Metadata V3
Version 3 of the metadata
Metadata provides information about a piece of data. It is used to summarize basic information about data, which can make working with the data easier. In the context of Keyfactor Command, the certificate metadata feature allows you to create custom metadata fields that allow you to tag certificates with tracking information about certificates. API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. allows more flexibility in certificate lookup and security measures than version 2, while allowing more to be done in a single API call and with a more concise JSON representation. Requests to metadata v3 API methods include 3 parts as shown in Table 715: Metadata V3 Request Body.
Table 715: Metadata V3 Request Body
|
Parameter Name |
Parameter Value |
|---|---|
|
Lookup |
Given in Table 65: Classic API Certificate Lookup Structure. |
|
Security |
|
|
Metadata |
Dictionary of key-value pairs, where the key represents the metadata field and (for the set method) the value represents the value to be associated to the certificate referenced in the "Lookup" value. For Get and GetDefinition methods, the same structure is used but the value is not considered. |
The security parameter A parameter or argument is a value that is passed into a function in an application. includes a set of required flags, certain of which necessitate the inclusion of other parameters. The flags should be passed as integers, combined together using bitwise OR. The flags defined in Keyfactor Command are described in Table 716: Metadata V3 Security Bitflags.
Table 716: Metadata V3 Security Bitflags
|
Value |
Definition |
|---|---|
|
00000001 |
Fail if certificate has been revoked or denied. |
|
00000010 |
Fail if certificate has expired. |
|
00000100 |
Fail if certificate status is pending or unknown. |
|
00001000 |
Fail if metadata values provided for authentication do not match the values stored in Keyfactor Command. Must be paired with an "authmetadata" field, the value of which is a dictionary formatted with {"MetadataFieldName" : "AssociatedCertificateValue" pairs}. This effectively supplants the "Compare" method found in v2. |
|
00100000 |
Overwrite flag – update value even if field is configured to require explicit overwrites and a value has been associated with the certificate (applies to Set method only). |
The metadata argument A parameter or argument is a value that is passed into a function in an application. is a JSON dictionary containing 0 or more key-value pairs. In each pair, the key must correspond to the name of a metadata field. The value, if present, must be of a data type matching the type of the field. For Boolean and integer metadata field values, this is the JSON Boolean or integer type, respectively, while all other metadata field types are to be represented as strings. Dates should be passed in the "YYYY-M-D" format. Multi-valued entries should have a value that exactly matches one of the pre-defined values. For the Get method, values need not be provided and the empty string can be used as the value for each key. In the case where there are 0 metadata arguments, the "Metadata" key must still be present and mapped to an empty object "{}". Note that this syntax is different than previous Metadata API versions, and uses a more concise format. An example is:
"Metadata" : {"Email-Contact" : "user@example.com", "Contact-Name" : "John Doe", "ID-number" : 738}
