POST Codesign/AddPreApproval
Applies a Flow pre-approval for private key use. The Pre-Approval, which is defined in VCC, temporarily overrides and disables any existing approval stages that prevent private key use. Pre-Approval only disables approval stages if the Key Use Flow is configured with a CodeSign Protect Pre-Approval action.
NOTE If you are working with real-time Flow Tickets (for example, a request that is pending approval), use the Flow API instead.
Prerequisites
Each project uses an environment template. In VCC, configure a Key Use Flow that contains a Pre-Approval action. Before calling AddPreApproval, make sure the flow is assigned to the template, For more information, see
Requirements
- Permissions: The caller must be a Key Use Approver.
-
Integration: In the UI, use an API integration to import a set of scopes that your application will use.
- Token scope: Codesign:Approve
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Dn |
The Distinguished Name (DN) of the environment where the private key is accessed. |
Comment |
The reason for the pre-approval. |
Hours |
(Optional) The number of hours the pre-approval is valid. If absent, pre-approval expires 24 hours after this API call occurs. |
IPAddress |
(Optional) The IP Address of the computer making the request. If present, the IP address must match the IP address found in the Pre-Approval flow. Otherwise, pre-approval will not be used. |
NotBefore |
(Optional) A start time in Universal Time Coordinated (UTC) ISO8601 format. Pre-approval will not be valid until this time. For example, 2021-12-31T00:52:50.5387438. |
SigningExecutable |
(Optional) The full path of the application signing executable, as presented by the client (if provided, MUST match, or pre-approval will not be used). Use appropriate syntax. For example, in Postman delineate folders with double backslashes (\\). |
SingleUse |
(Optional) The number of allotted signings for this approver. If absent, pre-approval is valid until the pre-approval expires.
|
User |
The project Key User who will make the signing request.
|
Returns
Name |
Description |
---|---|
HTTP 200 |
For valid requests, this call returns a HTTP 200 message and the following data in the message body:
|
HTTP 400 |
For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:
|
Example: Expedite Flow approval
Request
POST https://codesign.venafi.example/vedsdk/Codesign/AddPreApproval Authorization:Bearer 4MyGeneratedBearerTknz== { "Dn":"\\VED\\Code Signing\\Projects\\Sample\\Development Environment", "User": "local:sample-cs-user", "SingleUse":true, "SigningExecutable":"c:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.17763.0\\x64 signtool.exe", "IPAddress":"9.5.45.11", "Comment":"Override this Flow and approve signing for Product A." }
Response
HTTP/1.1 200 OK { "Success": true }