Configuration
These operations allow the read and update of the device configuration. This section includes Secure Enclave provisioning (on Encedo PPA only and during manufacture only).
Last updated
These operations allow the read and update of the device configuration. This section includes Secure Enclave provisioning (on Encedo PPA only and during manufacture only).
Last updated
Allowed
system:config
GET https://my.ence.do/api/system/config
Read the device configuration data.
| Name | Type | Description |
|---|---|---|
POST https://my.ence.do/api/system/config
Change some configuration data e.g. options, password or update TLS certificate.
This endpoint is available only on Encedo PPA.
This endpoint is ignoring access scope, effectively any scope value is allowed as long as the JWT_TOKEN is valid.
The Authorization header is not required on fresh, not personalized devices.
GET https://my.ence.do/api/system/config/attestation
Get device attestation data, the proof of genuine.
This endpoint is available only on Encedo PPA.
This endpoint is used during the manufacturing process to provision the Secure Enclave chip. After successful provisioning, all following calls to this endpoint will return response code 406.
POST https://my.ence.do/api/system/config/provisioning
On factory Secure Enclave provisioning (on Encedo PPA only).
| Value | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Event | Result | Source |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
| Name | Type | Description |
|---|---|---|
Authorization*
String
Bearer JWT_TOKEN
allow_keysearch
Bool
True if an allowed search for a key without authentication.
ctx
Number
Instance context id.
devid
String
Device unique ID.
dnsd
string
True if build-in DNS server is enabled.
eid
String
EncedoID, public key of the instance.
eid_sign
String
Audit log signing public key.
email
String
Email address.
genuine_id
String
Secure Enclave serial number (on Encedo PPA only).
http_option_dosprot_mode
Number
Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers.
http_option_hsts
Bool
True enable HSTS HTTP security headers.
hostname
String
Hostname, domain name associated with this device.
iat
Number
Current timestamp.
instanceid
String
Instance unique ID
ip
String
IP address associated with this device.
nonce
String
Random nonce.
origin
String
CORS allowed origins.
spk
String
Session public key.
storage_capacity
Number
Capacity (in sectors) of embedded microSD card (on Encedo PPA only).
storage_disk0size
Number
Capacity (in sectors) of regular Disk 0 (on Encedo PPA only).
storage_mode
Number
DIsks0 default mode and encryption mode of Disk1 (on Encedo PPA only).
trusted_backend
Bool
True is backend is trusted and can control this instance.
trusted_ts
Bool
True is backend is a trusted time source.
user
String
Username, display name.
uts
Number
Last RTC update timestamp.
Authorization*
String
Bearer JWT_TOKEN
Content-Type*
String
application/json
allow_keysearch
Bool
True if an allowed search for a key without authentication.
String
Contact email address
storage_mode
Number
Disk0 default mode and Disk1 encryption mode (on Encedo PPA only)
wipeout
Bool
True to wipe out the device (reset to factory default).
origin
String
CORS access control data
trusted_ts
Bool
True is backend is a trusted time source.
trusted_backend
Bool
True is backend is trusted and can control this instance.
tls
String
TLS x509 certificate data (check below)
user
String
Username
userkey
String
New password public key
userkey_nonce
String
New password authentication nonce
userkey_hmac
String
New password authentication code
ctx
Number
Instance context id.
dnsd
Bool
True to enable DNS server
storage_disk0size
Number
Disk0 size in sectors (on Encedo PPA only)
gen_csr
Bool
True if requesting CSR generation
emp
String
(optional) Ephemeral public key (transport key)
key
String
(optional) Encrypted private key
crt
String
Base64 encoded DER x509 certificate
tls consists of:
String
http_option_hsts
Bool
True enable HSTS HTTP security headers
http_option_dosprot_mode
Number
Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers
csr
String
Requested x509 CSR, base64 encoded DER file.
genuine
String
Attestation data.
reboot_required
Bool
True is reboot is required to changes takes effect.
updated
Bool
True is configuration have been changed.
LOG_TYPE_FAILED_SCOPE_CHECK
LOG_RESULT_FAILED
403
LOG_TYPE_CONFIG_UPDATED
LOG_RESULT_OK
200
LOG_TYPE_CONFIG_UPDATED
LOG_RESULT_FAILED
406
Authorization
String
Bearer JWT_TOKEN
crt
String
Base64 enceded DER x509 device certificate.
genuine
String
Attestation data.
Content-Type*
String
application/json
crt*
String
x509 certificate
genuine*
String
Attestation data