POST /api/apps/versions/{AppVersionID}/keyinfo

Adds an app's public key or certificate (for runtime security).

Workflow: This operation checks whether the resource is governed by a workflow, and if so whether the action is valid based on the current state of the resource. If the action is not valid, the operation will fail.

Authorization Roles/Permissions: Must be logged in. App team member, Business Admin

This topic includes the following sections:

HTTP Method

POST

Back to top

URL

https://{hostname}/api/apps/versions/{AppVersionID}/keyinfo

Back to top

Sample Request

The example below shows a call to this operation.

Sample request URL

https://{hostname}/api/apps/versions/9vQtwz5cVjB4Lb0tW7YDoRGm.acmepaymentscorp/keyinfo?wrapInHTML=true

Sample request headers

POST http://{hostname}/api/apps/versions/9vQtwz5cVjB4Lb0tW7YDoRGm.acmepaymentscorp/keyinfo?wrapInHTML=true HTTP/1.1
Host: {hostname}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Csrf-Token_acmepaymentscorp":"TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...
Cookie: AtmoAuthToken_acmepaymentscorp=TokenID%3Db2f87d98-a01e-11e4-a4c8-c152b79a9472%2Cclaimed_id
%3Durn%3Aacmepaymentscorp%3Auser%3Aacmepaymentscorp%3A7222fcd1-fe4b-4b80-ad25-ec86981c7962%2C
issueTime%3D1421701444022%2CexpirationTime%3D1421703244005%2CAttributesIncluded%3Dfalse%2C
UserFDN%3D7222fcd1-fe4b-4b80-ad25-ec86981c7962%252Eacmepaymentscorp%2CUserName%3D
adminacmepaymentscorp%2Csig%3DNE567Vbh1ZdIE1Yx6HlnQF9zFwy2-xKqq-EquYiugI-k2_jzUR9rvV0x
kyLDg8_CBL68dAqCfq1VXSghLjvFV2nreg4WLlR-mhBrOa209ZT7pgryPCTg-wlEL3e_zq-9lsoGxPPRSyCvRXqwz
urhLLM_9GWokQoZUYsXrTP6Jx8; Csrf-Token_acmepaymentscorp=TokenID%3Db2f87d98-a01e-11e4-a4c8-c
152b79a9472%2CexpirationTime%3D1421703244028%2CUserFDN%3D7222fcd1-fe4b-4b80-ad25-ec86981c79
62%252Eacmepaymentscorp%2Csig%3DIid5J_crulvfYk5hHYGUt6fCbZvpp4nACDBA7JIqIMGbDZXaaItzW87rrPx
PBazCQ-N8BacJcrEsib8bWmeGNZPqWgtXiFtRZcHBakb5zyFwLuSCE9RQK5lu8mg2iFfRH9Cm_ER
MqGUW2q28agiMT36tJWZ6SN9F8-JG6tRnYjA
Content-Type: multipart/form-data; boundary=---------------------------138372179114855

-----------------------------138372179114855
Content-Disposition: form-data; name="Certificate"; filename="cert.csr"
Content-Type: application/txt

-----BEGIN CERTIFICATE REQUEST-----
MIIClzCCAX8CAQAwVDEPMA0GA1UEAxMGUmFtZXNoMQwwCgYDVQQLEwNQRE8xDDAKBgNVBAoTA1NP
QTELMAkGA1UEBxMCTEExCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAIheb0Q2+PkfDwnxtdR+FLgMcNNRGuAy5pp8ku4VPpEt95//jJ+BRc52
zHc++FfSlDHOvn/N++1ZA+KM7PdpnJPYCu8ZDIkT2WVB+0CmuIRw9uToBdctLjpvBe1NLC/io7FD
UADSzXRu2/Iqv8Idj9UQSObrBiYPY5KIFtPA7M4b54M35YV6BHWg+eZ+vLEeSGpbsuA8TlbFKJF4
rrQApTPtcJkju7EMeBdkvRr7uKHSfSYCHQXPT8cYr6pVzq+dh38f960deS0QyHag3/d09fy7Ahmj
Re8ieWufYW6b9LsJut9hW9EmfM38sTcq2jFWvHUstl2qq4QcxG/X9SVJnPUCAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAcxkJWbv06sKseT5XSBrDCP2KiCdTv2BIgsZzGs0A56DmDj6Jbw3zfS/sgrO3
uN2nIp5zfiy9TzyAIN8Gs7DRKVBPptPARRXaSk6RhbrrjLg+erpFuNzHUmc9HAeXu6/MbnFDpLcr
lhRgJ495OhI+hEVGjCqcObSD2NqSTs4q8FtkVOegpEIHLJSgoZfBKAq8eo4DUTvr9oSpcHxg1ExA
xYAm6hfXZX9ucHM8X8U69H1LZm491mcp1svinseSlkh/q2Y1aHCyMYjWajHvbZbF5pw8zgFCespp
7a9BMDlEtvG2btQgd6sRv3rSWVEzXeMoJPFx/QKJGDyRc1luekrroA==
-----END CERTIFICATE REQUEST-----

-----------------------------138372179114855
Content-Disposition: form-data; name="Comments"

testing
-----------------------------138372179114855
Content-Disposition: form-data; name="X-Csrf-Token_acmepaymentscorp"

TokenID%3Db2f87d98-a01e-11e4-a4c8-c152b79a9472%2CexpirationTime%3D1421703244
028%2CUserFDN%3D7222fcd1-fe4b-4b80-ad25-ec86981c7962%252Eacmepaymentscorp
%2Csig%3DIid5J_crulvfYk5hHYGUt6fCbZvpp4nACDBA7JIqIMGbDZXaaItzW87rrPxPBaz
CQ-N8BacJcrEsib8bWmeGNZPqWgtXiFtRZcHBakb5zyFwLuSCE9RQK5lu8mg2iFfRH9
Cm_ERMqGUW2q28agiMT36tJWZ6SN9F8-JG6tRnYjA
-----------------------------138372179114855--

Sample request body

The request body is the certificate signing request (CSR) or certificate which is uploaded. View an example.

For more information about running operations that use the multipart/form-data Content-Type header for file upload, see Managing Multipart/Form-Data Uploads.

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept text/plain
Content-Type multipart/form-data
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
AppVersionID Path string Required The unique ID for a specific app version.
InMultiPart Body multipart Required The CSR or CER. For more information, see Managing Multipart/Form-Data Uploads.

Note:For information about the wrapInHTML parameter shown in the sample request above, see File Upload with Ajax. This is only used if you are running the API in a browser context.

Back to top

Response

If successful, this operation returns HTTP status code 200, with the AppVersionID as confirmation that the operation completed successfully. The response is wrapped in HTML.

Back to top

Sample Response

The sample response below shows that this operation completed successfully.

Sample response headers

HTTP/1.1 200 OK
Content-Type: text/html
Expires: Mon, 05 Jan 2015 10:56:17 GMT

Sample response body

<!DOCTYPE html><html lang="en" status="200" statusText="success"><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="IE=edge" http-equiv="X-UA-Compatible">
<meta name="description" content="Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris lacus elit, ornare eget luctus vel, 
porta id elit. Maecenas molestie, libero sit amet blandit faucibus, orci nisi aliquet nisi, id mollis mauris ipsum a enim. Morbi lacus velit, 
placerat sit amet luctus eget, pulvinar a massa. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi eleifend tincidunt pellentesque. 
Cras eu sapien massa, vitae rutrum sapien. Aenean id condimentum sem. Suspendisse tempor luctus ipsum, vel metus.">
</head>
<body status="200" statusText="success">24kAuJa8ie9vsJNUdopeG61X.acmepaymentscorp</body></html>

Note: for information about the HTML wrapper shown in the sample response above, see File Upload with Ajax.

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type text/plain

Back to top

Response Body

Name Type Description
Response AppVersionID The unique ID for a specific app version.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
500 An error occurred processing the call. For example, you would get this response if you attempted to send a file that wasn't a valid CSR file.

More information about Akana API Platform API error messages.

Back to top

Related Topics