Using the Encrypted Resilient Package REST APIs
Important: The Encrypted Resilient Package REST API will work only after you have installed the Policy Workbench. For more information about installing Policy Workbench, refer to the section Installing Policy Workbench.
The Encrypted Resilient Package API is only used by the Immutable Resilient protectors.
Before you begin:
Ensure that the concept of resilient protectors and necessity of a resilient package is understood.
For more information on how the REST API is used to export the encrypted resilient package in an immutable policy deployment, refer to the section DevOps Approach for Application Protector.Ensure that the RPS service is running on the AI Team Edition.
The user accessing this API must have the workbench_deployment_immutablepackage_export permission.
For more information about the roles and permissions required, refer to the section Workbench Roles and Permissions.
The Encrypted Resilient Package API uses the v1 version.
If you want to perform common operations using the Encrypted Resilient Package API, then refer the section Using the Common REST API Endpoints.
The following table provides a section reference to the Encrypted Resilient Package API.
| REST API | Section Reference |
|---|---|
| Exporting the resilient package | Exporting Resilient Package |
Exporting Resilient Package Using GET Method
This API request exports the resilient package that can be used with resilient protectors. You can use Certificate authentication and JWT authentication for encrypting and exporting the resilient package.
Warning: Do not modify the package that has been exported using the RPS Service API. If you modify the exported package, then the package will get corrupted.
The resilient package that has been exported using the Encrypted Resilient Package API is not FIPS-compliant.
- Base URL
- https://<FQDN>/pty/v1/rps
- Path
- /export
- Method
- GET
- CURL request syntax
- Export API
curl -H "Authorization: Bearer <TOKEN>" -X GET https://<FQDN>/pty/v1/rps/export/<fingerprint>?version=1&coreVersion=1 -H "Content-Type: application/json" -o rps.json - In this command, TOKEN indicates the JWT token used for authenticating the API.
For more information about creating a JWT token, refer to the section Generate token.
- Query Parameters
- fingerprint
- Specify the fingerprint of the Data Store Export Key. The fingerprint is used to identify which Data Store to export and which export key to use for protecting the resilient package. The user with the Security Officer permissions must share the fingerprint of the Export Key with the user who is executing this API. For more information about obtaining the fingerprint of the Data Store Export Key, refer to step 7 of the section Adding Export Key.
version
- Set the schema version of the exported resilient package that is supported by the specific protector.
coreVersion
- Set the Core policy schema version that is supported by the specific protector.
- Sample CURL request
- Export API
curl -H "Authorization: Bearer $<TOKEN>" -X GET https://<FQDN>/pty/v1/rps/export/a7fdbc0cccc954e00920a4520787f0a08488db8e0f77f95aa534c5f80477c03a?version=1&coreVersion=1 -H "Content-Type: application/json" -o rps.jsonThis sample request uses the JWT token authentication.
- Sample response
- The
rps.jsonfile is exported using the public key associated with the specified fingerprint.
Protect the encrypted resilient package with standard file permissions to ensure that only the dedicated protectors can access the package.
Feedback
Was this page helpful?