Management

In order for a T1C-API to be downloadable from and be able to register with the Distribution Service, a few steps must be executed.

Management User Interface

Will be added later

REST API

We offer a Postman collection of the DS REST API which you can use. Below we will provide more information on the endpoints and their parameters.

Obtain IDP Token

For the management endpoints a user JSON web token is necessary. it can be obtained from the IDP and must be included in all management requests to the DS REST API as a bearer token

Example

curl --location --request POST 'https://[[IDP_URL]]/auth/realms/[[T1C_REALM]]/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=trust1connector' \
--data-urlencode 'username=[[USER]]@trust1team.com' \
--data-urlencode 'password=[[PASSWORD]]' \
--data-urlencode 'grant_type=password'

Request

Note that the request is x-www-form-urlencoded

The response will contain an access_token property value which can be used in management requests made to the DS REST API.

Sample response

{
    "access_token": "eyJhb...DSLG0g",
    "expires_in": 864000,
    "refresh_expires_in": 864000,
    "refresh_token": "eyJhb...oXsaQ",
    "token_type": "bearer",
    "not-before-policy": 0,
    "session_state": "5ee8573e-63b7-4975-a20a-1355493ec17e",
    "scope": "email profile"
}

Create Or Update Version

It is necessary to create a version in order to have a valid registration API key for the installer packages

Example

curl --location --request PUT 'http://localhost:8000/v3/versions' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "id": "3.1.1",
        "recommended": false,
        "mandatory": false,
        "allowed": true,
        "uris": [
            {
                "os": "MACOS",
                "uri": "https://storage.googleapis.com/deps_t1c/mac/v3.1.1/Release/Trust1Connector.dmg"
            },
            {
                "os": "MACOSARM",
                "uri": "https://storage.googleapis.com/deps_t1c/mac/v3.1.1/Release/Trust1Connector-arm.dmg"
            },
            {
                "os": "WIN32",
                "uri": "https://storage.googleapis.com/deps_t1c/win/v3.1.1/Release/T1C-API_x86.exe"
            },
            {
                "os": "WIN64",
                "uri": "https://storage.googleapis.com/deps_t1c/win/v3.1.1/Release/T1C-API_x64.exe"
            },
            {
                "os": "UNIX",
                "uri": "https://storage.googleapis.com/deps_t1c/unix/v3.1.1/Release/Trust1connector.deb"
            }
        ],
        "installationApiKey": "8a313cec-a2fd-4fbc-9408-86afaa3a3e1a"
    }'

Request

Create Or Update Context Config

The context config contains variable configuration for the installed T1C-API packages

Example

curl --location --request PUT 'http://localhost:8000/v3/configurations' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "config": {
            "cors": [
                "https://t1c.t1t.io",
                "http://t1c.t1t.io",
                "http://localhost:3000",
                "https://acc-ds.t1t.io",
                "*.t1t.io:*"
            ],
            "wildcardsAllowed": true
        },
        "type": "CONTEXT_CONFIG",
        "versionId": "3.2.6"
    }'

Wildcards in the CORS allowlist are only supported from the T1C API/Proxy v3.2.6 onwards.

Request

Create Or Update File Digests Config

The file digests config contains a list of files and their MD5 digests. At startup, the T1C-API will verify that these files are unaltered and shut down if that is not the case. We recommend leaving it empty during testing.

Example

curl --location --request PUT 'http://localhost:8000/v3/configurations' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "config": {
            "files": []
        },
        "type": "FILE_DIGESTS",
        "versionId": "3.1.1"
    }'

Request

Create or Update SSL Keystore Config

The SSL keystore config contains the URI for the latest SSL keystore used by the T1C-API for it's local server. The T1C-API will check if it has the latest and unaltered SSL keystore at startup and replace it if necessary.

Example

curl --location --request PUT 'http://localhost:8000/v3/configurations' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "config": {
            "uri": "https://storage.googleapis.com/gcl-distro/ssl/t1c_ks.p12",
            "password": "test"
        },
        "type": "SSL_KEYSTORE",
        "versionId": "3.1.1"
    }'

Request

Create Or Update Organization

An organization is an entity that groups labels together. It is required in order to create a label

Example

curl --location --request PUT 'http://localhost:8000/v3/organizations' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
            "name": "Trust1Team"
    }'

Request

Create Or Update Label

A label is analogous to an application in the DS API v2. In v3 a label is associated with an API key which applications can exchange for a temporary JSON web token that can be passed to the client. A label can be used by multiple applications, or a label can be created for each application.

Example

curl --location --request PUT 'http://localhost:8000/v3/labels' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "name": "rmc",
        "orgId": "trust1team"
        "apiKey": "a91753a8-e9ef-4852-b356-0283ec00fb05"
    }'

Request

Label IDs must be unique across all organizations as the T1C-API is not aware of any organizational context, only labels.

Last updated