Configuration
These operations allow the read and update of the device configuration. This section includes Secure Enclave provisioning (on Encedo PPA only and during manufacture only).
Manage device configuration
Allowed users
Allowed
Required access scope
system:config
Get configuration
GET
https://my.ence.do/api/system/config
Read the device configuration data.
Headers
Authorization*
String
Bearer JWT_TOKEN
Response data for successful operation
allow_keysearch
Bool
True if an allowed search for a key without authentication.
ctx
Number
Instance context id.
devid
String
Device unique ID.
dnsd
string
True if build-in DNS server is enabled.
eid
String
EncedoID, public key of the instance.
eid_sign
String
Audit log signing public key.
email
String
Email address.
genuine_id
String
Secure Enclave serial number (on Encedo PPA only).
http_option_dosprot_mode
Number
Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers.
http_option_hsts
Bool
True enable HSTS HTTP security headers.
hostname
String
Hostname, domain name associated with this device.
iat
Number
Current timestamp.
instanceid
String
Instance unique ID
ip
String
IP address associated with this device.
nonce
String
Random nonce.
origin
String
CORS allowed origins.
spk
String
Session public key.
storage_capacity
Number
Capacity (in sectors) of embedded microSD card (on Encedo PPA only).
storage_disk0size
Number
Capacity (in sectors) of regular Disk 0 (on Encedo PPA only).
storage_mode
Number
DIsks0 default mode and encryption mode of Disk1 (on Encedo PPA only).
trusted_backend
Bool
True is backend is trusted and can control this instance.
trusted_ts
Bool
True is backend is a trusted time source.
user
String
Username, display name.
uts
Number
Last RTC update timestamp.
Update configuration
POST
https://my.ence.do/api/system/config
Change some configuration data e.g. options, password or update TLS certificate.
Headers
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
Request Body
allow_keysearch
Bool
True if an allowed search for a key without authentication.
String
Contact email address
storage_mode
Number
Disk0 default mode and Disk1 encryption mode (on Encedo PPA only)
wipeout
Bool
True to wipe out the device (reset to factory default).
origin
String
CORS access control data
trusted_ts
Bool
True is backend is a trusted time source.
trusted_backend
Bool
True is backend is trusted and can control this instance.
tls
String
TLS x509 certificate data (check below)
user
String
Username
userkey
String
New password public key
userkey_nonce
String
New password authentication nonce
userkey_hmac
String
New password authentication code
ctx
Number
Instance context id.
dnsd
Bool
True to enable DNS server
storage_disk0size
Number
Disk0 size in sectors (on Encedo PPA only)
gen_csr
Bool
True if requesting CSR generation
emp
String
(optional) Ephemeral public key (transport key)
key
String
(optional) Encrypted private key
crt
String
Base64 encoded DER x509 certificate
tls consists of:
String
http_option_hsts
Bool
True enable HSTS HTTP security headers
http_option_dosprot_mode
Number
Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers
Response data for successful operation
csr
String
Requested x509 CSR, base64 encoded DER file.
genuine
String
Attestation data.
reboot_required
Bool
True is reboot is required to changes takes effect.
updated
Bool
True is configuration have been changed.
Log entries
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CONFIG_UPDATED
LOG_RESULT_OK
200
LOG_TYPE_CONFIG_UPDATED
LOG_RESULT_FAILED
406
Get device attestation data
This endpoint is available only on Encedo PPA.
This endpoint is ignoring access scope
, effectively any scope
value is allowed as long as the JWT_TOKEN
is valid.
The Authorization
header is not required on fresh, not personalized devices.
Device attestation
GET
https://my.ence.do/api/system/config/attestation
Get device attestation data, the proof of genuine.
Headers
Authorization
String
Bearer JWT_TOKEN
Response data for successful operation
crt
String
Base64 enceded DER x509 device certificate.
genuine
String
Attestation data.
Factory provisioning
This endpoint is available only on Encedo PPA.
This endpoint is used during the manufacturing process to provision the Secure Enclave chip. After successful provisioning, all following calls to this endpoint will return response code 406.
Factory provisioning
POST
https://my.ence.do/api/system/config/provisioning
On factory Secure Enclave provisioning (on Encedo PPA only).
Headers
Content-Type*
String
application/json
Request Body
crt*
String
x509 certificate
genuine*
String
Attestation data
Last updated