Obtain Signing Identity Information (Signing certificate)
Request
GET /trustedx-resources/esigp/v1/sign_identities/{sign_identity_id}
Parameters
| Name | Type | Usage | Description |
|---|---|---|---|
sign_identity_id | path | Required | Identifier of the signing identity information is being requested on. |
Authorization
The request must contain a bearer access token generated by a trusted authorization server of the service from which the information on the signing identity is requested and that is associated to the domain to which the identity belongs. This token must be used as explained in RFC 6750. It must have the urn:safelayer:eidas:sign:identity:profile scope.
Basically, the token must be included in an HTTP Authorization header as follows:
Authorization: Bearer <token>
The access token can be obtained via an authorization code grant or Service provider's credentials grant OAuth 2.0 flow.
Example
GET /trustedx-resources/esigp/v1/sign_identities/12345678 HTTP/1.1 Authorization: Bearer mF_9.B5f-4.1JqM
Response
Response body representation in JSON as follows
{
"id" : {string},
"self" : {string},
"description" : {string},
"labels" : [ {string} ],
"type" : {string},
"device_id" : {string},
"domain" : {string},
"access" : [ {
"user_id" : {string}
} ]
"details" : {
"certificate" : {string},
"activation_mode": {string},
"public_key" : {string}
},
"links" : {
<operation_alias> : {
"auth" : {
"oauth2": {
"scopes": [ {string} ]
}
}
}
},
"status" : {
"value" : {string},
"reason" : {string}
}
}
Property | Description |
|---|---|
id | Identifier of the signing identity. |
self | Access URL for the signing identity. |
description | Description of the signing identity. |
labels[] | List of tags associated to the signing identity. |
type | Type of signing identity. This property currently always takes the pki:x509 value. |
device_id | Device where the private part of the keys associated to the signing identity is located. Only the signing identities on mobile devices have this property. |
domain | Domain the signing identity belongs to. |
access[] | Information on access control to the signing identity. |
access[].user_id | Identifier of a end-user with access to the signing identity. |
details | Details for implementing the signing identity. |
details.certificate | X.509 certificate encoded in DER and base64. Only pki:x509 signing identities have this property. |
details.activation_mode | Activation mode of the signing identity. Only server signing identities have this property and it can take the following values:
|
details.public_key | Public part of the keys associated to the signing identity. PublicKeyInfo ASN.1 structure encoded in DER and base64. Only pki:x509 signing identities have this property. |
links | Information on operations that use the signing identity. |
links.<operation_alias> | Information on the <operation_alias> operation regarding the use of the signing identity. Currently the only value possible for <operation_alias> is Signatures.create.server.raw. |
links.<operation_alias>.auth | Authorization information on the <operation_alias> operation regarding the use of the signing identity. |
links.<operation_alias>.auth.oauth2 | OAuth 2.0 authorization information on the <operation_alias> operation regarding the use of the signing identity. |
links.<operation_alias>.auth.oauth2.scopes[] | Set of OAuth 2.0 scopes required for accessing the <operation_alias> operation so that this operation can use the signing identity. |
status | Information on the status of the signing identity. |
status.value | Status of the signing identity.
|
status.reason | Reason why the signing identity is in its current state. This property is optional and is normally used to indicate why a signing identity has been locked or disabled. |
