POST /api/apps/versions/{AppVersionID}/keyinfo

Adds an app's public key or certificate (for runtime security).

Workflow: This operation checks whether the resource is governed by a workflow, and if so whether the action is valid based on the current state of the resource. If the action is not valid, the operation will fail.

Authorization Roles/Permissions: Must be logged in. App team member, Business Admin

This topic includes the following sections:

HTTP Method

POST

URL

https://{hostname}/api/apps/versions/{AppVersionID}/keyinfo

Sample Request

The example below shows a call to this operation.

Sample request URL

https://{hostname}/api/apps/versions/9vQtwz5cVjB4Lb0tW7YDoRGm.acmepaymentscorp/keyinfo?wrapInHTML=true

Sample request headers

POST http://{hostname}/api/apps/versions/9vQtwz5cVjB4Lb0tW7YDoRGm.acmepaymentscorp/keyinfo?wrapInHTML=true HTTP/1.1
Host: {hostname}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...
Cookie: AtmoAuthToken_acmepaymentscorp=TokenID%3Db1f87d98-a01e-11e4-a4c8-c152b79a9472%2Cclaimed_id
%3Durn%3Aacmepaymentscorp%3Auser%3Aacmepaymentscorp%3A7222fcd1-fe4b-4b80-ad25-ec86981c7962%2C
issueTime%3D1421701444022%2CexpirationTime%3D1421703244005%2CAttributesIncluded%3Dfalse%2C
UserFDN%3D7222fcd1-fe4b-4b80-ad25-ec86981c7962%252Eacmepaymentscorp%2CUserName%3D
adminacmepaymentscorp%2Csig%3DNE567Vbh1ZdIE1Yx6HlnQF9zFwy2-xKqq-EquYiugI-k2_jzUR9rvV0x
kyLDg8_CBL68dAqCfq1VXSghLjvFV2nreg4WLlR-mhBrOa209ZT7pgryPCTg-wlEL3e_zq-9lsoGxPPRSyCvRXqwz
urhLLM_9GWokQoZUYsXrTP6Jx8; Csrf-Token_acmepaymentscorp=TokenID%3Db1f87d98-a01e-11e4-a4c8-c
152b79a9472%2CexpirationTime%3D1421703244028%2CUserFDN%3D7222fcd1-fe4b-4b80-ad25-ec86981c79
62%252Eacmepaymentscorp%2Csig%3DIid5J_crulvfYk5hHYGUt6fCbZvpp4nACDBA7JIqIMGbDZXaaItzW87rrPx
PBazCQ-N8BacJcrEsib8bWmeGNZPqWgtXiFtRZcHBakb5zyFwLuSCE9RQK5lu8mg2iFfRH9Cm_ER
MqGUW2q28agiMT36tJWZ6SN9F8-JG6tRnYjA
Content-Type: multipart/form-data; boundary=---------------------------138372179114855
-----------------------------138372179114855
Content-Disposition: form-data; name="Certificate"; filename="cert.csr"
Content-Type: application/txt
-----BEGIN CERTIFICATE REQUEST-----
MIIClzCCAX8CAQAwVDEPMA0GA1UEAxMGUmFtZXNoMQwwCgYDVQQLEwNQRE8xDDAKBgNVBAoTA1NP
QTELMAkGA1UEBxMCTEExCzAJBgNVBAgTAkNBMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAIheb0Q2+PkfDwnxtdR+FLgMcNNRGuAy5pp8ku4VPpEt95//jJ+BRc52
zHc++FfSlDHOvn/N++1ZA+KM7PdpnJPYCu8ZDIkT2WVB+0CmuIRw9uToBdctLjpvBe1NLC/io7FD
UADSzXRu2/Iqv8Idj9UQSObrBiYPY5KIFtPA7M4b54M35YV6BHWg+eZ+vLEeSGpbsuA8TlbFKJF4
rrQApTPtcJkju7EMeBdkvRr7uKHSfSYCHQXPT8cYr6pVzq+dh38f960deS0QyHag3/d09fy7Ahmj
Re8ieWufYW6b9LsJut9hW9EmfM38sTcq2jFWvHUstl2qq4QcxG/X9SVJnPUCAwEAATANBgkqhkiG
9w0BAQUFAAOCAQEAcxkJWbv06sKseT5XSBrDCP2KiCdTv2BIgsZzGs0A56DmDj6Jbw3zfS/sgrO3
uN2nIp5zfiy9TzyAIN8Gs7DRKVBPptPARRXaSk6RhbrrjLg+erpFuNzHUmc9HAeXu6/MbnFDpLcr
lhRgJ495OhI+hEVGjCqcObSD2NqSTs4q8FtkVOegpEIHLJSgoZfBKAq8eo4DUTvr9oSpcHxg1ExA
xYAm6hfXZX9ucHM8X8U69H1LZm491mcp1svinseSlkh/q2Y1aHCyMYjWajHvbZbF5pw8zgFCespp
7a9BMDlEtvG2btQgd6sRv3rSWVEzXeMoJPFx/QKJGDyRc1luekrroA==
-----END CERTIFICATE REQUEST-----
-----------------------------138372179114855
Content-Disposition: form-data; name="Comments"
testing
-----------------------------138372179114855
Content-Disposition: form-data; name="X-Csrf-Token_acmepaymentscorp"
TokenID%3Db1f87d98-a01e-11e4-a4c8-c152b79a9472%2CexpirationTime%3D1421703244
028%2CUserFDN%3D7222fcd1-fe4b-4b80-ad25-ec86981c7962%252Eacmepaymentscorp
%2Csig%3DIid5J_crulvfYk5hHYGUt6fCbZvpp4nACDBA7JIqIMGbDZXaaItzW87rrPxPBaz
CQ-N8BacJcrEsib8bWmeGNZPqWgtXiFtRZcHBakb5zyFwLuSCE9RQK5lu8mg2iFfRH9
Cm_ERMqGUW2q28agiMT36tJWZ6SN9F8-JG6tRnYjA
-----------------------------138372179114855--

Sample request body

The request body is the certificate signing request (CSR) or certificate which is uploaded. View an example.

For more information about running operations that use the multipart/form-data Content-Type header for file upload, see Managing Multipart/Form-Data Uploads.

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	text/plain
Content-Type	multipart/form-data
Cookie	AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies.
X-Csrf-Token_{fedmemberID}	The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Request Parameters

Parameter	Parm Type	Data Type	Required	Description
AppVersionID	Path	string	Required	The unique ID for a specific app version.
InMultiPart	Body	multipart	Required	The CSR or CER. For more information, see Managing Multipart/Form-Data Uploads.

Note: For information about the wrapInHTML parameter shown in the sample request above, see File Upload with Ajax. This is only used if you are running the API in a browser context.

Response

If successful, this operation returns HTTP status code 200, with the AppVersionID as confirmation that the operation completed successfully. The response is wrapped in HTML.

Sample Response

The sample response below shows that this operation completed successfully.

Sample response headers

HTTP/1.1 200 OK
Content-Type: text/html
Expires: Mon, 05 Jan 2015 10:56:17 GMT

Sample response body

<!DOCTYPE html><html lang="en" status="200" statusText="success"><head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type"><meta content="IE=edge" http-equiv="X-UA-Compatible">
<meta name="description" content="Lorem ipsum dolor sit amet, consectetur adipiscing elit. Mauris lacus elit, ornare eget luctus vel, 
porta id elit. Maecenas molestie, libero sit amet blandit faucibus, orci nisi aliquet nisi, id mollis mauris ipsum a enim. Morbi lacus velit, 
placerat sit amet luctus eget, pulvinar a massa. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Morbi eleifend tincidunt pellentesque. 
Cras eu sapien massa, vitae rutrum sapien. Aenean id condimentum sem. Suspendisse tempor luctus ipsum, vel metus.">
</head>
<body status="200" statusText="success">24kAuJa8ie9vsJNUdopeG61X.acmepaymentscorp</body></html>

Note: for information about the HTML wrapper shown in the sample response above, see File Upload with Ajax.

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	text/plain

Response Body

Name	Type	Description
Response	AppVersionID	The unique ID for a specific app version.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item	Value
401	Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
500	An error occurred processing the call. For example, you would get this response if you attempted to send a file that wasn't a valid CSR file.

More information about Akana API Platform API error messages.

Related Topics