Licensing API
Issue, authorize and rotate the license keys behind every service.
The License Management service issues and authorizes the license keys that gate every other 1Kosmos service. Mint service keys, manage key authorizations, and rotate credentials.
14 endpoints
across 5 resource groups.
ECDSA-signed
every request is signed with your key pair.
JSON over HTTPS
predictable REST, conventional status codes.
OpenAPI 3.0
Base URL
All Licensing endpoints are relative to your environment host. Examples on this page use the 1Kosmos pilot environment — swap in your production root when you go live.
Content type
Requests and responses use application/json.
curl -X GET 'https://pilot-root.1kosmos.net/licenses/healthz' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
Authentication
Licensing uses ECDSA key-pair authentication. Each request carries your credentials as
HTTP headers; verification-grade calls additionally sign the request body. Retrieve the system signing
key from /publickeys.
curl -X GET 'https://pilot-root.1kosmos.net/licenses/healthz' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/healthz", {
method: "GET",
headers: {
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.get(
"https://pilot-root.1kosmos.net/licenses/healthz",
headers={
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json())Errors
Licensing uses conventional HTTP status codes: 2xx success, 4xx a problem
with the request, 5xx a service-side error.
| Status | Meaning | Description |
|---|---|---|
| 200 / 204 | OK | The request succeeded. |
| 400 | Bad Request | Validation failed. |
| 401 | Unauthorized | Missing or invalid credentials. |
| 403 | Forbidden | Authenticated, but not permitted. |
| 404 | Not Found | The resource does not exist. |
| 500 | Server Error | Something went wrong on our side. |
{
"statusCode": 400,
"error": "Bad Request",
"message": "Validation error"
}Service Key
Mint and rotate service keys.
Get Service Key details by Id or tag
Retrieves the details of an existing service key.
- If the signing key is a system key, any keys can be requested.
- If the signing key is a service key, all but system keys can be requested.
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Parameters
keyId (required)
The keyId or tag of service key.
Returns
Returns a service key object if a valid keyId was provided.
| Name | Type | Description |
|---|---|---|
| keyId | string | — |
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
curl -X GET 'https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' \ -H 'privateKey: YOUR_PRIVATE_KEY' \ -H 'requestid: <ecdsa-requestid>' \ -H 'systemPublicKey: <value>' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx", {
method: "GET",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.get(
"https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json()){
"_id": "xxxxxxxxxxxxxxxxxxxx",
"type": "xxxxx",
"tag": "xxxxxxxx",
"keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"disabled": false,
"expiry": "2023-01-13T15:36:44.978Z",
"authLevel": "xxxxxxx",
"module": {},
"description": ""
}// no response body
// no response body
Get Current User Service Key details
Retrieves the service key details of the current user.
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Returns
Returns a service key object if a current user is authenticated.
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
curl -X GET 'https://pilot-root.1kosmos.net/licenses/servicekey/current' \ -H 'privateKey: YOUR_PRIVATE_KEY' \ -H 'requestid: <ecdsa-requestid>' \ -H 'systemPublicKey: <value>' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/servicekey/current", {
method: "GET",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.get(
"https://pilot-root.1kosmos.net/licenses/servicekey/current",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json()){
"_id": "xxxxxxxxxxxxxxxxxxxx",
"type": "xxxxx",
"tag": "xxxxxxxx",
"keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"disabled": false,
"expiry": "2023-01-13T15:36:44.978Z",
"authLevel": "xxxxxxx",
"module": {},
"description": ""
}// no response body
Get All Service Keys
Returns a list of service keys.
- When API is called using a system key, API will return all keys.
- When API is called using a service key, API will return all but system keys.
- [change] no otherkey is permitted to request ALL service keys.
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Parameters
pIndex (optional)
The pIndex key is a cursor for the pagination.
pSize (optional)
A limit on the number of objects to be returned. The range between 1 to 25 and the default is 10.
Returns
Returns a list of service keys with pagination.
| Name | Type | Description |
|---|---|---|
| pIndex | integer | — |
| pSize | integer | — |
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
curl -X POST 'https://pilot-root.1kosmos.net/licenses/servicekey/fetch?pIndex=0&pSize=10' \ -H 'privateKey: YOUR_PRIVATE_KEY' \ -H 'requestid: <ecdsa-requestid>' \ -H 'systemPublicKey: <value>' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/servicekey/fetch?pIndex=0&pSize=10", {
method: "POST",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.post(
"https://pilot-root.1kosmos.net/licenses/servicekey/fetch?pIndex=0&pSize=10",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json()){
"page": {
"index": 0,
"total": 50,
"size": 1
},
"data": [
{
"tag": "xxxxxxx",
"keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"disabled": false,
"expiry": "2023-01-08T08:39:55.000Z",
"authLevel": "xxxxxx",
"modules": {}
}
]
}// no response body
Create Service Key
Creates a new service key object.
- Only a system and a service key can be used to create a new key.
- Only a system key can be used to create other system keys.
- system and service key can create all other types.
- No other key can be used to create a new key.
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Request Body
tag (required)
A tag is alpha-numeric (a-z, A-Z, 0-9) unique identifier with some special character '-', '_', '|' and ':'.
keyId (optional)
The keyId is valid and unique key. The keyId is auto-generated as a uuid if keyId is not provided.
keySecret (required if keyId is provided)
The keySecret is valid and unique key. The keySecret is auto-generated as a uuid if keySecret is not provided.
disabled (optional)
The disabled key only accept these values (true, false). Default disabled value is false
expiry (optional)
Set the expiry date for the service key.
An expiry key is a valid future date.
Default expiry value is current date plus 2 years.
authLevel (optional)
This key defines the authentications level of the service key. The authLevel value must be a valid auth level. The authLevel key only accept these values ("system", "service", "service_ext", "app_ext", "app", "basic")
Default authLevel value is "basic"!
type (optional)
This key defines the authentication type of the service key. The type key only accept these values ('hawk', 'ecdsa', 'user')
Default type value is Hawk. When using type = user, keyId should be user's URN. keySecret can be any value as it's internally over-written.
modules (optional object)
Default modules value is empty object({}).
- ### Modules Child Parameters
mod_dl (optional) The mod_dl key is type of boolean and optional.
mod_identity (optional) The mod_identity key is type of boolean and optional.
mod_pp (optional) The mod_pp key is type of boolean and optional.
mod_face (optional) The mod_face key is type of boolean and optional.
mod_pin (optional) The mod_pin key is type of boolean and optional.
mod_nationalid (optional) The mod_nationalid key is type of boolean and optional.
mod_core (optional) The mod_core key is type of boolean and optional.
mod_misc (optional) The mod_misc key is type of boolean and optional.
bypass_poi (optional) The bypass_poi key is type of boolean and optional.
mod_ssn (optional) The mod_ssn key is type of boolean and optional.
mod_dvcid (optional) The mod_dvcid key is type of string and optional.
mod_auid_license (optional) The mod_auid_license key is type of string and optional.
mod_email (optional) The mod_email key is type of boolean and optional.
mod_phone (optional) The mod_phone key is type of string and optional.
description (optional)
This field use to add licensekey info
Returns
Returns the service key object if the service key object is created successfully.
This API throws an error if something goes wrong. A common source of error is tag, keyId and keySecret are already exists.
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
| Field | Type | Description |
|---|---|---|
| tag | string | 3-256 alpha-numeric (a-z, A-Z, 0-9), special character '-', '_', '|' and ':' |
| keyId | string | auto-generated as a uuid |
| keySecret | string | auto-generated as a uuid |
| disabled | boolean | default = false |
| expiry | string | default current system time + 2 years |
| authLevel | string | options [ system, service, app, service_ext, app_ext, basic ] and default = basic |
| modules | object | — |
| description | string | — |
curl -X PUT 'https://pilot-root.1kosmos.net/licenses/servicekey' \
-H 'privateKey: YOUR_PRIVATE_KEY' \
-H 'requestid: <ecdsa-requestid>' \
-H 'systemPublicKey: <value>' \
-H 'keyId: YOUR_KEY_ID' \
-H 'keySecret: YOUR_KEY_SECRET' \
-H 'licensekey: YOUR_LICENSE_KEY' \
-H 'Content-Type: application/json' \
-d '{"tag": "xxxxxxx", "keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx", "keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx", "disabled": false, "expiry": "2023-01-08T08:39:55.000Z", "authLevel": "xxxxxx", "modules": {}, "type": "hawk | ecdsa | user", "description": ""}'const res = await fetch("https://pilot-root.1kosmos.net/licenses/servicekey", {
method: "PUT",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"tag": "xxxxxxx",
"keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"disabled": false,
"expiry": "2023-01-08T08:39:55.000Z",
"authLevel": "xxxxxx",
"modules": {},
"type": "hawk | ecdsa | user",
"description": ""
})
});
const data = await res.json();import requests
res = requests.put(
"https://pilot-root.1kosmos.net/licenses/servicekey",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
},
json={
"tag": "xxxxxxx",
"keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"disabled": false,
"expiry": "2023-01-08T08:39:55.000Z",
"authLevel": "xxxxxx",
"modules": {},
"type": "hawk | ecdsa | user",
"description": ""
},
)
print(res.json()){
"_id": "xxxxxxxxxxxxxxxxxxxx",
"type": "xxxxx",
"tag": "xxxxxxxx",
"keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"disabled": false,
"expiry": "2023-01-13T15:36:44.978Z",
"authLevel": "xxxxxxx",
"module": {},
"description": ""
}// no response body
Update Service Key details
Updates the specified service key with specified parameters, only provided parameters will be updated.
- Only a system key can be used to update another system key.
- system key can update all other types of key.
- service key can update all other types of non-system key.
- Only following attributes can be changed using this API.
disabled, expiry, modules
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Parameters
keyId (required)
The keyId of service key.
Request Body
disabled (optional)
Disabled or Enabled service key. The disabled key only accept these values (true, false).
The value will be left unchanged if the disabled key is not provided.
expiry (optional)
Set the expiry date for the service key.
An expiry key is a valid future date.
The value will be left unchanged if the expiry key is not provided.
description (optional)
This field use to add licensekey info
modules (optional object)
The value will be left unchanged if the modules object is not provided.
- ### Modules Child Parameters
mod_dl (optional) The mod_dl key is type of boolean and optional.
mod_identity (optional) The mod_identity key is type of boolean and optional.
mod_pp (optional) The mod_pp key is type of boolean and optional.
mod_face (optional) The mod_face key is type of boolean and optional.
mod_pin (optional) The mod_pin key is type of boolean and optional.
mod_nationalid (optional) The mod_nationalid key is type of boolean and optional.
mod_core (optional) The mod_core key is type of boolean and optional.
mod_misc (optional) The mod_misc key is type of boolean and optional.
bypass_poi (optional) The bypass_poi key is type of boolean and optional.
mod_ssn (optional) The mod_ssn key is type of boolean and optional.
mod_dvcid (optional) The mod_dvcid key is type of string and optional.
mod_auid_license (optional) The mod_auid_license key is type of string and optional.
mod_email (optional) The mod_email key is type of boolean and optional.
mod_phone (optional) The mod_phone key is type of string and optional.
Returns
Returns the service key object if the service key is updated successfully.
This API throws an error if something goes wrong. A common source of error is a keyId is not exists.
| Name | Type | Description |
|---|---|---|
| keyId | string | — |
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
| Field | Type | Description |
|---|---|---|
| disabled | boolean | default = false |
| expiry | string | default current system time + 2 years |
| modules | object | — |
| description | string | — |
curl -X PATCH 'https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' \
-H 'privateKey: YOUR_PRIVATE_KEY' \
-H 'requestid: <ecdsa-requestid>' \
-H 'systemPublicKey: <value>' \
-H 'keyId: YOUR_KEY_ID' \
-H 'keySecret: YOUR_KEY_SECRET' \
-H 'licensekey: YOUR_LICENSE_KEY' \
-H 'Content-Type: application/json' \
-d '{"disabled": false, "expiry": "2023-01-08T08:39:55.000Z", "modules": {}, "description": ""}'const res = await fetch("https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx", {
method: "PATCH",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"disabled": false,
"expiry": "2023-01-08T08:39:55.000Z",
"modules": {},
"description": ""
})
});
const data = await res.json();import requests
res = requests.patch(
"https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
},
json={
"disabled": false,
"expiry": "2023-01-08T08:39:55.000Z",
"modules": {},
"description": ""
},
)
print(res.json()){
"_id": "xxxxxxxxxxxxxxxxxxxx",
"type": "xxxxx",
"tag": "xxxxxxxx",
"keyId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"keySecret": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
"disabled": false,
"expiry": "2023-01-13T15:36:44.978Z",
"authLevel": "xxxxxxx",
"module": {},
"description": ""
}// no response body
// no response body
Delete Service Key
Permanently deletes a service key. It cannot be undone.
- Only a system key can be used to remove other system keys.
- system key can be used to remove all other keys.
- service key can delete other non-system keys.
- A key can not delete itself.
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Parameters
keyId (required)
The keyId of service key.
Returns
Returns a 204 status code if a valid keyId was provided.
| Name | Type | Description |
|---|---|---|
| keyId | string | — |
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
curl -X DELETE 'https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx' \ -H 'privateKey: YOUR_PRIVATE_KEY' \ -H 'requestid: <ecdsa-requestid>' \ -H 'systemPublicKey: <value>' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx", {
method: "DELETE",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.delete(
"https://pilot-root.1kosmos.net/licenses/servicekey?keyId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json())// no response body
// no response body
// no response body
Key Authorization
Authorize keys for use.
License check
Check license.
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Parameters
communityId (required)
The communityId of licenseAuth.
Returns
Returns the licenseAuth object if authenticated key is added to the community and the authenticated service key is not disabled.
This API throws an error if something goes wrong. A common source of error is if the key is not added to the community or the service key is disabled.
| Name | Type | Description |
|---|---|---|
| communityId | string | — |
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
curl -X GET 'https://pilot-root.1kosmos.net/licenses/community/xxxxxxxx/licensecheck' \ -H 'privateKey: YOUR_PRIVATE_KEY' \ -H 'requestid: <ecdsa-requestid>' \ -H 'systemPublicKey: <value>' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/community/xxxxxxxx/licensecheck", {
method: "GET",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.get(
"https://pilot-root.1kosmos.net/licenses/community/xxxxxxxx/licensecheck",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json()){
"modules": {},
"isAuthorized": true,
"expiry": "2023-01-08T08:39:55.000+00:00",
"authLevel": "xxxxx",
"tag": "system"
}// no response body
// no response body
Get All Community Keys
Returns a list of community keys.
- system, service key can fetch all keys.
- other keys can only fetch IFF calling key
– It must be added to the community
– licenseAuth.isAuthorized = true
– licenseAuth.expiry is must be future date time.
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Parameters
pIndex (optional)
The pIndex key is a cursor for the pagination.
pSize (optional)
A limit on the number of objects to be returned. The range between 1 to 25 and the default is 10.
Returns
Returns a list of service keys with pagination.
| Name | Type | Description |
|---|---|---|
| communityId | string | — |
| Name | Type | Description |
|---|---|---|
| pIndex | integer | — |
| pSize | integer | — |
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
curl -X POST 'https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/fetch?pIndex=0&pSize=10' \ -H 'privateKey: YOUR_PRIVATE_KEY' \ -H 'requestid: <ecdsa-requestid>' \ -H 'systemPublicKey: <value>' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/fetch?pIndex=0&pSize=10", {
method: "POST",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.post(
"https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/fetch?pIndex=0&pSize=10",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json()){
"page": {
"index": 0,
"total": 50,
"size": 1
},
"data": [
{
"isAuthorized": true,
"_id": "xxxxxxxxxxxxxxxxxxxx",
"keyTag": "xxxxxx",
"communityId": "xxxxxxxxxxxxxx",
"expiry": "2023-01-17T18:30:00.000Z"
}
]
}// no response body
Add Key to community
Add key to community.
- system and service keys can add any key to any community.
- service_ext key can only add a new key to community IFF
– It must be added to the community
– licenseAuth.isAuthorized = true
– licenseAuth.expiry is must be future date time.
- The key identified by keyTag must be valid key, not disabled and not expired
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Request Body
keyTag (required)
A keyTag is alpha-numeric (a-z, A-Z, 0-9) unique identifier with some special character '-', '_', '|' and ':'.
communityId (required)
The communityId key is type of ObjectId.
communityName (optional)
The communityName key is type of string.
Maximum 256 characters are allowed.
isAuthorized (optional)
The isAuthorized key is type of boolean. Default value is true.
expiry (optional)
The expiry is a valid future date.
Default value is current date plus 2 years.
Returns
Returns the licenseAuth object if the licenseAuth object is created successfully.
This API throws an error if something goes wrong. A common source of error is keyTag and communityId are already exist.
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
| Field | Type | Description |
|---|---|---|
| keyTag | string | 3-256 alpha-numeric (a-z, A-Z, 0-9), special character '-', '_', '|' and ':' |
| communityId | string | type of ObjectId |
| communityName | string | name of the community |
| isAuthorized | boolean | default = true |
| expiry | string | default current system time + 2 years |
curl -X PUT 'https://pilot-root.1kosmos.net/licenses/community/servicekey' \
-H 'privateKey: YOUR_PRIVATE_KEY' \
-H 'requestid: <ecdsa-requestid>' \
-H 'systemPublicKey: <value>' \
-H 'keyId: YOUR_KEY_ID' \
-H 'keySecret: YOUR_KEY_SECRET' \
-H 'licensekey: YOUR_LICENSE_KEY' \
-H 'Content-Type: application/json' \
-d '{"keyTag": "xxxxx", "communityId": "xxxxxxxxxxxxxxxxxxxxxxxx", "communityName": "xxxxxx", "isAuthorized": false, "expiry": "2023-01-08T08:39:55.000Z"}'const res = await fetch("https://pilot-root.1kosmos.net/licenses/community/servicekey", {
method: "PUT",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"keyTag": "xxxxx",
"communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
"communityName": "xxxxxx",
"isAuthorized": false,
"expiry": "2023-01-08T08:39:55.000Z"
})
});
const data = await res.json();import requests
res = requests.put(
"https://pilot-root.1kosmos.net/licenses/community/servicekey",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
},
json={
"keyTag": "xxxxx",
"communityId": "xxxxxxxxxxxxxxxxxxxxxxxx",
"communityName": "xxxxxx",
"isAuthorized": false,
"expiry": "2023-01-08T08:39:55.000Z"
},
)
print(res.json()){
"isAuthorized": true,
"_id": "xxxxxxxxxxxxxxxxxxxx",
"keyTag": "xxxxxxx",
"communityId": "xxxxxxxxxxxxxx",
"expiry": "2023-01-17T18:30:00.000Z"
}// no response body
Update Key from Community
Update Key to Community.
- system key can modify any key from any community.
- service key can modify any non-system key from any community.
- service_ext key can only modify non-system, non-service keys from a community IFF
– It must be added to the community
– licenseAuth.isAuthorized = true
– licenseAuth.expiry is must be future date time.
- The key identified by keyTag must be valid key, not disabled and not expired
- Only these attributes can be updated
isAuthorized, expiry
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Parameters
communityId (required)
The communityId of licenseAuth.
tag (required)
The keyTag of licenseAuth.
Request Body
isAuthorized (optional)
The isAuthorized key is type of boolean. The value will be left unchanged if the isAuthorized key is not provided.
expiry (optional)
The expiry is a valid future date.
The value will be left unchanged if the expiry key is not provided.
Returns
Returns the updated licenseAuth object if the licenseAuth object is updated successfully.
This API throws an error if something goes wrong. A common source of error is a communityId or keyTag are not exists.
| Name | Type | Description |
|---|---|---|
| communityId | string | — |
| tag | string | — |
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
| Field | Type | Description |
|---|---|---|
| isAuthorized | boolean | default = true |
| expiry | string | default current system time + 2 years |
curl -X PATCH 'https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/xxxxx' \
-H 'privateKey: YOUR_PRIVATE_KEY' \
-H 'requestid: <ecdsa-requestid>' \
-H 'systemPublicKey: <value>' \
-H 'keyId: YOUR_KEY_ID' \
-H 'keySecret: YOUR_KEY_SECRET' \
-H 'licensekey: YOUR_LICENSE_KEY' \
-H 'Content-Type: application/json' \
-d '{"isAuthorized": false, "expiry": "2023-01-08T08:39:55.000Z"}'const res = await fetch("https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/xxxxx", {
method: "PATCH",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"isAuthorized": false,
"expiry": "2023-01-08T08:39:55.000Z"
})
});
const data = await res.json();import requests
res = requests.patch(
"https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/xxxxx",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
},
json={
"isAuthorized": false,
"expiry": "2023-01-08T08:39:55.000Z"
},
)
print(res.json()){
"isAuthorized": true,
"_id": "xxxxxxxxxxxxxxxxxxxx",
"keyTag": "xxxxxxx",
"communityId": "xxxxxxxxxxxxxx",
"expiry": "2023-01-17T18:30:00.000Z"
}// no response body
Delete Key from community
Permanently deletes a community key. It cannot be undone.
- system key can delete any key from any community.
- service key can delete any non-system key from any community.
- service_ext key can only delete non-system, non-service keys from a community IFF
– It must be added to the community
– licenseAuth.isAuthorized = true
– licenseAuth.expiry is must be future date time.
- The key identified by keyTag MUST be valid key, not disabled and not expired
Headers
licensekey (required)
License key encrypted with ECDSA
requestid (required)
JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds
publickey (required)
Public key
Parameters
communityId (required)
The communityId of licenseAuth.
tag (required)
The keyTag of licenseAuth.
Returns
Returns a 204 status code if a valid keyTag and communityId was provided.
| Name | Type | Description |
|---|---|---|
| communityId | string | — |
| tag | string | — |
| Name | Type | Description |
|---|---|---|
| privateKeyrequired | string | License key encrypted with ECDSA / Try Authorize 🔒 |
| requestidrequired | string | JSON string encrypted with ECDSA which should contain "appid" (string), "uuid" (string) and "ts" (number) representing epoch timestamp in seconds / Try Authorize 🔒 |
| systemPublicKeyrequired | string | Public Key / Try Authorize 🔒 |
curl -X DELETE 'https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/xxxxxx' \ -H 'privateKey: YOUR_PRIVATE_KEY' \ -H 'requestid: <ecdsa-requestid>' \ -H 'systemPublicKey: <value>' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/xxxxxx", {
method: "DELETE",
headers: {
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.delete(
"https://pilot-root.1kosmos.net/licenses/community/xxxxxxxxxx/servicekey/xxxxxx",
headers={
"privateKey": "YOUR_PRIVATE_KEY",
"requestid": "<ecdsa-requestid>",
"systemPublicKey": "<value>",
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json())// no response body
// no response body
// no response body
ECDSA Helper
ECDSA Helper endpoints.
Encrypt and decrypt the data string by public key and private key.
Encrypt and decrypt the data string by public key and private key.
Parameters
method (optional)
The method parameter is type of enum. Default value is encrypt.
This parameter only accepts following values
encrypt, decrypt
Request Body
dataStr (required)
The dataStr key is type of string.
publicKey (required)
The publicKey is type of string.
privateKey (required)
The privateKey is type of string.
Returns
Returns the encrypted/decrypted string.
This API throw an error if something goes wrong. A common source of error is public or private key is not valid.
| Name | Type | Description |
|---|---|---|
| method | string | — |
| Field | Type | Description |
|---|---|---|
| dataStr | string | — |
| publicKey | string | — |
| privateKey | string | — |
curl -X POST 'https://pilot-root.1kosmos.net/licenses/ecdsa_helper/<method>' \
-H 'keyId: YOUR_KEY_ID' \
-H 'keySecret: YOUR_KEY_SECRET' \
-H 'licensekey: YOUR_LICENSE_KEY' \
-H 'Content-Type: application/json' \
-d '{"dataStr": "Hey, This is example data string.", "publicKey": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx=", "privateKey": "xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="}'const res = await fetch("https://pilot-root.1kosmos.net/licenses/ecdsa_helper/<method>", {
method: "POST",
headers: {
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"dataStr": "Hey, This is example data string.",
"publicKey": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx=",
"privateKey": "xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
})
});
const data = await res.json();import requests
res = requests.post(
"https://pilot-root.1kosmos.net/licenses/ecdsa_helper/<method>",
headers={
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
},
json={
"dataStr": "Hey, This is example data string.",
"publicKey": "xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx=",
"privateKey": "xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxx="
},
)
print(res.json()){
"data": "xxxxxxxxxxxxxxxxxxxx"
}Healthz
Healthz endpoints.
Get healthz.
Get healthz
Returns
Returns a healthz object
- ``
version = <git-tag>.<commit-id>.<dob>``
- ``
git-tag``: When code is compiled from a git-tag, this must carry the tag name. This should match one of the git tags. - ``
commit-id``: This is the git-commit-id. eg: When code is built from this, the hex code, in the end, is the commit it. - ``
dob``: Date Of Build. This is epoc-time-in-se conds that tell the time when the build was created. - if the code is not built from a git-tag, then the ``
version =<commit-id>.<dob>``
curl -X GET 'https://pilot-root.1kosmos.net/licenses/healthz' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/healthz", {
method: "GET",
headers: {
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.get(
"https://pilot-root.1kosmos.net/licenses/healthz",
headers={
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json()){
"status": "all services operational",
"publicKey": "//same as <service>/publickeys endpoint",
"code": "200",
"version": "xxxx.xxxx.xxxx"
}Public Key
Public Key endpoints.
Get system's public key.
Get system's public key.
Returns
Returns a public key object
curl -X GET 'https://pilot-root.1kosmos.net/licenses/publickeys' \ -H 'keyId: YOUR_KEY_ID' \ -H 'keySecret: YOUR_KEY_SECRET' \ -H 'licensekey: YOUR_LICENSE_KEY'
const res = await fetch("https://pilot-root.1kosmos.net/licenses/publickeys", {
method: "GET",
headers: {
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
});
const data = await res.json();import requests
res = requests.get(
"https://pilot-root.1kosmos.net/licenses/publickeys",
headers={
"keyId": "YOUR_KEY_ID",
"keySecret": "YOUR_KEY_SECRET",
"licensekey": "YOUR_LICENSE_KEY"
}
)
print(res.json()){
"publicKey": ""
}// no response body