Configuration
These operations allow the read and update of the device configuration. This section includes Secure Enclave provisioning (on Encedo PPA only and during manufacture only).
Manage device configuration
Allowed users
Allowed
Required access scope
system:config
Get configuration
GET
https://my.ence.do/api/system/config
Read the device configuration data.
Headers
Name | Type | Description |
---|---|---|
Authorization* | String | Bearer JWT_TOKEN |
Response data for successful operation
Value | Type | Description |
---|---|---|
| Bool | True if an allowed search for a key without authentication. |
| Number | Instance context id. |
| String | Device unique ID. |
| string | True if build-in DNS server is enabled. |
| String | EncedoID, public key of the instance. |
| String | Audit log signing public key. |
| String | Email address. |
| String | Secure Enclave serial number (on Encedo PPA only). |
| Number | Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers. |
| Bool | True enable HSTS HTTP security headers. |
| String | Hostname, domain name associated with this device. |
| Number | Current timestamp. |
| String | Instance unique ID |
| String | IP address associated with this device. |
| String | Random nonce. |
| String | CORS allowed origins. |
| String | Session public key. |
| Number | Capacity (in sectors) of embedded microSD card (on Encedo PPA only). |
| Number | Capacity (in sectors) of regular Disk 0 (on Encedo PPA only). |
| Number | DIsks0 default mode and encryption mode of Disk1 (on Encedo PPA only). |
| Bool | True is backend is trusted and can control this instance. |
| Bool | True is backend is a trusted time source. |
| String | Username, display name. |
| Number | Last RTC update timestamp. |
Update configuration
POST
https://my.ence.do/api/system/config
Change some configuration data e.g. options, password or update TLS certificate.
Headers
Name | Type | Description |
---|---|---|
Authorization* | String | Bearer JWT_TOKEN |
Content-Type* | String | application/json |
Request Body
Name | Type | Description |
---|---|---|
allow_keysearch | Bool | True if an allowed search for a key without authentication. |
String | Contact email address | |
storage_mode | Number | Disk0 default mode and Disk1 encryption mode (on Encedo PPA only) |
wipeout | Bool | True to wipe out the device (reset to factory default). |
origin | String | CORS access control data |
trusted_ts | Bool | True is backend is a trusted time source. |
trusted_backend | Bool | True is backend is trusted and can control this instance. |
tls | String | TLS x509 certificate data (check below) |
user | String | Username |
userkey | String | New password public key |
userkey_nonce | String | New password authentication nonce |
userkey_hmac | String | New password authentication code |
ctx | Number | Instance context id. |
dnsd | Bool | True to enable DNS server |
storage_disk0size | Number | Disk0 size in sectors (on Encedo PPA only) |
gen_csr | Bool | True if requesting CSR generation |
emp | String | (optional) Ephemeral public key (transport key) |
key | String | (optional) Encrypted private key |
crt | String | Base64 encoded DER x509 certificate |
tls consists of: | String | |
http_option_hsts | Bool | True enable HSTS HTTP security headers |
http_option_dosprot_mode | Number | Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers |
Response data for successful operation
Name | Type | Description |
---|---|---|
| String | Requested x509 CSR, base64 encoded DER file. |
| String | Attestation data. |
| Bool | True is reboot is required to changes takes effect. |
| Bool | True is configuration have been changed. |
Log entries
Event | Result | Source |
---|---|---|
LOG_TYPE_FAILED_SCOPE_CHECK | LOG_RESULT_FAILED | 403 |
LOG_TYPE_CONFIG_UPDATED | LOG_RESULT_OK | 200 |
LOG_TYPE_CONFIG_UPDATED | LOG_RESULT_FAILED | 406 |
Get device attestation data
This endpoint is available only on Encedo PPA.
This endpoint is ignoring access scope
, effectively any scope
value is allowed as long as the JWT_TOKEN
is valid.
The Authorization
header is not required on fresh, not personalized devices.
Device attestation
GET
https://my.ence.do/api/system/config/attestation
Get device attestation data, the proof of genuine.
Headers
Name | Type | Description |
---|---|---|
Authorization | String | Bearer JWT_TOKEN |
Response data for successful operation
Name | Type | Description |
---|---|---|
| String | Base64 enceded DER x509 device certificate. |
| String | Attestation data. |
Factory provisioning
This endpoint is available only on Encedo PPA.
This endpoint is used during the manufacturing process to provision the Secure Enclave chip. After successful provisioning, all following calls to this endpoint will return response code 406.
Factory provisioning
POST
https://my.ence.do/api/system/config/provisioning
On factory Secure Enclave provisioning (on Encedo PPA only).
Headers
Name | Type | Description |
---|---|---|
Content-Type* | String | application/json |
Request Body
Name | Type | Description |
---|---|---|
crt* | String | x509 certificate |
genuine* | String | Attestation data |
Last updated