# Reference - [API Reference](https://docs.encedo.com/hem-api/reference/api-reference.md): Dive into the specifics of each HEM API endpoint by checking out our complete API Reference documentation. - [System](https://docs.encedo.com/hem-api/reference/api-reference/system.md) - [Version & Status](https://docs.encedo.com/hem-api/reference/api-reference/system/version-and-status.md): Two endpoints to gather general information about the device. - [Checkin](https://docs.encedo.com/hem-api/reference/api-reference/system/checkin.md): Those endpoints perform check-in procedures, a'ka firmware verification and setup of RTC based on trusted data. - [Configuration](https://docs.encedo.com/hem-api/reference/api-reference/system/configuration.md): These operations allow the read and update of the device configuration. This section includes Secure Enclave provisioning (on Encedo PPA only and during manufacture only). - [Upgrade](https://docs.encedo.com/hem-api/reference/api-reference/system/upgrade.md) - [Firmware](https://docs.encedo.com/hem-api/reference/api-reference/system/upgrade/firmware.md): These operations allow the device firmware to be upgraded by uploading a new firmware image over API. This includes integrity and signature validation allowing only a legitimate firmware to be install - [Low level USB mode](https://docs.encedo.com/hem-api/reference/api-reference/system/upgrade/firmware/low-level-usb-mode.md) - [Management app](https://docs.encedo.com/hem-api/reference/api-reference/system/upgrade/management-app.md): These operations (on Encedo PPA only) allow the build-in management application to be upgraded. This includes integrity and signature validation allowing only a legitimate application to be installed. - [Reboot](https://docs.encedo.com/hem-api/reference/api-reference/system/reboot.md): This operation reboots the device, effectively invalidating all issued access tokens (JWT\_TOKEN). - [Shutdown](https://docs.encedo.com/hem-api/reference/api-reference/system/shutdown.md): This operation shutdown the device, effectively stopping API and securing the chip in a safe state. - [Self-test](https://docs.encedo.com/hem-api/reference/api-reference/system/self-test.md): This operation performs an internal full self-test of the device's critical components, including cryptography primitives, random number generator and key repository integrity. - [Authorization](https://docs.encedo.com/hem-api/reference/api-reference/authorization.md) - [Initialisation](https://docs.encedo.com/hem-api/reference/api-reference/authorization/initialisation.md): Encedo HEM needs to be initialised before it's usable. This process is called Personalisation, and these two API endpoints are dedicated to this operation. - [User authentication](https://docs.encedo.com/hem-api/reference/api-reference/authorization/user-authentication.md): Those endpoints allow to authenticate the User or Master based on passphrase. - [External authenticator](https://docs.encedo.com/hem-api/reference/api-reference/authorization/external-authenticator.md) - [Registration](https://docs.encedo.com/hem-api/reference/api-reference/authorization/external-authenticator/registration.md): Those endpoints allow to register a external authenticator, like Encedo Mobile Authenticator. - [Authentication](https://docs.encedo.com/hem-api/reference/api-reference/authorization/external-authenticator/authentication.md): Those endpoints allow to authenticate based by External Authenticator. - [Key Management](https://docs.encedo.com/hem-api/reference/api-reference/key-management.md) - [Create a key](https://docs.encedo.com/hem-api/reference/api-reference/key-management/create-a-key.md): This key management operation allows the creation of a new key and saving it inside the device's secure repository. - [Derive a key](https://docs.encedo.com/hem-api/reference/api-reference/key-management/derive-a-key.md): This key management operation allows to derive a new key and save it inside the device's secure repository. - [Import a key](https://docs.encedo.com/hem-api/reference/api-reference/key-management/import-a-key.md): This key management operation allows importing of a public key to the keys repository and treats it as a trusted key afterwards. - [Update a key](https://docs.encedo.com/hem-api/reference/api-reference/key-management/update-a-key.md): This key management operation allows updating the key label or description fields. - [Delete a key](https://docs.encedo.com/hem-api/reference/api-reference/key-management/delete-a-key.md): This key management operation allows the deletion of a key stored inside the device's secure repository. - [Get a public key](https://docs.encedo.com/hem-api/reference/api-reference/key-management/get-a-public-key.md): This key management operation allows retrieving the public key of an asymmetric key stored inside the device's secure repository. - [List the keys](https://docs.encedo.com/hem-api/reference/api-reference/key-management/list-the-keys.md): This key management operation allows the listing of the keys from the repository. - [Search a key](https://docs.encedo.com/hem-api/reference/api-reference/key-management/search-a-key.md): This key management operation allows searching the repository for a key based on the key 'descr' field. - [Cryptography operations](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations.md) - [HMAC](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/hmac.md): Those basic cryptography operations allow the calculation and verify HMAC messages. - [ExDSA](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/exdsa.md): Those basic cryptography operations allow the calculation and verify ExDSA signatures. ECDSA and EdDSA are supported. - [ECDH](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/ecdh.md): This basic cryptography operation allows the calculation of the ECDH between a trusted key or by an external public key. - [Encryption](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/encryption.md) - [Encryption/Decryption](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/encryption/encryption-decryption.md): These two endpoint implements the encryption and decryption of short data message using the AES scheme. - [Wrap/Unwrap](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/encryption/wrap-unwrap.md): These two endpoint implements the NIST Key Wrapping scheme. - [Post-Quantum Cryptography](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/post-quantum-cryptography.md): This section contains modern Post-Quantum Cryptography algorithms recently approved by the NIST. - [ML-DSA](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/post-quantum-cryptography/ml-dsa.md): These two basic cryptography operations allow the calculation and verification of the ML-DSA signatures. - [ML-KEM](https://docs.encedo.com/hem-api/reference/api-reference/cryptography-operations/post-quantum-cryptography/ml-kem.md): This section describes two endpoints functional for key-encapsulation PQC operations - ML-KEM, FIPS 203 compliant. - [Audit log](https://docs.encedo.com/hem-api/reference/api-reference/audit-log.md): Get an audit log signing key (all configuration) and on Encedo PPA only get a log list & files. - [Storage](https://docs.encedo.com/hem-api/reference/api-reference/storage.md): These endpoints controls two embedded Flash Drives - regular and encrypted, available on Encedo PPA only. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.encedo.com/hem-api/reference.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.