Examples for importing a certificate for a person

9.2 Examples for importing a certificate for a person

Assume you have a certificate that you want to import into MyID, and you know that the user already exists in MyID. You can import certificates in Base 64 format, either using X.509 (.cer files) or PKCS#12 (.pfx files); in this example, you have a .pfx file that you want to import. You know the password for this file.

Before you run the examples, you must substitute the following placeholders:

myserver.example.com

The examples assume your MyID web server is on myserver.example.com – replace this placeholder with the address of your own MyID web server.
<PERSON ID>

You must determine the ID of the person for whom you want to import the certificate. You can find person IDs in the ObjectID field in the UserAccounts table in the MyID database, or through the API. Replace this placeholder with the ID of the person.
<YOUR-TOKEN>

The scripts assume that you have already obtained an access token. Replace this placeholder with a recently-acquired access token.

See section 3, Server-to-server authentication for more information on this process.
<PFX BASE64>

These examples import the certificate as a Base 64-encoded .pfx file. You must Base 64-encode the whole file. Replace this placeholder with the Base64-encoded file.
<PFX PASSWORD>

When you import a .pfx file, you must provide the password. Replace this placeholder with the password for the .pfx file.
<CERT POLICY>

You must determine the ID of a certificate policy with which you want to associate the imported certificate. You can find certificate policy IDs in the ObjectID field of the CetPolicies table in the MyID database, or through the API. Replace this placeholder with the ID of the certificate policy.

9.2.1 cURL

Copy

curl.exe -X "POST" "https://myserver.example.com/rest.core/api/People/<PERSON ID>/certificateImport" -H "Authorization: Bearer <YOUR TOKEN>" -H "accept: application/json" -H "x-api-version: 1" -H "Content-Type: application/json-patch+json" -d "{ ""pkcs12"": ""<PFX BASE64>"", ""password"": ""<PFX PASSWORD>"", ""certPolicyId"": ""<CERT POLICY>""}"

9.2.2 Python

Copy

import requests
import json

# Set the server
server = "myserver.example.com"

# Set the access token
token = "<YOUR-TOKEN>"

# Specify the person
personID = "<PERSON ID>"

# Create the payload for the API call containing the certificate data.
# This example imports a PFX certificate in Base64 and provides its password.
certData = {
    "pkcs12": "<PFX BASE64>",
    "password": "<PFX PASSWORD>",
    "certPolicyId": "<CERT POLICY>"
}

certificate = json.dumps(certData)

# Set up the call for the API
response = requests.post(
    "https://" + server + "/rest.core/api/People/" + personID + "/certificateImport",
    headers={"Authorization": "Bearer " + token,
        "Content-Type": "application/json-patch+json",
        "accept": "application/json",
        "x-api-version": "1"}, 
    data=certificate)

# Display the response
if response.status_code==200:
    returnedData = json.loads(response.text)
    print(returnedData)
else:
    print("An error occurred:")
    returnedData = json.loads(response.text)
    print("Error code: " + returnedData["code"])
    print("Error message: " + returnedData["message"])

9.2.3 PowerShell

Copy

# Set the server
$server = "myserver.example.com"

# Get the access token
$token = "<YOUR-TOKEN>"

# Specify the person
$personID = "<PERSON ID>"

# Create the payload for the API call containing the certificate data.
# This example imports an X.509 certificate in Base64.
$certData = "{'pkcs12': '<PFX BASE64>', 'password': '<PFX PASSWORD>', 'certPolicyId': '<CERT POLICY>'}"

# Set up the call for the API
$authHeader = @{
    'Content-Type'='application/json-patch+json'
    'Authorization'="Bearer $token"
    'x-api-version'= '1'
 }
$URI = 'https://' + $server + '/rest.core/api/People/' + $personID + '/certificateImport'
$reassignRequest  = @{
    Headers =  $authHeader
    Uri = $URI
    Method = "POST"
    Body = $certData
}

# Display the response
try {
    $result = Invoke-WebRequest @reassignRequest | ConvertFrom-Json
    Write-Host $result
}
catch {
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host "An error occurred:"
    Write-Host "Error code:" $responseBody.code
    Write-Host "Error message:" $responseBody.message
}