Custom Headers

• Authorization

  string

  Your IBM Cloud access token.

Path Parameters

• id

  byte

  The IBM Cloud UUID that uniquely identifies the instance. For how to retrieve your instance ID, see Retrieving your instance ID for instructions.

• instance_id

  byte

  The v4 UUID used to uniquely identify the instance in IBM Cloud.

• apiConnectionInfo

  string

  Specifies the URI (url:port) where the API can be used.

Status Code

• 200

  The instance connection info was successfully retrieved.

• 401

  Your access token is invalid or does not have the necessary permissions to access this resource.

• 404

  The instance could not be found. Verify that the instance ID specified is valid.

• 500

  IBM Hyper Protect Crypto is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Authorization

  string

  Your IBM Cloud access token.

• Bluemix-Instance

  byte

  The IBM Cloud instance ID that identifies your Crypto service instance. For how to retrieve your instance ID, see Retrieving your instance ID for instructions.

• Correlation-Id

  byte

  The v4 UUID used to correlate and track transactions.

• Prefer

  string

  Alters server behavior for POST or DELETE operations. A header with return=minimal causes the service to return only the key identifier, or metadata. A header containing return=representation returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. Note: During POST operations, Hyper Protect Crypto may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent GET /keys/{id} request.

  Allowable values: [return=representation,return=minimal]

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  An array of resources.

  object1[]

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  An array of resources.

  object1[]

Status Code

• 201

  The key was successfully created.

• 400

  The key is missing a required field.

• 401

  Your access token is invalid or does not have the necessary permissions to access this resource.

• 403

  The instance ID is malformed or invalid.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Hyper Protect Crypto is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Authorization

  string

  Your IBM Cloud access token.

• Bluemix-Instance

  byte

  The IBM Cloud instance ID that identifies your Crypto service instance. For how to retrieve your instance ID, see Retrieving your instance ID for instructions.

• Correlation-Id

  byte

  The v4 UUID used to correlate and track transactions.

Query Parameters

• limit

  integer

  The number of keys to retrieve. By default, GET /keys returns the first 2000 keys. To retrieve a different set of keys, use limit with offset to page through your available resources. The maximum value for limit is 5000. Usage: If you have 20 keys in your instance, and you want to retrieve only the first 5 keys, use ../keys?limit=5.

  Constraints: 1 ≤ value ≤ 5000

  Default: 2000

• offset

  integer

  The number of keys to skip. By specifying offset, you retrieve a subset of keys that starts with the offset value. Use offset with limit to page through your available resources. Usage: If you have 100 keys in your instance, and you want to retrieve keys 26 through 50, use ../keys?offset=25&limit=50.

  Constraints: value ≥ 0

  Default: 0

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  An array of resources.

  Example: View

  {
    "resources": [
      {
        "type": "application/vnd.ibm.kms.key+json",
        "name": "Root-key",
        "id": "...",
        "description": "...",
        "state": 1,
        "extractable": false,
        "createdBy": "...",
        "creationDate": "YYYY-MM-DDTHH:MM:SSZ",
        "crn": "..."
      },
      {
        "type": "application/vnd.ibm.kms.key+json",
        "name": "Standard-key",
        "id": "...",
        "description": "...",
        "state": 1,
        "extractable": true,
        "createdBy": "...",
        "creationDate": "YYYY-MM-DDTHH:MM:SSZ",
        "crn": "..."
      }
    ]
  }

  { "resources": [ { "type": "application/vnd.ibm.kms.key+json", "name": "Root-key", "id": "...", "description": "...", "state": 1, "extractable": false, "createdBy": "...", "creationDate": "YYYY-MM-DDTHH:MM:SSZ", "crn": "..." }, { "type": "application/vnd.ibm.kms.key+json", "name": "Standard-key", "id": "...", "description": "...", "state": 1, "extractable": true, "createdBy": "...", "creationDate": "YYYY-MM-DDTHH:MM:SSZ", "crn": "..." } ] }Copied!
  KeyMetadata[]

Status Code

• 200

  The list of keys was successfully retrieved.

• 401

  Your access token is invalid or does not have the necessary permissions to access this resource.

• 403

  The instance ID is malformed or invalid.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Hyper Protect Crypto is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Authorization

  string

  Your IBM Cloud access token.

• Bluemix-Instance

  byte

  The IBM Cloud instance ID that identifies your Crypto service instance. For how to retrieve your instance ID, see Retrieving your instance ID for instructions.

• Correlation-Id

  byte

  The v4 UUID used to correlate and track transactions.

Status Code

• 200

  The metadata was successfully retrieved.

• 401

  Your access token is invalid or does not have the necessary permissions to access this resource.

• 403

  The instance ID is malformed or invalid.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Hyper Protect Crypto is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Authorization

  string

  Your IBM Cloud access token.

• Bluemix-Instance

  byte

  The IBM Cloud instance ID that identifies your Crypto service instance. For how to retrieve your instance ID, see Retrieving your instance ID for instructions.

• Correlation-Id

  byte

  The v4 UUID used to correlate and track transactions.

Path Parameters

• id

  byte

  The v4 UUID that uniquely identifies the key.

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  An array of resources.

  Example: View

  {
    "resources": [
      {
        "type": "application/vnd.ibm.kms.key+json",
        "name": "Standard-key",
        "id": "...",
        "description": "...",
        "state": 1,
        "extractable": true,
        "createdBy": "...",
        "creationDate": "YYYY-MM-DDTHH:MM:SSZ",
        "crn": "...",
        "payload": "..."
      }
    ]
  }

  { "resources": [ { "type": "application/vnd.ibm.kms.key+json", "name": "Standard-key", "id": "...", "description": "...", "state": 1, "extractable": true, "createdBy": "...", "creationDate": "YYYY-MM-DDTHH:MM:SSZ", "crn": "...", "payload": "..." } ] }Copied!
  object1[]

Status Code

• 200

  The key was successfully retrieved.

• 400

  The key could not be retrieved due to a malformed, invalid, or missing ID.

• 401

  Your access token is invalid or does not have the necessary permissions to access this resource.

• 403

  The instance ID is malformed or invalid.

• 404

  The key could not be found. Verify that the key ID specified is valid.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Hyper Protect Crypto is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Authorization

  string

  Your IBM Cloud access token.

• Bluemix-Instance

  byte

  The IBM Cloud instance ID that identifies your Crypto service instance. For how to retrieve your instance ID, see Retrieving your instance ID for instructions.

• Correlation-Id

  byte

  The v4 UUID used to correlate and track transactions.

• Prefer

  string

  Alters server behavior for POST or DELETE operations. A header with return=minimal causes the service to return only the key identifier, or metadata. A header containing return=representation returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. Note: During POST operations, Hyper Protect Crypto may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent GET /keys/{id} request.

  Allowable values: [return=representation,return=minimal]

Path Parameters

• id

  byte

  The root key that is used as the wrapping key. It must be a v4 UUID for an active key.

Query Parameters

• action

  string

  The action to perform on the specified key.

  Allowable values: [wrap,unwrap,rotate]

• plaintext

  string

  The data encryption key (DEK) used in wrap actions when the query parameter is set to wrap. The system returns a base64 encoded plaintext in the response entity-body when you perform an unwrap action on a key. To wrap an existing DEK, provide a base64 encoded plaintext during a wrap action. To generate a new DEK, omit the plaintext property. Hyper Protect Crypto generates a random plaintext (32 bytes) that is rooted in an HSM and then wraps that value.

  Constraints: length ≤ 4096

• ciphertext

  string

  The wrapped data encryption key (DEK) used in wrap actions when the query parameter is set to unwrap. The system requires a base64 encoded ciphertext and returns a base64 encoded plaintext in the response entity-body when you perform an unwrap action on a key. Note: When you unwrap a wrapped data encryption key (WDEK) by using a rotated root key, the service returns a new ciphertext in the response entity-body. Each ciphertext remains available for unwrap actions. If you unwrap a DEK with a previous ciphertext, the service also returns the latest ciphertext in the response. Use the latest ciphertext for future unwrap operations.

• payload

  string

  The key material that you want to import into the service for rotating an existing root key. This value is required for a rotate action if you initially imported the key material when you created the key. To rotate an imported root key, provide a base64 encoded payload in the request entity-body. To rotate a root key that was initially generated by Hyper Protect Crypto, omit the payload property and pass in an empty request entity-body.

• plaintext

  string

  The data encryption key (DEK) used in wrap actions when the query parameter is set to wrap. The system returns a base64 encoded plaintext in the response entity-body when you perform an unwrap action on a key. To wrap an existing DEK, provide a base64 encoded plaintext during a wrap action. To generate a new DEK, omit the plaintext property. Hyper Protect Crypto generates a random plaintext (32 bytes) that is rooted in an HSM and then wraps that value.

  Constraints: length ≤ 4096

• ciphertext

  string

  The wrapped data encryption key (DEK) used in wrap actions when the query parameter is set to unwrap. The system requires a base64 encoded ciphertext and returns a base64 encoded plaintext in the response entity-body when you perform an unwrap action on a key. Note: When you unwrap a wrapped data encryption key (WDEK) by using a rotated root key, the service returns a new ciphertext in the response entity-body. Each ciphertext remains available for unwrap actions. If you unwrap a DEK with a previous ciphertext, the service also returns the latest ciphertext in the response. Use the latest ciphertext for future unwrap operations.

Status Code

• 200

  Successful key operation.

• 204

  Successful key operation. Your key was successfully rotated.

• 400

  Your authentication data or key is invalid, or the entity-body is missing a required field.

• 401

  Your access token is invalid or does not have the necessary permissions to access this resource.

• 403

  The instance ID is malformed or invalid.

• 404

  The key could not be found.

• 409

  The key is not in an active state, so any KeyAction will fail. Check the key's nonactiveStateReason to understand how to proceed.

• 410

  The requested key was previously deleted and is no longer available. Please delete references to this key.

• 422

  The ciphertext provided for the unwrap operation was not wrapped by this key.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Hyper Protect Crypto is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Authorization

  string

  Your IBM Cloud access token.

• Bluemix-Instance

  byte

  The IBM Cloud instance ID that identifies your Crypto service instance. For how to retrieve your instance ID, see Retrieving your instance ID for instructions.

• Correlation-Id

  byte

  The v4 UUID used to correlate and track transactions.

• Prefer

  string

  Alters server behavior for POST or DELETE operations. A header with return=minimal causes the service to return only the key identifier, or metadata. A header containing return=representation returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. Note: During POST operations, Hyper Protect Crypto may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent GET /keys/{id} request.

  Allowable values: [return=representation,return=minimal]

Path Parameters

• id

  byte

  The v4 UUID that uniquely identifies the key.

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  An array of resources.

  object2[]

Status Code

• 200

  The key was successfully deleted.

• 204

  The key was deleted.

• 400

  The key cannot be deleted due to a malformed, invalid, or missing ID.

• 401

  Your access token is invalid or does not have the necessary permissions to access this resource.

• 403

  The instance ID is malformed or invalid.

• 404

  The key could not be found.

• 410

  The requested key was previously deleted and is no longer available. Please delete references to this key.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Hyper Protect Crypto is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.