Search Backup User Keys
The API will search user keys and its information from the backup keys.
Before you begin
-
Keys should be backed up and present in AppViewX.
Request Structure
| Endpoint: | /ssh/search/userKeysNote: The
same API has been used for the following: |
| Type: | POST |
| Sample URL: | https://<IP/HostName/TenantName>:<GWPORT>/avxapi/ssh/search/userKeys?gwsource=externalTo understand the elements of the sample URL, click here. |
| Headers: | |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| sessionId
|
(Mandatory) Session ID received after
login. Type: String Constraints: Required if username and password are not provided. |
| username
|
(Mandatory) AppViewX login username Type: String Constraints: Required if sessionId is not provided. |
| password
|
(Mandatory) AppViewX login password Type: String Constraints: Required if sessionId is not provided. |
| Content-Type
|
(Mandatory) Specifies the nature of the data in the
payload Type: String Constraints: The value of the param should be ‘application/json’. |
| gwsource
|
(Mandatory) Source from which the request is
triggered. (E.g. external) Type: String |
| keysFrom
|
Inventory Name Possible Values: rotatedInventory or deletedInventory If this value not given, hosts will be fetched from user key inventory.Type: String |
| Payload
|
(Mandatory) Contains all the parameters to be sent
in the request body for the post request Type: Payload |
Payload
| Name | Description |
|---|---|
| input |
(Optional) Input Parameters to fetch user keys from backup inventory. Type: Input |
| filter | (Mandatory) Filter parameters to fetch user keys from backup
inventory. Type: Filter |
| Name | Description |
|---|---|
| freeSearch | Search text to find user key information from backup
inventory. Type: String |
| keywordSearch | Keyword and value tosearch and retrieve user key information. Example: {"keyname":"RotateKeys_admin_1716367661908-B0-001"} |
| Name | Description |
|---|---|
| sortColumn | Column name to be sorted. Type: String |
| sortOrder | Order to be sorted. Possible values: asc, desc |
| start | Start count of the user keys to be fetched from backup
inventory. Type: String |
| max | Count of the user keys to be fetchedfrom backup inventory. Type: String |
Response Structure
200 OK returns string of type application/json with the following body params.
| Name | Description |
|---|---|
| response | Contains the response attributes for the user keys
Type: response |
| message | Success message of the action or failure description
in case of error. Will be non-null for failure
response Type: String |
| appStatusCode | Application-specific status code for the response.
Will be non-null for failure response Type: String |
| tags | More info in case of failure response |
| Name | Description |
|---|---|
| data | List of user key information which matches the search criteria. Type: List |
| totalCount | Total number of user keys available for the search criteria |
Status Codes
| HTTP Status code | appStatusCode | Message and Possible remediation |
|---|---|---|
| 200 OK | NA | User keys retrieved successfully |
| 401 Unauthorized | AVX_GW_003 | Authentication failed, reason - Invalid
Credentials Possible remediation: Ensure that valid username and password or valid sessionId is provided as the header param. |
| 400 Bad Request | AVX-VLDTN-001 | Mandatory field is missing or invalid values
specified - <<field name>> Possible remediation: Check and ensure that valid value is provided for <<field name>> field in the request. |
Sample Request/Response
To search backup user key “FetchKey_admin_1716211635851-B0-022” using /search/userKeys API.
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/ssh/search/userKeys?gwsource=external{
"input": {
"freeSearch": "FetchKey_admin_1716211635851-B0-022"
},
"filter": {
"sortColumn": "none",
"sortOrder": "desc",
"start": "0",
"max": "100"
}
}
{
"input": {
"keywordSearch":{"keyname":"FetchKey_admin_1716211635851-B0-022"}
},
"filter": {
"sortColumn": "none",
"sortOrder": "desc",
"start": "0",
"max": "100"
}
}
{
"response": {
"httpStatusCode": 200,
"message": "Rotated Keys retrieved successfully for action ",
"data": [
{
"type": "ECDSA",
"name": "FetchKey_system_1717200035373-B0-001",
"bitLength": "256",
"comment": "Rotated from ECDSA to ECDSA on 2024-05-31 14:59:28 GMT",
"fingerPrint": "OZo/vOaX+O21a+Z5dS5ssSSVKbfWNG7G5a2D+S0mXA0",
"keyStatus": "Managed",
"groupName": "Default_Key_Group",
"period": "lifetime",
"uuid": "5cc7d433-7745-3667-8aa1-596f9e607bb9",
"keyWords": [
"discoveredKeys",
"256",
"Rotated from ECDSA to ECDSA on 2024-05-31 14:59:28 GMT",
"pe-cert-apvx-node02.lab.appviewx.net",
"userKeys",
"OZo/vOaX+O21a+Z5dS5ssSSVKbfWNG7G5a2D+S0mXA0",
"FetchKey_system_1717200035373-B0-001",
"ECDSA"
],
"active": true,
"createdBy": "discoveredKeys",
"awsDiscoveredKey": true,
"associatedUsers": [
"pe-cert-apvx-node02.lab.appviewx.net~~admin"
],
"modifiedTime": 1717200075,
"sourceIp": [
"192.168.60.130"
],
"destIp": [],
"createdTime": 1717167614000,
"groupIds": [
"5767bcef3465bfbf73e44727"
],
"readWrite": false,
"renewDate": 0,
"expiryDate": 0,
"isExpired": false,
"initiatedTime": 1717167614000,
"filePaths": [
"pe-cert-apvx-node02.lab.appviewx.net~~/home/admin/.ssh/id_ECDSA_appviewx_dev-group"
],
"symLinks": [
{
"deviceName": "pe-cert-apvx-node02.lab.appviewx.net",
"sourcePath": "/home/admin/.ssh/id_ECDSA_appviewx_dev-group",
"targetPath": "/home/admin/.ssh/appviewxssh/id_ECDSA_20240531_145928_527_1"
}
],
"privateKeyFileProps": {
"readable": "true",
"executable": "false",
"writable": "true"
},
"clientMachineNames": [
"pe-cert-apvx-node02.lab.appviewx.net"
],
"serverMachineNames": [],
"keyFoundInDiscoverySeqIdRanges": [
{
"from": 33,
"to": 33
}
],
"firstDiscovery": 1717200035397,
"previousDiscovery": 0,
"currentDiscoveredTime": 1717200035397,
"certificate": [],
"sharedType": "single",
"excludeFromSharedKeyReportEndTime": 0,
"excludeFromWeakKeyReportEndTime": 0,
"excludeFromOrphanKeyReportEndTime": 0,
"excludeFromSuspiciousKeyReportEndTime": 0,
"discoveryIdWithNewState": {
"33": true
},
"eligibleForRollback": false,
"parentUuid": "51b51de5-3428-3ce7-b99d-9ba59a2cda81",
"parentFingerPrint": "HXbeNF4F6HdaKjiiULgkF99YKgjC9YZsPyrn/TNlc1k",
"parentBitLength": "256",
"parentAlgorithm": "ECDSA",
"backupAction": "Rotate",
"audit": {
"createdOn": 1717222406512,
"createdBy": "admin",
"updatedOn": 0
},
"deletionDate": 0,
"backupKeyType": "userKeys",
"actionCompleted": true,
"sshdRemovedStatusWithPath": {
"/home/admin/.ssh/id_ECDSA_appviewx_dev-group": false
},
"sharedKey": false,
"accessRequest": false,
"discovered": true,
"new": true,
"keyDownload": false,
"privateKeyDeleted": false,
"publicKeyDeleted": false,
"keyFilePermission": [
{
"user": "admin",
"userHomeDirectory": "/home/admin",
"userGroup": "admin",
"filePath": "pe-cert-apvx-node02.lab.appviewx.net~~/home/admin/.ssh/id_ECDSA_appviewx_dev-group",
"deviceName": "pe-cert-apvx-node02.lab.appviewx.net",
"fileProperties": [
{
"readable": false,
"writable": false,
"executable": false,
"permissionFor": "Group"
},
{
"readable": false,
"writable": false,
"executable": false,
"permissionFor": "Others"
},
{
"readable": true,
"writable": true,
"executable": false,
"permissionFor": "Owner"
}
]
}
],
"selected": false,
"weakKey": false,
"riskKey": false,
"upload": false,
"passphraseValidated": false,
"hasPrivateKey": true,
"_id": "665a64cb5744cb4ca8c54fd4"
}
],
"totalCount": 1
},
"message": "User keys retrieved successfully",
"appStatusCode": null,
"tags": null,
"headers": null
}
Reference
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.Note: GWPORT is not required for SaaS setups.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: /ssh/host/create
- gwsource: Source or origin of a gateway, for example: external.