Using the Encrypted Resilient Package REST APIs
The Encrypted Resilient Package API is only used by the Immutable Resilient protectors.
Before you begin:
Ensure that the concept of resilient protectors and necessity of a resilient package is understood.
For more information on how the REST API is used to export the encrypted resilient package in an immutable policy deployment, refer to the section DevOps Approach for Application Protector.Ensure that the RPS service is running on the ESA.
The user accessing this API must have the Export Resilient Package permission.
For more information about the roles and permissions required, refer to the section Managing Roles.
The Encrypted Resilient Package API uses the v1 version.
If you want to perform common operations using the Encrypted Resilient Package API, then refer the section Using the Common REST API Endpoints.
The following table provides a section reference to the Encrypted Resilient Package API.
| REST API | Section Reference |
|---|---|
| Exporting the resilient package | Exporting Resilient Package |
Exporting Resilient Package
This API request exports the resilient package that can be used with resilient protectors. You can use the Basic authentication, Certificate authentication, and JWT authentication for encrypting and exporting the resilient package.
Warning: Do not modify the package that has been exported using the RPS Service API. If you modify the exported package, then the package will get corrupted.
Important: The resilient package that has been exported using the Encrypted Resilient Package API is not FIPS-compliant.
- Base URL
- https://{ESA IP address or Hostname}/pty/v1/rps
- Path
- /export
- Method
- POST
- CURL request syntax
- Export API - KEK
curl -H "Authorization: Bearer <TOKEN>" -X POST https://{ESA IP address or Hostname}/pty/v1/rps/export\?version=1\&coreversion=1 -H "Content-Type: application/json" --data '{ "kek":{ "publicKey":{ "label": "{Key_name}", "algorithm": "{RSA_Algorithm}", "value": "{Value of publickey}" } }' -o rps.json - In this command, Token indicates the JWT token used for authenticating the API.
Alternatively, you can also store the JWT token in an environment variable named TOKEN, as shown in the following command.
curl -H "Authorization: Bearer ${TOKEN}" -X POST https://{ESA IP address or Hostname}/pty/v1/rps/export\?version=1\&coreversion=1 -H "Content-Type: application/json" --data '{ "kek":{ "publicKey":{ "label": "{Key_name}", "algorithm": "{RSA_Algorithm}", "value": "{Value of publickey}" } }' -o rps.json
Note: You can download the resilient package only from the IP address that is part of the allowed servers list connected to a Data Store. This is only applicable for the 10.0.x and 10.1.0 protectors.
- Authentication credentials
- TOKEN - Environment variable containing the JWT token.
For more information about creating a JWT token, refer to the section Using JSON Web Token (JWT). - Query parameters
- version
- Set the schema version of the exported resilient package that is supported by the specific protector.
coreversion
- Set the Core policy schema version that is supported by the specific protector.
- Request body elements
- Encryption Method
- The kek encryption can be used to protect the exported file.
| Encryption Method | Sub-elements | Description |
|---|---|---|
| kek\publicKey | label | Name of the publicKey. |
| algorithm | The RPS API supports the following algorithms:
| |
| value | Specify the value of the publicKey. |
- Sample CURL request
- Export API - KEK
curl -H "Authorization: Bearer ${TOKEN}" -X POST https://{ESA IP address or Hostname}/pty/v1/rps/export\?version=1\&coreversion=1 -H "Content-Type: application/json" --data '{ "kek":{ "publicKey":{ "label": "key_name", "algorithm": "RSA-OAEP-256", "value": "-----BEGIN PUBLIC KEY-----MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1eq9vH5Dq8pwPqOSqB0YdY6ehBRNWCgYhh9z1X093id+42eTRDHMOpLXRLhOMdgOeeyEsue1s5ZEOKY9j2TcaVTRwLhSMfacjugfiknnUESziUi9mt+XFnSgk7n4t5EF7fjvriOQvHCp24xCbtwKQlOT3x4zUs/REyJ8FXSrFEvrzbb/mEFfYhp2J6c90CKYqbDX6SFW8WjphDb/kgqg/KfT8AlsllAnci4CZ+7u0Iw7GsRvEvrVUCbBsXfB7InTst3hTc4A7iiY36kSEn78mXtfLjWiMpzEBxOteohmXKgSAynI7nI8c0ZhHSoZLUSJ2IQUi25ho8uxd/v3fedTTD91zRTxMJKw8XDrwjXllH7FGgsWBUenkO2lRlfIYBDctjv1MB+QJlNo+gOTGg8sJ1czBm20VQHHcyHpCKNu2gKzqWqSU6iGcwGXPCKY8/yEpNyPVFS/i7GAp10jO+QdOBskPviiLFN5kMh05ZGBpyNvfAQantwGv15Ip0RJ3LTQbKE62DAGNcdP6rizwm9SSt0WcG58OenBX5eB0gWBRrZI5s3EkhThYXyxbvFWObMWb/3jMsE+O22NvqAxWSasPR1zS1WBf25ush3v6BGBO4Frl5kBRrTCSSfAZBDha5VqXOqR1XIdQKf8wKn5DSScpMRuyf3ymRGQf915CC7zwp0CAwEAAQ==-----END PUBLIC KEY-----"} } }' -o rps.jsonThis sample request uses the JWT token authentication.
- Sample response
- The
rps.jsonfile is exported.
Protect the encrypted resilient package with standard file permissions to ensure that only the dedicated protectors can access the package.
Feedback
Was this page helpful?