Configuration

These operations allow the read and update of the device configuration. This section includes Secure Enclave provisioning (on Encedo PPA only and during manufacture only).

Manage device configuration

Allowed users

User
Master
ExtAuth
Allowed
Allowed
Allowed only to call Get configuration.

Required access scope

Main
Alternative
system:config
auth:ext:pair
Operation sucessful
get
https://my.ence.do
/api/system/config
Get configuration

Response data for successful operation

Value
Type
Description
allow_keysearch
Bool
True if an allowed search for a key without authentication.
ctx
Number
Instance context id.
devid
String
Device unique ID.
dnsd
string
True if build-in DNS server is enabled.
eid
String
EncedoID, public key of the instance.
eid_sign
String
Audit log signing public key.
email
String
Email address.
genuine_id
String
Secure Enclave serial number (on Encedo PPA only).
http_option_dosprot_mode
Number
Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers.
http_option_hsts
Bool
True enable HSTS HTTP security headers.
hostname
String
Hostname, domain name associated with this device.
iat
Number
Current timestamp.
instanceid
String
Instance unique ID
ip
String
IP address associated with this device.
nonce
String
Random nonce.
origin
String
CORS allowed origins.
spk
String
Session public key.
storage_capacity
Number
Capacity (in sectors) of embedded microSD card (on Encedo PPA only).
storage_disk0size
Number
Capacity (in sectors) of regular Disk 0 (on Encedo PPA only).
storage_mode
Number
DIsks0 default mode and encryption mode of Disk1 (on Encedo PPA only).
trusted_backend
Bool
True is backend is trusted and can control this instance.
trusted_ts
Bool
True is backend is a trusted time source.
user
String
Username, display name.
uts
Number
Last RTC update timestamp.
post
https://my.ence.do
/api/system/config
Update configuration

Response data for successful operation

Name
Type
Description
csr
String
Requested x509 CSR, base64 encoded DER file.
genuine
String
Attestation data.
reboot_required
Bool
True is reboot is required to changes takes effect.
updated
Bool
True is configuration have been changed.

Log entries

Event
Result
Source
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CONFIG_UPDATED
LOG_RESULT_OK
200
LOG_TYPE_CONFIG_UPDATED
LOG_RESULT_FAILED
406

Get device attestation data

This endpoint is available only on Encedo PPA.
This endpoint is ignoring access scope, effectively any scope value is allowed as long as the JWT_TOKEN is valid.
The Authorization header is not required on fresh, not personalized devices.
get
https://my.ence.do
/api/system/config/attestation
Device attestation

Response data for successful operation

Name
Type
Description
crt
String
Base64 enceded DER x509 device certificate.
genuine
String
Attestation data.

Factory provisioning

This endpoint is available only on Encedo PPA.
This endpoint is used during the manufacturing process to provision the Secure Enclave chip. After successful provisioning, all following calls to this endpoint will return response code 406.
post
https://my.ence.do
/api/system/config/provisioning
Factory provisioning
Last modified 9mo ago