Methods

Path Parameters

• id

  *

  Required

  string

  The IBM Cloud UUID that uniquely identifies the instance. For how to retrieve your instance ID, see Retrieving your instance ID for instructions.

• instance_id

  byte

  The v4 UUID used to uniquely identify the instance in IBM Cloud.

• apiConnectionInfo

  string

  Specifies the URI (url:port) where the API can be used.

Status Code

• 200

  The instance connection info was successfully retrieved.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 404

  The instance could not be found. Verify that the instance ID specified is valid.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

• Prefer

  string

  Alters server behavior for POST or DELETE operations. A header with return=minimal causes the service to return only the key identifier, or metadata. A header containing return=representation returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. Note: During POST operations, Hyper Protect Crypto Services may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent GET /keys/{id} request.

  Allowable values: [return=representation,return=minimal]

{
  "metadata": {
    "collectionType": "application/vnd.ibm.kms.key+json",
    "collectionTotal": 1
  },
  "resources": [
    {
      "type": "application/vnd.ibm.kms.key+json",
      "name": "Root-key",
      "description": "...",
      "extractable": false
    }
  ]
}

• metadata

  *

  Required
  CollectionMetadata

• resources

  *

  Required

  A collection of resources.

  CreateKey[]

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  A collection of resources.

  KeyWithPayload[]

Status Code

• 201

  The key was successfully created.

• 400

  The key is missing a required field.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 409

  The import token that was used to encrypt this key has reached its maxAllowedRetrievals or expirationDate, and it is no longer available for operations. To create a new import token, use POST /import_token. In very rare cases, the import token may expire before its expiration time. Ensure that your client application is configured with a retry mechanism for catching and responding to 409 conflict exceptions.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Query Parameters

• limit

  integer

  The number of keys to retrieve. By default, GET /keys returns the first 200 keys. To retrieve a different set of keys, use limit with offset to page through your available resources. The maximum value for limit is 5000. Usage: If you have 20 keys in your instance, and you want to retrieve only the first 5 keys, use ../keys?limit=5.

  Constraints: 1 ≤ value ≤ 5000

  Default: 200

• offset

  integer

  The number of keys to skip. By specifying offset, you retrieve a subset of keys that starts with the offset value. Use offset with limit to page through your available resources. Usage: If you have 100 keys in your instance, and you want to retrieve keys 26 through 50, use ../keys?offset=25&limit=25.

  Constraints: value ≥ 0

  Default: 0

• state

  integer[]

  The state of the keys to be retrieved. States must be a list of integers from 0 to 5 delimited by commas with no whitespace or trailing commas. Valid states are based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values. Usage: If you want to retrieve active and deleted keys, use ../keys?state=1,5.

  Allowable values: [0,1,2,3,5]

  Default: [0,1,2,3]

• metadata

  *

  Required

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  A collection of resources.

  KeyRepresentation[]

Status Code

• 200

  The list of keys was successfully retrieved.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Query Parameters

• state

  integer[]

  The state of the keys to be retrieved. States must be a list of integers from 0 to 5 delimited by commas with no whitespace or trailing commas. Valid states are based on NIST SP 800-57. States are integers and correspond to the Pre-activation = 0, Active = 1, Suspended = 2, Deactivated = 3, and Destroyed = 5 values. Usage: If you want to retrieve active and deleted keys, use ../keys?state=1,5.

  Allowable values: [0,1,2,3,5]

  Default: [0,1,2,3]

Status Code

• 200

  The metadata was successfully retrieved.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Path Parameters

• id

  *

  Required

  string

  The v4 UUID that uniquely identifies the key.

• metadata

  *

  Required

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  *

  Required

  A collection of resources.

  KeyWithPayload[]

Status Code

• 200

  The key was successfully retrieved. If the key was previously deleted, keyVersion.creationDate is omitted from the request response.

• 400

  The key could not be retrieved due to a malformed, invalid, or missing ID.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 404

  The key could not be found. Verify that the key ID specified is valid.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

• Prefer

  string

  Alters server behavior for POST or DELETE operations. A header with return=minimal causes the service to return only the key identifier, or metadata. A header containing return=representation returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. Note: During POST operations, Hyper Protect Crypto Services may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent GET /keys/{id} request.

  Allowable values: [return=representation,return=minimal]

Path Parameters

• id

  *

  Required

  string

  The v4 UUID that uniquely identifies the key.

Query Parameters

• action

  *

  Required

  string

  The action to perform on the specified key.

  Allowable values: [wrap,unwrap,rotate,rewrap,setKeyForDeletion,unsetKeyForDeletion,restore]

{
  "plaintext": "<data_key>"
}

• plaintext

  string

  The data encryption key (DEK) used in wrap actions when the query parameter is set to wrap. The system returns a base64 encoded plaintext in the response entity-body when you perform an unwrap action on a key. To wrap an existing DEK, provide a base64 encoded plaintext during a wrap action. To generate a new DEK, omit the plaintext property. Hyper Protect Crypto Services generates a random plaintext (32 bytes) that is rooted in an HSM and then wraps that value. Note: When you unwrap a wrapped data encryption key (WDEK) by using a rotated root key, the service returns a new ciphertext in the response entity-body. Each ciphertext remains available for unwrap actions. If you unwrap a DEK with a previous ciphertext, the service also returns the latest ciphertext in the response. Use the latest ciphertext for future unwrap operations.

  Constraints: length ≤ 4096

• ciphertext

  *

  Required

  string

  The wrapped data encryption key (WDEK) that you can export to your app or service. The value is base64 encoded.

• plaintext

  string

  The data encryption key (DEK) used in wrap actions when the query parameter is set to wrap. The system returns a base64 encoded plaintext in the response entity-body when you perform an unwrap action on a key. To wrap an existing DEK, provide a base64 encoded plaintext during a wrap action. To generate a new DEK, omit the plaintext property. Hyper Protect Crypto Services generates a random plaintext (32 bytes) that is rooted in an HSM and then wraps that value. Note: When you unwrap a wrapped data encryption key (WDEK) by using a rotated root key, the service returns a new ciphertext in the response entity-body. Each ciphertext remains available for unwrap actions. If you unwrap a DEK with a previous ciphertext, the service also returns the latest ciphertext in the response. Use the latest ciphertext for future unwrap operations.

  Constraints: length ≤ 4096

• keyVersion

  The key version that was used to wrap the DEK. This key version is associated with the ciphertext value that was used in the request.

  KeyVersion
  keyVersion

  id

  string

  The ID of the key version.

  Example: 4a0225e9-17a0-46c1-ace7-f25bcf4237d4

  creationDate

  date-time

  The date that the version of the key was created.

  Example: 2010-01-12T05:23:19+0000

Status Code

• 200

  Successful key operation.

• 201

  The imported key was successfully restored.

• 204

  Successful key operation.

• 400

  Your authentication data or key is invalid, or the entity-body is missing a required field.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 404

  The key could not be found.

• 409

  The key is not in an appropriate state, so the KeyAction has failed.

• 410

  The requested key was previously deleted and is no longer available. Please delete references to this key.

• 422

  The ciphertext provided for the unwrap operation was not wrapped by this key.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

• Prefer

  string

  Alters server behavior for POST or DELETE operations. A header with return=minimal causes the service to return only the key identifier, or metadata. A header containing return=representation returns both the key material and metadata in the response entity-body. If the key has been designated as a root key, the system cannot return the key material. Note: During POST operations, Hyper Protect Crypto Services may not immediately return the key material due to key generation time. To retrieve the key material, you can perform a subsequent GET /keys/{id} request.

  Allowable values: [return=representation,return=minimal]

Path Parameters

• id

  *

  Required

  string

  The v4 UUID that uniquely identifies the key.

Query Parameters

• force

  boolean

  If set to true, Hyper Protect Crypto Services forces deletion on a key that is protecting a cloud resource, such as a Cloud Object Storage bucket. The action removes any registrations that are associated with the key. Note: If a key is protecting a cloud resource that has a retention policy, Hyper Protect Crypto Services cannot delete the key. Use GET keys/{id}/registrations to review registrations between the key and its associated cloud resources. To enable deletion, contact an account owner to remove the retention policy on each resource that is associated with this key.

  Default: false

• metadata

  *

  Required

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  *

  Required

  A collection of resources.

  KeyWithPayload[]

Status Code

• 200

  The key was successfully deleted.

• 204

  The key was successfully deleted. No content.

• 400

  The key cannot be deleted due to a malformed, invalid, or missing ID.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 404

  The key could not be found.

• 409

  The key could not be deleted because it is protecting one or more cloud resources that have a retention policy. Use GET /keys/{id}/registrations to learn which resources this key is associated with. A registration with ”preventKeyDeletion”: true indicates that the associated resource has a retention policy. To enable deletion, contact an account owner to remove the retention policy on each resource that is associated with this key.

• 410

  The requested key was previously deleted and is no longer available. Please delete references to this key.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Path Parameters

• id

  *

  Required

  string

  The v4 UUID that uniquely identifies the key.

• metadata

  *

  Required

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  *

  Required

  A collection of resources.

  KeyFullRepresentation[]

Status Code

• 200

  The key metadata was successfully retrieved.

• 400

  The key metadata could not be retrieved due to a malformed, invalid, or missing ID.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 404

  The key metadata for key with specified ID could not be found.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Path Parameters

• id

  *

  Required

  string

  The v4 UUID that uniquely identifies the key.

Query Parameters

• limit

  integer

  The number of key versions to retrieve. By default, GET /versions returns the first 200 key versions. To retrieve a different set of key versions, use limit with offset to page through your available resources. The maximum value for limit is 5000. Usage: If you have a key with 20 versions in your instance, and you want to retrieve only the first 5 versions, use ../versions?limit=5.

  Constraints: 1 ≤ value ≤ 5000

  Default: 200

• offset

  integer

  The number of key versions to skip. By specifying offset, you retrieve a subset of key versions that starts with the offset value. Use offset with limit to page through your available resources. Usage: If you have a key with 100 versions in your instance, and you want to retrieve versions 26 through 50, use ../versions?offset=25&limit=25.

  Constraints: value ≥ 0

  Default: 0

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  An array of resources.

  KeyVersion[]

Status Code

• 200

  The list of key versions was successfully retrieved.

• 400

  The request is missing a required field.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 404

  The key could not be found.

• 409

  The key is not in an active state.

• 410

  The requested key was previously deleted and is no longer available. Please delete references to this key.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Path Parameters

• id

  *

  Required

  string

  The v4 UUID that uniquely identifies the key.

Query Parameters

• policy

  string

  The type of policy that is associated with the specified key.

  Allowable values: [dualAuthDelete,rotation]

{
  "metadata": {
    "collectionType": "application/vnd.ibm.kms.policy+json",
    "collectionTotal": 2
  },
  "resources": [
    {
      "type": "application/vnd.ibm.kms.policy+json",
      "rotation": {
        "interval_month": 1
      }
    },
    {
      "type": "application/vnd.ibm.kms.policy+json",
      "dualAuthDelete": {
        "enabled": "<true|false>"
      }
    }
  ]
}

• metadata

  *

  Required
  CollectionMetadata

• resources

  *

  Required

  A collection of resources.

  KeyPolicyDualAuthDelete[]

• metadata

  *

  Required
  CollectionMetadata

• resources

  *

  Required

  A collection of resources.

  object[]
  resources

  id

  *

  Required

  string

  The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.

  type

  *

  Required

  string

  Specifies the MIME type that represents the policy resource. Currently, only the default is supported.

  Possible values: [application/vnd.ibm.kms.policy+json]

  Example: application/vnd.ibm.kms.policy+json

  dualAuthDelete

  *

  Required

  Data associated with the dual authorization delete policy.

  object

  dualAuthDelete

  enabled

  *

  Required

  boolean

  If set to true, Hyper Protect Crypto Services enables a dual authorization policy on a single key. After you enable the policy, Hyper Protect Crypto Services requires an authorization from two users to delete this key. For example, you can authorize the deletion first by using the SetKeyForDeletion action. Then, a different user provides a second authorization implicitly by calling DELETE /keys to delete the key. Note: Once the dual authorization policy is set on the key, it cannot be reverted.

  Example: true

  crn

  string

  The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.

  Example: crn:v1:bluemix:public:hs-crypto:<region>:a/<account-id>:<service-instance:policy:<policy-id>

  creationDate

  date-time

  The date the policy was created. The date format follows RFC 3339.

  Example: 2010-01-12T05:23:19+0000

  createdBy

  string

  The unique identifier for the resource that created the policy.

  lastUpdateDate

  date-time

  Updates when the policy is replaced or modified. The date format follows RFC 3339.

  Example: 2010-01-12T05:23:19+0000

  updatedBy

  string

  The unique identifier for the resource that updated the policy.

Status Code

• 200

  The policy or policies were successfully created or updated.

• 204

  The policy or policies were successfully created or updated. No content.

• 400

  The policy or policies cannot be created or updated due to a malformed, invalid, or missing ID.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 410

  The requested key was previously deleted and is no longer available. Please delete references to this key.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Path Parameters

• id

  *

  Required

  string

  The v4 UUID that uniquely identifies the key.

Query Parameters

• policy

  string

  The type of policy that is associated with the specified key.

  Allowable values: [dualAuthDelete,rotation]

• metadata

  *

  Required
  CollectionMetadata

• resources

  *

  Required

  A collection of resources.

  object[]
  resources

  id

  *

  Required

  string

  The v4 UUID used to uniquely identify the policy resource, as specified by RFC 4122.

  type

  *

  Required

  string

  Specifies the MIME type that represents the policy resource. Currently, only the default is supported.

  Possible values: [application/vnd.ibm.kms.policy+json]

  Example: application/vnd.ibm.kms.policy+json

  dualAuthDelete

  *

  Required

  Data associated with the dual authorization delete policy.

  object

  dualAuthDelete

  enabled

  *

  Required

  boolean

  If set to true, Hyper Protect Crypto Services enables a dual authorization policy on a single key. After you enable the policy, Hyper Protect Crypto Services requires an authorization from two users to delete this key. For example, you can authorize the deletion first by using the SetKeyForDeletion action. Then, a different user provides a second authorization implicitly by calling DELETE /keys to delete the key. Note: Once the dual authorization policy is set on the key, it cannot be reverted.

  Example: true

  crn

  string

  The Cloud Resource Name (CRN) that uniquely identifies your cloud resources.

  Example: crn:v1:bluemix:public:hs-crypto:<region>:a/<account-id>:<service-instance:policy:<policy-id>

  creationDate

  date-time

  The date the policy was created. The date format follows RFC 3339.

  Example: 2010-01-12T05:23:19+0000

  createdBy

  string

  The unique identifier for the resource that created the policy.

  lastUpdateDate

  date-time

  Updates when the policy is replaced or modified. The date format follows RFC 3339.

  Example: 2010-01-12T05:23:19+0000

  updatedBy

  string

  The unique identifier for the resource that updated the policy.

Status Code

• 200

  The policy resources were successfully retrieved.

• 400

  The request is missing a required field or contains invalid values.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 404

  The key could not be found.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Query Parameters

• policy

  string

  The type of policy that is associated with the specified instance.

  Allowable values: [dualAuthDelete]

{
  "metadata": {
    "collectionType": "application/vnd.ibm.kms.policy+json",
    "collectionTotal": 1
  },
  "resources": [
    {
      "policy_type": "dualAuthDelete",
      "policy_data": {
        "enabled": "<true|false>"
      }
    }
  ]
}

• metadata

  *

  Required
  CollectionMetadata

• resources

  *

  Required

  A collection of resources.

  object[]
  resources

  policy_type

  *

  Required

  string

  The type of policy to be set.

  Allowable values: [dualAuthDelete]

  Example: dualAuthDelete

  policy_data

  *

  Required

  DualAuthDeleteProperties

Status Code

• 204

  The policy or policies were successfully created or updated. No content.

• 400

  The policy or policies cannot be created or updated due to a malformed or invalid request.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 410

  The requested key was previously deleted and is no longer available. Please delete references to this key.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Query Parameters

• policy

  string

  The type of policy that is associated with the specified instance.

  Allowable values: [dualAuthDelete]

Status Code

• 200

  The policy resources were successfully retrieved.

• 400

  The request is missing a required field or contains invalid values.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 404

  The key could not be found.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

• expiration

  number

  The time in seconds from the creation of an import token that determines how long its associated public key remains valid. The minimum value is 300 seconds (5 minutes), and the maximum value is 86400 (24 hours). The default value is 600 (10 minutes).

  Constraints: 300 ≤ value ≤ 86400

  Default: 600

• maxAllowedRetrievals

  number

  The number of times that an import token can be retrieved within its expiration time before it is no longer accessible.

  Constraints: 1 ≤ value ≤ 500

  Default: 1

• expiration

  number

  The time in seconds from the creation of an import token that determines how long its associated public key remains valid. The minimum value is 300 seconds (5 minutes), and the maximum value is 86400 (24 hours). The default value is 600 (10 minutes).

  Constraints: 300 ≤ value ≤ 86400

• maxAllowedRetrievals

  number

  The number of times that an import token can be retrieved within its expiration time before it is no longer accessible.

  Constraints: 1 ≤ value ≤ 500

• creationDate

  date-time

  The date the import token was created. The date format follows RFC 3339.

  Example: 2018-04-12T23:20:50.52Z

• expirationDate

  date-time

  The date the import token expires. The date format follows RFC 3339.

  Example: 2018-12-01T23:20:50.52Z

• remainingRetrievals

  number

  The number of retrievals that are available for the import token before it is no longer accessible.

  Constraints: value ≥ 1

Status Code

• 200

  The import token was successfully created.

• 400

  The import token cannot be created due to a malformed or invalid request.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

• expiration

  number

  The time in seconds from the creation of an import token that determines how long its associated public key remains valid. The minimum value is 300 seconds (5 minutes), and the maximum value is 86400 (24 hours). The default value is 600 (10 minutes).

  Constraints: 300 ≤ value ≤ 86400

• maxAllowedRetrievals

  number

  The number of times that an import token can be retrieved within its expiration time before it is no longer accessible.

  Constraints: 1 ≤ value ≤ 500

• creationDate

  date-time

  The date the import token was created. The date format follows RFC 3339.

  Example: 2018-04-12T23:20:50.52Z

• expirationDate

  date-time

  The date the import token expires. The date format follows RFC 3339.

  Example: 2018-12-01T23:20:50.52Z

• remainingRetrievals

  number

  The number of retrievals that are available for the import token before it is no longer accessible.

  Constraints: value ≥ 1

• payload

  byte

  The public encryption key that you can use to encrypt key material before you import it into the service. This value is a PEM-encoded public key in PKIX format. Because PEM encoding is a binary format, the value is base64 encoded.

  Constraints: length ≤ 4096

• nonce

  byte

  The nonce value that is used to verify a key import request. Encrypt and provide the encrypted nonce value when you use POST /keys to securely import a key to the service.

Status Code

• 200

  The import token was successfully retrieved.

• 401

  Your credentials are invalid or do not have the necessary permissions to make this request. Verify that the given IBM Cloud access token and instance ID are correct. If the error persists, contact the account owner to check your permissions.

• 403

  Your service is not authorized to make this request. Ensure that an authorization exists between your service and Hyper Protect Crypto Services. Learn more

• 404

  An import token was not found in the specified service instance. To create an import token, use POST /import_token

• 409

  The import token has reached its maxAllowedRetrievals or expirationDate, and it is no longer available for use. To create a new import token, use POST /import_token. In very rare cases, the import token may expire before its expiration time. Ensure that your client application is configured with a retry mechanism for catching and responding to 409 conflict exceptions.

• 429

  Too many requests. Please wait a few minutes and try again.

• 500

  IBM Cloud Hyper Protect Crypto Services is currently unavailable. Your request could not be processed. Please try again later. If the problem persists, note the correlation-ID in the response header and contact IBM Cloud support.

Custom Headers

• Bluemix-Instance

  *

  Required

  string

  The IBM Cloud instance ID that identifies your Hyper Protect Crypto Services instance.

• Correlation-Id

  string

  The v4 UUID used to correlate and track transactions.

Path Parameters

• id

  *

  Required

  string

  The v4 UUID that uniquely identifies the key.

• urlEncodedResourceCRN

  *

  Required

  string

  The URL encoded Cloud Resource Name (CRN) that uniquely identifies the cloud resource. At minimum, provide a CRN that includes the service-instance segment.

  Example: crn%3av1%3abluemix%3apublic%3acloud-object-storage%3aglobal%3aa%2f59bcbfa6ea2f006b4ed7094c1a08dcdd%3a1a0ec336-f391-4091-a6fb-5e084a4c56f4%3a%3abucket

{
  "metadata": {
    "collectionType": "application/vnd.ibm.kms.registration_input+json",
    "collectionTotal": 1
  },
  "resources": {
    "preventKeyDeletion": true,
    "description": "string"
  }
}

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  A collection of resources.

  CreateRegistrationResourceBody[]

• metadata

  The metadata that describes the resource array.

  CollectionMetadata

• resources

  A collection of resources.

  RegistrationResource[]