Salesforce Cache Only Key APIs
CipherTrust Cloud Key Manager (CCKM) can act as a key service for Salesforce Shield Platform Encryption's Cache-Only Key Service. Salesforce fetches keys on demand from CCKM Salesforce Cache-Only Key Endpoints to immediately encrypt and decrypt data. The key material is securely transmitted through an authenticated channel. Salesforce then retains the key in the encrypted key cache until the cache is flushed.
Creating A Salesforce Cache-Only Key Endpoint
Use POST /v1/cckm/sfdc/endpoints/ to create a new Salesforce Cache-Only Key endpoint.
Syntax
curl -k 'https://<IP>/api/v1/cckm/sfdc/endpoints' -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "name": "<name-for-endpoint>",\n "url_hostname": "<ciphertrust-manager-base-hostname>",\n "password_authentication": {\n "username": "<user-to-authenticate>",\n "password": "<password-to-authenticate>"\n },\n "organization_id": "<Salesforce-organization-id>"\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| name | string | Desired name for the endpoint. |
| url_hostname | string | Base hostname of the CipherTrust Manager as a Service. Part of a fully qualified domain name. |
| password_authentication | JSON | Password authentication details for the endpoint. These components make up a Named credential on Salesforce. |
| username | string | Username for endpoint requests. |
| password | string | Password for endpoint requests. |
| organization_id | string | Resource ID of the Salesforce organization where the cache-only key will be created. To get the resource ID of an organization, run the get /v1/cckm/sfdc/organizations API. Refer to Listing Salesforce Organizations for details. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjFkYjgxOWVkLWE4N2MtNDQwMy04ZDZiLWNkYmM1MzE1MDE5YyIsImlhdCI6MTYzMzYzOTAxMiwiZXhwIjoxNjMzNjM5MzEyfQ.BtxVWm96fBRYf-6m1n60d9AOn65VIz0HEvQgdDvgqeU' -H 'Content-Type: application/json' --data-binary $'{\n "name": "nc1",\n "url_hostname": "thales.com",\n "password_authentication": {\n "username": "ncadmin",\n "password": "ncpassword"\n },\n "organization_id": "04f63144-940c-4c4f-8426-111111111111"\n}' --compressed
Example Response
{
"id": "04f63144-940c-4c4f-8426-222222222222",
"uri": "kylo:kylo:cckm:kacls-sfdc:nc1",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-10T00:19:40.321138Z",
"name": "nc1",
"updatedAt": "2021-02-10T00:20:25.036189Z",
"url_hostname": "thales.com",
"url": "https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/",
"organization_id": "04f63144-940c-4c4f-8426-111111111111",
"organization_name": "Thales",
"password_authentication": {
"username": "ncadmin"
}
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Listing all Salesforce Cache-Only Key Endpoints
Use GET /v1/cckm/sfdc/endpoints/ to return a list of Salesforce Cache-Only Key Endpoints. The results can be filtered using the query parameters.
Syntax
curl -k '<IP>/api/v1/cckm/sfdc/endpoints?skip=0&limit=10&sort=updatedAt' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameter
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Request Query Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string | Resource ID of the endpoint. |
| name | string | Name for the endpoint. |
| organization_name | string | Name of the Salesforce organization associated with the endpoint. |
| organization_id | string | CCKM resource ID of the Salesforce organization associated with the endpoint. |
| sfdc_organization_id | string | Salesforce ID of the Salesforce organization associated with the endpoint. |
| skip | integer | Number of records to skip. For example, if "skip":5 is specified, the first five records will not be displayed in the output. |
| limit | integer | Numbers of records to display. For example, if "limit":10 is specified, then the next 10 records (after skipping the number of records specified in the skip parameter) will be displayed in the output. |
| sort | string | Comma-delimited list of properties to sort the results. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints?skip=0&limit=10' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjFkYjgxOWVkLWE4N2MtNDQwMy04ZDZiLWNkYmM1MzE1MDE5YyIsImlhdCI6MTYzMzYzOTAxMiwiZXhwIjoxNjMzNjM5MzEyfQ.BtxVWm96fBRYf-6m1n60d9AOn65VIz0HEvQgdDvgqeU' --compressed
Example Response
{
"skip": "0,",
"limit": "10,",
"total": "1,",
"resources": [
{
"id": "04f63144-940c-4c4f-8426-222222222222",
"uri": "kylo:kylo:cckm:kacls-sfdc:nc1",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-10T00:19:40.321138Z",
"name": "nc1",
"updatedAt": "2021-02-10T00:20:25.036189Z",
"url_hostname": "thales.com",
"url": "https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/",
"organization_id": "04f63144-940c-4c4f-8426-111111111111",
"organization_name": "Thales",
"password_authentication": {
"username": "ncadmin"
}
}
]
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Get Details for a Salesforce Cache-Only Key Endpoint
Use the GET /v1/cckm/sfdc/endpoints/{id} API to view the details of a Salesforce Cache-Only Key Endpoint.{id} is the resource ID of the endpoint.
Syntax
curl -k 'https://<IP>/api/v1/cckm/sfdc/endpoints/{id}' -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222' -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjI4MmFmZTNlLWQyMDgtNGEwZC1iZjc0LTZmYTJmNDdlZTNkOCIsImlhdCI6MTYzMzY0MDQ4NCwiZXhwIjoxNjMzNjQwNzg0fQ.LGf9krD1kA1yLVdur0fIa-TPgzY8TB7JUZIVffm3ZPg' --compressed
Example Response
{
"id": "04f63144-940c-4c4f-8426-222222222222",
"uri": "kylo:kylo:cckm:kacls-sfdc:nc1",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-10T00:19:40.321138Z",
"name": "nc1",
"updatedAt": "2021-02-10T00:20:25.036189Z",
"url_hostname": "thales.com",
"url": "https://thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/",
"organization_id": "04f63144-940c-4c4f-8426-111111111111",
"organization_name": "Thales",
"password_authentication": {
"username": "ncadmin"
}
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Update a Salesforce Cache-Only Key Endpoint
Use the PATCH /v1/cckm/sfdc/endpoints/{id} API to update base hostname and authentication details for a Salesforce Cache-Only Key Endpoint.{id} is the resource ID of the endpoint.
Syntax
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/{id}' -X PATCH -H 'Authorization: Bearer AUTHTOKEN' -H 'Content-Type: application/json' --data-binary $'{\n "url_hostname": "<ciphertrust-manager-base-hostname>",\n "password_authentication": {\n "username": "<user-to-authenticate>",\n "password": "<password-to-authenticate>"\n }\n}' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
| url_hostname | string | Base hostname of the CipherTrust Manager as a Service. Part of a fully qualified domain name. |
| password_authentication | JSON | Password authentication details for the endpoint. These components make up a Named credential on Salesforce. |
| username | string | Username for endpoint requests. |
| password | string | Password for endpoint requests. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222' -X PATCH -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjI4MmFmZTNlLWQyMDgtNGEwZC1iZjc0LTZmYTJmNDdlZTNkOCIsImlhdCI6MTYzMzY0MDQ4NCwiZXhwIjoxNjMzNjQwNzg0fQ.LGf9krD1kA1yLVdur0fIa-TPgzY8TB7JUZIVffm3ZPg' -H 'Content-Type: application/json' --data-binary $'{\n "url_hostname": "cckm.thales.com",\n "password_authentication": {\n "username": "updateUser",\n "password": "updatedPwd"\n }\n}' --compressed
Example Response
{
"id": "04f63144-940c-4c4f-8426-222222222222",
"uri": "kylo:kylo:cckm:kacls-sfdc:nc1",
"account": "kylo:kylo:admin:accounts:kylo",
"application": "ncryptify:gemalto:admin:apps:kylo",
"devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
"createdAt": "2021-02-10T00:19:40.321138Z",
"name": "nc1",
"updatedAt": "2021-02-10T00:20:25.036189Z",
"url_hostname": "cckm.thales.com",
"url": "https://cckm.thales.com/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222/keys/",
"organization_id": "04f63144-940c-4c4f-8426-111111111111",
"organization_name": "Thales",
"password_authentication": {
"username": "updateUser"
}
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.
Delete a Salesforce Cache-Only Key Endpoint
Use the DELETE /v1/cckm/sfdc/endpoints/{id} API to delete a Salesforce Cache-Only Key Endpoint.{id} is the resource ID of the endpoint.
Syntax
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/{id}' -X DELETE -H 'Authorization: Bearer AUTHTOKEN' --compressed
Request Parameters
| Parameter | Type | Description |
|---|---|---|
| AUTHTOKEN | string | Authorization token. |
Example Request
curl -k 'https://thales.com/api/v1/cckm/sfdc/endpoints/04f63144-940c-4c4f-8426-222222222222' -X DELETE -H 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJmZjhhMDM1ZS02NjExLTQ5ZWUtYWNmNC1lMzgwZTMxNGRhOTIiLCJzdWIiOiJsb2NhbHwzMTk0ZGY4Ny1kOTk2LTRjOGMtYWRmMi03MjNkZDA3NDY2YmIiLCJpc3MiOiJreWxvIiwiYWNjIjoia3lsbyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFkbWluIiwiY3VzdCI6eyJkb21haW5faWQiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDAiLCJncm91cHMiOlsiYWRtaW4iXSwic2lkIjoiMDNkMWNlODktYTQyMS00ODdiLWFhNzItZGM4NTc4MjdjYzA3Iiwiem9uZV9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC0wMDAwLTAwMDAwMDAwMDAwMCJ9LCJqd3RpZCI6IjI4MmFmZTNlLWQyMDgtNGEwZC1iZjc0LTZmYTJmNDdlZTNkOCIsImlhdCI6MTYzMzY0MDQ4NCwiZXhwIjoxNjMzNjQwNzg0fQ.LGf9krD1kA1yLVdur0fIa-TPgzY8TB7JUZIVffm3ZPg' --compressed
Example Response
{
"status": 204
}
Response Codes
| Response Code | Description |
|---|---|
| 2xx | Success |
| 4xx | Client errors |
| 5xx | Server errors |
Refer to HTTP status codes for details.