POST X509CertificateStore/Lookup
Returns certificates from the certificate store, which is also known as the certificate vault.
Requirements
- Permissions:
The caller must have the following permissions:
- If the search is by Owner object, the caller must have Read permission to the OwnerDN.
- If the search is by Name, the caller must have Read permission to any object that owns a vault entry with a matching association name.
- If the search is by CertificateString, the caller must have Read permission to any object that owns the vault entry for the raw certificate.
- Token scope: Restricted
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Specify either CertificateString, or OwnerDN, or a Name with a corresponding Value.
Name |
Description |
---|---|
CertificateString (Optional) |
A raw Base64-encoded certificate. |
Name (Optional) |
An association name; required when Value is specified. |
Also known as the Owner object. |
Also known as the Owner object. The Distinguished Name (DN) of any object that owns a certificate vault entry. For example, Certificate objects or Discovery objects. |
Value (Optional) |
An association value; required when Name is specified. |
Returns
Name |
Description |
---|---|
VaultId |
If the look up is by CertificateString, the vault ID. |
VaultIds |
If the look up is by OwnerDN, the list of vault IDs. |
CertificateCollection |
The list of Base64-encoded certificates matching Name and Value. |
Result |
A number indicating indicating success 0 or failure. Because this API is a wrapper for SecretStore, see SecretStore result codes. |
Example: Find Vault IDs for a policy folder(Owner Id)
Request for Example 1
POST https://tpp.venafi.example/vedsdk/X509CertificateStore/Lookup Authorization:Bearer 4MyGeneratedBearerTknz== { "OwnerDN":"\\VED\\Policy\\folder\\TestCert" }
Response for Example 1
HTTP/1.1 200 OK { "Result":0, "VaultIds":[ 683, 684 ] }
Example: Lookup by Association Value
Request for Example 2
POST https://tpp.venafi.example/vedsdk/X509CertificateStore/Lookup Authorization:Bearer 4MyGeneratedBearerTknz== { "Name":"Serial", "Value":"00ABCDEF0022" }
Response for Example 2
HTTP/1.1 200 OK { "CertificateCollectionStrings":[ "MIIBcDCC..." ], "Result":0 }
Example: Look up by certificate
Request for Example 3
POST https://tpp.venafi.example/vedsdk/X509CertificateStore/Lookup Authorization:Bearer 4MyGeneratedBearerTknz== { "CertificateString":"MIIBcDCC..." }
Response for Example 3
HTTP/1.1 200 OK { "Result":0, "VaultId":683 }