GET KeyManagement
The GET /KeyManagement method serves two purposes:
-
User with an EAB Key: If the requesting user has an existing External Account Binding (EAB) key, the method returns the associated KeyId and KeyValue.
-
User without an EAB Key: If no EAB key exists, the method generates a new KeyId and KeyValue, returning them to the user. This information is stored in the SQL database and linked to the requesting user.
This method returns HTTP 200 OK on a success with the EAB key.
An endpoint is a URL that enables the API to gain access to resources on a server.: Using the Token in API RequestsThe KeyId and KeyValue allow an ACME client to prove pre-approval by the Keyfactor ACME server before requesting certificate issuance. They are required to register an ACME client (e.g. Certbot), which will then operate within the context of the associated user.
Table 15: POST KeyManagement Input Parameters
| Name | In | Description |
|---|---|---|
| Template | Query |
A string containing the template defined within Keyfactor Command that should be used for requests by this user. For example: /KeyManagement?Template=MyTemplateName
Note: The template only needs to mapped to the user with this option if the user is in multiple roles that are mapped to separate templates. If the user is granted access to Keyfactor ACME directly rather than via a group or role, the user cannot be mapped to a template using this option.
|
Table 16: POST KeyManagement Response Data
| Name | Description |
|---|---|
| KeyId | A string containing the Keyfactor Command reference GUID for the EAB key issued to the external account (user) within the Keyfactor ACME server. This identifier allows the server to recognize which external account is associated with a given ACME request. |
| KeyValue | A string containing the HMAC key value. This cryptographic key is used to sign the ACME request for external account binding, ensuring that the request is authenticated and that the ACME client is authorized to register with the Keyfactor ACME server. |