Skip to main content

Creating An Approver

In this article, we provide a comprehensive guide on using the Rest-API Approver Management API to create approvers and prepare for a successful user onboarding with the Securosys Authorization App on your mobile device.

Create Approver-Key

The Approver Manager initiates the creation of approver-key(s) using the Rest-API by following the steps below (either swagger or by CURL).

GUI

Currently, there is no user interface available for creating or managing Approver Keys. For now, please use CURL or Swagger for these tasks.

POST: /v1/approverManagement/create

curl -X PUT  -H "Content-Type: application/json" \
https://tsb-demo.cloudshsm.com/v1/approverManagement/create -d \
'{
"approverName": "officer1@securosys.com",
"algorithm": "RSA",
"keySize": 2048,
"backupPassword": "6se1Qbsi3bJshe",
"validity": 3650
}'
Parameter Description
ParameterDescription
approverNameThe email address of the Approver, e.g., officer1@securosys.com.
algorithmThe key algorithm to be used by the Approver. Supported algorithms: RSA.
keySizeThe size of the Approver's key. Supported sizes: 2048, 3072, 4096 bits.
backupPasswordThe password for the P12 container, used during registration and restoration processes. This password must be sent to the Approver (Mobile Application User) and should be kept securely. It is required if the Mobile User needs to re-register the Approver (e.g., due to a phone change or loss).
validityThe validity period of the Approver's certificate, in days. Certificates are generated on the fly. For example, 3650 days equals 10 years.

Response: Response is a oneTimeCode to be sent to the approver to fetch the approver-key

{
"oneTimeCode": "410447"
}
API-KEY

In case of using API-KEY's add the following header to the CURL-Command: -H "X-API-KEY: tsb-x-token_07..."

To register a user within the Securosys Authorization App, the following details must be sent to the Approver:

  • oneTimeCode,
  • backupPassword,
  • REST API URL, and
  • approverName
One-Time-Code

The oneTimeCode can only be used once. If re-registration is required, follow this guide Restore Approver.

Whats next?