Method: User Certificates

Manages X.509 certificates associated with user accounts. A certificate registered here allows the user to authenticate using a smartcard (see Method: Get Smartcard User and Method: Login to StoredSafe). Each user can hold one certificate at a time.

Retrieving and deleting certificates requires admin privileges, except when retrieving your own certificate.

Get Certificate

Description

Returns the parsed X.509 certificate registered on a user. Admins may fetch any user’s certificate by supplying a user-id; non-admins always get their own certificate regardless of any supplied ID.

URL Syntax

/api/{version}/usercert

/api/{version}/usercert/:user-id

HTTP Method

GET

Successful HTTP Response

200

Parameters

Parameter name

Description

Parameter type

Type

Mandatory

Comment

X-Http-Token

StoredSafe token

HTTP Header

String

Yes

user-id

Target user ID

URL-parameter

Integer

No

Admin only; own ID if omitted

Response Attributes

Attribute

Description

Type

CALLINFO.status

SUCCESS or FAIL

String

CALLINFO.token

StoredSafe token to be used in subsequent calls

String

CALLINFO.handler

Handler used

String

CALLINFO.errors

Number of errors

Integer

CALLINFO.errorcodes

Number of error codes

Integer

CALLINFO.certificate

Parsed certificate fields

Object

Example

Request

GET /api/1.0/usercert/42
X-Http-Token: your_storedsafe_token

Response

HTTP/2 200
Content-Type: application/json
{
    "CALLINFO": {
        "errorcodes": 0,
        "errors": 0,
        "general": [],
        "handler": "UserCertHandler",
        "status": "SUCCESS",
        "token": "rotated_storedsafe_token",
        "certificate": {
            "subject": {
                "CN": "Alice Example",
                "O":  "Example AB",
                "C":  "SE"
            },
            "validFrom": "2024-01-01T00:00:00Z",
            "validTo":   "2026-01-01T00:00:00Z"
        }
    },
    "DATA": { ... },
    "HEADERS": { ... },
    "PARAMS": []
}

Add Certificate

Description

Registers an X.509 user certificate on a user account, enabling smartcard authentication for that user. Requires admin privileges. The certificate must be a PEM-encoded user certificate uploaded as a multipart file.

The certificate must not already be registered to another user account.

URL Syntax

/api/{version}/usercert/:user-id

HTTP Method

POST

Successful HTTP Response

200

Parameters

Parameter name

Description

Parameter type

Type

Mandatory

X-Http-Token

StoredSafe token

HTTP Header

String

Yes

user-id

Target user ID

URL-parameter

Integer

Yes

(file)

PEM-encoded X.509 user certificate (.cer)

multipart/form

File

Yes

Response Attributes

Attribute

Description

Type

CALLINFO.status

SUCCESS or FAIL

String

CALLINFO.token

StoredSafe token to be used in subsequent calls

String

CALLINFO.handler

Handler used

String

CALLINFO.errors

Number of errors

Integer

CALLINFO.errorcodes

Number of error codes

Integer

Example

Request

POST /api/1.0/usercert/42
X-Http-Token: your_storedsafe_token
Content-Type: multipart/form-data; boundary=Boundary123

--Boundary123
Content-Disposition: form-data; name="file"; filename="alice.cer"
Content-Type: application/x-x509-user-cert

(PEM certificate data)
--Boundary123--

Response

HTTP/2 200
Content-Type: application/json
{
    "CALLINFO": {
        "errorcodes": 0,
        "errors": 0,
        "general": [],
        "handler": "UserCertHandler",
        "status": "SUCCESS",
        "token": "rotated_storedsafe_token"
    },
    "DATA": { ... },
    "HEADERS": { ... },
    "PARAMS": []
}

Remove Certificate

Description

Removes the X.509 certificate registered on a user account, disabling smartcard authentication for that user. Requires admin privileges.

URL Syntax

/api/{version}/usercert/:user-id

HTTP Method

DELETE

Successful HTTP Response

200

Parameters

Parameter name

Description

Parameter type

Type

Mandatory

X-Http-Token

StoredSafe token

HTTP Header

String

Yes

user-id

Target user ID

URL-parameter

Integer

Yes

Example

Request

DELETE /api/1.0/usercert/42
X-Http-Token: your_storedsafe_token

Response

HTTP/2 200
Content-Type: application/json
{
    "CALLINFO": {
        "errorcodes": 0,
        "errors": 0,
        "general": [],
        "handler": "UserCertHandler",
        "status": "SUCCESS",
        "token": "rotated_storedsafe_token"
    },
    "DATA": { ... },
    "HEADERS": { ... },
    "PARAMS": []
}