Skip to main content Link Menu Expand (external link) Document Search Copy Copied

FDO API documentation

This page describes the FIDO Device Onboard (FDO) REST API interfaces.

FDO Owner Services API

NOTE: These REST APIs use Digest authentication. api_user and api_password properties specify the credentials to be used while making the REST calls. The value for api_user is present in service.yml file and value for api_password is present in service.env file.

OperationDescriptionPath/Query ParametersContent TypeRequest BodyResponse BodySample cURL call
POST /api/v1/owner/redirectUpdates TO2 RVBlob in ONBOARDING_CONFIG table. text/plainRVTO2Addr in diagnostic form curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/redirect’ –header ‘Content-Type: text/plain’ –data-raw ‘[[“localhost”,”127.0.0.1”,8042,3]]’
GET /api/v1/to0/{guid}initiate TO0 from OwnerGUID of the device to initiate TO0   curl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8042/api/v1/to0/${device_guid}” –header ‘Content-Type: text/plain’
POST /api/v1/owner/sviUploads SVI instructions to SYSTEM_PACKAGE table. text/plainSVI Instruction curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/svi’ –header ‘Content-Type: text/plain’ –data-raw ‘[{“filedesc” : “setup.sh”,”resource” : “URL”}, {“exec” : [“bash”,”setup.sh”] }]’
GET /api/v1/owner/vouchersReturns a list of all Ownership Voucher GUIDs.   line separated list of GUIDscurl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8042/api/v1/owner/vouchers” –header ‘Content-Type: text/plain’
GET /api/v1/owner/vouchers/Returns the Ownership Voucher for the specified GUID.Path - id: Device GUID  Ownership Vouchercurl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8042/api/v1/owner/vouchers/${device_guid}” –header ‘Content-Type: text/plain’
POST /api/v1/owner/vouchers/Insert Ownership Voucher against the specified GUID in ONBOARDING_VOUCHER table. text/plainContent of Ownership Voucher in PEM FormatGuid of the devicecurl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8042/api/v1/owner/vouchers” –header ‘Content-Type: text/plain’ –data-raw ‘${voucher}’
GET /api/v1/logsServes the log from the owner service   owner logscurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/logs’
DELETE /api/v1/logsDeletes the log from the owner service    curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8042/api/v1/logs’
GET /healthReturns the health status   Current versioncurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/health’
GET /api/v1/ondieServes the stored certs & crls files   Ondie certs & crl filescurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/ondie’
POST /api/v1/ondieTo insert onDie certs and crls zip file to DB text/plainPath to ondie cert file curl -D - –digest -u ${api_user}:${api_passwd} –location –request POST “http://${ip}:{port}/api/v1/ondie” –header ‘Content-Type: text/plain’ –data-raw “${cert-file}”
GET /api/v1/certificate?filename=fileNameReturns the certificate file based on filenameQuery - filename  Certificate file in PKCS12 formatcurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/certificate?filename=ssl.p12’
GET /api/v1/certificate?alias={alias}Returns the owner certificate of the given alias typeQuery - alias  Certificate PEM formatcurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/certificate?alias=SECP256R1’ –header ‘Content-Type: text/plain’
GET /api/v1/certificate?uuid=uuidReturns the owner alias type for the given voucherQuery - uuid  UUID’s attestation typecurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/certificate?uuid=cc60f0aa-56d0-492e-8c8d-9a1fe55cb60 –header ‘Content-Type: text/plain’
POST /api/v1/certificate?filename=fileNameAdds the certificate file to DB based on filenameQuery - filenametext/plainPKCS12 Certificate file in Binary format curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’ –data-binary ‘@< path to ssl.p12 >’
DELETE /api/v1/certificate?filename=fileNameDelete the certificate file to DB based on filenameQuery - filename   curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8042/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’
POST /api/v1/certificate/validity?days=no_of_daysUpdates certificate validity in CERTIFICATE_VALIDITY table text/plain  curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/certificate/validity?days=10’ –header ‘Content-Type: text/plain’
GET /api/v1/certificate/validityCollects certificate validity days from CERTIFICATE_VALIDITY table   Number of Dayscurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/certificate/validity’
GET /api/v1/owner/messagesizeCollects the max message size from ONBOARDING_CONFIG table   MAX_MESSAGE_SIZEcurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/owner/messagesize’ –header ‘Content-Type: text/plain’
POST /api/v1/owner/messagesizeUpdates the max message size in ONBOARDING_CONFIG table text/plainMAX_MESSAGE_SIZE curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/messagesize’ –header ‘Content-Type: text/plain’ –data-raw ‘10000’
GET /api/v1/owner/svisizeCollects the owner svi size from ONBOARDING_CONFIG table   SVI_MESSAGE_SIZEcurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/owner/svisize’ –header ‘Content-Type: text/plain’
POST /api/v1/owner/svisizeUpdates the owner svi size in ONBOARDING_CONFIG table text/plainSVI_MESSAGE_SIZE curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/svisize’ –header ‘Content-Type: text/plain’ –data-raw ‘10000’
GET /api/v1/owner/resource?filename=fileNameReturns the file based on filename from SYSTEM_RESOURCE tableQuery - filename  file contentcurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/owner/resource?filename=fileName’ –header ‘Content-Type: text/plain’
POST /api/v1/owner/resource?filename=fileNameAdds the file to DB based on filename from SYSTEM_RESOURCE tableQuery - filenametext/plainfile in Binary format curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8042/api/v1/owner/resource?filename=fileName’ –header ‘Content-Type: text/plain’ –data-binary ‘@< path to file >’
DELETE /api/v1/owner/resource?filename=fileNameDelete the file from DB based on filename from SYSTEM_RESOURCE tableQuery - filename   curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8042/api/v1/owner/resource?filename=fileName’ –header ‘Content-Type: text/plain’
POST /api/v1/resell/{guid}Gets extended resell Ownership Voucher with the guid.Path - guid of the device to resell Owner CertificateThe Ownership voucher in PEM formatcurl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8039/api/v1/resell/${guid}” –header ‘Content-Type: text/plain’ –data-raw “$owner_certificate” -o ${serial_no}_voucher.txt
GET /api/v1/owner/state/{guid}Returns the TO status the associated GUIDGUID of the device  Returns TO2 completed status & TO0 expiry (timestamps)curl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8042/api/v1/owner/state/{guid}’

Following is the list of REST response error codes and it’s possible causes :

Error CodePossible Causes
401 UnauthorizedWhen an invalid Authentication header is present with the REST Request. Make sure to use the correct REST credentials.
404 Not FoundWhen an invalid REST request is sent to Owner. Make sure to use the correct REST API endpoint.
405 Method Not AllowedWhen an unsupported REST method is requested. Currently, Owner supports GET, POST and DELETE only.
406 Not AcceptableWhen an invalid filename is passed through the REST endpoints.
500 Internal Server ErrorDue to internal error, Owner unable to fetch/copy/delete the requested file.

FDO PRI Rendezvous REST APIs

NOTE: These REST APIs use Digest authentication. api_user and api_password properties specify the credentials to be used while making the REST calls.

OperationDescriptionPath/Query ParametersContent TypeRequest BodyResponse BodySample cURL call
GET /api/v1/certificate?filename=fileNameReturns the certificate file based on filenameQuery - filename  Certificate file in PKCS12 formatcurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8040/api/v1/certificate?filename=ssl.p12’
POST /api/v1/certificate?filename=fileNameAdds the certificate file to DB based on filenameQuery - filenametext/plainPKCS12 Certificate file in Binary format curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/certificate?filename=ssl.p12’ –data-binary ‘@< path to ssl.p12 >’
DELETE /api/v1/certificate?filename=fileNameDelete the certificate file to DB based on filenameQuery - filename   curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8040/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’
GET /api/v1/logsServes the log from the RV service   RV logscurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8040/api/v1/logs’
DELETE /api/v1/logsDeletes the log from the RV service    curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8040/api/v1/logs’
POST /api/v1/certificate/validity?days=no_of_daysUpdates certificate validity in CERTIFICATE_VALIDITY table text/plain  curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/certificate/validity?days=10’
GET /api/v1/certificate/validityCollects certificate validity days from CERTIFICATE_VALIDITY table   Number of Dayscurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8040/api/v1/certificate/validity’
GET /healthReturns the health status   Current versioncurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8040/health’
POST /api/v1/rv/allowAdds public key to allowed list of Owners in RV text/plaincertificate in pem format curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/rv/allow` –data-raw “$owner_certificate”
DELETE /api/v1/rv/allowdelete public key to allowed list of Owners in RV text/plaincertificate in pem format curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/rv/allow` –data-raw “$owner_certificate”
POST /api/v1/rv/denyAdds public key to denied list of Owners in RV text/plaincertificate in pem format curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8040/api/v1/rv/deny` –data-raw “$owner_certificate”

Following is the list of REST response error codes and it’s description :

Error CodePossible Causes
401 UnauthorizedWhen an invalid Authentication header is present with the REST Request. Make sure to use the correct REST credentials.
404 Not FoundWhen an invalid REST request is sent to RV. Make sure to use the correct REST API endpoint.
405 Method Not AllowedWhen an unsupported REST method is requested. Currently, RV supports GET, PUT and DELETE only.
406 Not AcceptableWhen an invalid filename is passed through the REST endpoints.
500 Internal Server ErrorDue to internal error, RV unable to fetch/copy/delete the requested file.

FDO PRI Manufacturer REST APIs

NOTE: These REST APIs use Digest authentication. api_user and api_password properties specify the credentials to be used while making the REST calls. The value for api_user is present in service.yml file and value for api_password is present in service.env file.

OperationDescriptionPath/Query ParametersContent TypeRequest BodyResponse BodySample cURL call
POST /api/v1/mfg/vouchers/Gets extended Ownership Voucher with the serial number.Path - Device Serial Number Owner CertificateExtended Vouchercurl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8039/api/v1/mfg/vouchers/${serial_no}” –header ‘Content-Type: text/plain’ –data-raw “$owner_certificate” -o ${serial_no}_voucher.txt
GET /api/v1/certificate?filename=fileNameReturns the certificate file based on filenameQuery - filename  Keystore file in binary formatcurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8039/api/v1/certificate?filename=ssl.p12’
POST /api/v1/certificate?filename=fileNameAdds the certificate file to DB based on filenameQuery - filenametext/plainPKCS12 Certificate file in Binary format curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8039/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’ –data-binary ‘@< path to ssl.p12 >’
DELETE /api/v1/certificate?filename=fileNameDelete the certificate file to DB based on filenameQuery - filename   curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8039/api/v1/certificate?filename=ssl.p12’ –header ‘Content-Type: text/plain’
POST /api/v1/rvinfo/Updates RV Info in RV_DATA table text/plainRV Info curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8039/api/v1/rvinfo’ –header ‘Content-Type: text/plain’ –data-raw ‘[[[5,”localhost”],[3,8040],[12,1],[2,”127.0.0.1”],[4,8041]]]’
GET /api/v1/deviceinfo/{seconds}Serves the serial no. and GUID of the devices that completed DI in the last n secondsPath - n seconds  JSON array of Serial No, GUID ,DI Timestamp and Attestion type.curl -D - –digest -u apiUser: –location –request GET ‘http://localhost:8080/api/v1/deviceinfo/30’ –header ‘Content-Type: text/plain’
GET /api/v1/logsServes the log from the manufacturer service   Manufacturer logscurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8039/api/v1/logs’ –header ‘Content-Type: text/plain’
DELETE /api/v1/logsDeletes the log from the manufacturer service    curl -D - –digest -u ${api_user}: –location –request DELETE ‘http://localhost:8039/api/v1/logs’ –header ‘Content-Type: text/plain’
POST /api/v1/certificate/validity?days=no_of_daysUpdates certificate validity in CERTIFICATE_VALIDITY tableQuery - daystext/plain  curl -D - –digest -u ${api_user}: –location –request POST ‘http://localhost:8039/api/v1/certificate/validity?days=10’ –header ‘Content-Type: text/plain’
GET /api/v1/certificate/validityCollects certificate validity days from CERTIFICATE_VALIDITY table   Number of Dayscurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8039/api/v1/certificate/validity’
GET /healthReturns the health status   Current versioncurl -D - –digest -u ${api_user}: –location –request GET ‘http://localhost:8039/health’

Following is the list of REST response error codes and it’s possible causes :

Error CodePossible Causes
401 UnauthorizedWhen an invalid Authentication header is present with the REST Request. Make sure to use the correct REST credentials.
404 Not FoundWhen an invalid REST request is sent to MFG. Make sure to use the correct REST API endpoint.
405 Method Not AllowedWhen an unsupported REST method is requested. Currently, MFG supports GET, POST and DELETE only.
406 Not AcceptableWhen an invalid filename is passed through the REST endpoints.
500 Internal Server ErrorDue to internal error, MFG unable to fetch/copy/delete the requested file.

FDO PRI Reseller REST APIs

OperationDescriptionPath/Query ParametersContent TypeRequest BodyResponse BodySample cURL call
POST /api/v1/resell/{guid}Gets extended resell Ownership Voucher with the guid.Path - guid of the device to resell Owner CertificateThe Ownership voucher in PEM formatcurl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8070/api/v1/resell/${guid}” –header ‘Content-Type: text/plain’ –data-raw “$owner_certificate” -o ${serial_no}_voucher.txt
GET /api/v1/owner/vouchersReturns a list of all Ownership Voucher GUIDs.   line separated list of GUIDscurl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8070/api/v1/owner/vouchers” –header ‘Content-Type: text/plain’
GET /api/v1/owner/vouchers/Returns the Ownership Voucher for the specified GUID.Query - id: Device GUID  Ownership Vouchercurl -D - –digest -u ${api_user}: –location –request GET “http://localhost:8070/api/v1/owner/vouchers/${device_guid}” –header ‘Content-Type: text/plain’
POST /api/v1/owner/vouchers/Insert Ownership Voucher against the specified GUID in ONBOARDING_VOUCHER table. text/plainContent of Ownership Voucher in PEM Format curl -D - –digest -u ${api_user}: –location –request POST “http://localhost:8070/api/v1/owner/vouchers” –header ‘Content-Type: text/plain’ –data-binary ‘${voucher}’

Following is the list of REST response error codes and it’s possible causes :

Error CodePossible Causes
401 UnauthorizedWhen an invalid Authentication header is present with the REST Request. Make sure to use the correct REST credentials.
404 Not FoundWhen an invalid REST request is sent to Reseller. Make sure to use the correct REST API endpoint.
405 Method Not AllowedWhen an unsupported REST method is requested. Currently, Reseller supports GET, POST and DELETE only.
406 Not AcceptableWhen an invalid filename is passed through the REST endpoints.
500 Internal Server ErrorDue to internal error, Reseller unable to fetch/copy/delete the requested file.