Credential Termination and Revocation API

This tutorial describes how to use the IdExchange API to send a request to terminate a user’s device and revoke the associated certificates with the respective device. In the example below, the {{IdExchangeServer}} placeholder should be replaced with id.cyberarmed.com

Tools:

In this example, the Postman tool can be used to provide an example of how the API calls are structured. However, any code platform capable of making REST calls will work.

Required Permissions

Client Certificate: The calling application must first perform an authentication using a client certificate to obtain a Jason Web Token

IDMS Permission: The client certificate’s thumbprint must be registered in the IDMS. It must be assigned the CredentialManager role.

Sequence

The authenticated client will submit a termination request to the IDMS. The IDMS then forwards this request to the Credential Management System (CMS) where the CMS will perform internal actions to terminate the device and send a message to to certificate authority to revoke the certificates.

Authentication

The API requires a digital certificate for authentication. When the certificate is verified, the API will return a Java Web Token (JWT) that can be used for subsequent calls.

API Endpoint: https://{{IdExchangeServer}}:444/WebApi/Token

Body: grant_type=password

Response:

API Definition

API Endpoint: https://{{IdExchangeServer}}:444/WebApi/api/CredentialManagement/s

Type: Post

The following search parameters can be used to target the search

Sample JSON:

{"userId":"1000012814","transactionType":"TerminateCredentials","transactionReason":"Test","credentialSerialNumber":"08758433460000044406"}

Response

The IDMS will respond with transaction summary indicating failure or success.

A successful response will provide the unique key for the enrollment.

"Credential request successfully created. UserId [1000012543]"