Creating An Approver
In this article, we provide a comprehensive guide on using the Rest-API Approver Management API to create approvers and prepare for a successful user onboarding with the Securosys Authorization App on your mobile device.
Create Approver-Key
The Approver Manager initiates the creation of approver-key(s)
using the Rest-API by following the steps below (either swagger or by CURL).
Currently, there is no user interface available for creating or managing Approver Keys. For now, please use CURL or Swagger for these tasks.
POST: /v1/approverManagement/create
- Swagger
- CURL
{
"approverName": "finance-officer@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}
Parameter Description
Parameter | Description |
---|---|
approverName | The email address of the Approver, e.g., officer1@securosys.com . |
algorithm | The key algorithm to be used by the Approver. Supported algorithms: RSA. |
keySize | The size of the Approver's key. Supported sizes: 2048, 3072, 4096 bits. |
backupPassword | The password for the P12 container, used during registration and restoration processes. This password must be sent to the Approver (Mobile Application User) and should be kept securely. It is required if the Mobile User needs to re-register the Approver (e.g., due to a phone change or loss). |
validity | The validity period of the Approver's certificate, in days. Certificates are generated on the fly. For example, 3650 days equals 10 years. |
Response: Response is a oneTimeCode
to be sent to the approver to fetch the approver-key
{
"oneTimeCode": "410447"
}
curl -X PUT -H "Content-Type: application/json" \
https://tsb-demo.cloudshsm.com/v1/approverManagement/create -d \
'{
"approverName": "officer1@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}'
Parameter Description
Parameter | Description |
---|---|
approverName | The email address of the Approver, e.g., officer1@securosys.com . |
algorithm | The key algorithm to be used by the Approver. Supported algorithms: RSA. |
keySize | The size of the Approver's key. Supported sizes: 2048, 3072, 4096 bits. |
backupPassword | The password for the P12 container, used during registration and restoration processes. This password must be sent to the Approver (Mobile Application User) and should be kept securely. It is required if the Mobile User needs to re-register the Approver (e.g., due to a phone change or loss). |
validity | The validity period of the Approver's certificate, in days. Certificates are generated on the fly. For example, 3650 days equals 10 years. |
Response: Response is a oneTimeCode
to be sent to the approver to fetch the approver-key
{
"oneTimeCode": "410447"
}
In case of using API-KEY's add the following header to the CURL-Command: -H "X-API-KEY: tsb-x-token_07...
"
To register a user within the Securosys Authorization App, the following details must be sent to the Approver:
oneTimeCode
,backupPassword
,REST API URL
, andapproverName
The oneTimeCode
can only be used once. If re-registration is required, follow this guide Restore Approver.
Whats next?
- Register Approver on the Securosys Authorization App
- Verify Onboarding Status
- Create a Policy based Key that specifies which approvers need to sign off on operations using this key.