Template View

Before you begin

Ensure the following before attempting to renew certificate from any CA through AppViewX:

Refer to Prerequisites in the PKI User Guide.

Request Structure


Endpoint:	v1/pki/ca/template
Type:	GET
Sample URL:	`https://<IP/HostName/TenantName>:<GWPORT>/avxapi/v1/pki/ca/template?gwsource=external` To understand the elements of the sample URL, click here.
Headers
Content-Type:	application/json

Table 1. Input Parameters
Name	Description
sessionId `Header`	(Mandatory) Session Id received after login. Type: String Constraint: Required if username and password are not provided.
username `Header`	(Mandatory) AppViewX login username. Type: String Constraint: Required if sessionId is not provided.
password `Header`	(Mandatory) AppViewX login password. Type: String Constraint: Required if sessionId is not provided.

Response Structure

Response returns string of type application/json with the following body parameters:

Table 2. Parameters
Name	Description
name	Template name (e.g., `"RootCA_Default"`). Type: String
description	Template description. Type: String
category	Type of CA the template is for (e.g., `"Root CA"`). Type: String
allowCsrPassThrough	Whether CSR fields can pass through as-is. Type: Boolean
preShipped	Whether this template is preloaded in the system. Type: Any
subjectAltName	Placeholder for SAN config. Type: Any
sanFieldDescriptorList	Descriptor for SAN fields. Type: String

Table 3. Authority and Subject Key Identifiers (`authorityAndSubjectKey`)
Name	Description
allowAuthorityKeyId	Includes Authority Key Identifier. Type: Boolean
allowSubjectKeyId	Includes Subject Key Identifier. Type: Boolean
subjectKeyHashBit	Bit length of Subject Key hash. Type: Integer
inheritAuthorityKeyIdFromCA	Whether to inherit AKI from issuing CA. Type: Boolean

Table 4. Extended Key Usage (`extendedKeyUsage`)
Name	Description
keyUsageCritical	Marks base key usage as critical. Type: Boolean
extendedKeyUsageCritical	Marks extended key usage as critical. Type: Boolean
customExtendedKeyUsageExtensionsEnabled	Enable custom EKUs. Type: Integer
customExtendedKeyUsageExtensionsList	List of custom EKUs. Type: Any

Table 5. CA Options (`caOptions`)
Name	Description
isCA	Indicates if this is a CA certificate Type: Boolean
critical	Marks the BasicConstraints extension as critical. Type: Boolean
maxIssuerPathLength	Max depth for intermediate CAs ("NONE" = unlimited). Type: String

Table 6. Other Fields
Name	Description
validityOffsetUnitValue	Offset duration before cert validity starts. Type: Integer
validityOffsetUnitType	Offset unit (e.g., `"MINUTES"`). Type: String
keywords	Tags/labels for the template. Type: Array
noRevAvail	Indicates if the certificate should be non-revocable. Type: Boolean
allowTemplateValidity	If validity can be set via template. Type: Boolean
allowCSRKeyUsage	Flags that control if CSR input is allowed for each field. Type: Boolean
_id	Internal unique ID of the template. Type: String

Status Codes


HTTP Code	appStatusCode	Response Message
202 Accepted	null	Template view action has been triggered successfully.
401 Unauthorized	AVX_GW_003	Authentication failed, reason - Invalid Credentials. Remediation: Ensure that valid username and password or a valid sessionId is provided as header parameters.

Sample Response

Response

{
    "response": {
        "data": [
            {
                "name": "RootCA_Default",
                "description": null,
                "category": "Root CA",
                "allowCsrPassThrough": false,
                "preShipped": true,
                "subjectAltName": null,
                "sanFieldDescriptorList": null,
                "authorityAndSubjectKey": {
                    "allowAuthorityKeyId": true,
                    "allowSubjectKeyId": true,
                    "subjectKeyHashBit": 160,
                    "inheritAuthorityKeyIdFromCA": false
                },
                "crlConfig": null,
                "aiaConfig": null,
                "templateSubjectDetails": null,
                "templateCertificatePolicy": null,
                "keyUsages": {
                    "baseKeyUsage": {
                        "digitalSignature": true,
                        "contentCommitment": false,
                        "keyEncipherment": false,
                        "dataEncipherment": false,
                        "keyAgreement": false,
                        "certSign": true,
                        "crlSign": true,
                        "encipherOnly": false,
                        "decipherOnly": false
                    },
                    "keyUsageCritical": true,
                    "extendedKeyUsage": {
                        "serverAuth": false,
                        "clientAuth": false,
                        "codeSigning": false,
                        "emailProtection": false,
                        "timeStamping": false,
                        "ocspSigning": false,
                        "ipsecEndSystem": false,
                        "ipsecTunnel": false,
                        "ipsecUser": false,
                        "dvcs": false,
                        "sbgpCertAAServerAuth": false,
                        "scvp_responder": false,
                        "eapOverPPP": false,
                        "eapOverLAN": false,
                        "scvpServer": false,
                        "scvpClient": false,
                        "ipsecIKE": false,
                        "capwapAC": false,
                        "capwapWTP": false,
                        "smartcardlogon": false,
                        "macAddress": false,
                        "msSGC": false,
                        "nsSGC": false,
                        "anyExtendedKeyUsage": false,
                        "kdcAuthentication": false,
                        "fileRecovery": false,
                        "certificateRequestAgent": false,
                        "encryptionFileSystem": false
                    },
                    "extendedKeyUsageCritical": false,
                    "unknownExtension": null,
                    "customExtendedKeyUsageExtensionsEnabled": false,
                    "customExtendedKeyUsageExtensionsList": null
                },
                "caOptions": {
                    "isCA": true,
                    "critical": true,
                    "maxIssuerPathLength": "NONE"
                },
                "policyId": null,
                "additionalCustomExtensionEnabled": false,
                "validityOffsetUnitValue": 10,
                "validityOffsetUnitType": "MINUTES",
                "keywords": [
                    "RootCA_Default",
                    "Root CA"
                ],
                "additionalExtensions": null,
                "allowTemplateValidity": false,
                "noRevAvail": false,
                "allowValidityEndDateOverride": false,
                "validityEndDateOverride": null,
                "allowCSRBasicConstraints": false,
                "allowCSRKeyUsage": false,
                "allowCSRExtendedKeyUsage": false,
                "allowCSRSubject": false,
                "allowCSRSubjectAltName": false,
                "allowCSRValidationURLs": false,
                "allowCSRCertificatePolicy": false,
                "_id": "681c2bb2ec3ca41eb5341589"
            }
        ],
        "iTotalDisplayRecords": 1,
        "searchQuery": null
    },
    "message": null,
    "appStatusCode": null,
    "tags": {},
    "headers": null
}

References

Understanding the sample URL

IP/HostName/TenantName: Replace with the actual IP address, hostname, or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to a computer network that uses the Internet Protocol for communication
  The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host) on a network
  The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to indicate which tenant's data the API request will access/modify
  The tenant name will be included in the endpoint URL for a SaaS deployment.
GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Example: 31443
avxapi: Path parameter value (static) that is part of the endpoint's URL
Endpoint: Endpoint of the API, for example: execute-hook
gwsource: Source or origin of a gateway, for example: external.