POST Codesign/ExportSignArchive

Exports code signing archive entries and returns them in CSV format after input filters get applied. To retrieve an unfiltered list of archive entries, use GET Codesign/ExportSignArchive.

Requirements

Permissions: The caller must be a Master Admin, System Auditor, Code Signing Administrator, or Code Signing Auditor.
Token scope: Codesign:Manage

Headers

Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Name

Description

ArchiveFilter

The following keys can be passed in the ArchiveFilter object. Results must match all of the values passed. See the example section below for complete syntax.

The percent character % can be used as a wildcard in any string. It must be added at the beginning and end of the filtering string (for partial match), for example "ApplicationHash": "AD63AF5%".

Key name	Description and request example
ApplicationHash String	The hash of the application used to sign.
ArchiveEntryId Integer	Table number for the archive. Passing this value will return a specific event.
Artifact String	The hash or token of the binary. This hash is what was signed during the code signing operation.
AuthenticatedUserName String	The user ID of the user that signed.
AuthenticatedUser String	The prefixed universal UUID of the user that signed. Use POST Identity/Browse to look up the prefixed universal for an identity.
ClientInterface Integer	The signing client interface used to sign. The following integers are valid: 0: Unknown interface 1: PKCS11Config Interface 2: CSPConfig Interface 3: GPGConfig Interface 4: TKDriverConfig Interface 5: VenaifiSCD Interface 6: Venafi Code Signing Token Driver Interface
ClientLibraryLocation String	Client library location in the file system.
ClientLibraryName String	The client library used to sign.
ClientLibraryVersion String	The version of the library used to sign.
ClientMechanism Integer	The mechanism used before hashing the data to send for signing.
Command String	The command that was used to sign, if the command was sent during signing.
EnvironementId Integer	ID of the environment object.
EnvironementIds Array of integers	Array of environment objects IDs.
EnvironmentDNs Array of strings	List of DNs for multiple Code Signing Environments.
EnvironmentDN String	DN of the Code Signing Environment.
EventType String	The type of the event in the signing archive. Request example: `"EventType":"SigningSuccessful"`
EventTypeId Integer	Log event ID in hex format.
ExecutableLocation Srting	File system location of the executable used to sign.
Executable String	Name of the executable that was used to sign.
FlowDN String	DN of the Flow used.
FlowId Integer	ID of the Flow object.
FreeTextFilter String	Free text filter for filtering using multiple fields.
Grouping Integer	A numerical representation of the thumbprint of the Request Identifier Fields used on the signing request. A value of `0` will be shown if the process didn't complete its Flow or failed another constraint gate (such as IP address restrictions or time constraints).
IPAddress String	IP address of the system used to sign.
IsSigningArchiveSettingsChange Boolean	Filter for signing archive settings changes (for example, enable/disable archive events).
IsSigningFailure Boolean	Filter for all statuses that are considered signing failures.
IsSigningSystemError Boolean	Filter for all status errors that are not considered user violations.
IsSigningViolation Boolean	Filter for all status errors that are considered user violations.
KeyType String	Key type used to sign.
KeyVaultId Integer	SecretStore Vault ID of the signing private key. Request example: `"KeyVaultId": 91275` Obtaining the Vault ID There are two ways to obtain the Vault ID: API call Use POST Config/Read Example request: { "ObjectDN": "\\VED\\Policy\\Code Signing\\Certificates\\Apple RSA2048 Certificate", "AttributeName":"Private Key Vault Id" } Example response: { "Result": 1, "Values": [ "91275" ] } Web Console In Policy Tree, navigate to your signing certificate or key. Click the Support tab.
Machine String	Name of the system used to sign.
Mechanism Integer	The Mechanism ID that represents the encryption algorithm for the signing operation.
Platform String	Operating system of the machined used to sign.
ProjectDNs Array of strings	List of DNs for multiple Code Signing Projects.
ProjectDN String	DN of the Code Signing Project.
ProjectId Integer	ID of the project object.
ProjectIds Array of integers	Array of project object IDs.
RemoteAccount String	Account of the user executing the signing command on the signing workstation.
TimestampAfter String	All entries with a timestamp prior to the provided timestamp will be excluded from the response.
TimestampBefore String	All entries with a timestamp earlier than the provided timestamp will be excluded from the response.

PageSize

(Required) Integer specifying the number of results to be included in each page of the response. If no value is passed, the request will succeed, but no archive entries will be returned.

Page

The page to return. Default is 1.

Returns

For value requests, POST ExportSignArchive returns the matching archive entries in CSV format.

Example

Request archive entries that used signtool.exe from IP 192.168.5.128

POST /vedsdk/codesign/ExportSignArchive HTTP/1.1
Host: tpp.server.url
Content-Type: application/json
Authorization: ••••••
Content-Length: 143

{
  "PageSize": 100,
  "Page": 1,
  "ArchiveFilter": {
    "Executable": "signtool.exe",
    "IPAddress": "192.168.5.128"
    }
}

Request archive entries that used the "Production" environment from the "Sample" project.

POST /vedsdk/codesign/ExportSignArchive HTTP/1.1
Host: 192.168.1.230
Content-Type: application/json
Authorization: ••••••
Content-Length: 157

{
  "PageSize": 100,
  "Page": 1,
  "ArchiveFilter": {
    "EnvironmentDN":"\\VED\\Code Signing\\Projects\\Sample\\Prod",
    "ProjectDN": "\\VED\\Code Signing\\Projects\\Sample"
    }
}