AnyCAGateway REST API

The APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints for the AnyCAGateway REST include methods necessary to programmatically add, edit and retrieve identity providers within the application. These may be accessed via an API platform tool. For security, clientsecret values will either not be returned in the responses, or they will be masked.

Newly created identity providers can be used for authentication after approximately 60 seconds. Identity providers that are updated will be updated in the authentication after approximately 60 seconds.

Tip:  For identity provider logging in the AnyCA Gateway log files, log messages will require either the DEBUG or TRACE log levels. In the event that there is an error when adding/updating an Identity provider, the log will log a WARN message indicating there was an issue.

Table 1149: AnyCAGateway REST API Endpoints

Endpoint Method Description Link
/IdentityProviders/{id} GET Returns the identity provider with the specified ID. GET Identity Providers ID
/IdentityProviders/{id} PUT Updates the identity provider with the specified ID. PUT Identity Providers ID
/IdentityProviders GET Returns all identity providers defined within AnyCAGateway REST. GET Identity Providers
/IdentityProviders POST Add the identity provider to AnyCAGateway REST. POST Identity Providers
/IdentityProviders/Types GET Returns details for all the identities provider types defined within AnyCAGateway REST. GET Identity Providers Types
/config/analyzecert POST Returns public information about the referenced certificate. POST Config Analyzecert
Endpoint Common Features

By default, all AnyCAGateway REST API methods start with a base path, which corresponds to an application under the web server; this path is configurable at install time. The default base path is AnyGatewayREST. The API component name and method name then comprise the parts of the URL, each separated by a forward slash. For example, /AnyGatewayREST/IdentityProviders would be the URL format for the identity provider methods.

The AnyCAGateway REST API uses the following common request headers:

  • Content-Type: application/json

  • Authorization: Bearer <your OAuth token>

HTTP Statuses

The following HTTP Statuses may be returned by AnyCAGateway REST API requests:

  • 200 OK: Request successful; results, if applicable, in response body.

  • 204 No Content: Request successful; results in no response.

  • 400 Bad Request: Malformed or invalid data; additional information may be available in the response body and/or AnyCAGateway REST server logs.

  • 401 Unauthorized: Invalid credentials (user unauthenticated).

  • 403 Forbidden: Can often indicate that the user does not have the appropriate permissions for this action in AnyCAGateway REST (user unauthorized).

  • 404 Page not Found: Invalid request path.

  • 405 Method Not Allowed: Invalid request; check the requested method (POST vs GET), the authentication credentials, and the endpointClosed An endpoint is a URL that enables the API to gain access to resources on a server. path.

  • 500 Internal Server Error: AnyCAGateway REST encountered an unexpected error attempting to handle the request. See response body and AnyCAGateway REST server logs for details.

  • 502 Bad Gateway: AnyCAGateway REST attempted to contact Keyfactor Command or other upstream server to process the request, but was unable to. See AnyCAGateway REST server logs for details.