Download OpenAPI specification:Download
The Lagertha API is a comprehensive solution for managing encryption keys and performing encryption and decryption operations, dedicated to ensuring end-to-end encryption. This API enhances data security by handling all encryption processes client-side, thereby minimizing the exposure of sensitive data.
Authenticates a user and returns an access_token ,refresh_token and open_id.
PUBLIClogin: A string representing the user's login credentials.
password: A string representing the user's password.
application_id: A i32 representing the user's application id.
fingerprint: A string representing the user's unique device identifier.
code_2fa: An optional string representing the 6-digit Time-based One-Time Password (TOTP) if two-factor authentication is enabled.
| login required | string |
| password required | string |
| application_id required | integer <int32> |
| fingerprint required | string |
| code_2fa | string or null |
{- "login": "string",
- "password": "string",
- "application_id": 0,
- "fingerprint": "string",
- "code_2fa": "string"
}{- "access_token": "string",
- "token_type": "string",
- "refresh_token": "string",
- "open_id": "string"
}Refresh user Authentication and returns an access_token ,refresh_token and open_id.
PUBLICrefresh_token: A string representing the user's refresh token.
application_id: A i32 representing the user's application id.
fingerprint: A string representing the user's unique device identifier.
| refresh_token required | string |
| application_id required | integer <int32> |
| fingerprint required | string |
{- "refresh_token": "string",
- "application_id": 0,
- "fingerprint": "string"
}{- "access_token": "string",
- "token_type": "string",
- "refresh_token": "string",
- "open_id": "string"
}This endpoint allows ROLE_USER to exchange the authorization code, obtained by ROLE_ADMIN, for an access token. The request must include the original state value for validation.
PUBLICauthorization_code: A string given by the server to exchange to an lagertha access token .
state: A string representing a unique state value to maintain state between the request and callback (provided by server).
fingerprint: A unique device authentifier
code_2fa: If MFA is acticated, provide the 6 number T-otp code
| authorization_code required | string |
| state required | string |
| fingerprint required | string |
| code_2fa | string or null |
{- "authorization_code": "string",
- "state": "string",
- "fingerprint": "string",
- "code_2fa": "string"
}{- "access_token": "string",
- "token_type": "string",
- "refresh_token": "string",
- "open_id": "string"
}This endpoint verifies the validity of an OpenID Connect Token. It checks the signature and expiration of the token. If valid, it returns basic information about the user.
ROLE_ADMINopen_id_token: A string representing the OpenID Connect Token to be verified.| open_id_token required | string |
{- "open_id_token": "string"
}{- "id": "string",
- "email": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "roles": [
- "string"
], - "created_at": "string"
}This endpoint allows users with the ROLE_SUPER_ADMIN permission to update an existing application.
ROLE_SUPER_ADMINid: A i32 representing the id of the target application.
name: An optionnal String represanting the Updated Application Name
contact_email: An optionnal String represanting the Updated Application contact email
| id required | integer <int32> |
| name | string or null |
| contact_email | string or null |
{- "id": 0,
- "name": "string",
- "contact_email": "string"
}{- "id": 0,
- "name": "string",
- "users_number": 0,
- "keys_number": 0,
- "is_system": true,
- "contact_email": "string",
- "created_at": "string"
}This endpoint allows users with the ROLE_SUPER_ADMIN permission to create a new application.
ROLE_SUPER_ADMINname: A String representing the new application name.
contact_email: A String representing the new application contact email
| name required | string |
| contact_email required | string |
{- "name": "string",
- "contact_email": "string"
}{- "id": 0,
- "name": "string",
- "users_number": 0,
- "keys_number": 0,
- "is_system": true,
- "contact_email": "string",
- "created_at": "string"
}This endpoint allows users with the ROLE_SUPER_ADMIN permission to delete an existing application.
ROLE_SUPER_ADMINapplication_id: The ID of the application to be deleted.| application_id required | integer <int32> |
{- "code": 0,
- "message": "string"
}This endpoint allows the creation of a new user with the role ROLE_USER.
This endpoint is publicly accessible and does not require any authentication.
The created user (ROLE_VALIDATION) must validate their account to end the process
PUBLICemail: A String representing the email of the user
password: A String representing the strong user password (must be min length 8, at least 1 lowercase, least 1 uppercase, at least 1 number )
firstname: A String representing the user firstname
lastname: A String representing the user lastname
login: A String representing the user login (must be unique for the givent application)
application_id: A number representing the application id
| email required | string |
| password required | string |
| firstname required | string |
| lastname required | string |
| login required | string |
| application_id required | integer <int32> |
{- "email": "string",
- "password": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "application_id": 0
}{- "id": "string",
- "email": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "roles": [
- "string"
], - "created_at": "string"
}This endpoint allows users with the ROLE_VALIDATION permission to validate a user account by providing a validation code.
This endpoint requires authentication and the ROLE_VALIDATION role. It accepts a validation code to validate a user account.
If the validation is successful, it returns basic information about the user.
ROLE_VALIDATIONvalidation_code: A string representing the validation code.| validation_code required | string |
{- "validation_code": "string"
}{- "id": "string",
- "email": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "roles": [
- "string"
], - "created_at": "string"
}This endpoint allows the creation of a new user with the role ROLE_USER or ROLE_ADMIN.
This endpoint require to be authenticate.
ROLE_SUPER_ADMIN
ROLE_ADMIN
email: A String representing the email of the user
password: An Optional String representing the strong user password (must be min length 8, at least 1 lowercase, least 1 uppercase, at least 1 number )
firstname: A String representing the user firstname
lastname: A String representing the user lastname
login: A String representing the user login (must be unique for the givent application)
application_id: A number representing the application id (ignore if ROLE_ADMIN)
is_admin: A boolean representing the role of the future user (true -> ROLE_ADMIN, false -> ROLE_USER)
| email required | string |
| password | string or null |
| firstname required | string |
| lastname required | string |
| login required | string |
| application_id required | integer <int32> |
| is_admin required | boolean |
{- "email": "string",
- "password": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "application_id": 0,
- "is_admin": true
}{- "id": "string",
- "email": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "roles": [
- "string"
], - "created_at": "string"
}This endpoint allows users to request a temporary validation code for resetting their password.
This endpoint is publicly accessible and does not require authentication.
It accepts the user's login and application ID to send a temporary validation code to the user's registered email address for password reset purposes.
PUBLIClogin: A string representing the user's login.
application_id: A string representing the application ID.
| login required | string |
| application_id required | integer <int32> |
{- "login": "string",
- "application_id": 0
}{- "code": 0,
- "message": "string"
}This endpoint allows users to reset their password using a temporary validation code.
This endpoint is publicly accessible and does not require authentication.
It accepts the user's login, application ID, validation code, and the new password to reset the user's password.
PUBLIClogin: A string representing the user's login.
application_id: A string representing the application ID.
code: A string representing the validation code.
new_password: A string representing the new password.
| login required | string |
| application_id required | integer <int32> |
| code required | string |
| new_password required | string |
{- "login": "string",
- "application_id": 0,
- "code": "string",
- "new_password": "string"
}{- "id": "string",
- "email": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "roles": [
- "string"
], - "created_at": "string"
}This endpoint allows users with the roles ROLE_ADMIN, ROLE_SUPER_ADMIN, or ROLE_USER to update their password.
This endpoint requires authentication.
Admin users with ROLE_ADMIN can update passwords for users with the role ROLE_USER within their applications.
Users with ROLE_USER or ROLE_SUPER_ADMIN can update their own passwords.
ROLE_ADMIN
ROLE_SUPER_ADMIN
ROLE_USER
user_id: A string representing the UUID of the user whose password is being updated.
password: A string representing the new password.
| user_id required | string |
| password required | string |
{- "user_id": "string",
- "password": "string"
}{- "id": "string",
- "email": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "roles": [
- "string"
], - "created_at": "string"
}This endpoint allows users with the ROLE_SUPER_ADMIN permission to delete any user, while all other users are only authorized to delete their own accounts.
Users with the ROLE_SUPER_ADMIN role can delete any user account.
Users with ROLE_ADMIN or ROLE_USER roles can only delete their own accounts.
The endpoint accepts the user's ID and performs the deletion operation.
ROLE_ADMIN
ROLE_SUPER_ADMIN
ROLE_USER
user_id: A string representing the UUID of the user to be deleted.| user_id required | string |
{- "code": 0,
- "message": "string"
}If 2FA is not enabled, this endpoint generates and returns a unique url to activate 2FA.
This endpoint requires authentication. It checks if 2FA is not already activated for the user and, if not, generates a unique Time-based One-Time Password (TOTP) url to activate 2FA.
ROLE_USER
ROLE_ADMIN
ROLE_SUPER_ADMIN
{- "totp_url": "string"
}This endpoint enables 2FA authentication on the user's account.
This endpoint requires authentication.
It accepts a TOTP code and a flag to activate or deactivate 2FA for the user's account.
ROLE_USER
ROLE_ADMIN
ROLE_SUPER_ADMIN
code: A string representing the TOTP code.
is_activate: A boolean indicating whether to activate or deactivate 2FA.
| is_activate required | boolean |
| code required | string |
{- "is_activate": true,
- "code": "string"
}{- "code": 0,
- "message": "string"
}Allows users with ROLE_USER or ROLE_ADMIN to create a new cluster.
The user must be authenticated and authorized to perform this action.
ROLE_ADMIN
ROLE_USER
name: A string representing the name of the cluster.
description: A Optional string providing a description of the cluster.
memberships: An array of strings representing the UUIDs of the users to be added.
| name required | string |
| description | string or null |
| memberships required | Array of strings |
{- "name": "string",
- "description": "string",
- "memberships": [
- "string"
]
}{- "id": "string",
- "name": "string",
- "description": "string",
- "created_at": "string"
}Adds a list of users as members of the specified cluster. This operation can be performed by ROLE_ADMIN on any cluster within their application, and by ROLE_USER on any cluster they have created.
ROLE_ADMIN
ROLE_USER
cluster_id: A string representing the UUID of the cluster.
memberships: An array of strings representing the UUIDs of the users to be added.
| cluster_id required | string |
| memberships required | Array of strings |
{- "memberships": [
- "string"
]
}{- "id": "string",
- "name": "string",
- "description": "string",
- "created_at": "string"
}Removes a list of users from the specified cluster. This operation can be performed by ROLE_ADMIN on any cluster within their application, and by ROLE_USER on any cluster they have created.
ROLE_ADMIN
ROLE_USER
cluster_id: A string representing the UUID of the cluster.
memberships: An array of strings representing the UUIDs of the users to be removed.
| cluster_id required | string |
| memberships required | Array of strings |
{- "memberships": [
- "string"
]
}{- "id": "string",
- "name": "string",
- "description": "string",
- "created_at": "string"
}Adds a list of Sentinels to the specified cluster. This operation can be performed by ROLE_ADMIN on any cluster within their application, and by ROLE_USER on any cluster they have created.
ROLE_ADMIN
ROLE_USER
cluster_id: A string representing the UUID of the cluster.
sentinels: An array of strings representing the UUIDs of the sentinels to be added.
| cluster_id required | string |
| sentinels required | Array of strings |
{- "sentinels": [
- "string"
]
}{- "id": "string",
- "name": "string",
- "description": "string",
- "created_at": "string"
}Removes a list of Sentinels from the specified cluster. This operation can be performed by ROLE_ADMIN on any cluster within their application, and by ROLE_USER on any cluster they have created.
ROLE_ADMIN
ROLE_USER
cluster_id: A string representing the UUID of the cluster.
sentinel_ids: An array of strings representing the UUIDs of the sentinels to be removed.
| cluster_id required | string |
| sentinels required | Array of strings |
{- "sentinels": [
- "string"
]
}{- "id": "string",
- "name": "string",
- "description": "string",
- "created_at": "string"
}Adds a list of anonymous Sentinels as members of the specified cluster. This operation can be performed by ROLE_ADMIN on any cluster within their application, and by ROLE_USER on any cluster they have created.
ROLE_ADMIN
ROLE_USER
cluster_id: A string representing the UUID of the cluster.
anonymous_sentinels: An array of strings representing the UUIDs of the anonymous sentinels to be added.
| cluster_id required | string |
| anonymous_sentinels required | Array of strings |
{- "anonymous_sentinels": [
- "string"
]
}{- "id": "string",
- "name": "string",
- "description": "string",
- "created_at": "string"
}Removes a list of anonymous Sentinels from the specified cluster. This operation can be performed by ROLE_ADMIN on any cluster within their application, and by ROLE_USER on any cluster they have created.
ROLE_ADMIN
ROLE_USER
cluster_id: A string representing the UUID of the cluster.
anonymous_sentinels: An array of strings representing the UUIDs of the anonymous sentinels to be removed.
| cluster_id required | string |
| anonymous_sentinels required | Array of strings |
{- "anonymous_sentinels": [
- "string"
]
}{- "id": "string",
- "name": "string",
- "description": "string",
- "created_at": "string"
}Deletes the specified cluster based on its unique identifier. Users with ROLE_ADMIN can delete any cluster within their application. Users with ROLE_USER can delete clusters only if they are the creators of those clusters.
ROLE_ADMIN
ROLE_USER
cluster_id: A string representing the UUID of the cluster to be deleted.| cluster_id required | string |
{- "code": 0,
- "message": "string"
}Retrieves a list of users who are members of the specified cluster. This operation can be performed by ROLE_ADMIN on any cluster within their application.
ROLE_ADMINcluster_id: A string representing the UUID of the cluster.
page: An optional integer representing the page number for pagination (default: 1)
page_size: An optional integer representing the number of items per page for pagination. (default: 10)
| cluster_id required | string |
| page | integer or null <uint> >= 0 |
| page_size | integer or null <uint> >= 0 |
{- "items": [
- {
- "id": "string",
- "email": "string",
- "firstname": "string",
- "lastname": "string",
- "login": "string",
- "roles": [
- "string"
], - "created_at": "string"
}
], - "total_items": 0,
- "page": 0,
- "page_size": 0,
- "has_next": true,
- "has_prev": true
}Allows users with ROLE_USER to create a new sentinel. The user must be authenticated and authorized to perform this action.
ROLE_USERclusters: An array of strings representing the UUIDs of the clusters to be added.| clusters required | Array of strings |
{- "clusters": [
- "string"
]
}{- "id": "string",
- "key_size": "string",
- "cipher": "string",
- "sum": "string"
}Allows users with ROLE_USER to retrieve a sentinel by its ID. The user must be authenticated and authorized to perform this action.
ROLE_USERsentinel_id: A string representing the UUID of the sentinel to be retrieved.| sentinel_id required | string |
{- "id": "string",
- "key_size": "string",
- "cipher": "string",
- "sum": "string"
}Allows users with ROLE_USER to delete a sentinel. The user must be authenticated and authorized to perform this action.
ROLE_USERsentinel_id: A string representing the UUID of the sentinel to be deleted.| sentinel_id required | string |
{- "code": 0,
- "message": "string"
}Allows users with ROLE_USER to create a new Anonymous Sentinel. The user must be authenticated and authorized to perform this action.
ROLE_USERclusters: An array of strings representing the UUIDs of the clusters to be added.| clusters required | Array of strings |
{- "clusters": [
- "string"
]
}{- "id": "string",
- "secret_key": "string",
- "sum": "string",
- "key_size": "string"
}Allows public users to create a new Anonymous Sentinel.
PUBLIC| application_id required | integer <int32> |
{- "application_id": 0
}{- "id": "string",
- "public_key": "string",
- "sum": "string",
- "key_size": "string"
}This Endpoint allow to retreive a the public key of the anonymous sentinel by its ID
PUBLICanonymous_sentinel_id: A string representing the UUID of the Anonymous sentinel to be retrieved.| anonymous_sentinel_id required | string |
{- "id": "string",
- "public_key": "string",
- "sum": "string",
- "key_size": "string"
}Allows users with ROLE_USER to retrieve a Anonymous sentinel by its ID. The user must be authenticated and authorized to perform this action.
ROLE_USERanonymous_sentinel_id: A string representing the UUID of the Anonymous sentinel to be retrieved.| anonymous_sentinel_id required | string |
{- "id": "string",
- "secret_key": "string",
- "sum": "string",
- "key_size": "string"
}Allows users with ROLE_USER to delete an Anonymous sentinel. The user must be authenticated and authorized to perform this action.
ROLE_USERanonymous_sentinel_id: A string representing the UUID of the Anonymous sentinel to be deleted.| anonymous_sentinel_id required | string |
{- "code": 0,
- "message": "string"
}Users can get the current version, name, API mode, license number, license expiration date, and license name of the Lagertha_API system.
PUBLIC{- "version": "string",
- "name": "string",
- "api_mode": "string",
- "license_number": "string",
- "license_expiration": "string",
- "license_name": "string"
}Users can get the current number of users, applications, sentinels, and anonymous sentinels in the Lagertha_API system.
ROLE_SUPER_ADMIN{- "nb_users": 0,
- "nb_applications": 0,
- "nb_sentinels": 0,
- "nb_anonymous_sentinels": 0
}