Skip to main content Link Menu Expand (external link) Document Search Copy Copied

FDO API documentation

This page describes the FIDO Device Onboard (FDO) REST API interfaces.

FDO Owner Services API

NOTE: These REST APIs use Digest authentication. api_user and api_password properties specify the credentials to be used while making the REST calls. The value for api_user is present in service.yml file and value for api_password is present in service.env file.

Operation Description Path/Query Parameters Content Type Request Body Response Body Sample cURL call
POST /api/v1/owner/redirect Updates TO2 RVBlob in ONBOARDING_CONFIG table.   text/plain RVTO2Addr in diagnostic form   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/redirect’ –header ‘Content-Type: text/plain’ –data-raw ‘[[“localhost”,”127.0.0.1”,8042,3]]’
GET /api/v1/to0/{guid} initiate TO0 from Owner GUID of the device to initiate TO0       curl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8042/api/v1/to0/${device_guid}” –header ‘Content-Type: text/plain’
POST /api/v1/owner/svi Uploads SVI instructions to SYSTEM_PACKAGE table.   text/plain SVI Instruction   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/svi’ –header ‘Content-Type: text/plain’ –data-raw ‘[{“filedesc” : “setup.sh”,”resource” : “URL”}, {“exec” : [“bash”,”setup.sh”] }]’
GET /api/v1/owner/vouchers Returns a list of all Ownership Voucher GUIDs.       line separated list of GUIDs curl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8042/api/v1/owner/vouchers” –header ‘Content-Type: text/plain’
GET /api/v1/owner/vouchers/ Returns the Ownership Voucher for the specified GUID. Path - id: Device GUID     Ownership Voucher curl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8042/api/v1/owner/vouchers/${device_guid}” –header ‘Content-Type: text/plain’
POST /api/v1/owner/vouchers/ Insert Ownership Voucher against the specified GUID in ONBOARDING_VOUCHER table.   text/plain Content of Ownership Voucher in PEM Format Guid of the device curl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8042/api/v1/owner/vouchers” –header ‘Content-Type: text/plain’ –data-raw ‘${voucher}’
GET /api/v1/logs Serves the log from the owner service       owner logs curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/logs’
DELETE /api/v1/logs Deletes the log from the owner service         curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8042/api/v1/logs’
GET /health Returns the health status       Current version curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/health’
GET /api/v1/ondie Serves the stored certs & crls files       Ondie certs & crl files curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/ondie’
POST /api/v1/ondie To insert onDie certs and crls zip file to DB   text/plain Path to ondie cert file   curl -D - –digest -u ${api_user}:${api_passwd} –location –request POST “http://${ip}:{port}/api/v1/ondie” –header ‘Content-Type: text/plain’ –data-raw “${cert-file}”
GET /api/v1/certificate?filename=fileName Returns the certificate file based on filename Query - filename     Certificate file in PKCS12 format curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/certificate?filename=ssl.p12’
GET /api/v1/certificate?alias={alias} Returns the owner certificate of the given alias type Query - alias     Certificate PEM format curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/certificate?alias=SECP256R1’ –header ‘Content-Type: text/plain’
GET /api/v1/certificate?uuid=uuid Returns the owner alias type for the given voucher Query - uuid     UUID’s attestation type curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/certificate?uuid=cc60f0aa-56d0-492e-8c8d-9a1fe55cb60 –header ‘Content-Type: text/plain’
POST /api/v1/certificate?filename=fileName Adds the certificate file to DB based on filename Query - filename text/plain PKCS12 Certificate file in Binary format   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’ –data-binary ‘@< path to ssl.p12 >’
DELETE /api/v1/certificate?filename=fileName Delete the certificate file to DB based on filename Query - filename       curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8042/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’
POST /api/v1/certificate/validity?days=no_of_days Updates certificate validity in CERTIFICATE_VALIDITY table   text/plain     curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/certificate/validity?days=10’ –header ‘Content-Type: text/plain’
GET /api/v1/certificate/validity Collects certificate validity days from CERTIFICATE_VALIDITY table       Number of Days curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/certificate/validity’
GET /api/v1/owner/messagesize Collects the max message size from ONBOARDING_CONFIG table       MAX_MESSAGE_SIZE curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/owner/messagesize’ –header ‘Content-Type: text/plain’
POST /api/v1/owner/messagesize Updates the max message size in ONBOARDING_CONFIG table   text/plain MAX_MESSAGE_SIZE   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/messagesize’ –header ‘Content-Type: text/plain’ –data-raw ‘10000’
GET /api/v1/owner/svisize Collects the owner svi size from ONBOARDING_CONFIG table       SVI_MESSAGE_SIZE curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/owner/svisize’ –header ‘Content-Type: text/plain’
POST /api/v1/owner/svisize Updates the owner svi size in ONBOARDING_CONFIG table   text/plain SVI_MESSAGE_SIZE   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/svisize’ –header ‘Content-Type: text/plain’ –data-raw ‘10000’
GET /api/v1/owner/resource?filename=fileName Returns the file based on filename from SYSTEM_RESOURCE table Query - filename     file content curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/owner/resource?filename=fileName’ –header ‘Content-Type: text/plain’
POST /api/v1/owner/resource?filename=fileName Adds the file to DB based on filename from SYSTEM_RESOURCE table Query - filename text/plain file in Binary format   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/resource?filename=fileName’ –header ‘Content-Type: text/plain’ –data-binary ‘@< path to file >’
DELETE /api/v1/owner/resource?filename=fileName Delete the file from DB based on filename from SYSTEM_RESOURCE table Query - filename       curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8042/api/v1/owner/resource?filename=fileName’ –header ‘Content-Type: text/plain’
POST /api/v1/resell/{guid} Gets extended resell Ownership Voucher with the guid. Path - guid of the device to resell   Owner Certificate The Ownership voucher in PEM format curl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8039/api/v1/resell/${guid}” –header ‘Content-Type: text/plain’ –data-raw “$owner_certificate” -o ${serial_no}_voucher.txt
GET /api/v1/owner/state/{guid} Returns the TO status the associated GUID GUID of the device     Returns TO2 completed status & TO0 expiry (timestamps) curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/owner/state/{guid}’

Following is the list of REST response error codes and it’s possible causes :

Error Code Possible Causes
401 Unauthorized When an invalid Authentication header is present with the REST Request. Make sure to use the correct REST credentials.
404 Not Found When an invalid REST request is sent to Owner. Make sure to use the correct REST API endpoint.
405 Method Not Allowed When an unsupported REST method is requested. Currently, Owner supports GET, POST and DELETE only.
406 Not Acceptable When an invalid filename is passed through the REST endpoints.
500 Internal Server Error Due to internal error, Owner unable to fetch/copy/delete the requested file.

FDO PRI Rendezvous REST APIs

NOTE: These REST APIs use Digest authentication. api_user and api_password properties specify the credentials to be used while making the REST calls.

Operation Description Path/Query Parameters Content Type Request Body Response Body Sample cURL call
GET /api/v1/certificate?filename=fileName Returns the certificate file based on filename Query - filename     Certificate file in PKCS12 format curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8040/api/v1/certificate?filename=ssl.p12’
POST /api/v1/certificate?filename=fileName Adds the certificate file to DB based on filename Query - filename text/plain PKCS12 Certificate file in Binary format   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/certificate?filename=ssl.p12’ –data-binary ‘@< path to ssl.p12 >’
DELETE /api/v1/certificate?filename=fileName Delete the certificate file to DB based on filename Query - filename       curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8040/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’
GET /api/v1/logs Serves the log from the RV service       RV logs curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8040/api/v1/logs’
DELETE /api/v1/logs Deletes the log from the RV service         curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8040/api/v1/logs’
POST /api/v1/certificate/validity?days=no_of_days Updates certificate validity in CERTIFICATE_VALIDITY table   text/plain     curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/certificate/validity?days=10’
GET /api/v1/certificate/validity Collects certificate validity days from CERTIFICATE_VALIDITY table       Number of Days curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8040/api/v1/certificate/validity’
GET /health Returns the health status       Current version curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8040/health’
POST /api/v1/rv/allow Adds public key to allowed list of Owners in RV   text/plain certificate in pem format   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/rv/allow` –data-raw “$owner_certificate”
DELETE /api/v1/rv/allow delete public key to allowed list of Owners in RV   text/plain certificate in pem format   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/rv/allow` –data-raw “$owner_certificate”
POST /api/v1/rv/deny Adds public key to denied list of Owners in RV   text/plain certificate in pem format   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/rv/deny` –data-raw “$owner_certificate”

Following is the list of REST response error codes and it’s description :

Error Code Possible Causes
401 Unauthorized When an invalid Authentication header is present with the REST Request. Make sure to use the correct REST credentials.
404 Not Found When an invalid REST request is sent to RV. Make sure to use the correct REST API endpoint.
405 Method Not Allowed When an unsupported REST method is requested. Currently, RV supports GET, PUT and DELETE only.
406 Not Acceptable When an invalid filename is passed through the REST endpoints.
500 Internal Server Error Due to internal error, RV unable to fetch/copy/delete the requested file.

FDO PRI Manufacturer REST APIs

NOTE: These REST APIs use Digest authentication. api_user and api_password properties specify the credentials to be used while making the REST calls. The value for api_user is present in service.yml file and value for api_password is present in service.env file.

Operation Description Path/Query Parameters Content Type Request Body Response Body Sample cURL call
POST /api/v1/mfg/vouchers/ Gets extended Ownership Voucher with the serial number. Path - Device Serial Number   Owner Certificate Extended Voucher curl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8039/api/v1/mfg/vouchers/${serial_no}” –header ‘Content-Type: text/plain’ –data-raw “$owner_certificate” -o ${serial_no}_voucher.txt
GET /api/v1/certificate?filename=fileName Returns the certificate file based on filename Query - filename     Keystore file in binary format curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8039/api/v1/certificate?filename=ssl.p12’
POST /api/v1/certificate?filename=fileName Adds the certificate file to DB based on filename Query - filename text/plain PKCS12 Certificate file in Binary format   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8039/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’ –data-binary ‘@< path to ssl.p12 >’
DELETE /api/v1/certificate?filename=fileName Delete the certificate file to DB based on filename Query - filename       curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8039/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’
POST /api/v1/rvinfo/ Updates RV Info in RV_DATA table   text/plain RV Info   curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8039/api/v1/rvinfo’ –header ‘Content-Type: text/plain’ –data-raw ‘[[[5,”localhost”],[3,8040],[12,1],[2,”127.0.0.1”],[4,8041]]]’
GET /api/v1/deviceinfo/{seconds} Serves the serial no. and GUID of the devices that completed DI in the last n seconds Path - n seconds     JSON array of Serial No, GUID ,DI Timestamp and Attestion type. curl -D - –digest -u apiUser: –location –request GET ‘http://localhost:8080/api/v1/deviceinfo/30’ –header ‘Content-Type: text/plain’
GET /api/v1/logs Serves the log from the manufacturer service       Manufacturer logs curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8039/api/v1/logs’ –header ‘Content-Type: text/plain’
DELETE /api/v1/logs Deletes the log from the manufacturer service         curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8039/api/v1/logs’ –header ‘Content-Type: text/plain’
POST /api/v1/certificate/validity?days=no_of_days Updates certificate validity in CERTIFICATE_VALIDITY table Query - days text/plain     curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8039/api/v1/certificate/validity?days=10’ –header ‘Content-Type: text/plain’
GET /api/v1/certificate/validity Collects certificate validity days from CERTIFICATE_VALIDITY table       Number of Days curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8039/api/v1/certificate/validity’
GET /health Returns the health status       Current version curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8039/health’

Following is the list of REST response error codes and it’s possible causes :

Error Code Possible Causes
401 Unauthorized When an invalid Authentication header is present with the REST Request. Make sure to use the correct REST credentials.
404 Not Found When an invalid REST request is sent to MFG. Make sure to use the correct REST API endpoint.
405 Method Not Allowed When an unsupported REST method is requested. Currently, MFG supports GET, POST and DELETE only.
406 Not Acceptable When an invalid filename is passed through the REST endpoints.
500 Internal Server Error Due to internal error, MFG unable to fetch/copy/delete the requested file.

FDO PRI Reseller REST APIs

Operation Description Path/Query Parameters Content Type Request Body Response Body Sample cURL call
POST /api/v1/resell/{guid} Gets extended resell Ownership Voucher with the guid. Path - guid of the device to resell   Owner Certificate The Ownership voucher in PEM format curl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8070/api/v1/resell/${guid}” –header ‘Content-Type: text/plain’ –data-raw “$owner_certificate” -o ${serial_no}_voucher.txt
GET /api/v1/owner/vouchers Returns a list of all Ownership Voucher GUIDs.       line separated list of GUIDs curl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8070/api/v1/owner/vouchers” –header ‘Content-Type: text/plain’
GET /api/v1/owner/vouchers/ Returns the Ownership Voucher for the specified GUID. Query - id: Device GUID     Ownership Voucher curl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8070/api/v1/owner/vouchers/${device_guid}” –header ‘Content-Type: text/plain’
POST /api/v1/owner/vouchers/ Insert Ownership Voucher against the specified GUID in ONBOARDING_VOUCHER table.   text/plain Content of Ownership Voucher in PEM Format   curl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8070/api/v1/owner/vouchers” –header ‘Content-Type: text/plain’ –data-binary ‘${voucher}’

Following is the list of REST response error codes and it’s possible causes :

Error Code Possible Causes
401 Unauthorized When an invalid Authentication header is present with the REST Request. Make sure to use the correct REST credentials.
404 Not Found When an invalid REST request is sent to Reseller. Make sure to use the correct REST API endpoint.
405 Method Not Allowed When an unsupported REST method is requested. Currently, Reseller supports GET, POST and DELETE only.
406 Not Acceptable When an invalid filename is passed through the REST endpoints.
500 Internal Server Error Due to internal error, Reseller unable to fetch/copy/delete the requested file.