/User method.

Stats/User - Request
Parameter	Type	Requested	Description
user	User		IvSign user object
user.userid	string	Yes	IvSign user ID
user.orgaid	string	No	User's organization

Stats/User - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
statslist	StatsResult	IvSign common statistics object

Request and response example:

JSON request
{ "user": { "userid": "miuser", "orgaid": "miorga" } }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid":"7DC44PFZOEPUQ"
},
"statslist": {
"currentCount": [
{
"Key": "Cert",
"Value": "2"
},
{
"Key": "Deleg",
"Value": "1"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Sign",
"Value": "22"
},
{
"Key": "Signature",
"Value": "3"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "27"
},
{
"Key": "Signature",
"Value": "4"
}
],
"licenseLimit": null
}
}

Stats/User - User permissions
User	Allowed	Conditions
Basic	Yes	The searched user must be the agent user
Administrator	Yes	The searched user must belong to the same organization as the agent user
Super Administrator	Yes	The searched user must belong to the same organization as the agent user or to a child organization of this

Stats/User - Audits
Operation	Audits
Correct	No
Incorrect	No

23.5. Specific system statistic [Stats/DetailSys]

Getting a specific detailed system statistic is done through the Stats/DetailSys method.

Stats/DetailSys - Request
Parameter	Type	Requested	Description
datefrom	DateTime	Yes	Search start date
dateto	DateTime	Yes	Search end date
category	string	Yes	Category filter (auth, sign, deleg...)
type	string	Yes	Type filter (location, app, module, host)

Stats/DetailSys - Response
Parameter	Type	Description
statsdetail	StatDetailResult[]	IvSign specific statistics object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "datefrom": "2018-08-01T00:00:00", "dateto": "2018-08-31T00:00:00", "category": "sign", "type": "app" }

JSON response
{ "statssign": [ { "value": "app prueba", "owned": 1, "delegated": 0, "fore": 0 }, { "value": "IEXPLORE.EXE", "owned": 5, "delegated": 0, "fore": 0 } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Stats/DetailSys - User permissions
User	Allowed	Conditions
Basic	No
Administrator	No
Super Administrator	No

Stats/DetailSys - Audits
Operation	Audits
Correct	No
Incorrect	No

23.6. Specific organization statistic [Stats/DetailOrga]

Getting a specific detailed organization statistic is done through the Stats/DetailSys method.

Stats/DetailOrga - Request
Parameter	Type	Requested	Description
datefrom	DateTime	Yes	Search start date
dateto	DateTime	Yes	Search end date
orga	Orga		IvSign organization object
orga.orgaid	string	No	IvSign organization ID
category	string	Yes	Category filter (auth, sign, deleg...)
type	string	Yes	Type filter (location, app, module, host)

Stats/DetailOrga - Response
Parameter	Type	Description
statsdetail	StatDetailResult[]	IvSign specific statistics object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "datefrom": "2018-08-01T00:00:00", "dateto": "2018-08-31T00:00:00", "category": "sign", "type": "module" }

JSON response
{ "statssign": [ { "value": "KeyController", "owned": 5, "delegated": 0, "fore": 0 }, { "value": "unknown", "owned": 1, "delegated": 0, "fore": 0 } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Stats/DetailOrga - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The searched organization must be the agent user's organization
Super Administrator	Yes	The searched organization must be the agent user's organization or a child organization of this

Stats/DetailOrga - Audits
Operation	Audits
Correct	No
Incorrect	No

23.7. Specific user statistic [Stats/DetailUser]

Getting a specific detailed user statistic is done through the Stats/DetailSys method.

Stats/DetailUser - Request
Parameter	Type	Requested	Description
datefrom	DateTime	Yes	Search start date
dateto	DateTime	Yes	Search end date
user	User		IvSign organization object
user.userid	string	Yes	IvSign user ID
category	string	Yes	Category filter (auth, sign, deleg...)
type	string	Yes	Type filter (location, app, module, host)

Stats/DetailUser - Response
Parameter	Type	Description
statsdetail	StatDetailResult[]	IvSign specific statistics object
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{ "datefrom": "2018-08-01T00:00:00", "dateto": "2018-08-31T00:00:00", "user": { "userid": "miuser" }, "category": "sign", "type": "host" }

JSON response
{ "statssign": [ { "value": "MIUSER-PC", "owned": 3, "delegated": 0, "fore": 0 }, { "value": "host prueba", "owned": 1, "delegated": 0, "fore": 0 } ], "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Stats/DetailUser - User permissions
User	Allowed	Conditions
Basic	Yes	The searched user must be the agent user
Administrator	Yes	The searched user must belong to the same organization as the agent user
Super Administrator	Yes	The searched user must belong to the same organization as the agent user or to a child organization of this

Stats/DetailUser - Audits
Operation	Audits
Correct	No
Incorrect	No

23.8. Yearly organization signature statistic [Stats/OperationYear]

Getting an organization signature statistics for periods no longer than a year is done through the Stats/OperationYear method.

Stats/OperationYear - Request
Parameter	Type	Requested	Description
yearfrom	int	Yes	Search start year
monthfrom	int	Yes	Search start month
yearto	int	Yes	Search end year
monthto	int	Yes	Search end month
orgaid	string	Yes	Selected organization

Stats/OperationYear - Response
Parameter	Type	Description
error	Error	IvSign error object, contains keyman operation error code result
statslist	Stats[][]	IvSign statistics object

Request and response example:

JSON request
{ "yearfrom": 2019, "monthfrom": 4, "yearto": 2019, "monthto": 5, "orgaid": "orgatest" }

JSON response

{
"error": {
"code": "K0000",
"message": "OK",
"traceid": "DMS44QJBTHJ4O"
},
"statslist": [
[
{
"statsid": 156,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Sign",
"value": "44"
},
{
"statsid": 206,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Sign",
"value": "900"
}
],
[
{
"statsid": 157,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Signature",
"value": "4"
},
{
"statsid": 207,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Signature",
"value": "584"
}
],
[
null,
null
],
[
{
"statsid": 158,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 4,
"stats_type": "Verify",
"value": "4"
},
{
"statsid": 208,
"orgaid": "orgatest",
"orgachain": "root.megatest.orgatest.",
"date_year": 2019,
"date_month": 5,
"stats_type": "Verify",
"value": "579"
}
]
]
}

Stats/OperationYear - User permissions
User	Allowed	Conditions
Basic	No
Administrator	Yes	The searched organization must be the agent user's organization
Super Administrator	Yes	The searched organization must be the agent user's organization or a child organization of this

Stats/OperationYear - Audits
Operation	Audits
Correct	No
Incorrect	No

24. Test [Test]

24.1. Test method [Test/Test]

Checking the correct keyman installation and database creation is done through the Test/Test method.

Test/Test - Request
Parameter	Type	Requested	Description
Without request parameters

Test/Test - Response
Parameter	Type	Description
result	string	Result, correct or incorrect
error	Error	IvSign error object, contains keyman operation error code result

Request and response example:

JSON request
{}

JSON response
{ "result": "ok", "error": { "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" } }

Test/Test - User permissions
User	Allowed	Conditions
Basic	Yes
Administrator	Yes
Super Administrator	Yes

Test/Test - Audits
Operation	Audits
Correct	No
Incorrect	No

25. IvSign common objects definition

IvSign common object definitions are listed below.

25.1. User object

The User object holds all the information relative a IvSign user.

User
Parameter	Type	Description
userid	string	IvSign user ID
extid	string	User's external ID
orgaid	string	User's organization
orgachain	string	User's organization chain
email	string	User's email
name	string	User's name
lastname	string	User's last name
lastip	string	User's last access IP
ident	string	User's identifier card
disabled	bool	Enabled/disabled user flag
createdate	DateTime	User's creation date time
lastlogin	DateTime	User's last access date time
previouslogin	DateTime	User's previous access to the last
authprovider	string	Authentication provider
admin	bool	Privileges user level
superadmin	bool	Privileges user level
pass	string	User's password
validation	string	Account recovery validation code
lang	string	User's language
phone	string	User's phone number
valid	bool	Valid/invalid user flag
disabledreason	string	Disabled reason

Ejemplo JSON

{
"userid": "miuser",
"extid": "idexterno",
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga.",
"email": "miuser@ivsign.net",
"name": "Nombre",
"lastname": "Apellidos",
"lastip": "127.0.0.1",
"ident": "12345678Z",
"disabled": false,
"createdate": "2017-10-11T15:25:44",
"lastlogin": "2017-10-16T09:18:25",
"previouslogin": "2017-10-16T09:15:43",
"authprovider": "db",
"admin": false,
"superadmin": false,
"pass": null,
"validation": null,
"lang": "es",
"phone": "600600600",
"valid": true,
"disabledreason": ""
}

25.2. Cert object

The Cert object holds all the information relative a IvSign certificate.

Cert
Parameter	Type	Description
certid	string	IvSign certificate ID
name	string	Certificate's name
orgaid	string	Certificate's organization
userid	string	Certificate's user
descr	string	Certificate's description
custom1	string	Custom field 1
custom2	string	Custom field 2
custom3	string	Custom field 3
disabled	bool	Enabled/disabled flag
createdate	DateTime	Certificate creation/importation to IvSign date time
subject	string	Certificate's subject
subjectcn	string	Certificate's common name
issuer	string	Certificate's issuer
issuercn	string	Certificate's issuer common name
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
serial	string	Serial Number
keysize	string	Certificate's private key size
certprovider	string	Certificate's provider
delegated	bool	Delegation flag
delegid	int	IvSign delegation ID, in case the certificate is a delegated certificate
oper	string	Operator
linked	int	External certificate which the certificate is linked to
createmethod	string	Certificate creation method
createmodule	string	Certificate creation module
pin	string	Certificate's access pin
newpin	string	Certificate's new access pin
revoked	bool	Revoked certificate flag
expired	bool	Expired certificate flag
sha1sum	string	Certificate's fingerprint
extid	string	Certificate's external identifier
providerdata	string	Certificate provider extra information
replacedby	string	Certificate ID which this certificate has been replaced for
replaceddate	DateTime	Replacement date time
replaces	string	Certificate ID which this certificate replaces
replacement	bool	This certificate replaces a previous one flag
signalg	string	Signature algorithm used to sign the certificate, SHA1 or SHA256
orgachain	string	Certificate's organization chain
disabledownercert	bool	Certificate disabled due to its parent certificate was disabled flag
disabledowneruser	bool	Certificate disabled due to the user owner of its parent certificate was disabled flag
disableddeleg	bool	Certificate disabled due to its parent certificate delegation was disabled flag
disabledadmin	bool	Certificate disabled by an administrator user flag
disableduser	bool	Certificate disabled by its user owner flag
qscd	bool	QSCD certificate flag (Qualified Electronic Signature Creation Device)
type	string	Certificate type
disabledadminreason	string	Disabled certificate reason
needauth	bool	It is required certificate's owner authorization for using it flag

Ejemplo JSON

{
"certid": "7DC4USMQ7DNM4",
"name": "testcert1",
"orgaid": "miorga",
"userid": "miuser",
"descr": null,
"custom1": "",
"custom2": "",
"custom3": null,
"disabled": false,
"createdate": "2019-04-03T11:29:19Z",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"subjectcn": "test1",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"validfrom": "2018-04-17T08:05:10Z",
"validto": "2021-04-16T08:05:10Z",
"serial": "6E2A23C76D8AA8E0",
"keysize": "2048",
"signalg": "sha256RSA",
"certprovider": "dbsecure",
"delegated": false,
"delegid": null,
"oper": "basico",
"linked": false,
"createmethod": "ImportPFX",
"createmodule": "CertManager",
"newpin": null,
"pin": null,
"revoked": false,
"expired": false,
"sha1sum": "c88d4165900acaf8fcee7949d4ca0eaebc73d257",
"extid": null,
"providerdata": null,
"orgachain": "root.miorgapadre.miorga.",
"disabledownercert": false,
"disabledowneruser": false,
"disableddeleg": false,
"disabledadmin": false,
"disableduser": false,
"replacedby": null,
"replaceddate": null,
"replaces": null,
"replacement": false,
"qscd": false,
"type": null,
"disabledadminreason": null,
"needauth": null
}

25.3. CertTrash object

The CertTrash object holds all the information relative a IvSign certificate placed on the certificate's bin.

CertTrash
Parameter	Type	Description
certid	string	IvSign certificate ID
name	string	Certificate's name
orgaid	string	Certificate's organization
userid	string	IvSign user ID
descr	string	Certificate's description
custom1	string	Custom field
custom2	string	Custom field
custom3	string	Custom field
disabled	bool	Enabled/disabled flag
createdate	DateTime	Certificate creation/importation to IvSign date time
subject	string	Certificate's subject
subjectcn	string	Certificate's common name
issuer	string	Certificate's issuer
issuercn	string	Certificate's issuer common name
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
serial	string	Serial Number
keysize	string	Certificate's private key size
certprovider	string	Certificate's provider
delegated	bool	Delegation flag
delegid	int	IvSign delegation ID, in case the certificate is a delegated certificate
oper	string	Operator
linked	int	External certificate which the certificate is linked to
createmethod	string	Certificate creation method
createmodule	string	Certificate creation module
pin	string	Certificate's access pin
newpin	string	Certificate's new access pin
revoked	bool	Revoked certificate flag
expired	bool	Expired certificate flag
sha1sum	string	Certificate's fingerprint
extid	string	Certificate's external identifier
providerdata	string	Certificate provider extra information
replacedby	string	Certificate ID which this certificate has been replaced for
replaceddate	DateTime	Replacement date time
replaces	string	Certificate ID which this certificate replaces
replacement	bool	This certificate replaces a previous one flag
signalg	string	Signature algorithm used to sign the certificate, SHA1 or SHA256
orgachain	string	Certificate's organization chain
disabledownercert	bool	Certificate disabled due to the parent certificate is disabled flag
disabledowneruser	bool	Certificate disabled due to the user owner of the parent certificate is disabled flag
disableddeleg	bool	Certificate disabled due to its parent certificate delegation was disabled flag
disabledadmin	bool	Certificate disabled by an administrator user flag
disableduser	bool	Certificate disabled by its user owner flag
qscd	bool	QSCD certificate flag (Qualified Electronic Signature Creation Device)
type	string	Certificate type
disabledadminreason	string	Disabled certificate reason
needauth	bool	It is required certificate's owner authorization for using it flag

Ejemplo JSON

25.4. PubCert object

The PubCert object holds all the information relative a IvSign public certificate.

PubCert
Parameter	Type	Description
pubcertid	string	IvSign public certificate ID
sha1sum	string	Certificate's fingerprint
sha1sumissuer	string	Certificate's fingerprint issuer
userid	string	Certificate's user
orgaid	string	Certificate's organization
orgachain	string	Certificate's organization chain
subject	string	Certificate's subject
issuer	string	Certificate's issuer
alias	string	Certificate's name
serial	string	Serial Number
createdate	DateTime	Certificate's create date time
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
revokeddate	DateTime	Certificate's revoked date time
revoked	bool	Revoked certificate flag
expired	bool	Expired certificate flag
isroot	bool	Certificate is a root CA public certificate flag
isca	bool	Certificate is a CA public certificate flag

Ejemplo JSON

{
"pubcertid": "7DC4K743AGWAU",
"sha1sum": "89210a6ad8658b4c8d4571ff2304e4771e67e720",
"sha1sumissuer": "7f2cb4f769224cb0cf8b692751cbd4cc64a2c450",
"userid": "miuser",
"orgaid": "miorga",
"orgachain": "root.miorgapadre.miorga",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"alias": "alias3",
"serial": "59CFFDD12259B3B6",
"createdate": "2019-02-04T08:37:04Z",
"validfrom": "2017-05-18T21:57:10Z",
"validto": "2020-05-17T21:57:10Z",
"revokeddate": null,
"revoked": false,
"expired": null,
"isroot": false,
"isca": false
}

25.5. PubCertBin object

The PubCertBin object holds all the information relative a IvSign public certificate.

PubCertBin
Parameter	Type	Description
sha1sum	string	Certificate's fingerprint
sha1sumissuer	string	Certificate's fingerprint issuer
cer	string	Certificate's public key
subject	string	Certificate's subject
issuer	string	Certificate's issuer
alias	string	Certificate's name
serial	string	Serial Number
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
revokeddate	DateTime	Certificate's revoked date time
isroot	bool	Certificate is a root CA public certificate flag
isca	bool	Certificate is a CA public certificate flag

Ejemplo JSON

{
"sha1sum": "C4FF20C05A66FC57EF1B50882A78AB2852AFC474",
"sha1sumissuer": "A6F77FA47AB32A37E6DB483D7426B7641741601D",
"cer": "MIIGDzCCBP...",
"subject": "CN=test1, OU=User, O=Test S.L., L=Valencia, C=ES",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"alias": "certificado publico de pruebas",
"serial": "054C3E61E13981",
"validfrom": "2017-04-03T09:48:18",
"validto": "2022-04-02T09:48:18",
"revokeddate": "2022-04-02T09:48:18",
"isroot": false,
"isca": false
}

25.6. CertInfo object

The CertInfo object holds all the information certificate used to perform a signature.
The object holds a userinfo object and a orgainfo object. The userinfo object contains information about the certificate's owner and the orgainfo object contains information about the certificate's owner organization. Not always is it possible to obtain all the information this objects can hold.

CertInfo
Parameter	Type	Description
serial	string	Certificate's serial number
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
issuer	string	Certificate's issuer
issuercn	string	Certificate's issuer common name
subject	string	Certificate's subject
subjectcn	string	Certificate's common name
subjectcountry	string	Certificate's country
signalg	string	Signature algorithm used to sign the certificate
keyusage	string[]	Allowed usage case list
enhancedkeyusage	string[]	Allowed usage exception list
caname	string	PSC issuer identifier
type	string	Certificate type NP: Natural person BNP: Natural person belonging to organization GR: General representative APGR: Artificial person general representative (previous law) AP: Artificial person (previous law) SAPGR: State administrations procedures general representative SR: Special representative EB: Electronic bill ES: Electronic stamp TSU: Time stamp UT: Unidentified type
userinfo		Certificate's user information
name	string	User's name
lastname	string	User's last name
ident	string	User's identifier card
email	string	User's email
birthdate	DateTime	User's birth date
orgainfo		Certificate's organization information
ident	string	Organization's identifier
name	string	Organization's name
qualified	bool	Qualified certificate flag
qualifiedclassification	int	Qualification classification: 0: Natural person 1: Artificial person 2: Components (web site)
sha1sum	string	Certificate's fingerprint
sha1sumissuer	string	Certificate's fingerprint issuer

Ejemplo JSON

{
"serial": "00BBAAA0CD3482BFCD",
"validfrom": "2016-10-27T14:47:24",
"validto": "2018-10-27T14:47:24",
"issuer": "CN=AC Camerfirma Certificados Camerales, C=ES, L=Madrid",
"issuercn": "AC Camerfirma Certificados Camerales",
"subject": "C=ES, OU=TEST, CN=12345678K TEST USER",
"subjectcn": "CN=12345678K TEST USER",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [
"Digital Signature",
"Non Repudiation",
"Key Encipherment"
],
"enhancedkeyusage": [
"1.3.6.1.5.5.7.3.2 TLS Web Client Autentication,
"1.3.6.1.5.5.7.3.4 E-mail Protection",
],
"caname": "Camerfirma",
"type": "PRAP",
"userinfo": {
"name": "Juan",
"lastname": "Apellidos",
"ident": "12345678J",
"email": "usuario@correo.ext",
"birthdate": null
},
"orgainfo": {
"ident": "B12345678",
"name": "EMPRESA SOLUCIONES S.L.",
},
"qualified": true,
"qualifiedclassification": 0,
"sha1sum": "C4FF20C05A66FC57EF1B50882A78AB2852AFC474",
"sha1sumissuer": "A6F77FA47AB32A37E6DB483D7426B7641741601D"
}

25.7. CertRef object

The CertRef object holds all the information relative to a CA public certificate.

CertRef
Parameter	Type	Description
id	string	IvSign reference certificate object
certprovider	string	Certificate's provider
data	byte[]	Certificate's public key

Ejemplo JSON
{ "id": "00BBAAA0CD3482BFCD", "certprovider": "dbsecure", "data": "MIIGDzCCBP...", }

25.8. Orga object

The Orga object holds all the information relative to an IvSign organization.

Orga
Parameter	Type	Description
orgaid	string	IvSign organization ID
extid	string	Organization's external identifier
descr	string	Organization's description
parent	string	Organization's parent
chain	string	Organization's chain to the root organization
license	string	Organization's license code
createdate	DateTime	Organization's create date time

Ejemplo JSON
{ "orgaid": "miorga", "extid": null, "descr": "miorga", "parent": "miorgapadre", "chain": "root.miorgapadre.miorga.", "license": null, "createdate": "2018-08-24T06:16:49Z" }

25.9. Device object

The Device object holds all the information relative to a IvSign device.

Device
Parameter	Type	Description
deviceid	string	IvSign device ID
userid	string	Device's owner
deviceinfo	string[][]	Device information parameters
lastaccess	DateTime	Device's last access
authorized	bool	Authorized/unauthorized device flag

Ejemplo JSON
{ "deviceid": 1, "userid": "miuser", "deviceinfo": [ [ "equipo", "equipoprueba" ], [ "ip", "172.0.0.1" ] ], "lastaccess": "2018-08-24T07:29:19.6678975Z", "authorized": true }

25.10. Inquiry object

The Inquiry object holds all the information relative to a IvSign authorization petition.

Inquiry
Parameter	Type	Description
inquiryid	string	IvSign inquiry ID
type	string	Inquiry's type, only signature authorization available
createdate	DateTime	Inquiry's create date time
validuntil	DateTime	Inquiry's expiry date time
userid	string	User asked for the authorization
orgaid	string	User asked for the authorization organization
pending	bool	Inquiry pending to be approved flag
response	string	Response to the authorization petition

Ejemplo JSON

{
"inquiryid": "7DC5FA5WSOFTE",
"type": "authsign",
"data": "{\"delegacion.delegid\":\"7DC5FAVXCIQGY\",\"delegacion.name\":\"TestInquiry\",\"delegacion.descr"\:\"\",\"cert.certid\":\"7DC5FAV5LFHN6\",...}",
"createdate": "2019-07-12 07:48:57",
"validuntil": "2019-07-12 07:58:57",
"userid": "myuser",
"orgaid": "MYORGA",
"pending": false,
"response": "{\"usagecount\":\"1\",\"hours\":\"1\",\"accepted\":\"true\"}"
}

25.11. Audit object

The Audit object holds all the information relative to the IvSign auditory.

Audit
Parameter	Type	Description
auditid	int	IvSign auditory ID
date	DateTime	Operation's perform day
ip	string	Operation's perform user IP
host	string	Operation's perform device or its IP
certid	string	IvSign used certificate ID (if applicable)
serial	string	Used certificate's serial number (if applicable)
certidorig	string	IvSign parent certificate ID (if applicable)
orgaid	string	Operation's organization
category	string	Operation's category
action	string	Operation's performed action
actiondata	string	Operation's performed action data
success	bool	Success performed operation flag
info	string	Operation's additional information
app	string	Operation's used application
oper	string	Operation's performer operator
userid	string	User on which the operation is performed
impersonator	string	Operation impersonator user (if applicable)
location	string	Signature URL (if applicable)
server	string	Signature server (if applicable)
module	string	Operation integration module
modver	string	Operation integration module version
data	string	Operation's additional data
certsha1sum	string	Operation's certificate finger print (if applicable)
operorgaid	string	Operation's performer operator organization

Ejemplo JSON

{
"auditid": 0,
"date": "2018-05-15T13:47:45.045Z",
"ip": "127.0.0.1",
"host": "miuser-pc",
"certid": "",
"serial": "",
"certidorig": "",
"orgaid": "miorga",
"category": "auth",
"action": "login",
"actiondata": "",
"success": true,
"app": "miapp",
"info": "",
"oper": "miuser",
"userid": "miuser",
"impersonator": "",
"location": "miuser-pc",
"server": "",
"module": "",
"modver": "",
"data": "",
"certsha1sum": "",
"operorgaid": "miorga"
}

25.12. AuditInfo object

The AuditInfo object holds all the information relative to the IvSign auditory categories and actions.

AuditInfo
Parameter	Type	Description
category	string[]	Categories list
action	string[]	Actions list

Ejemplo JSON
{ "category": [ "Auth", "Cert", "CertTrash", "Config", "Deleg", "Device", "Notify", "Orga", "Rule", "Sign", "Signature", "TSP", "User", "Verify" ], "action": [ "Accept", "Add", "Cades", "CER", "Del", "DelCert", "Generate", "Impersonate", "ImportPFX", "Login", "Move", "OrgaMove", "Pades", "PinCheck", "PinSet", "RefLink", "Ren", "Rest", "RSA", "Set", "Sign", "UserAdd", "Val", "Xades" ] }

25.13. SignPadesParams object

The SignPadesParams object holds all the optional information relative to PDF document signature performance.

SignPadesParams
Parameter	Type	Description
cause	string	Signature reason
pdfparameters	PDFSignParams	IvSign PDF signature parameters object
tstampservers	TimeStampServerInfo[]	IvSign time stamp server information object
biometry	Biometry	IvSign biometric data object

Ejemplo JSON

{
"cause": "firma de prueba",
"pdfparameters": {
"pwd": "claveEnTextoPlano",
"signvisible": true,
"signbackgroundconfig": {
"signback": "/9j/4RjhRXhpZgAATU0...",
"signbackautostretch": true,
"transparencymask": {
"red": 255,
"green": 255,
"blue": 255,
"tolerance": 10
}
},
"widgetprops": {
"autopos": false,
"offsetx": 0,
"offsety": 0,
"autosize": false,
"width": 150,
"height": 150,
"rotate": 270,
"showonpages": "first,last,3,5-8",
"widgetpageoffset": 0,
"hidetext": false,
"sizeheader": 5.5,
"sizedatetime": 4,
"sizetitlesection": 5,
"sizetextsection": 4.5,
}
}
"tstampservers": [{
"url": "http://servidor.sellado",
"includecertificates": true,
"hashalgorithm": "sha1"
}],
"biometry": {
"data": "MIIMFDA...",
"cer": "MIIHyDCC...",
}
}

25.14. SignXadesParams object

The SignPadesParams object holds all the optional information relative to XML document signature performance.

SignXadesParams
Parameter	Type	Description
signerrole	string	Signer user role
includewholechain	bool	Include or not the whole certificate's certificate chain
includekeyvalue	bool	Include or not certificate's public key
xadesversion	int	XAdES signature version
location	SignLocation	Signature location data, for instance, the city where the signature is performed
policy	SignPolicy	IvSign signature policy object
tstampserver	TimeStampServerInfo	IvSign time stamp server information object
envreferencetosign	string	Internal reference to the original XML document, must start by '#'
envsigdestreference	string	Sets the xmldsign destination node element through document xpath search method
envnamespacelist	string[][]	Sets the envsigdestreference xpath search method referred nodes namespace and its prefixes list
envreferencetosignns	string	ID node namespace to sign, for example, wsu:Id

Ejemplo JSON

{
"signerrole": "admin",
"includewholechain": true,
"includekeyvalue": true,
"xadesversion": 1.5,
"location": {
"locality": "Paterna",
"province": "Valencia",
"postalcode": "46980",
"country": "Spain"
},
"policy": {
"policyidentifier": "string",
"policyidentifieraddqualifier": true,
"policydescription": "string",
"policydigest": "string",
"policyqualifieruri": "string"
},
"tstampserver": {
"url": "http://servidor.sellado",
"includecertificates": true,
"hashalgorithm": "sha1"
},
"envreferencetosign": "string",
"envsigdestreference": "string",
"envnamespacelist": [
[
"string"
]
],
"envreferencetosignns": "string"
}

25.15. SignCadesParams object

The SignCadesParams object holds all the optional information relative to generic document signature performance.

SignCadesParams
Parameter	Type	Description
tstampserver	TimeStampServerInfo	IvSign time stamp server information object

Ejemplo JSON
{ "tstampserver": { "name": "servidor1", "url": "https://example.ext", "httpauth": false, "username": "miuser", "password": "123@#Abc", "usenonce": false, "includecertificates": true, "hashalgorithm": "sha1" "certid": "8B1F1E4B7027", "pfx": "", "pin": "Abc#@132" } }

25.16. PDFSignParams object

The PDFSignParams object holds all the optional information relative to the signature place on a PDF document signature performance.
It contains parameters to customize the signature place, background mask or the quantity of information showed.

PDFSignParams
Parameter	Type	Description
pwd	string	PDF document password
signvisible	bool	Visible signature enabled/disabled flag
signbackgroundconfig		Visible signature background image properties
signback	byte[]	Image in bytes (ONLY JPG FORMAT)
signbackautostretch	bool	Background image auto stretch enabled/disabled flag
strechx	int	Axis X auto stretch
strechy	int	Axis Y auto stretch
transparencymask		JPG image transparency mask
red	int	Red channel
redtolerance	int	Red tolerance
green	int	Green channel
greentolerance	int	Green tolerance
blue	int	Blue channel
bluetolerance	int	Blue tolerance
tolerance	int	Image tolerance
widgetprops		Visible signature box configuration
autopos	bool	Visible signature box auto position enabled/disabled flag
offsetx	int	Visible signature box axis X position
offsety	int	Visible signature box axis Y position
autosize	bool	Visible signature size auto stretch enabled/disabled flag
width	int	Visible signature width size
height	int	Visible signature height size
rotate	int	Visible signature rotation degrees
showonpages	string	Specifies on what pages the visible signature is shown, option list, separated by coma: all = all the pages, first = first page, last = last page, x = specific page, y-z = page range, examples: 'first,last,3,5,10-20,32-50'
hidetext	bool	Certificate data box enabled/disabled flag
sizeheader	float	Certificate data box heather font size
sizedatetime	float	Certificate data box date font size
sizetitlesection	float	Certificate data box section heather font size
sizetextsection	float	Certificate data box content font size
widgetpageoffset	int	Signature box page offset
captionsigner	string	Caption singer field
captionsignerinfo	string	Caption singer information field
captionalgorithm	string	Caption algorithm field
captionheader	string	Caption header field

Ejemplo JSON

{
"pwd": "1234",
"signvisible": true,
"signbackgroundconfig": {
"signback": "/9j/4RjhRXhpZgAATU0...",
"signbackautostretch": "true",
"stretchx": 0,
"stretchy": 0,
"transparencymask": {
"red": 255,
"redtolerance": 0,
"green": 255,
"greentolerance": 0,
"blue": 255,
"bluetolerance": 0,
"tolerance": 0,
},
},
"widgetprops": {
"sizeheader": 5.5,
"sizedatetime": 4,
"sizetitlesection": 5,
"sizetextsection": 4.5,
"captionsigner": "",
"captionsignerinfo": "",
"captionalgorithm": "",
"captionheader": "",
"autopos": false,
"offsetx": 0,
"offsety": 0,
"autosize": true,
"height": 150,
"width": 150,
"rotate": 270,
"showonpages": "all",
"widgetpageoffset": 0,
"hidetext": false
}
}

25.17. TimeStampServerInfo object

The TimeStampServerInfo object holds all the optional information relative to a time stamp server on a PDF document signature performance.

TimeStampServerInfo
Parameter	Type	Description
name	string	Server's name
url	string	Server's URL
httpauth	bool	Server's authentication required flag
username	string	Server's authentication user
password	string	Server's authentication password
usenonce	bool	Nonce used on the call to the server flag
includecertificates	bool	Server's certificate included into the signature flag
hashalgorithm	string	Hash algorithm, the server must support it
certid	string	Time stamp IvSign certificate ID (if applicable)
pfx	string	Time stamp PFX certificate (if applicable)
pin	string	Certificate's/PFX pin

Ejemplo JSON
{ "name": "servidor1", "url": "https://example.ext", "httpauth": true, "username": "miuser", "password": "123@#Abc", "usenonce": false, "includecertificates": false, "hashalgorithm": "sha1", "certid": "", "pfx": "", "pin": "" }

25.18. Biometry object

The Biometry object holds all the optional information relative to biometry data on a document signature performance.

SignLocation
Parameter	Type	Description
data	byte[]	Biometric signature information
csr	byte[]	Certificate`s public key

Ejemplo JSON
{ "cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQA...", "data": "AAEAABAAAAAFpwnxeWleeHgOymUHL2tOmBcYBneDA/vtzTXsvKi..." }

25.19. SignLocation object

The SignLocation object holds all the optional information relative to the signature's location on a document signature performance.

SignLocation
Parameter	Type	Description
locality	string	Signature's location city
province	string	Signature's location region
postalcode	string	Signature's location city postal code
country	string	Signature's location country

Ejemplo JSON
{ "locality": "Paterna", "province": "Valencia", "postalcode": "46980", "country": "Spain" }

25.20. SignPolicy object

The SignPolicy object holds all the optional information relative to the signature policies on a document signature performance.

SignPolicy
Parameter	Type	Description
policyidentifier	string	Signature's policy identifier
policyidentifieraddqualifier	bool	Signature's policy add qualifier to the signature flag
policydescription	string	Signature's policy description
policydigest	string	Signature's policy digest
policyqualifieruri	string	Signature's publication URI

Ejemplo JSON
{ "policyidentifier": "Identificador", "policyidentifieraddqualifier": true, "policydescription": "Descripción de la poítica de firma", "policydigest": "73CF40966ECAA1E358984E23F4AA3B7D", "policyqualifieruri": "http://servidor.sellado" }

25.21. tsainfo object

The tsainfo object holds all the optional information relative to the time stamp servers used on a document signature performance.

tsainfo
Parameter	Type	Description
subjectcn	string	Time stamp server's identifier
url	string	Time stamp server's URL
serial	string	Time stamp server's SHA1SUM
cer	byte[]	Time stamp server's certificate public key

Ejemplo JSON
{ "subjectcn": "servidor.sellado", "url": "http://servidor.sellado", "serial": "73CF40966ECAA1E358984E23F4AA3B7D", "cer": "MIIHyDCCBbCgAwIBAgIQc89Alm7KoeNYmE4j9Ko7fTANBg..." }

25.22. SignatureData object

The SignatureData object holds all the information relative to a document signature.
The object contains information about the signature, the used certificate certification chain or the used time stamp server. Is it possible not all the parameters contain information.

SignatureData
Parameter	Type	Description
signatureid	string	Signature's identifier
valid	bool	Valid signature flag
integrity	bool	Possibility of verifying signature's integrity flag
profile	string	Signature profile: 'basic' or 'enhanced'
extensions	string	Signature extensions, separated by coma: 't'=Include TimeStamp into the signature, 'timestamp'=Add a TimeStamp to the signature (Long Term Validation), 'epes'=Include signature policy, 'biometry'=Include biometric data, 'revinfo'=Include certificate's revocation information
envelop	string	Signature format, 'enveloped'=The signature includes the original document, 'enveloping'=A new document is generated with the original document on one of its nodes
cer	byte[]	Signature's certificate public key
certificatevalidation	VerifyCERResponse	VerifyCER method object response
certinfo	CertInfo	IvSign certificate information object
expired	bool	Signature's expired certificate flag
untrusted	bool	Signature's trusted certificate flag
revoked	bool	Signature's revoked certificate flag
invalidsignature	bool	Signature's valid certificate CA signature flag
valid	bool	Signature's valid certificate flag
error	Error	IvSign error object
signingtime	DateTime	Signature's date time
hashalgorithm	string	Signature's hash algorithm
timestamps	TimestampData[]	Signature's time stamp data
valid	bool	Time stamp valid flag
type	string	Time stamp type
time	DateTime	Time stamp date time
signatures	SignatureData[]	Time stamp signature details
timestampinfo	TimeStampInfo	Time stamp server information object
policyoid	string	Time stamp signature's policy OID
serialnumber	string	Time stamp token serial number
gentime	DateTime	Time stamp date time
messageimprint	byte[]	Time stamp message
messageimprintalgorithm	DigestAlgorithms	Time stamp encrypt algorithm
nonce	string	Random numerical sequence time stamp identifier
ordering	bool	Time stamp sequence ordering by its token and date time flag
tsaname	string	TSA time stamp name
calculatedmessagedigest	byte[]	Calculated digest, must equal with the stamp digest
validationtimestamps	TimestampData[]	Additional time stamp signature data
valid	bool	Time stamp valid flag
type	string	Time stamp type
time	DateTime	Time stamp date time
signatures	SignatureData[]	Time stamp signature details
timestampinfo	TimeStampInfo	Time stamp server information object
policyoid	string	Time stamp signature's policy OID
serialnumber	string	Time stamp token serial number
gentime	DateTime	Time stamp date time
messageimprint	byte[]	Time stamp message
messageimprintalgorithm	DigestAlgorithms	Time stamp encrypt algorithm
nonce	string	Random numerical sequence time stamp identifier
ordering	bool	Time stamp sequence ordering by its token and date time flag
tsaname	string	TSA time stamp name
calculatedmessagedigest	byte[]	Calculated digest, must equal with the stamp digest
biometrysigninfo	BiometrySignInfo	Signature's biometric information
certsubject	string	Biometric certificate subject
certissuer	string	Biometric certificate issuer
signatureimage	byte[]	User's signature image, if it is available

Ejemplo JSON

{
[
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Autenticación del cliente (1.3.6.1.5.5.7.3.2)",
"Correo seguro (1.3.6.1.5.5.7.3.4)"
],
"caname": "ACCV",
"type": "PF",
"userinfo": {
"name": "Nombre3",
"lastname": "Apellido3",
"ident": "00000003A",
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "C88D4165900ACAF8FCEE7949D4CA0EAEBC73D257",
"sha1sumissuer": "9FCDF094368D1B025C4C5574F8C59DB8DF75D0C3"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature1",
"valid": true,
"integrity": true,
"profile": "Enhanced",
"extensions": "t,biometry",
"envelop": "Enveloped",
"cer": "MIIHqDCCBZCgAwIBAgIIbiojx22KqOAwDQYJKoZIhvcNAQELBQAw...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA1",
"timestamps": [
{
"valid": false,
"type": "Generic",
"time": "2019-05-21T09:57:09Z",
"signatures": [
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": null,
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": false,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "",
"valid": false,
"integrity": true,
"profile": "bes",
"extensions": "",
"envelop": "Enveloping",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0BAQsFAD...",
"signingtime": "2019-05-21T09:57:09",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
],
"timestampinfo": {
"policyoid": "0.4.0.2023.1.1",
"serialnumber": "16AD9D2C39A",
"gentime": "2019-05-21T09:57:09Z",
"messageimprint": "8OC2PC/glAQszWa0Xf8Y0VuDaNU=",
"messageimprintalgorithm": 2,
"nonce": "3336353231303737",
"ordering": false,
"tsaname": null
},
"calculatedmessagedigest": "8OC2PC/glAQszWa0Xf8Y0VuDaNU="
}
],
"validationtimestamps": null,
"biometrysigninfo": {
"certsubject": "C=ES, O=ACCV, OU=Ciudadanos, SN=CAMARA ESPAÑOL, G=JUEAN, SERIALNUMBER=00000000T, CN=JUAN CAMARA ESPAÑOL - NIF:00000000T",
"certissuer": "C=ES, O=ACCV, OU=PKIACCV, CN=ACCVCA-120",
"signatureimage": null
}
},
{
"certificatevalidation": {
"certinfo": {
"serial": "46F3730EB8",
"validfrom": "2018-06-22T10:55:18",
"validto": "2023-06-21T10:55:18",
"issuer": "CN=Test User CA, OU=Sistemas, O=Test S.L., C=ES",
"issuercn": "Test User CA",
"subject": "OID.2.5.4.97=VATES-B666212593, OU=TECNICO, O=\"Ivnosys Soluciones,...",
"subjectcn": "Nombre3 Apellido3 (C:B666212593)",
"subjectcountry": "ES",
"signalg": "sha256RSA",
"keyusage": [],
"enhancedkeyusage": [
"Impresión de fecha (1.3.6.1.5.5.7.3.8)"
],
"caname": null,
"type": "NI",
"userinfo": {
"name": null,
"lastname": null,
"ident": null,
"email": null,
"birthdate": null
},
"orgainfo": {
"ident": null,
"name": null
},
"qualified": false,
"qualifiedclassification": 0,
"sha1sum": "69055BE05ED87770C8AD04422155DD0895528C6D",
"sha1sumissuer": "B49C4DFFBB41DC348B1A9705785E594DDB9A9A45"
},
"expired": false,
"untrusted": false,
"revoked": false,
"invalidsignature": false,
"valid": true,
"error": {
"code": "K0000",
"message": "OK",
"traceid": "7DC44PFZOEPUQ"
}
},
"signatureid": "Signature2",
"valid": true,
"integrity": true,
"profile": "Timestamp",
"extensions": "timestamp",
"envelop": "Enveloped",
"cer": "MIIHgzCCBWugAwIBAgIEV2Nq3jANBgkqhkiG9w0B...",
"signingtime": "2019-05-21T09:57:15",
"hashalgorithm": "SHA256",
"timestamps": null,
"validationtimestamps": null,
"biometrysigninfo": null
}
]
}

25.23. PKICert object

The PKICert object holds all the information relative to a IvSign PKI certificate.

PKICert
Parameter	Type	Description
sha1sum	string	Certificate's fingerprint
serial	string	Certificate's serial Number
name	string	Certificate's name
subjectcn	string	Certificate's common name
issuercn	string	Certificate's issuer common name
validfrom	DateTime	Certificate's issue date time
validto	DateTime	Certificate's expiry date time
isrevoked	bool	Certificate's revoked flag
isexpired	bool	Certificate's expired flag
createdate	DateTime	Certificate's create date time

Ejemplo JSON
{ "sha1sum": "6D8174240C8120A934C11804F555F213DE99AACC", "serial": "054C3E61E13981", "name": "DOC serie318d", "subjectcn": "test1", "issuercn": "Test User CA", "validfrom": "2016-02-15T17:15:16", "validto": "2019-02-14T17:15:16", "isrevoked": false, "isexpired": false, "createdate": "2016-02-15T17:15:16" }

25.24. Config object

The Config object holds all the information relative to a IvSign configuration.

Config
Parameter	Type	Description
configid	int	IvSign configuration ID
orgaid	string	Configuration's organization
section	string	Configuration's section
name	string	Configuration's name inside the configuration's section
opt	string	Configuration's option inside the configuration's name
type	string	Configuration's data value type
value	string	Configuration's value
w	int	Configuration's user level privileges needed to write it
r	int	Configuration's user level privileges needed to read it

Ejemplo JSON
{ "configid": 2586, "orgaid": "miorga", "section": "auth", "name": "passtries", "opt": "", "type": "int", "value": "50" }

25.25. Deleg object

The Deleg object holds all the information relative to a IvSign certificate delegation.

Deleg
Parameter	Type	Description
delegid	int	IvSign certificate delegation ID
userid	string	Delegation's owner user
certid	string	Delegation's certificate
serial	string	Certificate's serial number
name	string	Delegation's name
descr	string	Certificate's description
disabled	bool	Enabled/disabled delegation flag
createdate	DateTime	Delegation's create date time
ignorecertrules	bool	Ignore certificate usage rules flag
orgaid	string	Delegation's owner user organization
oper	string	Delegation's operator
needauth	bool	It is required certificate's owner authorization for using it flag

Ejemplo JSON
{ "delegid": 42, "userid": "miuser", "certid": "8B1F1E4B7027", "serial": "46F3730EB8", "name": "mideleg", "descr": "decripción del certificado", "disabled": false, "createdate": "2018-08-28T06:42:34.5705501Z", "ignorecertrules": false, "orgaid": "miorga", "oper": "miuser", "needauth": false }

25.26. Rule object

The Rule object holds all the information relative to a IvSign delegation usage rules or to a IvSign certificate usage policies.

Rule
Parameter	Type	Description
ruleid	int	IvSign rule ID
delegid	int	IvSign certificate delegation ID
certid	string	IvSign certificate ID
name	string	Rule's name
dayfrom	DateTime	Rule application start date
dayto	DateTime	Rule application end date
hourfrom	int	Rule application start time (08:32 AM -> 0832)
hourto	int	Rule application end time (05:47 PM (17:47) -> 1747)
dow	int	Rule application weekdays, in binary format, for instance: 5 is binary is 101, that means the rule is applied on Monday and Wednesday
host	string	Rule allowed host list (case sensitive)
app	string	Rule allowed/denied applications (process) (case sensitive)
appdeny	bool	Allowed/denied applications list flag
location	string	Rule allowed/denied URL
locationdeny	bool	Allowed/denied URL list flag

Ejemplo JSON
{ "ruleid": 5, "delegid": 42, "certid": null, "name": "miregla", "dayfrom": "2018-08-01T00:00:00", "dayto": "2018-08-31T23:59:59", "hourfrom": 8, "hourto": 20, "dow": 31, "host": null, "app": null, "appdeny": false, "location": null, "locationdeny": false }

25.27. Notify object

The Notify object holds all the information relative to a IvSign notification.

Notify
Parameter	Type	Description
notifyid	int	IvSign notification ID en IvSign
subject	string	Notification's subject
body	string	Notification's message
createdate	DateTime	Notification's create date time
userid	string	Notification's addressed user
orgaid	string	Notification's addressed organization
type	string	Notification type
data	string	Notification additional data
required	bool	Required acceptance flag
readeddate	DateTime	Notification's reded date time
accepteddate	DateTime	Notification's acceptance date time
accepteduser	string	Notification's reader user
readed	bool	Notification read flag
accepted	bool	Notification accepted flag
requiredcheck	string	Required check flag

Ejemplo JSON
{ "notifyid": 1, "subject": "Encabezado usuario", "body": "cuerpo del mensaje del usuario", "createdate": "2018-05-31T11:09:35", "userid": "miuser", "orgaid": null, "type": null, "data": null, "required": false, "readeddate": "2018-06-04T06:47:11.181291", "accepteddate": "2018-08-28T10:47:38.175698", "accepteduser": "miuser", "readed": true, "accepted": true, "requiredcheck": null }

25.28. StatsResult object

The StatsResult object holds all the information relative to IvSign global statistics.

StatsResult
Parameter	Type	Description
currentCount	KeyValue[]	Current month statistics
previousCount	KeyValue[]	Previous month statistics
licenseLimit	KeyValue[]	License limits

Ejemplo JSON

{
"currentCount": [
{
"Key": "User",
"Value": "6"
},
{
"Key": "Cert",
"Value": "30"
},
{
"Key": "Deleg",
"Value": "7"
},
{
"Key": "DelegCert",
"Value": "0"
},
{
"Key": "Orga",
"Value": "3"
},
{
"Key": "Sign",
"Value": "102"
},
{
"Key": "Signature",
"Value": "53"
}
],
"previousCount": [
{
"Key": "Sign",
"Value": "270"
},
{
"Key": "Signature",
"Value": "180"
}
],
"licenseLimit": [
{
"Key": "User",
"Value": "50"
},
{
"Key": "Cert",
"Value": "100"
},
{
"Key": "Sign",
"Value": "-1"
},
{
"Key": "Signature",
"Value": "500"
}
]
}

25.29. StatSignResult object

The StatSignResult object holds all the information relative to IvSign detailed signature statistic.

StatSignResult
Parameter	Type	Description
value	string	Search filter result
owned	int	Searched filter certificate's owner user performed actions number
delegated	int	Searched filter certificate's delegated users performed actions number
fore	int	Searched filter certificate's other users performed actions number

Ejemplo JSON
{ "value": "IEXPLORE.EXE", "owned": 5, "delegated": 0, "fore": 0 }

25.30. Stats object

The Stats object holds all the information relative to IvSign detailed signature statistic for an organization.

Stats
Parameter	Type	Description
statsid	int	IvSign statistic ID
orgaid	string	Statistic's organization
orgachain	string	Statistic's organization chain
date_year	int	Statistic's search year
date_month	int	Statistic's search month
stats_type	string	Statistic's search type
value	string	Statistic's search value

Ejemplo JSON
{ "statsid": 156, "orgaid": "orgatest", "orgachain": "root.megatest.orgatest.", "date_year": 2019, "date_month": 4, "stats_type": "Sign", "value": "44" }

25.31. Page object

The Page object holds all the information relative to IvSign lists.
It appear in all the List methods. The client must set the total elements per page itemspage) and the page to show (id). The server will calculate number of pages (numpages) and the total number of elements (totalitems).

Page
Parameter	Type	Description
id	int	Page number
itemspage	int	Elements per page number
numpages	int	Number of pages
totalitems	int	Total number of elements

Ejemplo JSON
{ "id": 1, "itemspage": 10, "numpages": 5, "totalitems": 43 }

25.32. KeyValue object

The KeyValue object holds two key value parameters, as a dictionary element.

KeyValue
Parameter	Type	Description
key	string	Key
value	string	Value

Ejemplo JSON
{ "key": "clave", "value": "valor" }

25.33. Caller object

The Caller object holds all the information relative to a call done to IvSign.

Caller
Parameter	Type	Description
app	string	Integration module
host	string	Client host
location	string	Client URL location
remoteuser	string	Client host user

Ejemplo JSON
{ "app": "miap", "host": "miuser-pc", "location": "miuser-pc", "remoteuser": "miuser" }

25.34. Hash object

The Caller object holds all the information relative to a basic IvSign signature.

Hash
Parameter	Type	Description
algorithm	string	Signature algorithm
digest	byte[]	Element to sign

Ejemplo JSON
{ "algorithm": "SHA512", "digest": "6D6FNdb2iUk+WBm9YKo+X9y6lA5tERq2+1w08k+GSWvzcm4r9..." }

25.35. Error object

The Error object holds all the information relative to an error that may happens during a call to IvSign.
It comes in every keyman response. The code K0000 means there was no error during the call. The code K9999 means there was an unknown error during the call.

Error
Parameter	Type	Description
code	string	Error code
message	string	Error description
traceid	string	Keyman operation trace ID

Ejemplo JSON
{ "code": "K0000", "message": "OK", "traceid":"7DC44PFZOEPUQ" }

IvSign services technical documentation / API V4

1. Initial considerations

1.1. Authentication

1.2. Modules

1.3. Organization license

1.4. Product license

1.5. User privileges level

2. Request/response protocol

2.1. REST service

2.2. SOAP service

3. Service authentication [Auth]

3.1. Obtaining session token [Auth/Login]

3.2. Obtaining session token [Auth/LoginToken]

3.3. Impersonating user [Auth/Impersonate]

3.4. Password recovery [Auth/PasswordRecovery]

3.5. Login check [Auth/LoginCheck]

3.6. Check login validation code [Auth/LoginCheck_Validation]

3.7. Token check [Auth/TokenCheck]

3.8. Check the possibility of changing a password [Auth/ProviderModifiablePass]

4. User management [User]

4.1. User creation [User/Add]

4.2. Obtaining user data [User/Get]

4.3. Setting user data [User/Set]

4.4. Deleting user [User/Del]

4.5. Listing users [User/List]

4.6. Searching users [User/Find]

4.7. Obtaining user level [User/Level]

4.8. Moving a user to another organization [User/OrgaMove]

4.9. User creation [User/PublicAdd]

4.10. Renaming users [User/Ren]

4.11. Checking modifiable user fields [User/Modifiablefields]

5. Certificate management [Cert]

5.1. Obtaining certificate data [Cert/Get]

5.2. Setting certificate data [Cert/Set]

5.3. Deleting certificates [Cert/Del]

5.4. Listing available certificates [Cert/ListAvailable]

5.5. Checking certificate pin [Cert/PinCheck]

5.6. Setting a new pin to a certificate [Cert/PinSet]

5.7. Importing certificates with private key [Cert/ImportPFX]

5.8. Getting certificate public key [Cert/CERGet]

5.9. Getting certificate certification chain [Cert/ChainGet]

5.10. Creating and installing certificates (1/3) [Cert/RSAGen]

5.11. Creating and installing certificates (2/3) [Cert/GenCSR]

5.12. Creating and installing certificates (3/3) [Cert/InstallCER]

5.13. Listing certificates [Cert/List]

5.14. Obtaining certificate provider certificate public key [Cert/RefCERGet]

5.15. Listing certificate provider certificates [Cert/RefList]

5.16. Certificate replacement [Cert/Replace]

5.17. Searching certificates [Cert/Search]

5.18. Linking reference certificates [Cert/RefLink]

5.19. Moving certificates [Cert/Move]

6. Bin certificates management [CertTrash]

6.1. Deleting bin certificates [CertTrash/Del]

6.2. Getting bin certificates data [CertTrash/Get]

6.3. Listing bin certificates [CertTrash/List]

6.4. Restoring bin certificates [CertTrash/Rest]

6.5. Sending certificates to the certificate bin [CertTrash/Move]

7. Public certificates management [PubCert]

7.1. Creating public certificates [PubCert/Add]

7.2. Obtención de certificados públicos [PubCert/Get]

7.3. Setting public certificates [PubCert/Set]

7.4. Deleting public certificates [PubCert/Del]

7.5. Listing public certificates [PubCert/List]

8. Public certificate management [PubCertBin]

8.1. Creating public certificates [PubCertBin/Add]

8.2. Getting public certificate data [PubCertBin/Get]

8.3. Checking public certificate [PubCertBin/Check]

9. Organizations management [Orga]

9.1. Creating organizations [Orga/Add]

9.2. Deleting organizations [Orga/Del]

9.3. Getting organization data [Orga/Get]

9.4. Listing organizations [Orga/List]

9.5. Renaming organization [Orga/Ren]

9.6. Setting organization data [Orga/Set]

10. Device management [Device]

10.1. Device creation [Device/Add]

10.2. Deleting devices [Device/Del]

10.3. Getting device data [Device/Get]

10.4. Listing devices [Device/List]

10.5. Setting devices [Device/Set]