POST Codesign/AddPreApproval

Applies a Flow pre-approval for private key use. The Pre-Approval, which is defined in VCC, temporarily overrides and disables any existing approval stages that prevent private key use. Pre-Approval only disables approval stages if the Key Use Flow is configured with a CodeSign Protect Pre-Approval action.

NOTE  If you are working with real-time Flow Tickets (for example, a request that is pending approval), use the Flow API instead.

Prerequisites

Each project uses an environment template. In VCC, configure a Key Use Flow that contains a Pre-Approval action. Before calling AddPreApproval, make sure the flow is assigned to the template, For more information, see Configure Code Signing Flows.

Requirements

  • Permissions:  The caller must be a Key Use Approver.

  • Integration: In the UI, use an API integration to import a set of scopes that your application will use.

    In the UI, use an API integration

  • Token scope:  Codesign:Approve

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Dn

The Distinguished Name (DN) of the environment where the private key is accessed.

Comment

 The reason for the pre-approval.

Hours

(Optional) The number of hours the pre-approval is valid. If absent, pre-approval expires 24 hours after this API call occurs.

IPAddress

(Optional) The IP Address of the computer making the request. If present, the IP address must match the IP address found in the Pre-Approval flow. Otherwise, pre-approval will not be used.

NotBefore

(Optional) A start time in Universal Time Coordinated (UTC) ISO8601 format. Pre-approval will not be valid until this time. For example, 2021-12-31T00:52:50.5387438.

SigningExecutable

 (Optional) The full path of the application signing executable, as presented by the client (if provided, MUST match, or pre-approval will not be used). Use appropriate syntax. For example, in Postman delineate folders with double backslashes (\\).

SingleUse

(Optional) The number of allotted signings for this approver. If absent, pre-approval is valid until the pre-approval expires.

  • true: Used only once.
  • false: Multiple uses until the pre-approval expires.

User

The project Key User who will make the signing request.

  • A PrefixedName. For example, local:sample-cs-user.

    -OR-

  • A PrefixedUniversal of a person, not a group. To get the value, call POST Identity/Browse. For example, User: local:{064cbe34-b46e-48c9-b65b-ea8dcda167d4}.

Returns

Response description

Name

Description

HTTP 200

For valid requests, this call returns a HTTP 200 message and the following data in the message body:

  • Error: Appears only when Success is false. An error message that accompanies the Result. Check your payload input values.

  • Result: The Result code of this API call. For more information, see Sign Result Codes.

  • Success: The result of this API call: A value of false indicates the request failed due to an Error. Otherwise, true.

HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • error: The reason for the error.
  • error_description: If available, additional information about how to retry the request.

Example: Expedite Flow approval

Request

POST https://codesign.venafi.example/vedsdk/Codesign/AddPreApproval
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Dn":"\\VED\\Code Signing\\Projects\\Sample\\Development Environment",
   "User": "local:sample-cs-user",
   "SingleUse":true,
   "SigningExecutable":"c:\\Program Files (x86)\\Windows Kits\\10\\bin\\10.0.17763.0\\x64 signtool.exe",
   "IPAddress":"9.5.45.11",
   "Comment":"Override this Flow and approve signing for Product A."
}

Response

HTTP/1.1 200 OK
{
   "Success": true
}