REST API  15
REST API for Luna Network HSMs
POST /api/lunasa/ntls/clients

POST /api/lunasa/ntls/clients

Registers a client with the appliance.
The resource works in three different ways to register client:

  • User can provide the certificate content to register.
  • User can upload the certificate through POST /users/{userid}/files and can only provide ip/hostname that matches the file name uploaded.
  • User can register a client without providing a certificate and later add a certificate through PUT /api/lunasa/ntls/clients/{clientid}.

User Privileges

Users with the following role privileges can perform this command:

  • admin
  • operator

Parameters for providing the certificate content

ip

The IP address of the client.

Note: Use this parameter if the client certificate is to be created with IP address. If the certificate is to be created with hostname, use the hostname parameter instead. User cannot use both IP and hostname together.

Use: Not required

JSON Schema: 

   Object
   type: string
   minLength: 2
   maxLength: 45
   pattern: [a-fA-F0-9:.]

clientName

The human-friendly name used to refer the client.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 128
   pattern: [A-Za-z0-9_.:-]

Note: Client name can not be "server".

hostname

The hostname of the new client.

Note: Use this parameter if the client certificate is to be created with hostname. If the certificate is to be created with IP address, use the ip parameter instead. User cannot use both IP and hostname together.

Use: Not required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 60
   pattern: [A-Za-z0-9_.-]

certificate

The PEM-encoded certificate for the client.

Use: Not Required

JSON Schema: 

   Object
   type: string
   minLength: 8
   maxLength: 8192
   pattern: [A-Za-z0-9+=/]

NOTE: The certificate is PEM format with no embedded newlines. Use '\n' instead of the newline character.

Parameters for registering client if file has already been uploaded or without providing certificate

ip

The IP address of the client.

Note: Use this parameter if the client certificate is to be created with IP address. If the certificate is to be created with hostname, use the hostname parameter instead. User cannot use both IP and hostname together.

Use: Not required

JSON Schema: 

   Object
   type: string
   minLength: 2
   maxLength: 45
   pattern: [a-fA-F0-9:.]

clientName

The human-friendly name used to refer the client.

Use: Required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 128
   pattern: [A-Za-z0-9_.:-]

Note: Client name can not be "server".

hostname

The hostname of the new client.

Note: Use this parameter if the client certificate is to be created with hostname. If the certificate is to be created with IP address, use the ip parameter instead. User cannot use both IP and hostname together.

Use: Not required

JSON Schema: 

   Object
   type: string
   minLength: 1
   maxLength: 60
   pattern: [A-Za-z0-9_.-]

Responses

200

The client identifier registered with the appliance. Response includes the URL to the client identifier to obtain additional information.

JSON Schema: 

   Object
   client: Object
        type:  string
        description:  client is the name of the client registered with the appliance.

Location

JSON Schema: 

    id: Object
        type: string

see GET /api/lunasa/ntls/clients/{clientid}

400

NTLS_MISSING_HOSTNAME_IP

User must include hostname or an IP.

NTLS_PARAMETERS_NOT_APPROPRIATE

If user has included both IP and hostname.

NTLS_INTERNAL_ERROR

If any unexpected error occurs.

NTLS_CLIENT_ALREADY_EXISTS

If client name is already registered to a client on this server.

NTLS_DUPE_IP

If client IP is already registered to a client on this server.

NTLS_DUPE_HOSTNAME

If client hostname already registered to a client on this server.

NTLS_RESERVED_IP_ADDRESS

If IP can not be used to register a client.

NTLS_RESERVED_HOSTNAME

If hostname can not be used to register a client.

Example Request for providing certificate content.

   POST
   https://1.2.3.4:8443//api/lunasa/ntls/clients
   {
      "ip": "1.2.3.4",
      "clientName": "testClient",
      "certificate": "-----BEGIN CERTIFICATE-----\n...<certificate>...\n-----END CERTIFICATE-----"
   }

Example Request for registering client if file has already been uploaded or without providing a certificate

   POST
   https://1.2.3.4:8443//api/lunasa/ntls/clients
   {
      "ip": "1.2.3.4",
      "clientName": "testClient"
   }

Note: PEM file of IP/hostname that user has provided should be uploaded in user's directory. There is no need to mention ".pem" in IP/hostname.

Example Result

{'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json', 'Location': 'api/lunasa/ntls/clients/testClient3', 'Content-Length': '2', 'Access-Control-Allow-Credentials': 'true'}

{
   "client": "testClient"
}

Notes

This resource will require SO authentication when the forceSoLogin flag is enabled. (See GET /api/lunasa)

REST API for Luna Network HSMs VERSION" Reference Guide
007-013322-007 Rev. A Copyright 2023  Thales. All rights reserved.