search

Configuration

These operations allow the read and update of the device configuration. This section includes Secure Enclave provisioning (on Encedo PPA only and during manufacture only).

hashtag
Manage device configuration

hashtag
Allowed users

Allowed

hashtag
Required access scope

system:config

hashtag
Get configuration

GET https://my.ence.do/api/system/config

Read the device configuration data.

hashtag
Headers

Name
Type
Description

Authorization*

String

Bearer JWT_TOKEN

hashtag
Response status code

{
  "iat": 1647381403,
  "uts": 1647381403,
  "devid": "2023b758c209269a",
  "instanceid": "f4980240-da72-13e3-f45c-2ffbde2a1800",
  "eid": "ff6/rpgprw6OjcPbedIB5LbsxjZqmnf43J1zeK1x82I=",
  "eid_sign": "T61jY1AgV5XUW++eAcQibRDFOl5KjKwLGdo+U0def8A=",
  "user": "John Doe",
  "email": "[email protected]",
  "hostname": "example.ence.do",
  "dnsd": true,
  "trusted_ts": true,
  "trusted_backend": true,
  "allow_keysearch": true,
  "origin": "*",
  "ctx": 0,
  "http_option_hsts": true,
  "http_option_dosprot_mode": 1,  
  "ip": "192.168.11.1/24",
  "genuine_id": "0123eb561f5ea073ee",
  "storage_mode": 81,
  "storage_disk0size": 8388607,
  "storage_capacity": 120979451,
  "spk": "fi2bgSQwaGhLkRi016q9saqeTWvrLyU08nM8hJUpTBg=",
  "nonce": "fOw1YvMYWIqbTfrxgQFzEuvcJozIRqEVKluO9KDza0w="
}

hashtag
Response data for successful operation

Value
Type
Description

allow_keysearch

Bool

True if an allowed search for a key without authentication.

ctx

Number

Instance context id.

devid

String

Device unique ID.

dnsd

string

True if build-in DNS server is enabled.

eid

String

EncedoID, public key of the instance.

eid_sign

String

Audit log signing public key.

email

String

Email address.

genuine_id

String

Secure Enclave serial number (on Encedo PPA only).

http_option_dosprot_mode

Number

Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers.

http_option_hsts

Bool

True enable HSTS HTTP security headers.

hostname

String

Hostname, domain name associated with this device.

iat

Number

Current timestamp.

instanceid

String

Instance unique ID

ip

String

IP address associated with this device.

nonce

String

Random nonce.

origin

String

CORS allowed origins.

spk

String

Session public key.

storage_capacity

Number

Capacity (in sectors) of embedded microSD card (on Encedo PPA only).

storage_disk0size

Number

Capacity (in sectors) of regular Disk 0 (on Encedo PPA only).

storage_mode

Number

Dsks 0 default mode and encryption mode of Disk 1 (on Encedo PPA only).

trusted_backend

Bool

True is backend is trusted and can control this instance.

trusted_ts

Bool

True is backend is a trusted time source.

user

String

Username, display name.

uts

Number

Last RTC update timestamp.

hashtag
Update configuration

POST https://my.ence.do/api/system/config

Change some configuration data, e.g. options, password or update TLS certificate.

hashtag
Headers

Name
Type
Description

Authorization*

String

Bearer JWT_TOKEN

Content-Type*

String

application/json

hashtag
Request Body

Name
Type
Description

allow_keysearch

Bool

True if an allowed search for a key without authentication.

email

String

Contact email address

storage_mode

Number

Disk0 default mode and Disk1 encryption mode (on Encedo PPA only)

wipeout

Bool

True to wipe out the device (reset to factory default).

origin

String

CORS access control data

trusted_ts

Bool

True is backend is a trusted time source.

trusted_backend

Bool

True is backend is trusted and can control this instance.

tls

String

TLS x509 certificate data (check below)

user

String

Username

userkey

String

New password public key

userkey_nonce

String

New password authentication nonce

userkey_hmac

String

New password authentication code

ctx

Number

Instance context id.

dnsd

Bool

True to enable DNS server

storage_disk0size

Number

Disk0 size in sectors (on Encedo PPA only)

gen_csr

Bool

True if requesting CSR generation

emp

String

(optional) Ephemeral public key (transport key)

key

String

(optional) Encrypted private key

crt

String

Base64 encoded DER x509 certificate

tls consists of:

String

http_option_hsts

Bool

True enable HSTS HTTP security headers

http_option_dosprot_mode

Number

Timeout (disabled if 0) to finish the HTTP request in 0.5sec multipliers

hashtag
Response status code

hashtag
Response data for successful operation

Name
Type
Description

csr

String

Requested x509 CSR, base64 encoded DER file.

genuine

String

Attestation data.

reboot_required

Bool

True if a reboot is required for changes to take effect.

updated

Bool

True is configuration have been changed.

hashtag
Log entries

Event
Result
Source

LOG_TYPE_FAILED_SCOPE_CHECK

LOG_RESULT_FAILED

403

LOG_TYPE_CONFIG_UPDATED

LOG_RESULT_OK

200

LOG_TYPE_CONFIG_UPDATED

LOG_RESULT_FAILED

406

hashtag
Get device attestation data

circle-info

This endpoint is available only on Encedo PPA.

circle-info

This endpoint is ignoring access scope, effectively any scope value is allowed as long as the JWT_TOKEN is valid.

circle-info

The Authorization header is not required on fresh, not personalised devices.

hashtag
Device attestation

GET https://my.ence.do/api/system/config/attestation

Obtain device attestation data, which serves as proof of genuineness.

hashtag
Headers

Name
Type
Description

Authorization

String

Bearer JWT_TOKEN

hashtag
Response status code

hashtag
Response data for successful operation

Name
Type
Description

crt

String

Base64 encoded DER x509 device certificate.

genuine

String

Attestation data.

hashtag
Factory provisioning

circle-info

This endpoint is available only on Encedo PPA.

triangle-exclamation

This endpoint is used during the manufacturing process to provision the Secure Enclave chip. After successful provisioning, all following calls to this endpoint will return a response code 406.

hashtag
Factory provisioning

POST https://my.ence.do/api/system/config/provisioning

On factory Secure Enclave provisioning (on Encedo PPA only).

hashtag
Headers

Name
Type
Description

Content-Type*

String

application/json

hashtag
Request Body

Name
Type
Description

crt*

String

x509 certificate

genuine*

String

Attestation data

hashtag
Response status code

PreviousCheckinNextUpgrade

Last updated