Identity Providers
Keystore API (v1)
Download OpenAPI specification:Download
This document specifies the Keystore related operations RESTful API for WSO2 Identity Server
Retrieve the list of certificate aliases
This REST API can be used to get the certificate aliases from the keystore
Scope(Permission) required: internal_keystore_view
Authorizations:
query Parameters
| filter | string Condition to filter the retrival of records. Supports 'sw', 'co', 'ew' and 'eq' operations. E.g. keystores/certs?filter=alias+eq+wso2carbon |
Responses
Request samples
- Curl
curl -X 'GET' \ 'https://localhost:9443/api/server/v1/keystores/certs' \ -H 'accept: application/json' \ -H 'Authorization: Basic YWRtaW46YWRtaW4='
Response samples
- 200
- 400
- 404
- 500
[- {
- "alias": "wso2carbon",
}
]Upload the certificate with the given alias
This REST API can be used to upload the certifate to the tenant keystore. This API is not supported for super tenant.
Scope(Permission) required: internal_keystore_update
Authorizations:
Request Body schema: application/json
| alias required | string |
| certificate required | string |
Responses
Request samples
- Payload
- Curl
{- "alias": "newcert",
- "certificate": "MIIDADCCAeigAwIBAgIEnRKL8zANBgkqhkiG9w0BAQQFADBCMREwDwYDVQQDDAh3c28yLmNvbTENMAsGA1UECwwETm9uZTEPMA0GA1UECgwGTm9uZSBMMQ0wCwYDVQQGEwROb25lMB4XDTE5MDkyMjA5MzgyM1oXDTI5MTAxOTA5MzgyM1owQjERMA8GA1UEAwwId3NvMi5jb20xDTALBgNVBAsMBE5vbmUxDzANBgNVBAoMBk5vbmUgTDENMAsGA1UEBhMETm9uZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY6diX4CyRNARLYQq5tLnjSMbCh4waM7EDniKeZuQAKVdBpzgvan+G8QrgfJqZ7IfYCLFKSQIpblMiULnaf0Zy1VqQG+QNh+CHpMJ0jRPAKWUXQrgzFu24+araRei9v9VBHVwaNVp1uHKx9cL4XAXdIRv+ZDCTrkvJJUPxrNgF14UIUPsNIZF5perptTUUaudyDiGug80baTXxuEf7gJh6LcT5UIJF/moWKhLYhKEFa7nq7sJLcGIUKRlIxF487rTe1zZzN9RsdpH5d11DnltThOdO1mF9BX1U6F3yuJoOlsIcHIeab0XED0jw8PFi5+LT7EOe6xzaB9sL2DB38o8sCAwEAATANBgkqhkiG9w0BAQQFAAOCAQEArqGJfCOIjY5sFhO6Fd5x3dM6OrA7QcjxzNxsNwO7e2zFr4SHJqekfErZxFTLGWMpyMakvTFAk3e/ShvDQ71nBxYl6Rbdco0f2SUI2ig3lQR5ZTxPmxSSNNbX4K2ptAgzikmSjc6lrGRUnMkMKetClDRsOf9banuDImB2aIn2STmFR2U5duui2oEep3C5mlxregBXI8xEWF6VpXzeEz2AEOaKWOPLDTQsBWxSFi9uVVkD9GwN7yJCXWF81enCpQ4U1PHVhAdS40HTXbis/R0+ykDdkDLmbu3Oa+F2uyWnarAR9rKVfjNovXvJPX4D+5/wipDyXUOO58tyF0342JuIdA=="
}Response samples
- 400
- 404
- 405
- 500
{- "code": "AAA-00000",
- "message": "Some Error Message",
- "description": "Some Error Description",
- "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}Retrieve the public certificate
This REST API can be used to download the public certificate from the keystore.
Scope(Permission) required: None
query Parameters
| encode-cert | boolean |
Responses
Request samples
- Curl
curl -X 'GET' \ 'https://localhost:9443/api/server/v1/keystores/certs/public' \ -H 'accept: application/pkix-cert'
Response samples
- 400
- 404
- 500
{- "code": "AAA-00000",
- "message": "Some Error Message",
- "description": "Some Error Description",
- "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}Retrieve the certificate of the provided alias
This REST API can be used to download the certificate from the keystore
Scope(Permission) required: internal_keystore_view
Authorizations:
path Parameters
| alias required | string alias of the certificate |
query Parameters
| encode-cert | boolean |
Responses
Request samples
- Curl
curl -X 'GET' \ 'https://localhost:9443/api/server/v1/keystores/certs/{alias}' \ -H 'accept: application/pkix-cert' \ -H 'Authorization: Basic YWRtaW46YWRtaW4='
Response samples
- 400
- 404
- 500
{- "code": "AAA-00000",
- "message": "Some Error Message",
- "description": "Some Error Description",
- "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}Delete the certificate
This REST API can be used to delete the certificate with the given alias from the tenant keystore. This API is not supported for super tenant.
Scope(Permission) required: internal_keystore_update
Authorizations:
path Parameters
| alias required | string alias of the certificate |
Responses
Request samples
- Curl
curl -X 'DELETE' \ 'https://localhost:9443/api/server/v1/keystores/certs/{alias}' \ -H 'accept: */*' \ -H 'Authorization: Basic YWRtaW46YWRtaW4='
Response samples
- 400
- 405
- 500
{- "code": "AAA-00000",
- "message": "Some Error Message",
- "description": "Some Error Description",
- "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}Retrieve the list of certificate aliases from the client truststore
This REST API can be used to get the list of certificate aliases from the client truststore
Scope(Permission) required: internal_keystore_view
Authorizations:
query Parameters
| filter | string Condition to filter the retrival of records. Supports 'sw', 'co', 'ew' and 'eq' operations. E.g. keystores/certs?filter=alias+eq+wso2carbon |
Responses
Request samples
- Curl
curl -X 'GET' \ 'https://localhost:9443/api/server/v1/keystores/client-certs' \ -H 'accept: application/json' \ -H 'Authorization: Basic YWRtaW46YWRtaW4='
Response samples
- 200
- 400
- 404
- 500
[- {
- "alias": "wso2carbon",
}
]Retrieve the certificate of the provided alias
This REST API can be used to download the certificate of specified alias from the client-truststore
Scope(Permission) required: internal_keystore_view
Authorizations:
path Parameters
| alias required | string alias of the certificate |
query Parameters
| encode-cert | boolean |
Responses
Request samples
- Curl
curl -X 'GET' \ 'https://localhost:9443/api/server/v1/keystores/client-certs/{alias}' \ -H 'accept: application/pkix-cert' \ -H 'Authorization: Basic YWRtaW46YWRtaW4='
Response samples
- 400
- 404
- 500
{- "code": "AAA-00000",
- "message": "Some Error Message",
- "description": "Some Error Description",
- "traceId": "e0fbcfeb-3617-43c4-8dd0-7b7d38e13047"
}