Cryptokeys¶

Allows for modifying DNSSEC key material via the API.

Endpoints¶

GET /servers/{server_id}/zones/{zone_id}/cryptokeys¶

Get all CryptoKeys for a zone, except the privatekey

Parameters:¶

• server_id (string) – The id of the server to retrieve

• zone_id (string) – The id of the zone to retrieve

Example request:

GET /servers/{server_id}/zones/{zone_id}/cryptokeys HTTP/1.1
Host: example.com

Status Codes:¶

• 200 OK –

  List of Cryptokey objects

  Example response:

  HTTP/1.1 200 OK
  Content-Type: application/json
  
  [
      {
          "type": "string",
          "id": 1,
          "keytype": "ksk",
          "active": true,
          "published": true,
          "dnskey": "string",
          "ds": [
              "string"
          ],
          "cds": [
              "string"
          ],
          "privatekey": "string",
          "algorithm": "string",
          "bits": 1
      }
  ]
  

• default –

  The input to the operation was not valid

  Example response:

  HTTP/1.1 default -
  Content-Type: application/json
  
  {
      "error": "string",
      "errors": [
          "string"
      ]
  }
  

POST /servers/{server_id}/zones/{zone_id}/cryptokeys¶

Creates a Cryptokey

This method adds a new key to a zone. The key can either be generated or imported by supplying the content parameter. if content, bits and algo are null, a key will be generated based on the default-ksk-algorithm and default-ksk-size settings for a KSK and the default-zsk-algorithm and default-zsk-size options for a ZSK.

Parameters:¶

• server_id (string) – The id of the server to retrieve

• zone_id (string) – The id of the zone to retrieve

Example request:

POST /servers/{server_id}/zones/{zone_id}/cryptokeys HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "type": "string",
    "id": 1,
    "keytype": "ksk",
    "active": true,
    "published": true,
    "dnskey": "string",
    "ds": [
        "string"
    ],
    "cds": [
        "string"
    ],
    "privatekey": "string",
    "algorithm": "string",
    "bits": 1
}

Status Codes:¶

• 201 Created –

  Created

  Example response:

  HTTP/1.1 201 Created
  Content-Type: application/json
  
  {
      "type": "string",
      "id": 1,
      "keytype": "ksk",
      "active": true,
      "published": true,
      "dnskey": "string",
      "ds": [
          "string"
      ],
      "cds": [
          "string"
      ],
      "privatekey": "string",
      "algorithm": "string",
      "bits": 1
  }
  

• default –

  The input to the operation was not valid

  Example response:

  HTTP/1.1 default -
  Content-Type: application/json
  
  {
      "error": "string",
      "errors": [
          "string"
      ]
  }
  

GET /servers/{server_id}/zones/{zone_id}/cryptokeys/{cryptokey_id}¶

Returns all data about the CryptoKey, including the privatekey.

Parameters:¶

• server_id (string) – The id of the server to retrieve

• zone_id (string) – The id of the zone to retrieve

• cryptokey_id (string) – The id value of the CryptoKey

Example request:

GET /servers/{server_id}/zones/{zone_id}/cryptokeys/{cryptokey_id} HTTP/1.1
Host: example.com

Status Codes:¶

• 200 OK –

  Cryptokey

  Example response:

  HTTP/1.1 200 OK
  Content-Type: application/json
  
  {
      "type": "string",
      "id": 1,
      "keytype": "ksk",
      "active": true,
      "published": true,
      "dnskey": "string",
      "ds": [
          "string"
      ],
      "cds": [
          "string"
      ],
      "privatekey": "string",
      "algorithm": "string",
      "bits": 1
  }
  

• default –

  The input to the operation was not valid

  Example response:

  HTTP/1.1 default -
  Content-Type: application/json
  
  {
      "error": "string",
      "errors": [
          "string"
      ]
  }
  

PUT /servers/{server_id}/zones/{zone_id}/cryptokeys/{cryptokey_id}¶

This method (de)activates a key from zone_name specified by cryptokey_id

Parameters:¶

• server_id (string) – The id of the server to retrieve

• zone_id (string) – The id of the zone to retrieve

• cryptokey_id (string) – The id value of the CryptoKey

Status Codes:¶

• 204 No Content – OK

• default –

  The input to the operation was not valid

  Example response:

  HTTP/1.1 default -
  Content-Type: application/json
  
  {
      "error": "string",
      "errors": [
          "string"
      ]
  }
  

DELETE /servers/{server_id}/zones/{zone_id}/cryptokeys/{cryptokey_id}¶

This method deletes a key specified by cryptokey_id.

Parameters:¶

• server_id (string) – The id of the server to retrieve

• zone_id (string) – The id of the zone to retrieve

• cryptokey_id (string) – The id value of the CryptoKey

Status Codes:¶

• 204 No Content – OK

• default –

  The input to the operation was not valid

  Example response:

  HTTP/1.1 default -
  Content-Type: application/json
  
  {
      "error": "string",
      "errors": [
          "string"
      ]
  }
  

Objects¶

json Cryptokey : object¶

Cryptokey

Describes a DNSSEC cryptographic key

Optional members:¶

active : boolean¶

Whether or not the key is in active use

algorithm : string¶

The name of the algorithm of the key, should be a mnemonic

bits : integer¶

The size of the key

cds : array of string¶

An array of DS records for this key, filtered by CDS publication settings

dnskey : string¶

The DNSKEY record for this key

ds : array of string¶

An array of DS records for this key

id : integer¶

The internal identifier, read only

keytype : "ksk" | "zsk" | "csk"¶

privatekey : string¶

The private key in ISC format

published : boolean¶

Whether or not the DNSKEY record is published in the zone

type : string¶

set to “Cryptokey”