This section describes the AP REST APIs available for protection and unprotection of data:
- Version 4 API specification
- Version 1 API specification
This is the multi-page printable view of this section. Click here to print.
Application Protector API on REST
Describes the AP REST protector APIs that are available for protection and unprotection of data.
- 1: Version 4 (V4) Application Protector API on REST
- 1.1: List of REST APIs
- 1.1.1: HTTP GET version
- 1.1.2: HTTP POST protect
- 1.1.3: HTTP POST unprotect
- 1.1.4: HTTP POST reprotect
- 1.1.5: HTTP GET doc
- 1.1.6: HTTP Headers
- 1.2: V4 AP REST HTTP Response Codes
- 2: Version 1 (V1) Application Protector API on REST
- 2.1: List of REST APIs
- 2.1.1: HTTP GET version
- 2.1.2: HTTP POST protect
- 2.1.3: HTTP POST unprotect
- 2.1.4: HTTP POST reprotect
- 2.1.5: HTTP Headers
- 2.2: Error Handling for v1 API
- 2.3: V1 AP REST HTTP Response Codes
1 - Version 4 (V4) Application Protector API on REST
Describes the Version 4 AP REST protector APIs that are available for protection and unprotection of data.
1.1 - List of REST APIs
Lists the AP REST APIs.
This section describes the AP REST APIs available for protection and unprotection of data.
1.1.1 - HTTP GET version
This API displays the version of the product being used.
- URI
https://hostname/v4/version- Method
- GET
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment
Resource: The resource to be used, which is /v4/version
- Result
- This function returns the current version of the AP REST protector API.
Response
| Status | Response |
|---|---|
| 200 | {"version":"10.0.0+25.4af059","components":{"jcoreVersion":"10.0.1+12.g0eb7","coreVersion":"2.1.1+20.g78ac6ac.2.1"}} |
Example
$ curl 'https://<HostName>/v4/version' --cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
1.1.2 - HTTP POST protect
This API returns protected data.
- URI
https://hostname/v4/protect- Method
- POST
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment.
Resource: The resource to be used, which is /v4/protect.
Request Body
- User: Name of the user executing the API. The user must be present in the policy.
- Payload:
- dataElement: Name of the data element used to protect the data. This field is mandatory.
- data: Data to be protected. This field is mandatory.
- externalIv: External Initialization Vector (IV) used for protecting the data.
- externaltweak: External tweak used for protecting the data.
- Result
- This API returns protected data.
Example 1
Without external IV and external tweak
$ curl --location --request POST 'https://<hostname>/v4/protect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"TE_A_N_S13_L0R0_Y_ST","data":["bG9jaGFu"],"encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 1
Without external IV and external tweak
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"cEJPM2pF"
],
"returnCode": 6
}
]
}
Example 2
With external IV
$ curl --location --request POST 'https://<hostname>/v4/protect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"TE_A_N_S13_L0R0_Y_ST","data":["bG9jaGFu"],"externalIv":"cHJvdGVncml0eQ==","encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 2
With external IV
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"b2Rnb1ky"
],
"returnCode": 6
}
]
}
Example 3
With external tweak
$ curl --location --request POST 'https://<hostname>/v4/protect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"FPE_FF1_LA_APIP_L0R0_ASTNI_M2.UTF8","data":["bG9jaGFu"],"external_tweak_":"eIvJdGKncnl8eS==","encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 3
With external tweak
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"b2Rnb1ky"
],
"returnCode": 6
}
]
}
1.1.3 - HTTP POST unprotect
This API unprotects the protected data.
- URI
https://hostname/v4/unprotect- Method
- POST
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment.
Resource: The resource to be used, which is /v4/unprotect.
Request Body
- User: Name of the user executing the API.
- Payload:
- dataElement: Name of the data element used to unprotect the data. This field is mandatory.
- data: Data to be unprotected. This field is mandatory.
- externalIv: External Initialization Vector (IV) used for unprotecting the data.
- externaltweak: External tweak used for unprotecting the data.
- Result
- This API returns unprotected data.
Example 1
Without external IV and external tweak
$ curl --location --request POST 'https://<hostname>/v4/unprotect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"TE_A_N_S13_L0R0_Y_ST","data":["cEJPM2pF"],"encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 1
Without external IV and external tweak
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"bG9jaGFu"
],
"returnCode": 8
}
]
}
Example 2
With external IV
$ curl --location --request POST 'https://<hostname>/v4/unprotect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"TE_A_N_S13_L0R0_Y_ST","data":["b2Rnb1ky"],"externalIv":"cHJvdGVncml0eQ==","encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 2
With external IV
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"bG9jaGFu"
],
"returnCode": 8
}
]
}
Example 3
With external tweak
$ curl --location --request POST 'https://<hostname>/v4/unprotect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"FPE_FF1_LA_APIP_L0R0_ASTNI_M2.UTF8","data":["b2Rnb1ky"],"external_tweak_":"eIvJdGKncnl8eS==","encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 3
With external tweak
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"bG9jaGFu"
],
"returnCode": 8
}
]
}
1.1.4 - HTTP POST reprotect
This API reprotects the data.
- URI
https://hostname/v4/reprotect- Method
- POST
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment.
Resource: The resource to be used, which is /v4/reprotect.
Request Body
- User: Name of the user executing the API.
- Payload:
- dataElement: Name of the data element used to initially protect the data. This field is mandatory.
- newDataElement: Name of the data element used to reprotect the data. This field is mandatory.
- data: Data to be protected. This field is mandatory.
- externalIv: External Initialization Vector (IV) used for initially protecting the data.
- newExternalIv: External IV used for reprotecting the data.
- externaltweak: External tweak used for initially protecting the data.
- newExternaltweak: External tweak used for reprotecting the data.
- Result
- This API reprotects the data.
Example 1
Without external IV and external tweak
$ curl --location --request POST 'https://<hostname>/v4/reprotect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"TE_A_N_S13_L0R0_Y_ST",newDataElement: TE_A_N_S13_L1R3_N,"data":["cEJPM2pF"],"encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 1
Without external IV and external tweak
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"bDlrdGhhbg=="
],
"returnCode": 50
}
]
}
Example 2
With external IV
$ curl --location --request POST 'https://<hostname>/v4/reprotect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"TE_A_N_S13_L0R0_Y_ST",newDataElement: TE_A_N_S13_L1R3_N,"data":["cEJPM2pF"],"externalIv":"cHJvdGVncml0eQ==","newExternalIv":"dJvKdGWndnM0eP==","encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 2
With external IV
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"c2Snd1mz"
],
"returnCode": 50
}
]
}
Example 3
With external tweak
$ curl --location --request POST 'https://<hostname>/v4/reprotect' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--data '{"payload":[{"id":1,"dataElement":"FPE_FF1_LA_APIP_L0R0_ASTNI_M2.UTF8",newDataElement: FPE_FF1_LA_APIP_L1R1_ASTNI_M2.UTF8,"data":["cEJPM2pF"],"externaltweak":"eIvJdGKncnl8eS==","newExternaltweak_":"eKwLeHXoepN0fQ==","encoding":"base64"}],"user":"user1"}'
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response 3
With external tweak
The following response appears for the status code 200, if the API is invoked successfully.
{
"errorCount": 0,
"results": [
{
"id": 1,
"encoding": "base64",
"data": [
"d2Tmd1nz"
],
"returnCode": 50
}
]
}
1.1.5 - HTTP GET doc
This API returns the document specifications.
- URI
https://hostname/v4/doc- Method
- GET
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment.
Resource: The resource to be used, which is /v4/doc.
- Result
- This API returns the document specification.
Example
$ curl --location --request GET 'https://<hostname>/v4/doc' \
--header 'Content-Type: application/json' \
--header 'X-Correlation-ID: k81d1fae-7dec-41g0-a765-90a0c31e6wf5' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
Response
The API returns the OpenAPI specifications YAML file.
1.1.6 - HTTP Headers
Overview about HTTP headers.
The client should send the required HTTP headers to the server to specify the type of data being sent in the payload. The content type also specifies the type of result being sent by the server to the client.
To send a JSON request and get a JSON response, specify the following HTTP header:
Content-Type: application/json
Only the
Content-Type: application/jsonvalue is supported. It is mandatory to specify this value in the HTTP header.
To uniquely identify each HTTP request, specify the correlation ID in the HTTP header:
X-Correlation-ID: <Correlation ID>
Correlation ID is used in audit logs. This is an optional value.
1.2 - V4 AP REST HTTP Response Codes
Lists the response codes generated for the HTTP REST requests sent to the v4 AP REST APIs. It also specifies the corresponding audit code generated in the logs.
| Error Messages | Operation | Audit Code in Logs | HTTP Response Code |
|---|---|---|---|
| Failed to decode Base64 |
| No audit code generated | 400 |
| The content of the input data is not valid |
| 44 | 400 |
| Unsupported algorithm or unsupported action for the specific data element |
| 26 | 400 |
| Data is too long to be protected/unprotected |
| 23 | 400 |
| Data is too short to be protected/unprotected |
| 22 | 400 |
| The user does not have the appropriate permissions to perform the requested operation |
| 3 | 400 |
| The data element could not be found in the policy |
| 1 | 401 |
| The username could not be found in the policy |
| 2 | 400 |
| Data unprotect operation failed. with correlationId <CorrelationID> | Unprotect | 9 | 400 |
| Tweak input is too long. with correlationId <Correlation ID> |
| 15 | 200 |
| Failed to send logs, connection refused ! with correlationId <Correlation ID> |
| 51 | 400 |
| Policy not available with correlationId <Correlation ID> |
| 31 | 400 |
The Correlation ID appears in the error message only if it has been specified in the HTTP header.
2 - Version 1 (V1) Application Protector API on REST
Describes the Version 1 AP REST protector APIs that are available for protection and unprotection of data. It also lists the error handling capabilities provided by the AP API on REST.
2.1 - List of REST APIs
Lists the AP REST APIs.
This section describes the AP REST APIs available for protection and unprotection of data.
2.1.1 - HTTP GET version
This API displays the version of the AP REST protector API being used.
- URI
https://hostname/rest-v1/version- Method
- GET
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment
Resource: The resource to be used, which is /rest-v1/version
- Result
- This function returns the current version of the AP REST protector API.
Response
| Status | Response |
|---|---|
| 200 | {"version":"10.0.0.0.13","components":{"jpepVersion":"10.0.0.0.15","coreVersion":"1.1.0+76.ge82e5.1.1"}} |
Example
$ curl 'https://<HostName>/rest-v1/version' --cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key
2.1.2 - HTTP POST protect
This API returns protected data.
- URI
https://hostname/rest-v1/protect- Method
- POST
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment
Resource: The resource to be used, which is /rest-v1/protect
- Result
- This API returns protected data.
The input data must always be Base64 encoded.
Example 1 - without external IV and external tweak
$ curl --location --request POST 'https://<hostname>/rest-v1/protect' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"protect": {
"policyusername": "Uername",
"dataelementname": "DataElement1",
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANA=="
},
{
"id": 2,
"content": "AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANA=="
}
]
}
}
}'
- Response 1 - without external IV and external tweak
- The following response appears for the status code 200, if the API is invoked successfully.
{ "protect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"AGoAZABzAHIAdQBlAGMAagBaAEMAMQAyADMANA==" }, { "id":2, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"AGoAZABzAHIAdQBlAGMAagBaAEMAMQAyADMANA==" } ] } } }
Example 2 - with external IV
$ curl --location --request POST 'https://<hostname>/rest-v1/protect' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"protect": {
"policyusername": "Uername",
"dataelementname": "DataElement1",
"externaliv": "ZXh0ZXJuYWpdg=="
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "RW5eEN2RGZZaw=="
},
{
"id": 2,
"content": "cmZBcnJTRg=="
}
]
}
}
}'
- Response 2 - with external IV
- The following response appears for the status code 200, if the API is invoked successfully.
{ "protect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"OG8xZW0QlQ3MQ==" }, { "id":2, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"blg2Qm5Ddg==" } ] } } }
Example 3 - with external tweak
$ curl --location --request POST 'https://<hostname>/rest-v1/protect' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"protect": {
"policyusername": "Uername",
"dataelementname": "DataElement2_FPE",
"externaltweak": "ZXh0ZXJuYWpdg=="
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "RW5eEN2RGZZaw=="
},
{
"id": 2,
"content": "cmZBcnJTRg=="
}
]
}
}
}'
- Response 3 - with external tweak
- The following response appears for the status code 200, if the API is invoked successfully.
{ "protect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"MHM4OVpsRndIbA==" }, { "id":2, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"VzFsNmd1Ng==" } ] } } }
2.1.3 - HTTP POST unprotect
This API unprotects the protected data.
- URI
https://hostname/rest-v1/unprotect- Method
- POST
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment
Resource: The resource to be used, which is /rest-v1/unprotect
- Result
- This API returns unprotected data.
The input data must always be Base64 encoded.
Example 1 - without external IV and external tweak
$ curl --request POST 'https://<hostname>/rest-v1/unprotect' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"unprotect": {
"policyusername": "UserName",
"dataelementname": "DataElement1",
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANA=="
},
{
"id": 2,
"content": "AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANA=="
}
]
}
}
}'
- Response 1 - without external IV and external tweak
- The following response appears for the status code 200, if the API is invoked successfully.
{ "unprotect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/8", "returntype":"success", "content":"AGwATgBWAEwATAByAFIAUAB2AGcAMQAyADMANA==" }, { "id":2, "returncode":"/rest-v1/returncodes/id/8", "returntype":"success", "content":"AGwATgBWAEwATAByAFIAUAB2AGcAMQAyADMANA==" } ] } } }
Example 2 - with external IV
$ curl --request POST 'https://<hostname>/rest-v1/unprotect' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"unprotect": {
"policyusername": "UserName",
"dataelementname": "DataElement1",
"externaliv": "ZXh0ZXJuYWpdg=="
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "OG8xZW0QlQ3MQ=="
},
{
"id": 2,
"content": "blg2Qm5Ddg=="
}
]
}
}
}'
- Response 2 - with external IV
- The following response appears for the status code 200, if the API is invoked successfully.
{ "unprotect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/8", "returntype":"success", "content":"RW5eEN2RGZZaw==" }, { "id":2, "returncode":"/rest-v1/returncodes/id/8", "returntype":"success", "content":"cmZBcnJTRg==" } ] } } }
Example 3 - with external tweak
$ curl --request POST 'https://<hostname>/rest-v1/unprotect' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"unprotect": {
"policyusername": "UserName",
"dataelementname": "DataElement2_FPE",
"externaltweak": "ZXh0ZXJuYWpdg=="
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "MHM4OVpsRndIbA=="
},
{
"id": 2,
"content": "VzFsNmd1Ng=="
}
]
}
}
}'
- Response - with external tweak
- The following response appears for the status code 200, if the API is invoked successfully.
{ "unprotect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/8", "returntype":"success", "content":"RW5eEN2RGZZaw==" }, { "id":2, "returncode":"/rest-v1/returncodes/id/8", "returntype":"success", "content":"cmZBcnJTRg==" } ] } } }
2.1.4 - HTTP POST reprotect
This API reprotects the data.
- URI
https://hostname/rest-v1/reprotect- Method
- POST
- Parameters
- Hostname: Host name of the endpoint, as defined in the AP-REST deployment
Resource: The resource to be used, which is /rest-v1/reprotect
- Result
- This API reprotects the data.
The input data must always be Base64 encoded.
Example 1 - without external IV and external tweak
$ curl --request POST 'https://<hostname>/rest-v1/reprotect' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"reprotect": {
"policyusername": "UserName",
"olddataelementname": "DataElement1", "newdataelementname": "DataElement2",
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANA=="
},
{
"id": 2,
"content": "AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANA=="
}
]
}
}
}'
- Response 1 - without external IV and external tweak
- The following response appears for the status code 200, if the API is invoked successfully.
{ "reprotect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANA==" }, { "id":2, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANA==" } ] } } }
Example 2 - with external IV
curl --location --request POST 'https://<hostname>/rest-v1/reprotect' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"reprotect": {
"policyusername": "UserName",
"olddataelementname": "DataElement1",
"newdataelementname": "DataElement2","oldexternaliv":"MTIzNDVhYmNzIyQlXiM2Nzg5MFMrTlNBQkNTRA=","newexternaliv":"MTIzNDVhYmNzIyQlXiM2Nzg5MFMrTlNBQkNTRA="
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "MTA1MTYwNTk1MjE5OTY3OTU="
},
{
"id": 2,
"content": "MTA1MTYwNTk1MjE5OTY3OTU="
}
]
}
}
}'
- Response 2 - with external IV
- The following response appears for the status code 200, if the API is invoked successfully.
{ "reprotect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"Q09udGFpbmVyVGVhbTEyMzQ1Njc=" }, { "id":2, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"AFAAcgBvAHQAZQBnAHIAaQB0AHkAMQAyADMANAA1" } ] } } }
Example 3 - with external tweak
curl --location --request POST 'https://<hostname>/rest-v1/reprotect' \
--header 'Host: <hostname>' \
--connect-to "<hostname>:443:<AWS LoadBalancer>:443" \
--header 'Content-Type: application/json' \
--cacert iap-rest-ca.crt --cert iap-rest-client.crt --key iap-rest-client.key --data '{
"reprotect": {
"policyusername": "UserName",
"olddataelementname": "DataElement1",
"newdataelementname": "DataElement2","oldexternaltweak":"MTIzNDVhYmNzIyQlXiM2Nzg5MFMrTlNBQkNTRA=","newexternaltweak":"MTIzNDVhYmNzIyQlXiM2Nzg5MFMrTlNBQkNTRA="
"bulk":{
"id": 1,
"data": [
{
"id": 1,
"content": "MTA1MTYwNTk1MjE5OTY3OTU="
},
{
"id": 2,
"content": "MTA1MTYwNTk1MjE5OTY3OTU="
}
]
}
}
}'
- Response 3 - with external tweak
- The following response appears for the status code 200, if the API is invoked successfully.
{ "reprotect":{ "bulk":{ "id":1, "returntype":"success", "data":[ { "id":1, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"AFAAYQByAGgAbQBoAFAAawBMAGcAZQBaAFgAaABtAGEAcg" }, { "id":2, "returncode":"/rest-v1/returncodes/id/6", "returntype":"success", "content":"ADEAMgAzADQANQA2ADcAOAA5ADA" } ] } } }
2.1.5 - HTTP Headers
Overview about HTTP headers.
The client should send the required HTTP headers to the server to specify the type of data being sent in the payload. The content type also specifies the type of result being sent by the server to the client.
To send a JSON request and get a JSON response, specify the following HTTP header:
Content-Type: application/json
2.2 - Error Handling for v1 API
For record error handling, the bulk id and data id fields are used, which enable tracking of the errors from the client side.
The following table lists the record error handling status codes, which are sent from the server to the client.
| Status Code | Responses |
| Success | |
| Success, with warning | |
| Error type of log return code | |
| Error type of log return code (different) | |
For more information about the Log Return codes, refer to the section Log return codes.
2.3 - V1 AP REST HTTP Response Codes
Lists the response codes generated for the HTTP REST requests sent to the v1 AP REST APIs. It also specifies the corresponding audit code generated in the logs.
| Error Messages | Operation | Audit Code in Logs | HTTP Response Code |
|---|---|---|---|
| Failed to decode Base64 |
| No audit code generated | 400 |
| The content of the input data is not valid |
| 44 | 400 |
| Unsupported algorithm or unsupported action for the specific data element |
| 26 | 400 |
| Data is too long to be protected/unprotected |
| 23 | 400 |
| Data is too short to be protected/unprotected |
| 22 | 400 |
| The user does not have the appropriate permissions to perform the requested operation |
| 3 | 400 |
| The data element could not be found in the policy |
| 1 | 401 |
| The username could not be found in the policy |
| 2 | 400 |
| Data unprotect operation failed. with correlationId <CorrelationID> | Unprotect | 9 | 400 |
| Tweak input is too long. with correlationId <Correlation ID> |
| 15 | 200 |
| Failed to send logs, connection refused ! with correlationId <Correlation ID> |
| 51 | 400 |
| Policy not available with correlationId <Correlation ID> |
| 31 | 400 |