10 Requesting key recovery

You can use the MyID Core API to request a smart card or soft certificate package containing recovered certificates and keys.

See the Key recovery section in the Administration Guide for more information about key recovery; in particular, see the Setting up the credential profile for key recovery section for details of setting up a credential profile for key recovery. Note, however, that the collection procedure for key recovery requests made through the API is different to the collection procedure for requests made through MyID Desktop.

If the certificate policy is configured to use MyID SecureVault to archive its keys, you can recover the keys from the MyID SecureVault key store; see the Integrating with MyID SecureVault section in the Administration Guide for details.

The API provides the following endpoints:

• POST api/people/{id}/requests

  This endpoint allows you to request a key recovery smart card or soft certificate package for a person. You must specify the credential profile and the IDs of the certificates you want to recover in the payload. You must also specify the operation ID 100430. The certificates must belong to the person to whom you want to recover them.

  Users with access to the Request Card option in the Cards section of the Edit Roles workflow have access to this endpoint.

• POST api/devices/{id}/certificateRecovery

  This endpoint allows you to create an update for an existing issued device; this update contains recovered keys. You must specify the credential profile and the IDs of the certificates you want to recover in the payload. The certificates must belong to the owner of the device to which you want to recover them.

  Users with access to the Recover Certificates or the Request Key Recovery option in the Certificates section of the Edit Roles workflow have access to this endpoint.

For full information on using these API endpoints, including details of the available parameters and permissions, see the People and Devices sections in the API documentation; see section 2.1, Accessing the API documentation for details of viewing the Swagger API documentation.

For an overview of the key recovery process, see section 10.1, Overview of the key recovery process.

Once you have created a request, you can view its details, approve it, and collect it; see section 10.2, Viewing and collecting key recoveries.

cURL, Python, and PowerShell examples are provided in this guide; see section 10.3, Examples for requesting key recovery for a person and section 10.4, Examples for requesting key recovery to a device.

For errors that may occur when attempting to request key recovery, see section 10.5, Troubleshooting key recovery.