Examples for requesting key recovery to a device

10.4 Examples for requesting key recovery to a device

Assume a person has a device issued with the following ID:

A309527C-1386-4C55-B0BF-33C49A897512

This person has an archived certificate that you want to recover to their device; the certificate ID is:

1947061b-6ece-4a16-9c1a-6d64ea6721b8

Note: This is not the same as the certificate serial number. You can find the certificate ID either through the API or by checking the ObjectID field in the Certificates table in the MyID database.

You have created a credential profile for key recovery, which has an ID of:

fb3c5847-9412-40e3-ba0c-69d16f37f75f

You can use the API to request key recovery to this device using the /api/Devices/{id}/certificateRecovery endpoint.

These examples assume your server is on myserver.example.com, and that you have already obtained an access token; <YOUR-TOKEN> is used as a placeholder.

10.4.1 cURL example

Copy

curl.exe -X "POST" "https://myserver.example.com/rest.core/api/Devices/A309527C-1386-4C55-B0BF-33C49A897512/certificateRecovery" -H "Authorization: Bearer <YOUR-TOKEN>" -H "accept: application/json" -H "x-api-version: 1" -H "Content-Type: application/json-patch+json" -d "{""credProfile"": {""id"": ""fb3c5847-9412-40e3-ba0c-69d16f37f75f""},""recoverCertIds"": [""1947061b-6ece-4a16-9c1a-6d64ea6721b8""]}"

10.4.2 Python example

Copy

import requests
import json

# Set the server
server = "myserver.example.com"

# ID of the device
deviceID = "A309527C-1386-4C55-B0BF-33C49A897512"

# Credential profile ID
credProfileID = "fb3c5847-9412-40e3-ba0c-69d16f37f75f"

# Certificate ID
certID = "1947061b-6ece-4a16-9c1a-6d64ea6721b8"

# Set the access token
token = "<YOUR-TOKEN>"

# Build the payload
requestData = {
  "credProfile": {
    "id": credProfileID
  },
  "recoverCertIds": [
    certID
  ]
}

request = json.dumps(requestData)

# Call the API
response = requests.post(
    "https://" + server + "/rest.core/api/Devices/" + deviceID + "/certificateRecovery",
    headers={"Authorization": "Bearer " + token,
            "Content-Type": "application/json-patch+json",
            "accept": "application/json"}, 
    data=request)

# Display the response
if response.status_code==200:
    returnedData = json.loads(response.text)
    print(returnedData)
else:
    print("An error occurred:")
    returnedData = json.loads(response.text)
    print("Error code: " + returnedData["code"])
    print("Error message: " + returnedData["message"])

10.4.3 PowerShell example

Copy

# Set the server
$server = "myserver.example.com"

# ID of the person in the MyID database
$deviceID = "A309527C-1386-4C55-B0BF-33C49A897512"

# Credential profile ID
$credProfileID = "fb3c5847-9412-40e3-ba0c-69d16f37f75f"

# Certificate ID
$certID = "1947061b-6ece-4a16-9c1a-6d64ea6721b8"

# Set the access token
$token = "<YOUR-TOKEN>"

# Build the payload
$requestData = "{'credProfile': {'id': '"+ $credProfileID + "'},'recoverCertIds': ['" + $certID + "']}"

# Set up the call for the API
$authHeader = @{
    'Content-Type'='application/json-patch+json'
    'Authorization'="Bearer $token"
    'x-api-version'= '1'
 }
$URI = 'https://' + $server + '/rest.core/api/Devices/' + $deviceID + '/certificateRecovery'
$person  = @{
    Headers =  $authHeader
    Uri = $URI
    Method = "POST"
    Body = $requestData
}

# Display the response
try {
    $result = Invoke-WebRequest @person | ConvertFrom-Json
    Write-Host $result
}
catch {
    $result = $_.Exception.Response.GetResponseStream()
    $reader = New-Object System.IO.StreamReader($result)
    $reader.BaseStream.Position = 0
    $reader.DiscardBufferedData()
    $responseBody = $reader.ReadToEnd() | ConvertFrom-Json
    Write-Host "An error occurred:"
    Write-Host "Error code:" $responseBody.code
    Write-Host "Error message:" $responseBody.message
}