Introduction
This is automatically generated public documentation of RemSig REST endpoints.
Authentication
Basic authentication is used.
Pagination
| Path | Type | Optional | Description |
|---|---|---|---|
page |
Integer |
true |
Page you want to retrieve, 0 indexed and defaults to 0. |
size |
Integer |
true |
Size of the page you want to retrieve, defaults to 100. |
sort |
String |
true |
Properties that should be sorted by in the format |
1. Certificates
1.1. Get Certificates
GET /api/certificate/
Lists certificates.
1.1.1. Authorization
USER role required.
1.1.2. Path parameters
No parameters.
1.1.3. Query parameters
Supports standard paging query parameters.
| Parameter | Type | Optional | Description |
|---|---|---|---|
serialNumber |
String |
true |
1.1.4. Request fields
No request body.
1.1.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
page |
Integer |
true |
Page number. |
size |
Integer |
true |
Size of the page. |
totalElements |
Integer |
true |
Total number of elements. |
totalPages |
Integer |
true |
Total number of pages. |
certificates |
Array[Object] |
true |
Certificates. |
certificates[].id |
Integer |
true |
Unique internal identifier. |
certificates[].index |
Integer |
true |
Certificate index. |
certificates[].type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
certificates[].encoded |
Array[Integer] |
true |
Encoded certificate. |
certificates[].subject |
String |
true |
Subject. |
certificates[].issuer |
String |
true |
Issuer. |
certificates[].serialNumber |
Integer |
true |
Serial number. |
certificates[].notBefore |
String |
true |
Not before date. |
certificates[].notAfter |
String |
true |
Not after date. |
certificates[].disabled |
Boolean |
true |
Disabled status. |
certificates[].personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
certificates[].person |
Object |
true |
Associated person. |
certificates[].person.id |
Integer |
true |
Unique internal identifier. |
certificates[].person.uniqueId |
String |
true |
Unique identifier for person. |
certificates[].person.email |
String |
true |
Email for person. |
1.1.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/certificate/ -i -u 'username:password' -X GET \
-H 'Accept: application/json'1.1.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "025593daba8feb88eaa077cba27ae8b6a"
Content-Length: 996
{
"operationId" : 123456,
"page" : 0,
"size" : 100,
"totalElements" : 2,
"totalPages" : 1,
"certificates" : [ {
"id" : 1,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...pCNC++/bOA==",
"subject" : "CN=API docs 1",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 4,
"person" : {
"id" : 4,
"uniqueId" : "person1234@localhost",
"email" : "person.1234@mail.localhost"
}
}, {
"id" : 2,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...NBGYHrABLw==",
"subject" : "CN=API docs 2",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 6,
"person" : {
"id" : 6,
"uniqueId" : "person99@localhost",
"email" : "person.99@mail.localhost"
}
} ]
}1.2. Get Latest Valid Certificate
GET /api/certificate/latest-valid
Gets latest valid certificate.
1.2.1. Authorization
USER role required.
1.2.2. Path parameters
No parameters.
1.2.3. Query parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Integer |
true |
Unique internal identifier for person. |
uniqueId |
String |
true |
UniqueId for person. |
1.2.4. Request fields
No request body.
1.2.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
certificate |
Object |
true |
Certificate. |
certificate.id |
Integer |
true |
Unique internal identifier. |
certificate.index |
Integer |
true |
Certificate index. |
certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
certificate.subject |
String |
true |
Subject. |
certificate.issuer |
String |
true |
Issuer. |
certificate.serialNumber |
Integer |
true |
Serial number. |
certificate.notBefore |
String |
true |
Not before date. |
certificate.notAfter |
String |
true |
Not after date. |
certificate.disabled |
Boolean |
true |
Disabled status. |
certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
certificate.person |
Object |
true |
Associated person. |
certificate.person.id |
Integer |
true |
Unique internal identifier. |
certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
certificate.person.email |
String |
true |
Email for person. |
1.2.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/certificate/latest-valid?uniqueId=someid%40uni.localhost -i -u 'username:password' -X GET \
-H 'Accept: application/json'1.2.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "05f24429a3db209156427b8e2db85a8e3"
Content-Length: 480
{
"operationId" : 123456,
"certificate" : {
"id" : 2,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...NBGYHrABLw==",
"subject" : "CN=API docs 2",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 6,
"person" : {
"id" : 6,
"uniqueId" : "person99@localhost",
"email" : "person.99@mail.localhost"
}
}
}2. Sign
2.1. Sign Pdf
POST /api/sign/pdf
Signs single pdf document.
2.1.1. Authorization
USER role required.
2.1.2. Path parameters
No parameters.
2.1.3. Query parameters
No parameters.
2.1.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
name |
String |
true |
The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
displayName |
String |
true |
|
data |
Object |
true |
The data source to be signed. |
data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
data.http |
Object |
true |
The source of the document/data using http protocol. |
data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
data.http.authentication.basic.username |
String |
true |
Http basic username. |
data.http.authentication.basic.password |
String |
true |
Http basic password. |
base64Pdf |
String |
true |
Deprecated. Use data.bytes instead. Pdf document to sign. Must be a valid base64 encoded string. |
documentName |
String |
true |
Deprecated. Use name attribute instead. The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
watermark |
Object |
true |
Visible watermark parameters. |
watermark.insert |
Boolean |
true |
Insert visible watermark. |
watermark.text |
String |
true |
Text to use on watermark. |
watermark.position |
String |
true |
Watermark position on document page. |
watermark.page |
String |
true |
Page to insert watermark. |
timestamp |
Object |
true |
Timestamp signature parameters. |
timestamp.enabled |
Boolean |
true |
Deprecated. Use name or url attributes instead. Enable remote timestamp server. |
timestamp.name |
String |
true |
The name of timestamp server. Must be a valid timestamp server name. |
timestamp.url |
String |
true |
Custom server url. Must be a well-formed URL. |
timestamp.timeout |
String |
true |
Custom timeout for communication with timestamp server. Must be lower than 5 seconds. |
timestamp.authentication |
Object |
true |
Custom authentication parameters. |
timestamp.authentication.basic |
Object |
true |
|
timestamp.authentication.basic.username |
String |
false |
|
timestamp.authentication.basic.password |
String |
false |
|
timestamp.headers |
Map |
true |
Additional request headers, which will be sent with request. |
signatureLevel |
String |
true |
The signature level. Must be one of [B, T, LT]. |
personUniqueId |
String |
false |
Unique identifier of the user. |
certificateIndex |
Integer |
true |
Certificate index to use. |
redirects |
Object |
true |
User redirects on certain events. |
redirects.success |
String |
true |
Redirect URL on successful password entry. |
redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
redirects.error |
String |
true |
Redirect URL on error after password entry. |
2.1.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
authRedirectUrl |
String |
false |
Redirect URL for password entry. |
hash |
String |
false |
Unique hash identifying signing task. |
2.1.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/sign/pdf -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"personUniqueId" : "person@localhost",
"base64Pdf" : "JVBERi0xLjcK...DSUlRU9GDQ==",
"documentName" : "sample.pdf"
}'2.1.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 124
{
"operationId" : 123456,
"authRedirectUrl" : "https://remsig-dev.cesnet.cz/pin/4b90f2d3681",
"hash" : "4b90f2d3681"
}2.2. Sign PKCS 7
POST /api/sign/pkcs7
Signs single PKCS7.
2.2.1. Authorization
USER role required.
2.2.2. Path parameters
No parameters.
2.2.3. Query parameters
No parameters.
2.2.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
name |
String |
true |
The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
displayName |
String |
true |
|
data |
Object |
true |
The data source to be signed. |
data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
data.http |
Object |
true |
The source of the document/data using http protocol. |
data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
data.http.authentication.basic.username |
String |
true |
Http basic username. |
data.http.authentication.basic.password |
String |
true |
Http basic password. |
base64Data |
String |
true |
Deprecated. Use data.bytes instead. Data to sign. Must be a valid base64 encoded string. |
noDetach |
Boolean |
true |
No detach parameter. |
pem |
Boolean |
true |
Produce output in pem or der format. |
algorithm |
String |
true |
The algorithm to use. |
hashData |
Boolean |
true |
Whether to calculate digest first and then sign data. |
timestamp |
Object |
true |
Timestamp signature parameters. |
timestamp.enabled |
Boolean |
true |
Deprecated. Use name or url attributes instead. Enable remote timestamp server. |
timestamp.name |
String |
true |
The name of timestamp server. Must be a valid timestamp server name. |
timestamp.url |
String |
true |
Custom server url. Must be a well-formed URL. |
timestamp.timeout |
String |
true |
Custom timeout for communication with timestamp server. Must be lower than 5 seconds. |
timestamp.authentication |
Object |
true |
Custom authentication parameters. |
timestamp.authentication.basic |
Object |
true |
|
timestamp.authentication.basic.username |
String |
false |
|
timestamp.authentication.basic.password |
String |
false |
|
timestamp.headers |
Map |
true |
Additional request headers, which will be sent with request. |
personUniqueId |
String |
false |
Unique identifier of the user. |
certificateIndex |
Integer |
true |
Certificate index to use. |
redirects |
Object |
true |
User redirects on certain events. |
redirects.success |
String |
true |
Redirect URL on successful password entry. |
redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
redirects.error |
String |
true |
Redirect URL on error after password entry. |
2.2.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
authRedirectUrl |
String |
false |
Redirect URL for password entry. |
hash |
String |
false |
Unique hash identifying signing task. |
2.2.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/sign/pkcs7 -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"personUniqueId" : "person@localhost",
"base64Data" : "TG9yZW0gaXBz...c2l0IGFtZXQu",
"name" : "sample.txt"
}'2.2.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 124
{
"operationId" : 123456,
"authRedirectUrl" : "https://remsig-dev.cesnet.cz/pin/b41eb326bc1",
"hash" : "b41eb326bc1"
}3. Pdf signing pre-validation
3.1. Validate Pdf Codes
GET /api/sign/validate/pdf/codes
3.1.1. Authorization
Public access.
3.1.2. Path parameters
No parameters.
3.1.3. Query parameters
No parameters.
3.1.4. Request fields
No request body.
3.1.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
errors |
Array[String] |
true |
Must be one of [ENCRYPTED, INTERACTIVE_FIELD, READ_ONLY, UNMODIFIABLE, LOCKED, SIGNING_ERROR, VISIBLE_WATERMARK_OVERLAP, UNKNOWN_ERROR]. |
errors[].code |
Integer |
true |
The unique code for violation. |
errors[].message |
String |
true |
The message describing violation. |
warnings |
Array[String] |
true |
Must be one of [ENCRYPTED, INTERACTIVE_FIELD, READ_ONLY, UNMODIFIABLE, LOCKED, SIGNING_ERROR, VISIBLE_WATERMARK_OVERLAP, UNKNOWN_ERROR]. |
warnings[].code |
Integer |
true |
The unique code for violation. |
warnings[].message |
String |
true |
The message describing violation. |
3.1.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/sign/validate/pdf/codes -i -X GET \
-H 'Accept: application/json'3.1.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 418
{
"operationId" : 123456,
"errors" : [ {
"code" : 1,
"message" : "The document is encrypted"
}, {
"code" : 2,
"message" : "The document contains at least 1 interactive field"
}, {
"code" : 3,
"message" : "The document has read-only access permission set"
} ],
"warnings" : [ {
"code" : 7,
"message" : "The visible signature watermark overlaps with the existing area"
} ]
}3.2. Validate Pdf Document
POST /api/sign/validate/pdf
3.2.1. Authorization
USER role required.
3.2.2. Path parameters
No parameters.
3.2.3. Query parameters
No parameters.
3.2.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
data |
Object |
true |
The data source to be validated. |
data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
data.http |
Object |
true |
The source of the document/data using http protocol. |
data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
data.http.authentication.basic.username |
String |
true |
Http basic username. |
data.http.authentication.basic.password |
String |
true |
Http basic password. |
watermark |
Object |
true |
Visible watermark parameters. |
watermark.insert |
Boolean |
true |
Insert visible watermark. |
watermark.text |
String |
true |
Text to use on watermark. |
watermark.position |
String |
true |
Watermark position on document page. |
watermark.page |
String |
true |
Page to insert watermark. |
3.2.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
signable |
Boolean |
true |
Whether pdf document can be signed. |
errors |
Array[String] |
true |
Must be one of [ENCRYPTED, INTERACTIVE_FIELD, READ_ONLY, UNMODIFIABLE, LOCKED, SIGNING_ERROR, VISIBLE_WATERMARK_OVERLAP, UNKNOWN_ERROR]. |
errors[].code |
Integer |
true |
The unique code for violation. |
errors[].message |
String |
true |
The message describing violation. |
warnings |
Array[String] |
true |
Must be one of [ENCRYPTED, INTERACTIVE_FIELD, READ_ONLY, UNMODIFIABLE, LOCKED, SIGNING_ERROR, VISIBLE_WATERMARK_OVERLAP, UNKNOWN_ERROR]. |
warnings[].code |
Integer |
true |
The unique code for violation. |
warnings[].message |
String |
true |
The message describing violation. |
3.2.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/sign/validate/pdf -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"data" : {
"bytes" : "JVBERi0xLjcK...DSUlRU9GDQ=="
}
}'3.2.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 282
{
"operationId" : 123456,
"signable" : false,
"errors" : [ {
"code" : 5,
"message" : "The document is locked and cannot be modified or signed"
}, {
"code" : 4,
"message" : "The document cannot be modified set by access permission"
} ],
"warnings" : [ ]
}4. Batch
4.1. Batch Create
POST /api/batch/create
Creates signing batch.
4.1.1. Authorization
USER role required.
4.1.2. Path parameters
No parameters.
4.1.3. Query parameters
No parameters.
4.1.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
personUniqueId |
String |
false |
Person unique identifier. |
certificateIndex |
Integer |
true |
Certificate index to use. |
redirects |
Object |
true |
|
redirects.success |
String |
true |
Redirect URL on successful password entry. |
redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
redirects.error |
String |
true |
Redirect URL on error after password entry. |
4.1.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
batch |
Object |
true |
Signing batch. |
batch.hash |
String |
true |
Unique hash of the signing batch. |
batch.authRedirectUrl |
String |
true |
Redirect URL for password entry. |
batch.redirects |
Object |
true |
User redirects on certain events. |
batch.redirects.success |
String |
true |
Redirect URL on successful password entry. |
batch.redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
batch.redirects.error |
String |
true |
Redirect URL on error after password entry. |
batch.state |
String |
true |
State of signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
batch.creationDate |
String |
true |
Creation date. |
batch.tasksCount |
Integer |
true |
Number of individual tasks. |
batch.tasksFinished |
Integer |
true |
Number of finished (signed) tasks. |
batch.percentFinished |
Decimal |
true |
Percentage of finished tasks. |
4.1.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/create -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"personUniqueId" : "123456@localhost"
}'4.1.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 368
{
"operationId" : 123456,
"batch" : {
"hash" : "39754fe3c130",
"authRedirectUrl" : "https://localhost/pin/39754fe3c130",
"redirects" : {
"success" : null,
"cancel" : null,
"error" : null
},
"state" : "OPEN",
"creationDate" : 1735773381852,
"tasksCount" : 0,
"tasksFinished" : 0,
"percentFinished" : 100.0
}
}4.2. Add Pdf
POST /api/batch/{hash:\w+}/add/pdf
Adds pdf signing task.
4.2.1. Authorization
USER role required.
4.2.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.2.3. Query parameters
No parameters.
4.2.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
name |
String |
true |
The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
displayName |
String |
true |
User-friendly name. |
data |
Object |
true |
The data source to be signed. |
data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
data.http |
Object |
true |
The source of the document/data using http protocol. |
data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
data.http.authentication.basic.username |
String |
true |
Http basic username. |
data.http.authentication.basic.password |
String |
true |
Http basic password. |
base64Pdf |
String |
true |
Deprecated. Use data.bytes instead. Pdf document to sign. Must be a valid base64 encoded string. |
documentName |
String |
true |
Deprecated. Use name attribute instead. The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
watermark |
Object |
true |
Visible watermark parameters. |
watermark.insert |
Boolean |
true |
Insert visible watermark. |
watermark.text |
String |
true |
Text to use on watermark. |
watermark.position |
String |
true |
Watermark position on document page. |
watermark.page |
String |
true |
Page to insert watermark. |
timestamp |
Object |
true |
Timestamp signature parameters. |
timestamp.enabled |
Boolean |
true |
Deprecated. Use name or url attributes instead. Enable remote timestamp server. |
timestamp.name |
String |
true |
The name of timestamp server. Must be a valid timestamp server name. |
timestamp.url |
String |
true |
Custom server url. Must be a well-formed URL. |
timestamp.timeout |
String |
true |
Custom timeout for communication with timestamp server. Must be lower than 5 seconds. |
timestamp.authentication |
Object |
true |
Custom authentication parameters. |
timestamp.authentication.basic |
Object |
true |
|
timestamp.authentication.basic.username |
String |
false |
|
timestamp.authentication.basic.password |
String |
false |
|
timestamp.headers |
Map |
true |
Additional request headers, which will be sent with request. |
signatureLevel |
String |
true |
The signature level. Must be one of [B, T, LT]. |
4.2.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
batch |
Object |
true |
Signing batch. |
batch.hash |
String |
true |
Unique hash of the signing batch. |
batch.authRedirectUrl |
String |
true |
Redirect URL for password entry. |
batch.redirects |
Object |
true |
User redirects on certain events. |
batch.redirects.success |
String |
true |
Redirect URL on successful password entry. |
batch.redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
batch.redirects.error |
String |
true |
Redirect URL on error after password entry. |
batch.state |
String |
true |
State of signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
batch.creationDate |
String |
true |
Creation date. |
batch.tasksCount |
Integer |
true |
Number of individual tasks. |
batch.tasksFinished |
Integer |
true |
Number of finished (signed) tasks. |
batch.percentFinished |
Decimal |
true |
Percentage of finished tasks. |
4.2.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/add/pdf -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"data" : {
"bytes" : "JVBERi0xLjcK...DSUlRU9GDQ=="
},
"name" : "sample.pdf"
}'4.2.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 366
{
"operationId" : 123456,
"batch" : {
"hash" : "39754fe3c130",
"authRedirectUrl" : "https://localhost/pin/39754fe3c130",
"redirects" : {
"success" : null,
"cancel" : null,
"error" : null
},
"state" : "OPEN",
"creationDate" : 1735773386890,
"tasksCount" : 1,
"tasksFinished" : 0,
"percentFinished" : 0.0
}
}4.2.8. Example request with remote HTTP document source
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/add/pdf -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"data" : {
"http" : {
"url" : "https://my.domain.local/remsig-export/document123.pdf"
}
},
"name" : "document123.pdf"
}'4.3. Add Pkcs 7
POST /api/batch/{hash:\w+}/add/pkcs7
Adds pkcs7 signing task.
4.3.1. Authorization
USER role required.
4.3.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.3.3. Query parameters
No parameters.
4.3.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
name |
String |
true |
The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
displayName |
String |
true |
User-friendly name. |
data |
Object |
true |
The data source to be signed. |
data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
data.http |
Object |
true |
The source of the document/data using http protocol. |
data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
data.http.authentication.basic.username |
String |
true |
Http basic username. |
data.http.authentication.basic.password |
String |
true |
Http basic password. |
base64Data |
String |
true |
Deprecated. Use data.bytes instead. Data to sign. Must be a valid base64 encoded string. |
noDetach |
Boolean |
true |
No detach parameter. |
pem |
Boolean |
true |
Produce output in pem or der format. |
algorithm |
String |
true |
The algorithm to use. |
hashData |
Boolean |
true |
Whether to calculate digest first and then sign data. |
timestamp |
Object |
true |
Timestamp signature parameters. |
timestamp.enabled |
Boolean |
true |
Deprecated. Use name or url attributes instead. Enable remote timestamp server. |
timestamp.name |
String |
true |
The name of timestamp server. Must be a valid timestamp server name. |
timestamp.url |
String |
true |
Custom server url. Must be a well-formed URL. |
timestamp.timeout |
String |
true |
Custom timeout for communication with timestamp server. Must be lower than 5 seconds. |
timestamp.authentication |
Object |
true |
Custom authentication parameters. |
timestamp.authentication.basic |
Object |
true |
|
timestamp.authentication.basic.username |
String |
false |
|
timestamp.authentication.basic.password |
String |
false |
|
timestamp.headers |
Map |
true |
Additional request headers, which will be sent with request. |
4.3.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
batch |
Object |
true |
Signing batch. |
batch.hash |
String |
true |
Unique hash of the signing batch. |
batch.authRedirectUrl |
String |
true |
Redirect URL for password entry. |
batch.redirects |
Object |
true |
User redirects on certain events. |
batch.redirects.success |
String |
true |
Redirect URL on successful password entry. |
batch.redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
batch.redirects.error |
String |
true |
Redirect URL on error after password entry. |
batch.state |
String |
true |
State of signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
batch.creationDate |
String |
true |
Creation date. |
batch.tasksCount |
Integer |
true |
Number of individual tasks. |
batch.tasksFinished |
Integer |
true |
Number of finished (signed) tasks. |
batch.percentFinished |
Decimal |
true |
Percentage of finished tasks. |
4.3.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/add/pkcs7 -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"data" : {
"bytes" : "TG9yZW0gaXBz...c2l0IGFtZXQu"
},
"name" : "sample-data"
}'4.3.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 366
{
"operationId" : 123456,
"batch" : {
"hash" : "39754fe3c130",
"authRedirectUrl" : "https://localhost/pin/39754fe3c130",
"redirects" : {
"success" : null,
"cancel" : null,
"error" : null
},
"state" : "OPEN",
"creationDate" : 1735773388269,
"tasksCount" : 1,
"tasksFinished" : 0,
"percentFinished" : 0.0
}
}4.3.8. Example request with remote HTTP data source
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/add/pkcs7 -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"data" : {
"http" : {
"url" : "https://my.domain.local/remsig-export/my-data-file.bin"
}
},
"name" : "sample-data.bin"
}'4.4. Add Pkcs 1
POST /api/batch/{hash:\w+}/add/pkcs1
Adds pkcs1 signing task.
4.4.1. Authorization
USER role required.
4.4.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.4.3. Query parameters
No parameters.
4.4.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
name |
String |
true |
The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
displayName |
String |
true |
User-friendly name. |
data |
Object |
true |
The data source to be signed. |
data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
data.http |
Object |
true |
The source of the document/data using http protocol. |
data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
data.http.authentication.basic.username |
String |
true |
Http basic username. |
data.http.authentication.basic.password |
String |
true |
Http basic password. |
base64Data |
String |
true |
Deprecated. Use data.bytes instead. Data to sign. Must be a valid base64 encoded string. |
algorithm |
String |
true |
The signature algorithm to use. Must be a valid signature algorithm. |
4.4.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
batch |
Object |
true |
Signing batch. |
batch.hash |
String |
true |
Unique hash of the signing batch. |
batch.authRedirectUrl |
String |
true |
Redirect URL for password entry. |
batch.redirects |
Object |
true |
User redirects on certain events. |
batch.redirects.success |
String |
true |
Redirect URL on successful password entry. |
batch.redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
batch.redirects.error |
String |
true |
Redirect URL on error after password entry. |
batch.state |
String |
true |
State of signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
batch.creationDate |
String |
true |
Creation date. |
batch.tasksCount |
Integer |
true |
Number of individual tasks. |
batch.tasksFinished |
Integer |
true |
Number of finished (signed) tasks. |
batch.percentFinished |
Decimal |
true |
Percentage of finished tasks. |
4.4.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/add/pkcs1 -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"data" : {
"bytes" : "TG9yZW0gaXBz...c2l0IGFtZXQu"
},
"name" : "sample-data"
}'4.4.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 366
{
"operationId" : 123456,
"batch" : {
"hash" : "39754fe3c130",
"authRedirectUrl" : "https://localhost/pin/39754fe3c130",
"redirects" : {
"success" : null,
"cancel" : null,
"error" : null
},
"state" : "OPEN",
"creationDate" : 1735773387831,
"tasksCount" : 1,
"tasksFinished" : 0,
"percentFinished" : 0.0
}
}4.4.8. Example request with remote HTTP data source
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/add/pkcs1 -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"data" : {
"http" : {
"url" : "https://my.domain.local/remsig-export/my-data-file.bin"
}
},
"name" : "sample-data.bin"
}'4.5. Add Multiple Tasks
POST /api/batch/{hash:\w+}/add
Adds multiple pdf, pkcs7 or pkcs1 signing tasks.
4.5.1. Authorization
USER role required.
4.5.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.5.3. Query parameters
No parameters.
4.5.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
Array[Object] |
true |
Pdf signing tasks. |
|
pdf[].name |
String |
true |
The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
pdf[].displayName |
String |
true |
User-friendly name. |
pdf[].data |
Object |
true |
The data source to be signed. |
pdf[].data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
pdf[].data.http |
Object |
true |
The source of the document/data using http protocol. |
pdf[].data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
pdf[].data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
pdf[].data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
pdf[].data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
pdf[].data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
pdf[].data.http.authentication.basic.username |
String |
true |
Http basic username. |
pdf[].data.http.authentication.basic.password |
String |
true |
Http basic password. |
pdf[].base64Pdf |
String |
true |
Deprecated. Use data.bytes instead. Pdf document to sign. Must be a valid base64 encoded string. |
pdf[].documentName |
String |
true |
Deprecated. Use name attribute instead. The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
pdf[].watermark |
Object |
true |
Visible watermark parameters. |
pdf[].watermark.insert |
Boolean |
true |
Insert visible watermark. |
pdf[].watermark.text |
String |
true |
Text to use on watermark. |
pdf[].watermark.position |
String |
true |
Watermark position on document page. |
pdf[].watermark.page |
String |
true |
Page to insert watermark. |
pdf[].timestamp |
Object |
true |
Timestamp signature parameters. |
pdf[].timestamp.enabled |
Boolean |
true |
Deprecated. Use name or url attributes instead. Enable remote timestamp server. |
pdf[].timestamp.name |
String |
true |
The name of timestamp server. Must be a valid timestamp server name. |
pdf[].timestamp.url |
String |
true |
Custom server url. Must be a well-formed URL. |
pdf[].timestamp.timeout |
String |
true |
Custom timeout for communication with timestamp server. Must be lower than 5 seconds. |
pdf[].timestamp.authentication |
Object |
true |
Custom authentication parameters. |
pdf[].timestamp.authentication.basic |
Object |
true |
|
pdf[].timestamp.authentication.basic.username |
String |
false |
|
pdf[].timestamp.authentication.basic.password |
String |
false |
|
pdf[].timestamp.headers |
Map |
true |
Additional request headers, which will be sent with request. |
pdf[].signatureLevel |
String |
true |
The signature level. Must be one of [B, T, LT]. |
pkcs7 |
Array[Object] |
true |
Pkcs7 signing tasks. |
pkcs7[].name |
String |
true |
The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
pkcs7[].displayName |
String |
true |
User-friendly name. |
pkcs7[].data |
Object |
true |
The data source to be signed. |
pkcs7[].data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
pkcs7[].data.http |
Object |
true |
The source of the document/data using http protocol. |
pkcs7[].data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
pkcs7[].data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
pkcs7[].data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
pkcs7[].data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
pkcs7[].data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
pkcs7[].data.http.authentication.basic.username |
String |
true |
Http basic username. |
pkcs7[].data.http.authentication.basic.password |
String |
true |
Http basic password. |
pkcs7[].base64Data |
String |
true |
Deprecated. Use data.bytes instead. Data to sign. Must be a valid base64 encoded string. |
pkcs7[].noDetach |
Boolean |
true |
No detach parameter. |
pkcs7[].pem |
Boolean |
true |
Produce output in pem or der format. |
pkcs7[].algorithm |
String |
true |
The algorithm to use. |
pkcs7[].hashData |
Boolean |
true |
Whether to calculate digest first and then sign data. |
pkcs7[].timestamp |
Object |
true |
Timestamp signature parameters. |
pkcs7[].timestamp.enabled |
Boolean |
true |
Deprecated. Use name or url attributes instead. Enable remote timestamp server. |
pkcs7[].timestamp.name |
String |
true |
The name of timestamp server. Must be a valid timestamp server name. |
pkcs7[].timestamp.url |
String |
true |
Custom server url. Must be a well-formed URL. |
pkcs7[].timestamp.timeout |
String |
true |
Custom timeout for communication with timestamp server. Must be lower than 5 seconds. |
pkcs7[].timestamp.authentication |
Object |
true |
Custom authentication parameters. |
pkcs7[].timestamp.authentication.basic |
Object |
true |
|
pkcs7[].timestamp.authentication.basic.username |
String |
false |
|
pkcs7[].timestamp.authentication.basic.password |
String |
false |
|
pkcs7[].timestamp.headers |
Map |
true |
Additional request headers, which will be sent with request. |
pkcs1 |
Array[Object] |
true |
Pkcs1 signing tasks. |
pkcs1[].name |
String |
true |
The name of the file Shown to user when prompting for password, if displayName is not explicitly set. Will be used when downloading compressed signed document/data. |
pkcs1[].displayName |
String |
true |
User-friendly name. |
pkcs1[].data |
Object |
true |
The data source to be signed. |
pkcs1[].data.bytes |
String |
true |
The data/document to be signed. Must be a valid base64 encoded string. |
pkcs1[].data.http |
Object |
true |
The source of the document/data using http protocol. |
pkcs1[].data.http.url |
String |
true |
The url to the data/document. Must be a registered data source url. |
pkcs1[].data.http.prefetch |
Boolean |
true |
Whether RemSig tries to load/fetch before signing process. |
pkcs1[].data.http.headers |
Map |
true |
Custom headers, which will be set when downloading from specified url. |
pkcs1[].data.http.authentication |
Object |
true |
The authentication, which will be used when downloading from specified url. |
pkcs1[].data.http.authentication.basic |
Object |
true |
Http basic authentication method. |
pkcs1[].data.http.authentication.basic.username |
String |
true |
Http basic username. |
pkcs1[].data.http.authentication.basic.password |
String |
true |
Http basic password. |
pkcs1[].base64Data |
String |
true |
Deprecated. Use data.bytes instead. Data to sign. Must be a valid base64 encoded string. |
pkcs1[].algorithm |
String |
true |
The signature algorithm to use. Must be a valid signature algorithm. |
4.5.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
batch |
Object |
true |
Signing batch. |
batch.hash |
String |
true |
Unique hash of the signing batch. |
batch.authRedirectUrl |
String |
true |
Redirect URL for password entry. |
batch.redirects |
Object |
true |
User redirects on certain events. |
batch.redirects.success |
String |
true |
Redirect URL on successful password entry. |
batch.redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
batch.redirects.error |
String |
true |
Redirect URL on error after password entry. |
batch.state |
String |
true |
State of signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
batch.creationDate |
String |
true |
Creation date. |
batch.tasksCount |
Integer |
true |
Number of individual tasks. |
batch.tasksFinished |
Integer |
true |
Number of finished (signed) tasks. |
batch.percentFinished |
Decimal |
true |
Percentage of finished tasks. |
4.5.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/add -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"pdf" : [ {
"data" : {
"bytes" : "JVBERi0xLjcK...DSUlRU9GDQ=="
},
"name" : "sample.pdf"
} ],
"pkcs7" : [ {
"data" : {
"bytes" : "TG9yZW0gaXBz...c2l0IGFtZXQu"
},
"name" : "sample-data-1"
} ],
"pkcs1" : [ {
"data" : {
"bytes" : "TG9yZW0gaXBz...c2l0IGFtZXQu"
},
"name" : "sample-data-2"
} ]
}'4.5.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 366
{
"operationId" : 123456,
"batch" : {
"hash" : "39754fe3c130",
"authRedirectUrl" : "https://localhost/pin/39754fe3c130",
"redirects" : {
"success" : null,
"cancel" : null,
"error" : null
},
"state" : "OPEN",
"creationDate" : 1735773383772,
"tasksCount" : 3,
"tasksFinished" : 0,
"percentFinished" : 0.0
}
}4.6. Batch Close
POST /api/batch/{hash:\w+}/close
Closes signing batch.
4.6.1. Authorization
USER role required.
4.6.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.6.3. Query parameters
No parameters.
4.6.4. Request fields
No request body.
4.6.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
batch |
Object |
true |
Signing batch. |
batch.hash |
String |
true |
Unique hash of the signing batch. |
batch.authRedirectUrl |
String |
true |
Redirect URL for password entry. |
batch.redirects |
Object |
true |
User redirects on certain events. |
batch.redirects.success |
String |
true |
Redirect URL on successful password entry. |
batch.redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
batch.redirects.error |
String |
true |
Redirect URL on error after password entry. |
batch.state |
String |
true |
State of signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
batch.creationDate |
String |
true |
Creation date. |
batch.tasksCount |
Integer |
true |
Number of individual tasks. |
batch.tasksFinished |
Integer |
true |
Number of finished (signed) tasks. |
batch.percentFinished |
Decimal |
true |
Percentage of finished tasks. |
4.6.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/close -i -u 'username:password' -X POST \
-H 'Accept: application/json'4.6.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 370
{
"operationId" : 123456,
"batch" : {
"hash" : "39754fe3c130",
"authRedirectUrl" : "https://localhost/pin/39754fe3c130",
"redirects" : {
"success" : null,
"cancel" : null,
"error" : null
},
"state" : "CLOSED",
"creationDate" : 1735773385173,
"tasksCount" : 0,
"tasksFinished" : 0,
"percentFinished" : 100.0
}
}4.7. Get Batches
GET /api/batch/
Lists signing batches.
4.7.1. Authorization
USER role required.
4.7.2. Path parameters
No parameters.
4.7.3. Query parameters
Supports standard paging query parameters.
4.7.4. Request fields
No request body.
4.7.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
page |
Integer |
true |
Page number. |
size |
Integer |
true |
Size of the page. |
totalElements |
Integer |
true |
Total number of elements. |
totalPages |
Integer |
true |
Total number of pages. |
batches |
Array[Object] |
true |
Signing batches. |
batches[].hash |
String |
true |
Unique hash of the signing batch. |
batches[].authRedirectUrl |
String |
true |
Redirect URL for password entry. |
batches[].redirects |
Object |
true |
User redirects on certain events. |
batches[].redirects.success |
String |
true |
Redirect URL on successful password entry. |
batches[].redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
batches[].redirects.error |
String |
true |
Redirect URL on error after password entry. |
batches[].state |
String |
true |
State of signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
batches[].creationDate |
String |
true |
Creation date. |
batches[].tasksCount |
Integer |
true |
Number of individual tasks. |
batches[].tasksFinished |
Integer |
true |
Number of finished (signed) tasks. |
batches[].percentFinished |
Decimal |
true |
Percentage of finished tasks. |
4.7.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/ -i -u 'username:password' -X GET \
-H 'Accept: application/json'4.7.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "0fa7bd58163f5a87e91f33bd0d413f506"
Content-Length: 883
{
"operationId" : 123456,
"page" : 0,
"size" : 100,
"totalElements" : 2,
"totalPages" : 1,
"batches" : [ {
"hash" : "39754fe3c130",
"authRedirectUrl" : "https://localhost/pin/39754fe3c130",
"redirects" : {
"success" : null,
"cancel" : null,
"error" : null
},
"state" : "OPEN",
"creationDate" : 1735773384746,
"tasksCount" : 2,
"tasksFinished" : 0,
"percentFinished" : 0.0
}, {
"hash" : "7615630b6a2",
"authRedirectUrl" : "https://localhost/pin/7615630b6a2",
"redirects" : {
"success" : "https://localhost/success",
"cancel" : "https://localhost/bad?reason=cancel",
"error" : "https://localhost/not?reason=error&p2=param#addional-param"
},
"state" : "OPEN",
"creationDate" : 1735773384746,
"tasksCount" : 0,
"tasksFinished" : 0,
"percentFinished" : 100.0
} ]
}4.8. Batch Info
GET /api/batch/{hash:\w+}
Gets signing batch with hash.
4.8.1. Authorization
USER role required.
4.8.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.8.3. Query parameters
No parameters.
4.8.4. Request fields
No request body.
4.8.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
batch |
Object |
true |
Signing batch. |
batch.hash |
String |
true |
Unique hash of the signing batch. |
batch.authRedirectUrl |
String |
true |
Redirect URL for password entry. |
batch.redirects |
Object |
true |
User redirects on certain events. |
batch.redirects.success |
String |
true |
Redirect URL on successful password entry. |
batch.redirects.cancel |
String |
true |
Redirect URL when user cancels signing. |
batch.redirects.error |
String |
true |
Redirect URL on error after password entry. |
batch.state |
String |
true |
State of signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
batch.creationDate |
String |
true |
Creation date. |
batch.tasksCount |
Integer |
true |
Number of individual tasks. |
batch.tasksFinished |
Integer |
true |
Number of finished (signed) tasks. |
batch.percentFinished |
Decimal |
true |
Percentage of finished tasks. |
4.8.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/7615630b6a2 -i -u 'username:password' -X GET \
-H 'Accept: application/json'4.8.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "0d70b4e51e55c2a7a37e11fb96b73475f"
Content-Length: 478
{
"operationId" : 123456,
"batch" : {
"hash" : "7615630b6a2",
"authRedirectUrl" : "https://localhost/pin/7615630b6a2",
"redirects" : {
"success" : "https://localhost/success",
"cancel" : "https://localhost/bad?reason=cancel",
"error" : "https://localhost/not?reason=error&p2=param#addional-param"
},
"state" : "OPEN",
"creationDate" : 1735773384325,
"tasksCount" : 0,
"tasksFinished" : 0,
"percentFinished" : 100.0
}
}4.9. Batch State
GET /api/batch/{hash:\w+}/state
Gets signing batch state.
4.9.1. Authorization
USER role required.
4.9.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.9.3. Query parameters
No parameters.
4.9.4. Request fields
No request body.
4.9.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
state |
String |
true |
Signing batch. Must be one of [OPEN, CLOSED, PROCESSING, PARTIALLY_FINISHED, FINISHED]. |
4.9.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/7615630b6a2/state -i -u 'username:password' -X GET \
-H 'Accept: application/json'4.9.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "09d274eaed4705e7ac5afc0d768c5c6d7"
Content-Length: 48
{
"operationId" : 123456,
"state" : "OPEN"
}4.10. Get Tasks
GET /api/batch/{hash:\w+}/tasks
Lists signing batch tasks.
4.10.1. Authorization
USER role required.
4.10.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.10.3. Query parameters
No parameters.
4.10.4. Request fields
No request body.
4.10.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
tasks |
Array[Object] |
true |
Signing tasks. |
tasks[].name |
String |
true |
Task name. |
tasks[].displayName |
String |
true |
Task display name. |
tasks[].state |
String |
true |
Task state. Must be one of [NOT_READY, UNSIGNED, SIGNED, ERROR]. |
4.10.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/tasks -i -u 'username:password' -X GET \
-H 'Accept: application/json'4.10.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "021cae5c2f5211dca76e7c3e61ed59311"
Content-Length: 338
{
"operationId" : 123456,
"tasks" : [ {
"name" : "first pdf.pdf",
"displayName" : null,
"state" : "NOT_READY"
}, {
"name" : "third pdf.pdf",
"displayName" : null,
"state" : "NOT_READY"
}, {
"name" : "49288363-43c8-4c46-8973-35cd418b987e.pdf",
"displayName" : null,
"state" : "NOT_READY"
} ]
}4.11. Download
GET /api/batch/{hash:\w+}/download
Download signed batch as zip.
4.11.1. Authorization
USER role required.
4.11.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.11.3. Query parameters
No parameters.
4.11.4. Request fields
No request body.
4.11.5. Response fields
No response body.
4.11.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/39754fe3c130/download -i -u 'username:password' -X GET \
-H 'Accept: application/zip'4.11.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/zip
Content-Disposition: attachment;filename=39754fe3c130.zip4.12. Batch Delete
DELETE /api/batch/{hash:\w+}
Deletes signing batch and all it’s data.
4.12.1. Authorization
USER role required.
4.12.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
hash |
String |
false |
Unique hash of signing batch. |
4.12.3. Query parameters
No parameters.
4.12.4. Request fields
No request body.
4.12.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
4.12.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/batch/7615630b6a2 -i -u 'username:password' -X DELETE \
-H 'Accept: application/json'4.12.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 28
{
"operationId" : 123456
}5. Timestamp server
5.1. List
GET /api/timestamp/servers
5.1.1. Authorization
USER role required.
5.1.2. Path parameters
No parameters.
5.1.3. Query parameters
No parameters.
5.1.4. Request fields
No request body.
5.1.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
page |
Integer |
true |
Page number. |
size |
Integer |
true |
Size of the page. |
totalElements |
Integer |
true |
Total number of elements. |
totalPages |
Integer |
true |
Total number of pages. |
servers |
Array[Object] |
true |
|
servers[].name |
String |
true |
The name identifier. |
5.1.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/timestamp/servers -i -u 'username:password' -X GET \
-H 'Accept: application/json'5.1.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "089d809c87c7c98b16bc0bd4191a29d71"
Content-Length: 205
{
"operationId" : 123456,
"page" : 0,
"size" : 9223372036854775807,
"totalElements" : 2,
"totalPages" : 1,
"servers" : [ {
"name" : "server_tsa_2"
}, {
"name" : "tsp_server_1"
} ]
}5.2. Relay Timestamp Query
POST /api/timestamp/relay/{serverName:\w+}
5.2.1. Authorization
SIGNER role required.
5.2.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
serverName |
String |
true |
5.2.3. Query parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
server |
String |
true |
|
name |
String |
true |
|
serverName |
String |
true |
|
server_name |
String |
true |
5.2.4. Request fields
No request body.
5.2.5. Response fields
No response body.
5.2.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/timestamp/relay/tsp_server_1 -i -u 'username:password' -X POST \
-H 'Content-Type: application/timestamp-query' \
-H 'Accept: application/timestamp-reply, application/json' \
-d '...binary request data...'5.2.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/timestamp-reply
Content-Length: 26
...binary response data...6. Certificate management
6.1. Enable Certificate
POST /api/manage/certificate/enable
Enables certificate for signing/sealing.
6.1.1. Authorization
MANAGER role required.
6.1.2. Path parameters
No parameters.
6.1.3. Query parameters
No parameters.
6.1.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
personUniqueId |
String |
false |
Person unique identifier. |
certificateIndex |
Integer |
true |
Certificate index to use. |
6.1.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
certificate |
Object |
true |
The certificate details. |
certificate.id |
Integer |
true |
Unique internal identifier. |
certificate.index |
Integer |
true |
Certificate index. |
certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
certificate.subject |
String |
true |
Subject. |
certificate.issuer |
String |
true |
Issuer. |
certificate.serialNumber |
Integer |
true |
Serial number. |
certificate.notBefore |
String |
true |
Not before date. |
certificate.notAfter |
String |
true |
Not after date. |
certificate.disabled |
Boolean |
true |
Disabled status. |
certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
certificate.person |
Object |
true |
Associated person. |
certificate.person.id |
Integer |
true |
Unique internal identifier. |
certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
certificate.person.email |
String |
true |
Email for person. |
6.1.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/enable -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"personUniqueId" : "person1234@localhost",
"index" : 1
}'6.1.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 484
{
"operationId" : 123456,
"certificate" : {
"id" : 1,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...pCNC++/bOA==",
"subject" : "CN=API docs 1",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 4,
"person" : {
"id" : 4,
"uniqueId" : "person1234@localhost",
"email" : "person.1234@mail.localhost"
}
}
}6.2. Disable Certificate
POST /api/manage/certificate/disable
Disables certificate for signing/sealing.
6.2.1. Authorization
MANAGER role required.
6.2.2. Path parameters
No parameters.
6.2.3. Query parameters
No parameters.
6.2.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
personUniqueId |
String |
false |
Person unique identifier. |
certificateIndex |
Integer |
true |
Certificate index to use. |
6.2.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
certificate |
Object |
true |
The certificate details. |
certificate.id |
Integer |
true |
Unique internal identifier. |
certificate.index |
Integer |
true |
Certificate index. |
certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
certificate.subject |
String |
true |
Subject. |
certificate.issuer |
String |
true |
Issuer. |
certificate.serialNumber |
Integer |
true |
Serial number. |
certificate.notBefore |
String |
true |
Not before date. |
certificate.notAfter |
String |
true |
Not after date. |
certificate.disabled |
Boolean |
true |
Disabled status. |
certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
certificate.person |
Object |
true |
Associated person. |
certificate.person.id |
Integer |
true |
Unique internal identifier. |
certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
certificate.person.email |
String |
true |
Email for person. |
6.2.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/disable -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"personUniqueId" : "person1234@localhost",
"index" : 1
}'6.2.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 483
{
"operationId" : 123456,
"certificate" : {
"id" : 1,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...pCNC++/bOA==",
"subject" : "CN=API docs 1",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : true,
"personId" : 4,
"person" : {
"id" : 4,
"uniqueId" : "person1234@localhost",
"email" : "person.1234@mail.localhost"
}
}
}6.3. Reset Certificate Password
POST /api/manage/certificate/reset-password
Generates one time link for password reset without user authentication.
6.3.1. Authorization
USER role required.
6.3.2. Path parameters
No parameters.
6.3.3. Query parameters
No parameters.
6.3.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
personUniqueId |
String |
false |
Person unique identifier. |
certificateIndex |
Integer |
false |
Certificate index to use. |
redirects |
Object |
true |
The user redirects. |
redirects.success |
String |
true |
Redirect URL on successful password reset. |
redirects.cancel |
String |
true |
Redirect URL when user cancels password reset. |
redirects.error |
String |
true |
Redirect URL on error. |
redirects.expired |
String |
true |
Redirect URL when reset password request has expired. |
6.3.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
url |
String |
true |
The url for password reset. |
validUntil |
String |
true |
The validity expiration. |
6.3.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/reset-password -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"personUniqueId" : "person1@localhost",
"index" : 3,
"redirects" : {
"success" : "https://localhost/success?a=a&b=b#fragment",
"cancel" : "https://localhost/cancel?a=a&b=b#fragment",
"error" : "https://localhost/error?a=a&b=b#fragment",
"expired" : "https://localhost/expired?a=a&b=b#fragment"
}
}'6.3.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 151
{
"operationId" : 123456,
"url" : "https://localhost/remsig/reset-pass?uuid=cc0b448d-2173-41c4-9969-b5a6a35a03a4",
"validUntil" : 1735774352006
}6.4. Create Request
POST /api/manage/certificate/postsignum/request/create
Generates new personal certificate request.
6.4.1. Authorization
USER role required.
6.4.2. Path parameters
No parameters.
6.4.3. Query parameters
No parameters.
6.4.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
personUniqueId |
String |
false |
The person unique id. |
degreeBefore |
String |
true |
The person’s degree before name PostSignum attribute "zadatel_titul_pred". |
degreeAfter |
String |
true |
The person’s degree after name PostSignum attribute "zadatel_titul_za". |
firstName |
String |
false |
The person’s first name PostSignum attribute "zadatel_jmeno". |
lastName |
String |
false |
The person’s last name PostSignum attribute "zadatel_prijmeni". |
birthCertificateNumber |
String |
false |
The birth certificate number or date of birth in dd.mm.YYYY format (required by PostSignum) PostSignum attribute "zadatel_rc". Must match the regular expression |
gender |
String |
true |
The gender (required by PostSignum when country is other than CZ) PostSignum attribute "zadatel_pohlavi". Must be valid gender. Valid values: "male", "female", "m", "f". |
insertMPSV |
Boolean |
true |
Whether MPSV identification should be inserted PostSignum attributes "zadatel_pridelit_ik_mpsv", "udaj_vlozit_ik_mpsv". |
emails |
Array[String] |
false |
The email addresses, only first 3 addresses will be present in issued certificate PostSignum attributes "udaj_e_mail1", "udaj_e_mail2", "udaj_e_mail3". |
position |
String |
true |
Position in organization PostSignum attribute "udaj_funkce". |
workplace |
String |
true |
Workplace for person PostSignum attribute "udaj_ou2". |
country |
String |
false |
The country in ISO 3166-1 alpha-2 PostSignum attribute "zadatel_stat". |
multiYear |
Boolean |
true |
Whether issued certificate should be valid for multiple years PostSignum attribute "povolit_vicelety_cert". |
organizationUnitId |
Integer |
true |
The organization unit responsible for certificate request If empty, first organization unit for user’s organization will be chosen. This value will not be sent to PostSignum and is used only on RemSig side. |
redirects |
Object |
true |
The redirects. |
redirects.success |
String |
true |
Redirect url after successful completion of password/PUK. |
redirects.error |
String |
true |
Redirect url when any error occurs while setting password & displaying PUK. |
redirects.cancel |
String |
true |
Redirect url when user clicks cancel on password or PUK page. |
certificateIndex |
Integer |
true |
Current certificate index to extend Used when current active certificate is already stored in RemSig. |
externalCertificate |
String |
true |
Current external certificate to extend Used when current active certificate is not stored in RemSig. Must be valid X509 certificate in PEM or DER format. |
subsequentRequest |
Boolean |
true |
Checks whether this request is subsequent or new Either index is defined or external certificate is not set. |
6.4.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
request |
Object |
true |
The PostSignum personal certificate request information. |
request.creationDate |
String |
true |
The creation date. |
request.lastModifiedDate |
String |
true |
The date of last modification. |
request.id |
Integer |
true |
The internal identifier. |
request.uuid |
String |
true |
The uuid for request. |
request.degreeBefore |
String |
true |
The degree before first name. |
request.degreeAfter |
String |
true |
The degree after last name. |
request.firstName |
String |
true |
The first name of person. |
request.lastName |
String |
true |
The last name of person. |
request.gender |
String |
true |
The gender. Must be one of [MALE, FEMALE]. |
request.insertMPSV |
Boolean |
true |
Whether MPSV identification will be inserted by PostSignum. |
request.emails |
Array[String] |
true |
List of emails used in certificate. |
request.position |
String |
true |
Person’s position in organization. |
request.workplace |
String |
true |
Workplace for person. |
request.country |
String |
true |
Person’s country in ISO 3166-1 alpha-2. |
request.multiYear |
Boolean |
true |
Whether issued certificate will be valid for multiple years. |
request.requester |
Object |
true |
Information about requester. |
request.requester.id |
Integer |
true |
Unique internal identifier. |
request.requester.uniqueId |
String |
true |
Unique identifier for person. |
request.requester.email |
String |
true |
Email for person. |
request.organizationUnitId |
Integer |
true |
The organization unit id, which is responsible for this request. |
request.approved |
Boolean |
true |
Whether request has been approved. |
request.approvedDate |
String |
true |
The date of approval in GMT. |
request.denied |
Boolean |
true |
Whether request has been denied. |
request.deniedDate |
String |
true |
The date of denial in GMT. |
request.certificateRequest |
Object |
true |
The associated certificate request. |
request.certificateRequest.id |
Integer |
true |
Unique internal identifier. |
request.certificateRequest.type |
String |
true |
The type of requested certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificateRequest.request |
String |
true |
Certificate request in PKCS10 format. |
request.certificateRequest.subjectKey |
String |
true |
Subject key. |
request.certificateRequest.personId |
Integer |
true |
Associated person id. |
request.certificateRequest.importedCertificateId |
Integer |
true |
Associated certificate id. |
request.redirects |
Object |
true |
The various user redirects. |
request.redirects.success |
String |
true |
Redirect URL on successful PUK shown. |
request.redirects.cancel |
String |
true |
Redirect URL when user cancels at any time. |
request.redirects.error |
String |
true |
Redirect URL on error at any time during password or PUK page. |
request.certificate |
Object |
true |
The issued certificate imported in RemSig. |
request.certificate.id |
Integer |
true |
Unique internal identifier. |
request.certificate.index |
Integer |
true |
Certificate index. |
request.certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.certificate.subject |
String |
true |
Subject. |
request.certificate.issuer |
String |
true |
Issuer. |
request.certificate.serialNumber |
Integer |
true |
Serial number. |
request.certificate.notBefore |
String |
true |
Not before date. |
request.certificate.notAfter |
String |
true |
Not after date. |
request.certificate.disabled |
Boolean |
true |
Disabled status. |
request.certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.certificate.person |
Object |
true |
Associated person. |
request.certificate.person.id |
Integer |
true |
Unique internal identifier. |
request.certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
request.certificate.person.email |
String |
true |
Email for person. |
request.externalCertificate |
String |
true |
Current external certificate to extend (CSR will be signed outside RemSig). |
request.subsequentFor |
Object |
true |
For subsequent request, information about extending certificate in RemSig. |
request.subsequentFor.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.index |
Integer |
true |
Certificate index. |
request.subsequentFor.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.subsequentFor.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.subsequentFor.subject |
String |
true |
Subject. |
request.subsequentFor.issuer |
String |
true |
Issuer. |
request.subsequentFor.serialNumber |
Integer |
true |
Serial number. |
request.subsequentFor.notBefore |
String |
true |
Not before date. |
request.subsequentFor.notAfter |
String |
true |
Not after date. |
request.subsequentFor.disabled |
Boolean |
true |
Disabled status. |
request.subsequentFor.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.subsequentFor.person |
Object |
true |
Associated person. |
request.subsequentFor.person.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.person.uniqueId |
String |
true |
Unique identifier for person. |
request.subsequentFor.person.email |
String |
true |
Email for person. |
request.postSignumRequestMessage |
String |
true |
The base64 encoded message which needs to be signed by private key associated to current certificate. |
request.postSignumRequestMessageSigned |
String |
true |
The base64 encoded signed message which will be passed to PostSignum. |
request.state |
String |
true |
The current state of request. Must be one of [PROCESSING, IMPORTED, EXPIRED, FAILED]. |
request.postSignumRequestId |
String |
true |
The request id from PostSignum Is null until request is approved in RemSig. |
request.expirationDate |
String |
true |
The expiration date (after expiration request sill exist in RemSig). |
request.deletionDate |
String |
true |
The deletion date (RemSig will automatically delete stale requests). |
request.redirectUrl |
String |
true |
The url where user can set password and PUK will be shown. |
6.4.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/postsignum/request/create -i -u 'username:password' -X POST \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"personUniqueId" : "someid@uni.localhost",
"degreeBefore" : "RNDr.",
"degreeAfter" : "CSc.",
"firstName" : "John",
"lastName" : "Doe",
"birthCertificateNumber" : "123456789",
"gender" : "MALE",
"insertMPSV" : false,
"emails" : [ "john.doe@mail.localhost" ],
"position" : "",
"workplace" : "",
"country" : "CZ",
"organizationUnitId" : 5,
"redirects" : {
"success" : "https://localhost:443/after-remsig?result=success&id=464#fragment",
"error" : "https://localhost:443/after-remsig?result=error&id=464#fragment",
"cancel" : "https://localhost:443/after-remsig?result=cancel&id=464#fragment"
},
"externalCertificate" : "-----BEGIN CERTIFICATE-----\nMIICqTCCAZECFGupja23vEPO5ZbMIqtAXDc4RcPbMA0GCSqGSIb3DQEBCwUAMBEx\nDzANBgNVBAMMBmZha2VDQTAeFw0yMDEwMDYxMzM1NTNaFw0yMTEwMDExMzM1NTNa\nMBExDzANBgNVBAMTBlJlbVNpZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAJ8LqmwvAJD9Xyy7S5WCcjKjJw40a3+YV1eGkUrRr6w+ydl4HccaxWBYQsJn\n6LTBeySXNXqQ+s2eD+xyZQ48fb816qhWmRZRgz1TEqnHVDBUL9Lpmh15QV6Fvs96\n1qwMaQRKYlJqRBVoXKUXjWuXyFVshqCfj3E+MUqCGyGzdR0z2oEevDzcGu5jwicN\nmITtrynO/LyjAGyjVTNHLeTF7fyvfxyKtiBa5GK4QM0cB1MFTyOgU1hSv0JGJ/hz\nxtq8oeptdc5TrVsAQx9dCn2lQh0acnviQ7o2A6MEQPrtLwlccX2sQo1nR+V2NBYs\nts5mobc82u/24x2X9jMffRo1ChUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhHPJ\n2LQYmm68gLhzicdUZRdNUo8w8/OMl5dvj8oXjPN/zzlp4OCyHiUq2pudwJ28RLT4\nDOqtQ1dLTh75qIaTabhcy1GnaC6Cofleb5MNkFYh9rwG/XxnPkzoAyurrghygl6w\nfAuPVWKXhm0U2GB/xxJBkCKkWMXmZkhhZaUG+9qEgyavEv3DnSQ4pplYH6VpE8iH\navgYrKSBLghvDlbd+6K1otncNn8jjo0oF4BJ5GGXsfb9vU3OQInugxsZhL/yE8gW\n5cxMPMs7fdbbONoQQBHE45WLmdVuOXRdfCCKLM62q6BtqtpzjZBNXEU/adx9w61y\nvTETi50zKAZYcDQjhw==\n-----END CERTIFICATE-----\n"
}'6.4.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 2338
{
"operationId" : 123456,
"request" : {
"creationDate" : 1735773490273,
"lastModifiedDate" : 1735773490273,
"id" : 56,
"uuid" : "c5760e78-d8e1-458e-93a3-712ea785ceaf",
"degreeBefore" : "RNDr.",
"degreeAfter" : "CSc.",
"firstName" : "John",
"lastName" : "Doe",
"gender" : "MALE",
"insertMPSV" : false,
"emails" : [ "john.doe@mail.localhost" ],
"position" : "",
"workplace" : "",
"country" : "CZ",
"multiYear" : false,
"requester" : {
"id" : 1,
"uniqueId" : "someid@uni.localhost",
"email" : null
},
"organizationUnitId" : 5,
"approved" : false,
"approvedDate" : null,
"denied" : false,
"deniedDate" : null,
"certificateRequest" : null,
"redirects" : {
"success" : "https://localhost:443/after-remsig?result=success&id=464#fragment",
"cancel" : "https://localhost:443/after-remsig?result=cancel&id=464#fragment",
"error" : "https://localhost:443/after-remsig?result=error&id=464#fragment"
},
"certificate" : null,
"externalCertificate" : "-----BEGIN CERTIFICATE-----\nMIICqTCCAZECFGupja23vEPO5ZbMIqtAXDc4RcPbMA0GCSqGSIb3DQEBCwUAMBEx\nDzANBgNVBAMMBmZha2VDQTAeFw0yMDEwMDYxMzM1NTNaFw0yMTEwMDExMzM1NTNa\nMBExDzANBgNVBAMTBlJlbVNpZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAJ8LqmwvAJD9Xyy7S5WCcjKjJw40a3+YV1eGkUrRr6w+ydl4HccaxWBYQsJn\n6LTBeySXNXqQ+s2eD+xyZQ48fb816qhWmRZRgz1TEqnHVDBUL9Lpmh15QV6Fvs96\n1qwMaQRKYlJqRBVoXKUXjWuXyFVshqCfj3E+MUqCGyGzdR0z2oEevDzcGu5jwicN\nmITtrynO/LyjAGyjVTNHLeTF7fyvfxyKtiBa5GK4QM0cB1MFTyOgU1hSv0JGJ/hz\nxtq8oeptdc5TrVsAQx9dCn2lQh0acnviQ7o2A6MEQPrtLwlccX2sQo1nR+V2NBYs\nts5mobc82u/24x2X9jMffRo1ChUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhHPJ\n2LQYmm68gLhzicdUZRdNUo8w8/OMl5dvj8oXjPN/zzlp4OCyHiUq2pudwJ28RLT4\nDOqtQ1dLTh75qIaTabhcy1GnaC6Cofleb5MNkFYh9rwG/XxnPkzoAyurrghygl6w\nfAuPVWKXhm0U2GB/xxJBkCKkWMXmZkhhZaUG+9qEgyavEv3DnSQ4pplYH6VpE8iH\navgYrKSBLghvDlbd+6K1otncNn8jjo0oF4BJ5GGXsfb9vU3OQInugxsZhL/yE8gW\n5cxMPMs7fdbbONoQQBHE45WLmdVuOXRdfCCKLM62q6BtqtpzjZBNXEU/adx9w61y\nvTETi50zKAZYcDQjhw==\n-----END CERTIFICATE-----\n",
"state" : "PROCESSING",
"postSignumRequestId" : null,
"expirationDate" : 1736983090273,
"deletionDate" : 1738192690273,
"redirectUrl" : "https://localhost/pin/certificate/password?uuid=c5760e78-d8e1-458e-93a3-712ea785ceaf"
}
}6.5. Get Requests
GET /api/manage/certificate/postsignum/request/
Lists certificate requests.
6.5.1. Authorization
USER role required.
6.5.2. Path parameters
No parameters.
6.5.3. Query parameters
Supports standard paging query parameters.
6.5.4. Request fields
No request body.
6.5.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
page |
Integer |
true |
Page number. |
size |
Integer |
true |
Size of the page. |
totalElements |
Integer |
true |
Total number of elements. |
totalPages |
Integer |
true |
Total number of pages. |
requests |
Array[Object] |
true |
PostSignum personal certificate requests. |
requests[].creationDate |
String |
true |
The creation date. |
requests[].lastModifiedDate |
String |
true |
The date of last modification. |
requests[].id |
Integer |
true |
The internal identifier. |
requests[].uuid |
String |
true |
The uuid for request. |
requests[].degreeBefore |
String |
true |
The degree before first name. |
requests[].degreeAfter |
String |
true |
The degree after last name. |
requests[].firstName |
String |
true |
The first name of person. |
requests[].lastName |
String |
true |
The last name of person. |
requests[].gender |
String |
true |
The gender. Must be one of [MALE, FEMALE]. |
requests[].insertMPSV |
Boolean |
true |
Whether MPSV identification will be inserted by PostSignum. |
requests[].emails |
Array[String] |
true |
List of emails used in certificate. |
requests[].position |
String |
true |
Person’s position in organization. |
requests[].workplace |
String |
true |
Workplace for person. |
requests[].country |
String |
true |
Person’s country in ISO 3166-1 alpha-2. |
requests[].multiYear |
Boolean |
true |
Whether issued certificate will be valid for multiple years. |
requests[].requester |
Object |
true |
Information about requester. |
requests[].requester.id |
Integer |
true |
Unique internal identifier. |
requests[].requester.uniqueId |
String |
true |
Unique identifier for person. |
requests[].requester.email |
String |
true |
Email for person. |
requests[].organizationUnitId |
Integer |
true |
The organization unit id, which is responsible for this request. |
requests[].approved |
Boolean |
true |
Whether request has been approved. |
requests[].approvedDate |
String |
true |
The date of approval in GMT. |
requests[].denied |
Boolean |
true |
Whether request has been denied. |
requests[].deniedDate |
String |
true |
The date of denial in GMT. |
requests[].certificateRequest |
Object |
true |
The associated certificate request. |
requests[].certificateRequest.id |
Integer |
true |
Unique internal identifier. |
requests[].certificateRequest.type |
String |
true |
The type of requested certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
requests[].certificateRequest.request |
String |
true |
Certificate request in PKCS10 format. |
requests[].certificateRequest.subjectKey |
String |
true |
Subject key. |
requests[].certificateRequest.personId |
Integer |
true |
Associated person id. |
requests[].certificateRequest.importedCertificateId |
Integer |
true |
Associated certificate id. |
requests[].redirects |
Object |
true |
The various user redirects. |
requests[].redirects.success |
String |
true |
Redirect URL on successful PUK shown. |
requests[].redirects.cancel |
String |
true |
Redirect URL when user cancels at any time. |
requests[].redirects.error |
String |
true |
Redirect URL on error at any time during password or PUK page. |
requests[].certificate |
Object |
true |
The issued certificate imported in RemSig. |
requests[].certificate.id |
Integer |
true |
Unique internal identifier. |
requests[].certificate.index |
Integer |
true |
Certificate index. |
requests[].certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
requests[].certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
requests[].certificate.subject |
String |
true |
Subject. |
requests[].certificate.issuer |
String |
true |
Issuer. |
requests[].certificate.serialNumber |
Integer |
true |
Serial number. |
requests[].certificate.notBefore |
String |
true |
Not before date. |
requests[].certificate.notAfter |
String |
true |
Not after date. |
requests[].certificate.disabled |
Boolean |
true |
Disabled status. |
requests[].certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
requests[].certificate.person |
Object |
true |
Associated person. |
requests[].certificate.person.id |
Integer |
true |
Unique internal identifier. |
requests[].certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
requests[].certificate.person.email |
String |
true |
Email for person. |
requests[].externalCertificate |
String |
true |
Current external certificate to extend (CSR will be signed outside RemSig). |
requests[].subsequentFor |
Object |
true |
For subsequent request, information about extending certificate in RemSig. |
requests[].subsequentFor.id |
Integer |
true |
Unique internal identifier. |
requests[].subsequentFor.index |
Integer |
true |
Certificate index. |
requests[].subsequentFor.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
requests[].subsequentFor.encoded |
Array[Integer] |
true |
Encoded certificate. |
requests[].subsequentFor.subject |
String |
true |
Subject. |
requests[].subsequentFor.issuer |
String |
true |
Issuer. |
requests[].subsequentFor.serialNumber |
Integer |
true |
Serial number. |
requests[].subsequentFor.notBefore |
String |
true |
Not before date. |
requests[].subsequentFor.notAfter |
String |
true |
Not after date. |
requests[].subsequentFor.disabled |
Boolean |
true |
Disabled status. |
requests[].subsequentFor.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
requests[].subsequentFor.person |
Object |
true |
Associated person. |
requests[].subsequentFor.person.id |
Integer |
true |
Unique internal identifier. |
requests[].subsequentFor.person.uniqueId |
String |
true |
Unique identifier for person. |
requests[].subsequentFor.person.email |
String |
true |
Email for person. |
requests[].postSignumRequestMessage |
String |
true |
The base64 encoded message which needs to be signed by private key associated to current certificate. |
requests[].postSignumRequestMessageSigned |
String |
true |
The base64 encoded signed message which will be passed to PostSignum. |
requests[].state |
String |
true |
The current state of request. Must be one of [PROCESSING, IMPORTED, EXPIRED, FAILED]. |
requests[].postSignumRequestId |
String |
true |
The request id from PostSignum Is null until request is approved in RemSig. |
requests[].expirationDate |
String |
true |
The expiration date (after expiration request sill exist in RemSig). |
requests[].deletionDate |
String |
true |
The deletion date (RemSig will automatically delete stale requests). |
requests[].redirectUrl |
String |
true |
The url where user can set password and PUK will be shown. |
6.5.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/postsignum/request/ -i -u 'username:password' -X GET \
-H 'Accept: application/json'6.5.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "0638233efd14d576c363774daa727ce94"
Content-Length: 6374
{
"operationId" : 123456,
"page" : 0,
"size" : 100,
"totalElements" : 3,
"totalPages" : 1,
"requests" : [ {
"creationDate" : 1735082289823,
"lastModifiedDate" : 1735773489823,
"id" : 56,
"uuid" : "c5760e78-d8e1-458e-93a3-712ea785ceaf",
"degreeBefore" : "RNDr.",
"degreeAfter" : "CSc.",
"firstName" : "John",
"lastName" : "Doe",
"gender" : "MALE",
"insertMPSV" : false,
"emails" : [ "john.doe@mail.localhost" ],
"position" : "",
"workplace" : "",
"country" : "CZ",
"multiYear" : false,
"requester" : {
"id" : 1,
"uniqueId" : "someid@uni.localhost",
"email" : null
},
"organizationUnitId" : 5,
"approved" : false,
"approvedDate" : null,
"denied" : false,
"deniedDate" : null,
"certificateRequest" : null,
"redirects" : {
"success" : "https://localhost:443/after-remsig?result=success&id=464#fragment",
"cancel" : "https://localhost:443/after-remsig?result=cancel&id=464#fragment",
"error" : "https://localhost:443/after-remsig?result=error&id=464#fragment"
},
"certificate" : null,
"externalCertificate" : "-----BEGIN CERTIFICATE-----\nMIICqTCCAZECFGupja23vEPO5ZbMIqtAXDc4RcPbMA0GCSqGSIb3DQEBCwUAMBEx\nDzANBgNVBAMMBmZha2VDQTAeFw0yMDEwMDYxMzM1NTNaFw0yMTEwMDExMzM1NTNa\nMBExDzANBgNVBAMTBlJlbVNpZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAJ8LqmwvAJD9Xyy7S5WCcjKjJw40a3+YV1eGkUrRr6w+ydl4HccaxWBYQsJn\n6LTBeySXNXqQ+s2eD+xyZQ48fb816qhWmRZRgz1TEqnHVDBUL9Lpmh15QV6Fvs96\n1qwMaQRKYlJqRBVoXKUXjWuXyFVshqCfj3E+MUqCGyGzdR0z2oEevDzcGu5jwicN\nmITtrynO/LyjAGyjVTNHLeTF7fyvfxyKtiBa5GK4QM0cB1MFTyOgU1hSv0JGJ/hz\nxtq8oeptdc5TrVsAQx9dCn2lQh0acnviQ7o2A6MEQPrtLwlccX2sQo1nR+V2NBYs\nts5mobc82u/24x2X9jMffRo1ChUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAhHPJ\n2LQYmm68gLhzicdUZRdNUo8w8/OMl5dvj8oXjPN/zzlp4OCyHiUq2pudwJ28RLT4\nDOqtQ1dLTh75qIaTabhcy1GnaC6Cofleb5MNkFYh9rwG/XxnPkzoAyurrghygl6w\nfAuPVWKXhm0U2GB/xxJBkCKkWMXmZkhhZaUG+9qEgyavEv3DnSQ4pplYH6VpE8iH\navgYrKSBLghvDlbd+6K1otncNn8jjo0oF4BJ5GGXsfb9vU3OQInugxsZhL/yE8gW\n5cxMPMs7fdbbONoQQBHE45WLmdVuOXRdfCCKLM62q6BtqtpzjZBNXEU/adx9w61y\nvTETi50zKAZYcDQjhw==\n-----END CERTIFICATE-----\n",
"state" : "PROCESSING",
"postSignumRequestId" : null,
"expirationDate" : 1736119089823,
"deletionDate" : 1737155889823,
"redirectUrl" : "https://localhost/pin/certificate/password?uuid=c5760e78-d8e1-458e-93a3-712ea785ceaf"
}, {
"creationDate" : 1735341489824,
"lastModifiedDate" : 1735773489824,
"id" : 4328,
"uuid" : "7a881a5c-f179-4626-a395-8d4873a4b160",
"degreeBefore" : null,
"degreeAfter" : null,
"firstName" : "Anna",
"lastName" : "White",
"gender" : "FEMALE",
"insertMPSV" : true,
"emails" : [ "anna@mail.localhost", "annie@mail.localhost" ],
"position" : "Director",
"workplace" : "Faculty of medicine",
"country" : "GB",
"multiYear" : false,
"requester" : {
"id" : 9,
"uniqueId" : "sampleidhere@uni.localhost",
"email" : null
},
"organizationUnitId" : 6,
"approved" : true,
"approvedDate" : 1735770789824,
"denied" : false,
"deniedDate" : null,
"certificateRequest" : {
"id" : 1,
"type" : "PERSONAL",
"request" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICkjCCAXo...T96jB/0Co=\n-----END CERTIFICATE REQUEST-----\n",
"subjectKey" : "234f1a28a9ba...b0df86656753",
"personId" : 9,
"importedCertificateId" : null
},
"redirects" : {
"success" : "https://localhost",
"cancel" : null,
"error" : null
},
"certificate" : null,
"subsequentFor" : {
"id" : 1,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...pCNC++/bOA==",
"subject" : "CN=API docs 1",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 4,
"person" : {
"id" : 4,
"uniqueId" : "person1234@localhost",
"email" : "person.1234@mail.localhost"
}
},
"postSignumRequestMessage" : "WmFkYW0gbyB2...dW1lbnRhY2U=",
"state" : "PROCESSING",
"postSignumRequestId" : "BP0987654321",
"expirationDate" : 1735859889824,
"deletionDate" : 1737415089824,
"redirectUrl" : "https://localhost/pin/certificate/password?uuid=7a881a5c-f179-4626-a395-8d4873a4b160"
}, {
"creationDate" : 1735341489825,
"lastModifiedDate" : 1735773489825,
"id" : 4328,
"uuid" : "7a881a5c-f179-4626-a395-8d4873a4b160",
"degreeBefore" : "Bc.",
"degreeAfter" : null,
"firstName" : "Anna",
"lastName" : "White",
"gender" : "FEMALE",
"insertMPSV" : true,
"emails" : [ "anna@mail.localhost", "annie@mail.localhost" ],
"position" : "Director",
"workplace" : "Faculty of medicine",
"country" : "GB",
"multiYear" : false,
"requester" : {
"id" : 9,
"uniqueId" : "sampleidhere@uni.localhost",
"email" : null
},
"organizationUnitId" : 6,
"approved" : true,
"approvedDate" : 1735770789825,
"denied" : false,
"deniedDate" : null,
"certificateRequest" : {
"id" : 2,
"type" : "PERSONAL",
"request" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICkjCCAXo...r1z1jyCF0=\n-----END CERTIFICATE REQUEST-----\n",
"subjectKey" : "fc34e80e1be7...4d4a95fbd15f",
"personId" : 9,
"importedCertificateId" : 2
},
"redirects" : {
"success" : "https://localhost",
"cancel" : null,
"error" : null
},
"certificate" : {
"id" : 2,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...NBGYHrABLw==",
"subject" : "CN=API docs 2",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 6,
"person" : {
"id" : 6,
"uniqueId" : "person99@localhost",
"email" : "person.99@mail.localhost"
}
},
"postSignumRequestMessage" : "WmFkYW0gbyB2...dW1lbnRhY2U=",
"state" : "IMPORTED",
"postSignumRequestId" : "BP1234567890",
"expirationDate" : 1735859889825,
"deletionDate" : 1737415089825,
"redirectUrl" : "https://localhost/pin/certificate/password?uuid=7a881a5c-f179-4626-a395-8d4873a4b160"
} ]
}6.6. Get Request By Id
GET /api/manage/certificate/postsignum/request/{id:\d+}
Gets single certificate request by it’s id.
6.6.1. Authorization
USER role required.
6.6.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Integer |
false |
The identifier of PostSignum personal certificate request. |
6.6.3. Query parameters
No parameters.
6.6.4. Request fields
No request body.
6.6.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
request |
Object |
true |
The PostSignum personal certificate request information. |
request.creationDate |
String |
true |
The creation date. |
request.lastModifiedDate |
String |
true |
The date of last modification. |
request.id |
Integer |
true |
The internal identifier. |
request.uuid |
String |
true |
The uuid for request. |
request.degreeBefore |
String |
true |
The degree before first name. |
request.degreeAfter |
String |
true |
The degree after last name. |
request.firstName |
String |
true |
The first name of person. |
request.lastName |
String |
true |
The last name of person. |
request.gender |
String |
true |
The gender. Must be one of [MALE, FEMALE]. |
request.insertMPSV |
Boolean |
true |
Whether MPSV identification will be inserted by PostSignum. |
request.emails |
Array[String] |
true |
List of emails used in certificate. |
request.position |
String |
true |
Person’s position in organization. |
request.workplace |
String |
true |
Workplace for person. |
request.country |
String |
true |
Person’s country in ISO 3166-1 alpha-2. |
request.multiYear |
Boolean |
true |
Whether issued certificate will be valid for multiple years. |
request.requester |
Object |
true |
Information about requester. |
request.requester.id |
Integer |
true |
Unique internal identifier. |
request.requester.uniqueId |
String |
true |
Unique identifier for person. |
request.requester.email |
String |
true |
Email for person. |
request.organizationUnitId |
Integer |
true |
The organization unit id, which is responsible for this request. |
request.approved |
Boolean |
true |
Whether request has been approved. |
request.approvedDate |
String |
true |
The date of approval in GMT. |
request.denied |
Boolean |
true |
Whether request has been denied. |
request.deniedDate |
String |
true |
The date of denial in GMT. |
request.certificateRequest |
Object |
true |
The associated certificate request. |
request.certificateRequest.id |
Integer |
true |
Unique internal identifier. |
request.certificateRequest.type |
String |
true |
The type of requested certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificateRequest.request |
String |
true |
Certificate request in PKCS10 format. |
request.certificateRequest.subjectKey |
String |
true |
Subject key. |
request.certificateRequest.personId |
Integer |
true |
Associated person id. |
request.certificateRequest.importedCertificateId |
Integer |
true |
Associated certificate id. |
request.redirects |
Object |
true |
The various user redirects. |
request.redirects.success |
String |
true |
Redirect URL on successful PUK shown. |
request.redirects.cancel |
String |
true |
Redirect URL when user cancels at any time. |
request.redirects.error |
String |
true |
Redirect URL on error at any time during password or PUK page. |
request.certificate |
Object |
true |
The issued certificate imported in RemSig. |
request.certificate.id |
Integer |
true |
Unique internal identifier. |
request.certificate.index |
Integer |
true |
Certificate index. |
request.certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.certificate.subject |
String |
true |
Subject. |
request.certificate.issuer |
String |
true |
Issuer. |
request.certificate.serialNumber |
Integer |
true |
Serial number. |
request.certificate.notBefore |
String |
true |
Not before date. |
request.certificate.notAfter |
String |
true |
Not after date. |
request.certificate.disabled |
Boolean |
true |
Disabled status. |
request.certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.certificate.person |
Object |
true |
Associated person. |
request.certificate.person.id |
Integer |
true |
Unique internal identifier. |
request.certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
request.certificate.person.email |
String |
true |
Email for person. |
request.externalCertificate |
String |
true |
Current external certificate to extend (CSR will be signed outside RemSig). |
request.subsequentFor |
Object |
true |
For subsequent request, information about extending certificate in RemSig. |
request.subsequentFor.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.index |
Integer |
true |
Certificate index. |
request.subsequentFor.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.subsequentFor.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.subsequentFor.subject |
String |
true |
Subject. |
request.subsequentFor.issuer |
String |
true |
Issuer. |
request.subsequentFor.serialNumber |
Integer |
true |
Serial number. |
request.subsequentFor.notBefore |
String |
true |
Not before date. |
request.subsequentFor.notAfter |
String |
true |
Not after date. |
request.subsequentFor.disabled |
Boolean |
true |
Disabled status. |
request.subsequentFor.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.subsequentFor.person |
Object |
true |
Associated person. |
request.subsequentFor.person.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.person.uniqueId |
String |
true |
Unique identifier for person. |
request.subsequentFor.person.email |
String |
true |
Email for person. |
request.postSignumRequestMessage |
String |
true |
The base64 encoded message which needs to be signed by private key associated to current certificate. |
request.postSignumRequestMessageSigned |
String |
true |
The base64 encoded signed message which will be passed to PostSignum. |
request.state |
String |
true |
The current state of request. Must be one of [PROCESSING, IMPORTED, EXPIRED, FAILED]. |
request.postSignumRequestId |
String |
true |
The request id from PostSignum Is null until request is approved in RemSig. |
request.expirationDate |
String |
true |
The expiration date (after expiration request sill exist in RemSig). |
request.deletionDate |
String |
true |
The deletion date (RemSig will automatically delete stale requests). |
request.redirectUrl |
String |
true |
The url where user can set password and PUK will be shown. |
6.6.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/postsignum/request/4328 -i -u 'username:password' -X GET \
-H 'Accept: application/json'6.6.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "048b0d0cc9cdab113a8b7d04c23930f27"
Content-Length: 2027
{
"operationId" : 123456,
"request" : {
"creationDate" : 1735341488865,
"lastModifiedDate" : 1735773488865,
"id" : 4328,
"uuid" : "7a881a5c-f179-4626-a395-8d4873a4b160",
"degreeBefore" : null,
"degreeAfter" : null,
"firstName" : "Anna",
"lastName" : "White",
"gender" : "FEMALE",
"insertMPSV" : true,
"emails" : [ "anna@mail.localhost", "annie@mail.localhost" ],
"position" : "Director",
"workplace" : "Faculty of medicine",
"country" : "GB",
"multiYear" : false,
"requester" : {
"id" : 9,
"uniqueId" : "another-id@uni.localhost",
"email" : null
},
"organizationUnitId" : 6,
"approved" : true,
"approvedDate" : 1735770788865,
"denied" : false,
"deniedDate" : null,
"certificateRequest" : {
"id" : 1,
"type" : "PERSONAL",
"request" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICkjCCAXo...T96jB/0Co=\n-----END CERTIFICATE REQUEST-----\n",
"subjectKey" : "234f1a28a9ba...b0df86656753",
"personId" : 9,
"importedCertificateId" : null
},
"redirects" : {
"success" : "https://localhost",
"cancel" : null,
"error" : null
},
"certificate" : null,
"subsequentFor" : {
"id" : 1,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...pCNC++/bOA==",
"subject" : "CN=API docs 1",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 4,
"person" : {
"id" : 4,
"uniqueId" : "person1234@localhost",
"email" : "person.1234@mail.localhost"
}
},
"postSignumRequestMessage" : "WmFkYW0gbyB2...dW1lbnRhY2U=",
"state" : "PROCESSING",
"postSignumRequestId" : null,
"expirationDate" : 1735859888865,
"deletionDate" : 1737415088865,
"redirectUrl" : "https://localhost/pin/certificate/password?uuid=7a881a5c-f179-4626-a395-8d4873a4b160"
}
}6.7. Get Request State
GET /api/manage/certificate/postsignum/request/{id:\d+}/state
Gets single certificate request state by it’s id.
6.7.1. Authorization
USER role required.
6.7.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Integer |
false |
The identifier of PostSignum personal certificate request. |
6.7.3. Query parameters
No parameters.
6.7.4. Request fields
No request body.
6.7.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
state |
String |
true |
Must be one of [PROCESSING, IMPORTED, EXPIRED, FAILED]. |
6.7.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/postsignum/request/4328/state -i -u 'username:password' -X GET \
-H 'Accept: application/json'6.7.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
ETag: "09cc90af59d32ce479d8bbc8abc5fa2f1"
Content-Length: 54
{
"operationId" : 123456,
"state" : "PROCESSING"
}6.8. Approve Request
POST /api/manage/certificate/postsignum/request/{id:\d+}/approve
Approves certificate request.
6.8.1. Authorization
USER role required.
6.8.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Integer |
false |
The identifier of PostSignum personal certificate request. |
6.8.3. Query parameters
No parameters.
6.8.4. Request fields
No request body.
6.8.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
request |
Object |
true |
The PostSignum personal certificate request information. |
request.creationDate |
String |
true |
The creation date. |
request.lastModifiedDate |
String |
true |
The date of last modification. |
request.id |
Integer |
true |
The internal identifier. |
request.uuid |
String |
true |
The uuid for request. |
request.degreeBefore |
String |
true |
The degree before first name. |
request.degreeAfter |
String |
true |
The degree after last name. |
request.firstName |
String |
true |
The first name of person. |
request.lastName |
String |
true |
The last name of person. |
request.gender |
String |
true |
The gender. Must be one of [MALE, FEMALE]. |
request.insertMPSV |
Boolean |
true |
Whether MPSV identification will be inserted by PostSignum. |
request.emails |
Array[String] |
true |
List of emails used in certificate. |
request.position |
String |
true |
Person’s position in organization. |
request.workplace |
String |
true |
Workplace for person. |
request.country |
String |
true |
Person’s country in ISO 3166-1 alpha-2. |
request.multiYear |
Boolean |
true |
Whether issued certificate will be valid for multiple years. |
request.requester |
Object |
true |
Information about requester. |
request.requester.id |
Integer |
true |
Unique internal identifier. |
request.requester.uniqueId |
String |
true |
Unique identifier for person. |
request.requester.email |
String |
true |
Email for person. |
request.organizationUnitId |
Integer |
true |
The organization unit id, which is responsible for this request. |
request.approved |
Boolean |
true |
Whether request has been approved. |
request.approvedDate |
String |
true |
The date of approval in GMT. |
request.denied |
Boolean |
true |
Whether request has been denied. |
request.deniedDate |
String |
true |
The date of denial in GMT. |
request.certificateRequest |
Object |
true |
The associated certificate request. |
request.certificateRequest.id |
Integer |
true |
Unique internal identifier. |
request.certificateRequest.type |
String |
true |
The type of requested certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificateRequest.request |
String |
true |
Certificate request in PKCS10 format. |
request.certificateRequest.subjectKey |
String |
true |
Subject key. |
request.certificateRequest.personId |
Integer |
true |
Associated person id. |
request.certificateRequest.importedCertificateId |
Integer |
true |
Associated certificate id. |
request.redirects |
Object |
true |
The various user redirects. |
request.redirects.success |
String |
true |
Redirect URL on successful PUK shown. |
request.redirects.cancel |
String |
true |
Redirect URL when user cancels at any time. |
request.redirects.error |
String |
true |
Redirect URL on error at any time during password or PUK page. |
request.certificate |
Object |
true |
The issued certificate imported in RemSig. |
request.certificate.id |
Integer |
true |
Unique internal identifier. |
request.certificate.index |
Integer |
true |
Certificate index. |
request.certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.certificate.subject |
String |
true |
Subject. |
request.certificate.issuer |
String |
true |
Issuer. |
request.certificate.serialNumber |
Integer |
true |
Serial number. |
request.certificate.notBefore |
String |
true |
Not before date. |
request.certificate.notAfter |
String |
true |
Not after date. |
request.certificate.disabled |
Boolean |
true |
Disabled status. |
request.certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.certificate.person |
Object |
true |
Associated person. |
request.certificate.person.id |
Integer |
true |
Unique internal identifier. |
request.certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
request.certificate.person.email |
String |
true |
Email for person. |
request.externalCertificate |
String |
true |
Current external certificate to extend (CSR will be signed outside RemSig). |
request.subsequentFor |
Object |
true |
For subsequent request, information about extending certificate in RemSig. |
request.subsequentFor.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.index |
Integer |
true |
Certificate index. |
request.subsequentFor.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.subsequentFor.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.subsequentFor.subject |
String |
true |
Subject. |
request.subsequentFor.issuer |
String |
true |
Issuer. |
request.subsequentFor.serialNumber |
Integer |
true |
Serial number. |
request.subsequentFor.notBefore |
String |
true |
Not before date. |
request.subsequentFor.notAfter |
String |
true |
Not after date. |
request.subsequentFor.disabled |
Boolean |
true |
Disabled status. |
request.subsequentFor.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.subsequentFor.person |
Object |
true |
Associated person. |
request.subsequentFor.person.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.person.uniqueId |
String |
true |
Unique identifier for person. |
request.subsequentFor.person.email |
String |
true |
Email for person. |
request.postSignumRequestMessage |
String |
true |
The base64 encoded message which needs to be signed by private key associated to current certificate. |
request.postSignumRequestMessageSigned |
String |
true |
The base64 encoded signed message which will be passed to PostSignum. |
request.state |
String |
true |
The current state of request. Must be one of [PROCESSING, IMPORTED, EXPIRED, FAILED]. |
request.postSignumRequestId |
String |
true |
The request id from PostSignum Is null until request is approved in RemSig. |
request.expirationDate |
String |
true |
The expiration date (after expiration request sill exist in RemSig). |
request.deletionDate |
String |
true |
The deletion date (RemSig will automatically delete stale requests). |
request.redirectUrl |
String |
true |
The url where user can set password and PUK will be shown. |
6.8.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/postsignum/request/4328/approve -i -u 'username:password' -X POST \
-H 'Accept: application/json'6.8.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 2027
{
"operationId" : 123456,
"request" : {
"creationDate" : 1735341491211,
"lastModifiedDate" : 1735773491211,
"id" : 4328,
"uuid" : "7a881a5c-f179-4626-a395-8d4873a4b160",
"degreeBefore" : null,
"degreeAfter" : null,
"firstName" : "Anna",
"lastName" : "White",
"gender" : "FEMALE",
"insertMPSV" : true,
"emails" : [ "anna@mail.localhost", "annie@mail.localhost" ],
"position" : "Director",
"workplace" : "Faculty of medicine",
"country" : "GB",
"multiYear" : false,
"requester" : {
"id" : 9,
"uniqueId" : "another-id@uni.localhost",
"email" : null
},
"organizationUnitId" : 6,
"approved" : true,
"approvedDate" : 1735773491211,
"denied" : false,
"deniedDate" : null,
"certificateRequest" : {
"id" : 1,
"type" : "PERSONAL",
"request" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICkjCCAXo...T96jB/0Co=\n-----END CERTIFICATE REQUEST-----\n",
"subjectKey" : "234f1a28a9ba...b0df86656753",
"personId" : 9,
"importedCertificateId" : null
},
"redirects" : {
"success" : "https://localhost",
"cancel" : null,
"error" : null
},
"certificate" : null,
"subsequentFor" : {
"id" : 1,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...pCNC++/bOA==",
"subject" : "CN=API docs 1",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 4,
"person" : {
"id" : 4,
"uniqueId" : "person1234@localhost",
"email" : "person.1234@mail.localhost"
}
},
"postSignumRequestMessage" : "WmFkYW0gbyB2...dW1lbnRhY2U=",
"state" : "PROCESSING",
"postSignumRequestId" : null,
"expirationDate" : 1735859891211,
"deletionDate" : 1737415091211,
"redirectUrl" : "https://localhost/pin/certificate/password?uuid=7a881a5c-f179-4626-a395-8d4873a4b160"
}
}6.9. Deny Request
POST /api/manage/certificate/postsignum/request/{id:\d+}/deny
Denies certificate request.
6.9.1. Authorization
USER role required.
6.9.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Integer |
false |
The identifier of PostSignum personal certificate request. |
6.9.3. Query parameters
No parameters.
6.9.4. Request fields
No request body.
6.9.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
request |
Object |
true |
The PostSignum personal certificate request information. |
request.creationDate |
String |
true |
The creation date. |
request.lastModifiedDate |
String |
true |
The date of last modification. |
request.id |
Integer |
true |
The internal identifier. |
request.uuid |
String |
true |
The uuid for request. |
request.degreeBefore |
String |
true |
The degree before first name. |
request.degreeAfter |
String |
true |
The degree after last name. |
request.firstName |
String |
true |
The first name of person. |
request.lastName |
String |
true |
The last name of person. |
request.gender |
String |
true |
The gender. Must be one of [MALE, FEMALE]. |
request.insertMPSV |
Boolean |
true |
Whether MPSV identification will be inserted by PostSignum. |
request.emails |
Array[String] |
true |
List of emails used in certificate. |
request.position |
String |
true |
Person’s position in organization. |
request.workplace |
String |
true |
Workplace for person. |
request.country |
String |
true |
Person’s country in ISO 3166-1 alpha-2. |
request.multiYear |
Boolean |
true |
Whether issued certificate will be valid for multiple years. |
request.requester |
Object |
true |
Information about requester. |
request.requester.id |
Integer |
true |
Unique internal identifier. |
request.requester.uniqueId |
String |
true |
Unique identifier for person. |
request.requester.email |
String |
true |
Email for person. |
request.organizationUnitId |
Integer |
true |
The organization unit id, which is responsible for this request. |
request.approved |
Boolean |
true |
Whether request has been approved. |
request.approvedDate |
String |
true |
The date of approval in GMT. |
request.denied |
Boolean |
true |
Whether request has been denied. |
request.deniedDate |
String |
true |
The date of denial in GMT. |
request.certificateRequest |
Object |
true |
The associated certificate request. |
request.certificateRequest.id |
Integer |
true |
Unique internal identifier. |
request.certificateRequest.type |
String |
true |
The type of requested certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificateRequest.request |
String |
true |
Certificate request in PKCS10 format. |
request.certificateRequest.subjectKey |
String |
true |
Subject key. |
request.certificateRequest.personId |
Integer |
true |
Associated person id. |
request.certificateRequest.importedCertificateId |
Integer |
true |
Associated certificate id. |
request.redirects |
Object |
true |
The various user redirects. |
request.redirects.success |
String |
true |
Redirect URL on successful PUK shown. |
request.redirects.cancel |
String |
true |
Redirect URL when user cancels at any time. |
request.redirects.error |
String |
true |
Redirect URL on error at any time during password or PUK page. |
request.certificate |
Object |
true |
The issued certificate imported in RemSig. |
request.certificate.id |
Integer |
true |
Unique internal identifier. |
request.certificate.index |
Integer |
true |
Certificate index. |
request.certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.certificate.subject |
String |
true |
Subject. |
request.certificate.issuer |
String |
true |
Issuer. |
request.certificate.serialNumber |
Integer |
true |
Serial number. |
request.certificate.notBefore |
String |
true |
Not before date. |
request.certificate.notAfter |
String |
true |
Not after date. |
request.certificate.disabled |
Boolean |
true |
Disabled status. |
request.certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.certificate.person |
Object |
true |
Associated person. |
request.certificate.person.id |
Integer |
true |
Unique internal identifier. |
request.certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
request.certificate.person.email |
String |
true |
Email for person. |
request.externalCertificate |
String |
true |
Current external certificate to extend (CSR will be signed outside RemSig). |
request.subsequentFor |
Object |
true |
For subsequent request, information about extending certificate in RemSig. |
request.subsequentFor.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.index |
Integer |
true |
Certificate index. |
request.subsequentFor.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.subsequentFor.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.subsequentFor.subject |
String |
true |
Subject. |
request.subsequentFor.issuer |
String |
true |
Issuer. |
request.subsequentFor.serialNumber |
Integer |
true |
Serial number. |
request.subsequentFor.notBefore |
String |
true |
Not before date. |
request.subsequentFor.notAfter |
String |
true |
Not after date. |
request.subsequentFor.disabled |
Boolean |
true |
Disabled status. |
request.subsequentFor.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.subsequentFor.person |
Object |
true |
Associated person. |
request.subsequentFor.person.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.person.uniqueId |
String |
true |
Unique identifier for person. |
request.subsequentFor.person.email |
String |
true |
Email for person. |
request.postSignumRequestMessage |
String |
true |
The base64 encoded message which needs to be signed by private key associated to current certificate. |
request.postSignumRequestMessageSigned |
String |
true |
The base64 encoded signed message which will be passed to PostSignum. |
request.state |
String |
true |
The current state of request. Must be one of [PROCESSING, IMPORTED, EXPIRED, FAILED]. |
request.postSignumRequestId |
String |
true |
The request id from PostSignum Is null until request is approved in RemSig. |
request.expirationDate |
String |
true |
The expiration date (after expiration request sill exist in RemSig). |
request.deletionDate |
String |
true |
The deletion date (RemSig will automatically delete stale requests). |
request.redirectUrl |
String |
true |
The url where user can set password and PUK will be shown. |
6.9.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/postsignum/request/4328/deny -i -u 'username:password' -X POST \
-H 'Accept: application/json'6.9.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 2018
{
"operationId" : 123456,
"request" : {
"creationDate" : 1735341490766,
"lastModifiedDate" : null,
"id" : 4328,
"uuid" : "7a881a5c-f179-4626-a395-8d4873a4b160",
"degreeBefore" : null,
"degreeAfter" : null,
"firstName" : "Anna",
"lastName" : "White",
"gender" : "FEMALE",
"insertMPSV" : true,
"emails" : [ "anna@mail.localhost", "annie@mail.localhost" ],
"position" : "Director",
"workplace" : "Faculty of medicine",
"country" : "GB",
"multiYear" : false,
"requester" : {
"id" : 9,
"uniqueId" : "another-id@uni.localhost",
"email" : null
},
"organizationUnitId" : 6,
"approved" : false,
"approvedDate" : null,
"denied" : true,
"deniedDate" : 1735773490766,
"certificateRequest" : {
"id" : 1,
"type" : "PERSONAL",
"request" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICkjCCAXo...T96jB/0Co=\n-----END CERTIFICATE REQUEST-----\n",
"subjectKey" : "234f1a28a9ba...b0df86656753",
"personId" : 9,
"importedCertificateId" : null
},
"redirects" : {
"success" : "https://localhost",
"cancel" : null,
"error" : null
},
"certificate" : null,
"subsequentFor" : {
"id" : 1,
"index" : 1,
"type" : "PERSONAL",
"encoded" : "MIICpjCCAY6g...pCNC++/bOA==",
"subject" : "CN=API docs 1",
"issuer" : "CN=UnitTestingCA",
"serialNumber" : 1,
"notBefore" : 1733094973000,
"notAfter" : 1764630973000,
"disabled" : false,
"personId" : 4,
"person" : {
"id" : 4,
"uniqueId" : "person1234@localhost",
"email" : "person.1234@mail.localhost"
}
},
"postSignumRequestMessage" : "WmFkYW0gbyB2...dW1lbnRhY2U=",
"state" : "PROCESSING",
"postSignumRequestId" : null,
"expirationDate" : 1735859890766,
"deletionDate" : 1737415090766,
"redirectUrl" : "https://localhost/pin/certificate/password?uuid=7a881a5c-f179-4626-a395-8d4873a4b160"
}
}6.10. Patch Request
PATCH /api/manage/certificate/postsignum/request/{id:\d+}
Patches certificate request.
6.10.1. Authorization
MANAGER role required.
6.10.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Integer |
false |
The identifier of PostSignum personal certificate request. |
6.10.3. Query parameters
No parameters.
6.10.4. Request fields
| Path | Type | Optional | Description |
|---|---|---|---|
postSignumRequestMessageSigned |
String |
true |
The signed message in DER format, which will be sent to PostSignum. Use SHA1withRSA algorithm, signature must also contain (encapsulate) signed message. Must be a valid base64 encoded string. |
6.10.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
request |
Object |
true |
The PostSignum personal certificate request information. |
request.creationDate |
String |
true |
The creation date. |
request.lastModifiedDate |
String |
true |
The date of last modification. |
request.id |
Integer |
true |
The internal identifier. |
request.uuid |
String |
true |
The uuid for request. |
request.degreeBefore |
String |
true |
The degree before first name. |
request.degreeAfter |
String |
true |
The degree after last name. |
request.firstName |
String |
true |
The first name of person. |
request.lastName |
String |
true |
The last name of person. |
request.gender |
String |
true |
The gender. Must be one of [MALE, FEMALE]. |
request.insertMPSV |
Boolean |
true |
Whether MPSV identification will be inserted by PostSignum. |
request.emails |
Array[String] |
true |
List of emails used in certificate. |
request.position |
String |
true |
Person’s position in organization. |
request.workplace |
String |
true |
Workplace for person. |
request.country |
String |
true |
Person’s country in ISO 3166-1 alpha-2. |
request.multiYear |
Boolean |
true |
Whether issued certificate will be valid for multiple years. |
request.requester |
Object |
true |
Information about requester. |
request.requester.id |
Integer |
true |
Unique internal identifier. |
request.requester.uniqueId |
String |
true |
Unique identifier for person. |
request.requester.email |
String |
true |
Email for person. |
request.organizationUnitId |
Integer |
true |
The organization unit id, which is responsible for this request. |
request.approved |
Boolean |
true |
Whether request has been approved. |
request.approvedDate |
String |
true |
The date of approval in GMT. |
request.denied |
Boolean |
true |
Whether request has been denied. |
request.deniedDate |
String |
true |
The date of denial in GMT. |
request.certificateRequest |
Object |
true |
The associated certificate request. |
request.certificateRequest.id |
Integer |
true |
Unique internal identifier. |
request.certificateRequest.type |
String |
true |
The type of requested certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificateRequest.request |
String |
true |
Certificate request in PKCS10 format. |
request.certificateRequest.subjectKey |
String |
true |
Subject key. |
request.certificateRequest.personId |
Integer |
true |
Associated person id. |
request.certificateRequest.importedCertificateId |
Integer |
true |
Associated certificate id. |
request.redirects |
Object |
true |
The various user redirects. |
request.redirects.success |
String |
true |
Redirect URL on successful PUK shown. |
request.redirects.cancel |
String |
true |
Redirect URL when user cancels at any time. |
request.redirects.error |
String |
true |
Redirect URL on error at any time during password or PUK page. |
request.certificate |
Object |
true |
The issued certificate imported in RemSig. |
request.certificate.id |
Integer |
true |
Unique internal identifier. |
request.certificate.index |
Integer |
true |
Certificate index. |
request.certificate.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.certificate.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.certificate.subject |
String |
true |
Subject. |
request.certificate.issuer |
String |
true |
Issuer. |
request.certificate.serialNumber |
Integer |
true |
Serial number. |
request.certificate.notBefore |
String |
true |
Not before date. |
request.certificate.notAfter |
String |
true |
Not after date. |
request.certificate.disabled |
Boolean |
true |
Disabled status. |
request.certificate.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.certificate.person |
Object |
true |
Associated person. |
request.certificate.person.id |
Integer |
true |
Unique internal identifier. |
request.certificate.person.uniqueId |
String |
true |
Unique identifier for person. |
request.certificate.person.email |
String |
true |
Email for person. |
request.externalCertificate |
String |
true |
Current external certificate to extend (CSR will be signed outside RemSig). |
request.subsequentFor |
Object |
true |
For subsequent request, information about extending certificate in RemSig. |
request.subsequentFor.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.index |
Integer |
true |
Certificate index. |
request.subsequentFor.type |
String |
true |
The type of certificate. Must be one of [PERSONAL, SEAL, SERVER]. |
request.subsequentFor.encoded |
Array[Integer] |
true |
Encoded certificate. |
request.subsequentFor.subject |
String |
true |
Subject. |
request.subsequentFor.issuer |
String |
true |
Issuer. |
request.subsequentFor.serialNumber |
Integer |
true |
Serial number. |
request.subsequentFor.notBefore |
String |
true |
Not before date. |
request.subsequentFor.notAfter |
String |
true |
Not after date. |
request.subsequentFor.disabled |
Boolean |
true |
Disabled status. |
request.subsequentFor.personId |
Integer |
true |
Deprecated. Associated person Left for backward compatibility. |
request.subsequentFor.person |
Object |
true |
Associated person. |
request.subsequentFor.person.id |
Integer |
true |
Unique internal identifier. |
request.subsequentFor.person.uniqueId |
String |
true |
Unique identifier for person. |
request.subsequentFor.person.email |
String |
true |
Email for person. |
request.postSignumRequestMessage |
String |
true |
The base64 encoded message which needs to be signed by private key associated to current certificate. |
request.postSignumRequestMessageSigned |
String |
true |
The base64 encoded signed message which will be passed to PostSignum. |
request.state |
String |
true |
The current state of request. Must be one of [PROCESSING, IMPORTED, EXPIRED, FAILED]. |
request.postSignumRequestId |
String |
true |
The request id from PostSignum Is null until request is approved in RemSig. |
request.expirationDate |
String |
true |
The expiration date (after expiration request sill exist in RemSig). |
request.deletionDate |
String |
true |
The deletion date (RemSig will automatically delete stale requests). |
request.redirectUrl |
String |
true |
The url where user can set password and PUK will be shown. |
6.10.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/postsignum/request/4328 -i -u 'username:password' -X PATCH \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json' \
-d '{
"postSignumRequestMessageSigned" : "c29tZSBsb25n...YXRhIGhlcmU="
}'6.10.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 1603
{
"operationId" : 123456,
"request" : {
"creationDate" : 1735341489371,
"lastModifiedDate" : 1735770789371,
"id" : 4328,
"uuid" : "7a881a5c-f179-4626-a395-8d4873a4b160",
"degreeBefore" : null,
"degreeAfter" : null,
"firstName" : "Anna",
"lastName" : "White",
"gender" : "FEMALE",
"insertMPSV" : true,
"emails" : [ "anna@mail.localhost", "annie@mail.localhost" ],
"position" : "Director",
"workplace" : "Faculty of medicine",
"country" : "GB",
"multiYear" : false,
"requester" : {
"id" : 9,
"uniqueId" : "another-id@uni.localhost",
"email" : null
},
"organizationUnitId" : 6,
"approved" : true,
"approvedDate" : 1735770789371,
"denied" : false,
"deniedDate" : null,
"certificateRequest" : {
"id" : 1,
"type" : "PERSONAL",
"request" : "-----BEGIN CERTIFICATE REQUEST-----\nMIICkjCCAXo...T96jB/0Co=\n-----END CERTIFICATE REQUEST-----\n",
"subjectKey" : "234f1a28a9ba...b0df86656753",
"personId" : 9,
"importedCertificateId" : null
},
"redirects" : {
"success" : "https://localhost",
"cancel" : null,
"error" : null
},
"certificate" : null,
"postSignumRequestMessage" : "WmFkYW0gbyB2...dW1lbnRhY2U=",
"postSignumRequestMessageSigned" : "c29tZSBsb25n...YXRhIGhlcmU=",
"state" : "PROCESSING",
"postSignumRequestId" : null,
"expirationDate" : 1735859889371,
"deletionDate" : 1737415089371,
"redirectUrl" : "https://localhost/pin/certificate/password?uuid=7a881a5c-f179-4626-a395-8d4873a4b160"
}
}6.11. Delete Request
DELETE /api/manage/certificate/postsignum/request/{id:\d+}
Deletes certificate request (cannot be deleted after request has been approved)
6.11.1. Authorization
USER role required.
6.11.2. Path parameters
| Parameter | Type | Optional | Description |
|---|---|---|---|
id |
Integer |
false |
The identifier of PostSignum personal certificate request. |
6.11.3. Query parameters
No parameters.
6.11.4. Request fields
No request body.
6.11.5. Response fields
| Path | Type | Optional | Description |
|---|---|---|---|
operationId |
Integer |
false |
The unique identification for this action. |
6.11.6. Example request
$ curl https://remsig-dev.cesnet.cz/api/manage/certificate/postsignum/request/345 -i -u 'username:password' -X DELETE \
-H 'Accept: application/json'6.11.7. Example response
HTTP/1.1 200 OK
Operation-Id: 123456
Content-Type: application/json;charset=UTF-8
Content-Length: 28
{
"operationId" : 123456
}