Management

In order for a T1C-API to be downloadable from and be able to register with the Distribution Service, a few steps must be executed.

Management User Interface

In development

REST API

We offer a Postman collection of the DS REST API which you can use. Below we will provide more information on the endpoints and their parameters.

Obtain IDP Token

For the management endpoints a user JSON web token is necessary. it can be obtained from the IDP and must be included in all management requests to the DS REST API as a bearer token

Example

curl --location --request POST 'https://[[IDP_URL]]/auth/realms/[[T1C_REALM]]/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=trust1connector' \
--data-urlencode 'username=[[USER]]@trust1team.com' \
--data-urlencode 'password=[[PASSWORD]]' \
--data-urlencode 'grant_type=password'

Request

Note that the request is x-www-form-urlencoded

The response will contain an access_token property value which can be used in management requests made to the DS REST API.

Sample response

{
    "access_token": "eyJhb...DSLG0g",
    "expires_in": 864000,
    "refresh_expires_in": 864000,
    "refresh_token": "eyJhb...oXsaQ",
    "token_type": "bearer",
    "not-before-policy": 0,
    "session_state": "5ee8573e-63b7-4975-a20a-1355493ec17e",
    "scope": "email profile"
}

Create Or Update Version

It is necessary to create a version in order to have a valid registration API key for the installer packages

Example

curl --location --request PUT 'http://localhost:8000/v3_5/versions' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "id": "3.1.1",
        "recommended": false,
        "mandatory": false,
        "allowed": true,
        "uris": [
            {
                "os": "MACOS",
                "uri": "https://storage.googleapis.com/deps_t1c/mac/v3.1.1/Release/Trust1Connector.dmg"
            },
            {
                "os": "MACOSARM",
                "uri": "https://storage.googleapis.com/deps_t1c/mac/v3.1.1/Release/Trust1Connector-arm.dmg"
            },
            {
                "os": "WIN32",
                "uri": "https://storage.googleapis.com/deps_t1c/win/v3.1.1/Release/T1C-API_x86.exe"
            },
            {
                "os": "WIN64",
                "uri": "https://storage.googleapis.com/deps_t1c/win/v3.1.1/Release/T1C-API_x64.exe"
            },
            {
                "os": "UNIX",
                "uri": "https://storage.googleapis.com/deps_t1c/unix/v3.1.1/Release/Trust1connector.deb"
            }
        ],
        "installationApiKey": "8a313cec-a2fd-4fbc-9408-86afaa3a3e1a"
    }'

Request

Create Or Update Context Config

The context config contains variable configuration for the installed T1C-API packages

Example

curl --location --request PUT 'http://localhost:8000/v3_5/configurations' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "config": {
            "cors": [
                "https://t1c.t1t.io",
                "http://t1c.t1t.io",
                "http://localhost:3000",
                "https://acc-ds.t1t.io",
                "*.t1t.io:*"
            ],
            "wildcardsAllowed": true
        },
        "type": "CONTEXT_CONFIG",
        "versionId": "3.2.6"
    }'

Wildcards in the CORS allowlist are only supported from the T1C API/Proxy v3.2.6 onwards.

Request

Create Or Update File Digests Config

The file digests config contains a list of files and their MD5 digests. At startup, the T1C-API will verify that these files are unaltered and shut down if that is not the case. We recommend leaving it empty during testing.

Example

curl --location --request PUT 'http://localhost:8000/v3_5/configurations' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "config": {
            "files": []
        },
        "type": "FILE_DIGESTS",
        "versionId": "3.1.1"
    }'

Request

Create or Update SSL Keystore Config

The SSL keystore config contains the URI for the latest SSL keystore used by the T1C-API for it's local server. The T1C-API will check if it has the latest and unaltered SSL keystore at startup and replace it if necessary.

Example

curl --location --request PUT 'http://localhost:8000/v3_5/configurations' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "config": {
            "uri": "https://storage.googleapis.com/gcl-distro/ssl/t1c_ks.p12",
            "password": "test"
        },
        "type": "SSL_KEYSTORE",
        "versionId": "3.1.1"
    }'

Request

Create Or Update Organization

An organization is an entity that groups labels together. It is required in order to create a label

Example

curl --location --request PUT 'http://localhost:8000/v3_5/organizations' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
            "name": "Trust1Team"
    }'

Request

Create Or Update Label

A label is analogous to an application in the DS API v2. In v3 a label is associated with an API key which applications can exchange for a temporary JSON web token that can be passed to the client. A label can be used by multiple applications, or a label can be created for each application.

Example

curl --location --request PUT 'http://localhost:8000/v3_5/labels' \
    --header 'Authorization: Bearer eyJh...olw' \
    --header 'Content-Type: application/json' \
    --data-raw '{
        "name": "rmc",
        "orgId": "trust1team"
        "apiKey": "a91753a8-e9ef-4852-b356-0283ec00fb05"
    }'

Request

Label IDs must be unique across all organizations as the T1C-API is not aware of any organizational context, only labels.

Update CORS Configuration

Starting from v3.5.x, the CORS is configured centrally regardless of version and is enabled by default. If no allowed origins are configured or the centrally configured CORS filter is disabled, the old flow is used and the versioned context config will be used to update the T1C installations.

Example

curl --location --request PUT 'https://acc-ds.t1t.io/v3_5/cors' \
--header 'Authorization: Bearer ey...FA' \
--header 'Content-Type: application/json' \
--data-raw '{
    "enabled": false,
    "wildcardsAllowed": false,
    "credentialsSupport": true,
    "preflightMaxAgeHours": 1,
    "serveForbiddenOrigins": false
}'

Request

Create Allowed Origin

Add an origin to the allowed origins list. Wildcards can be used if enabled in the general configuration.

Example

curl --location --request POST 'https://acc-ds.t1t.io/v3_5/cors/allowed-origins' \
--header 'Authorization: Bearer ey...FA' \
--header 'Content-Type: application/json' \
--data-raw '{
    "origin": "http://localhost:*"
}'

Request

Update Allowed Origin

Update an allowed origin.

Example

curl --location --request PUT 'https://acc-ds.t1t.io/v3_5/cors/allowed-origins/{{id}}' \
--header 'Authorization: Bearer eyJ...FA' \
--header 'Content-Type: application/json' \
--data-raw '{
    "origin": "http://localhost:4500"
}'

Request

Update Multiple CORS Allowed Origins

Update multiple allowed origins. If you provide an unknown/self-generated ID with a non-existing origin, the DS will create it instead. This method can be used to create multiple allowed origins in 1 request.

Example

curl --location --request PUT 'https://acc-ds.t1t.io/v3_5/cors/allowed-origins' \
--header 'Authorization: Bearer ey...Q' \
--header 'Content-Type: application/json' \
--data-raw '{
    "origins": [
        {
            "id": "{{$guid}}",
            "origin": "*.t1t.io:*"
        },
        {
            "id": "{{$guid}}",
            "origin": "*.trust1team.com"
        }
    ]
}'

Request

Delete CORS Allowed Origin

Delete an allowed origin.

Example

curl --location --request DELETE 'https://acc-ds.t1t.io/v3_5/cors/allowed-origins/{{id}}' \
--header 'Authorization: Bearer eyJ...2Q'

Create CORS Exposed Header

Create a custom HTTP header to be exposed in the response (by default no headers are exposed)

Example

curl --location --request POST 'https://acc-ds.t1t.io/v3_5/cors/exposed-headers' \
--header 'Authorization: Bearer ey...FA' \
--header 'Content-Type: application/json' \
--data-raw '{
    "headerName": "apikey"
}'

Request

Update CORS Exposed Header

Update a custom HTTP headers to be exposed in the response

Example

curl --location --request PUT 'https://acc-ds.t1t.io/v3_5/cors/exposed-headers/{{id}}' \
--header 'Authorization: Bearer ey...FA' \
--header 'Content-Type: application/json' \
--data-raw '{
    "headerName": "apiKey"
}'

Request

Update Multiple CORS Exposed Headers

Update multiple custom HTTP headers to be exposed in the response. If you provide an unknown/self-generated ID with a non-existing header name, the DS will create it instead. This method can be used to create multiple exposed headers. in 1 request.

Example

curl --location --request PUT 'https://acc-ds.t1t.io/v3_5/cors/exposed-headers' \
--header 'Authorization: Bearer eyJ...FA' \
--header 'Content-Type: application/json' \
--data-raw '{
    "headers": [
        {
            "id": "{{$guid}}",
            "headerName": "apiKey"
        }
    ]
}'

Request

Delete CORS Exposed Header

Delete a custom HTTP headers to be exposed in the response

Example

curl --location --request DELETE 'https://acc-ds.t1t.io/v3_5/cors/exposed-headers/{{id}}' \
--header 'Authorization: Bearer eyJ...sFA'

Last updated