POST RecycleBin/Restore

Restores a Recycle Bin Item based on the object Type and parent.

How items are restored

Item

How is it restored?
Config object

If the original parent object still exists (even if renamed or moved), the object will be placed under this parent.

If the original parent was deleted but a new object with the same name has since been created, the object will be placed under this new object. The location the object will be restored to RestorationDN from POST RecycleBin/GetContents.
Owner or Vault Entry

If the original owner object still exists (even if renamed or moved), the vault entry or entries will be owned by that object.

The original owner object was deleted but a new object with the same name has since been created, the vault entry or entries will be owned by this new object. After restoration, the owner is the RestorationDN from POST RecycleBin/GetContents.

If the Item appears in the result of POST RecycleBin/GetContents, you can recover it based on the Recycle Bin restore state. You can restore Config objects, associated child objects, SecretStore Vault owners, and SecretStore Vault entries. For example:

  • Policy settings, certificates, and provision settings such as credentials, and Application objects.

  • Logging channels and notifications.

  • SecretStore Vault owner and entry information.

  • Devices.

    WARNING!  Any SSH keys that are associated with the device are not currently recoverable. Deletion of a device removes all SSH keys from SSH Protect's inventory, but this does not deprovision the keys from the device. So the keys will still be able to connect to that device. For additional information see How SSH Protect uses the recycle bin.

  • SSH certificate issuance templates.

  • SSH certificate issuance flows.

  • Adaptable actions for SSH certificate issuance flows.

  • SSH CA keypairs.

TIP  Remember that the Recycle Bin retains deleted items until the PurgeOn or VCC Purge After date.

Any object that already has a new object with the same Distinguished Name (DN). For example, if you delete a folder, and then create another by the same name, the contents cannot recover. As a work around, you can rename the new folder and then retry.

Items that are not be recoverable:

  • Agent/Client Registrations within the Client Subsystem.

  • API Integration registrations within the OAuth Subsystem.

  • Preference changes or deletions.

  • Attributes on specific objects (Recycle Bin covers deletion of the object itself, not the deletion or changing of configuration options on the object).

  • Permission assignment, Workflow ticket, or Flow ticket deletions.

  • Device information. Any SSH Keysets, key instances, and trust information that is not stored in the Recycle Bin is deleted immediately.

  • SSH keys. SSH Protect documentation provides details on how the recycle bin treats SSH assets.

    NOTE  Deletion of SSH keys from the inventory does two things: First it removes the keyset from SSH Protect's inventory, and second it deprovisions the keys on the connected devices. This means the public key is removed from the authorized_keys file on all connected devices. The keyset will no longer be able to connect to that device.

Requirements

  • Permissions: The caller must have Master Admin permission
  • Token scope:  Admin:RecycleBin

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Guid

The GUID of the Recycle Bin Item to delete. Use the Guid format from POST RecycleBin/GetContents. For example, 3d6b61d-1c71-4603-883f-25b8c2ceecdd.

Returns

Response description

Name

Description

HTTP 200

For valid requests, this API call returns Result: 0.
HTTP 400

For invalid requests, this call returns HTTP 400 Bad Request and the following data in the message body:

  • error: The reason for the error.

  • error_description: If available, additional information about how to retry the request.

Example: Restore a previously deleted item and its children from the Recycle Bin

TIP  Remember that you cannot re-use the Recycle Bin Item Guid. After a successful restore of a Config object, always refresh the UI. The restored items and any children appear in the original location, for example the Policy tree.

Request

POST https://tpp.venafi.example/vedsdk/RecycleBin/Restore
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Guid": "1f03ccf4-0c1c-4391-b6da-925597e46846"
}

Response

HTTP/1.1 200 OK
{
   "Result": 0
}