> ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Check that the HMG configuration for a particular group is valid and reachable. > Check that the HMG configuration for a particular group is valid and reachable. ## OpenAPI ````json POST /sys/v1/groups/{group_id}/hmg/check { "openapi": "3.0.0", "info": { "title": "Fortanix DSM REST API", "description": "This is a set of REST APIs for accessing the Fortanix Data Security Manager. This includes APIs for managing accounts, and for performing cryptographic and key management operations. \n\n **Note:** \n- All binary input should be base64-encoded. These fields are marked with `format: byte`. \n- For forward compatibility, any API client is expected to ignore any fields in the response not explicitly mentioned in the documentation. We reserve the right to add new fields at any time to provide new functionality without affecting existing API clients.", "termsOfService": "https://www.fortanix.com/legal/terms/", "contact": { "name": "Fortanix Support", "url": "https://support.fortanix.com/", "email": "support@fortanix.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "0.1.0-20260526" }, "servers": [ { "url": "https://amer.smartkey.io" } ], "paths": { "/sys/v1/groups/{group_id}/hmg/check": { "post": { "operationId": "CheckHmg", "tags": [ "Groups" ], "security": [ { "bearerToken": [] }, { "apiKeyAuth": [] } ], "summary": "Check that the HMG configuration for a particular group is\nvalid and reachable.", "description": "Check that the HMG configuration for a particular group is\nvalid and reachable.", "parameters": [ { "name": "group_id", "in": "path", "required": true, "schema": { "type": "string", "format": "uuid" } } ], "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/CheckHmgRequest" } } } }, "responses": { "204": { "description": "Nothing is returned on success" } } } } }, "components": { "schemas": { "CheckHmgRequest": { "allOf": [ { "type": "object", "properties": { "id": { "type": "string", "format": "uuid", "nullable": true, "description": "The ID of the hmg configuration in the group." }, "config": { "$ref": "#/components/schemas/HmgConfig" } } } ] }, "HmgConfig": { "oneOf": [ { "$ref": "#/components/schemas/HmgConfigVariantNcipher" }, { "$ref": "#/components/schemas/HmgConfigVariantSafenet" }, { "$ref": "#/components/schemas/HmgConfigVariantAwsCloudHsm" }, { "$ref": "#/components/schemas/HmgConfigVariantAwsKms" }, { "$ref": "#/components/schemas/HmgConfigVariantFortanix" }, { "$ref": "#/components/schemas/HmgConfigVariantFortanixFipsCluster" }, { "$ref": "#/components/schemas/HmgConfigVariantAzureKeyVault" }, { "$ref": "#/components/schemas/HmgConfigVariantOciVault" }, { "$ref": "#/components/schemas/HmgConfigVariantGcpKeyRing" } ], "discriminator": { "propertyName": "kind", "mapping": { "Ncipher": "HmgConfigVariantNcipher", "Safenet": "HmgConfigVariantSafenet", "AwsCloudHsm": "HmgConfigVariantAwsCloudHsm", "AwsKms": "HmgConfigVariantAwsKms", "Fortanix": "HmgConfigVariantFortanix", "FortanixFipsCluster": "HmgConfigVariantFortanixFipsCluster", "AzureKeyVault": "HmgConfigVariantAzureKeyVault", "OciVault": "HmgConfigVariantOciVault", "GcpKeyRing": "HmgConfigVariantGcpKeyRing" } } }, "HmgConfigVariantNcipher": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "Ncipher" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/HmgConfigNcipher" } ] }, "HmgConfigVariantSafenet": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "Safenet" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/HmgConfigSafenet" } ] }, "HmgConfigVariantAwsCloudHsm": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "AwsCloudHsm" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/HmgConfigAwsCloudHsm" } ] }, "HmgConfigVariantAwsKms": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "AwsKms" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/HmgConfigAwsKms" } ] }, "HmgConfigVariantFortanix": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "Fortanix" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/HmgConfigFortanix" } ] }, "HmgConfigVariantFortanixFipsCluster": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "FortanixFipsCluster" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/HmgConfigFortanixFipsCluster" } ] }, "HmgConfigVariantAzureKeyVault": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "AzureKeyVault" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/HmgConfigAzureKeyVault" } ] }, "HmgConfigVariantOciVault": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "OciVault" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/HmgConfigOciVault" } ] }, "HmgConfigVariantGcpKeyRing": { "allOf": [ { "type": "object", "properties": { "kind": { "type": "string", "enum": [ "GcpKeyRing" ] } }, "required": [ "kind" ] }, { "$ref": "#/components/schemas/GcpKeyRingConfig" } ] }, "HmgConfigNcipher": { "allOf": [ { "type": "object", "properties": { "url": { "type": "string" }, "tls": { "$ref": "#/components/schemas/TlsConfig" }, "slot": { "type": "integer" }, "pin": { "type": "string" }, "hsm_order": { "type": "integer", "format": "int32", "nullable": true, "description": "The priority of this `HmgConfig`. This is used when a group is\nconfigured with an `HmgRedundancyScheme`, and is otherwise\nunused. (See the docs for `HmgRedundancyScheme` for more\ninformation about the interpretation of this field.)" } }, "required": [ "url", "tls", "slot" ] } ] }, "HmgConfigSafenet": { "allOf": [ { "type": "object", "properties": { "url": { "type": "string" }, "tls": { "$ref": "#/components/schemas/TlsConfig" }, "slot": { "type": "integer" }, "pin": { "type": "string" }, "hsm_order": { "type": "integer", "format": "int32", "nullable": true, "description": "The priority of this `HmgConfig`. This is used when a group is\nconfigured with an `HmgRedundancyScheme`, and is otherwise\nunused. (See the docs for `HmgRedundancyScheme` for more\ninformation about the interpretation of this field.)" } }, "required": [ "url", "tls", "slot" ] } ] }, "HmgConfigAwsCloudHsm": { "allOf": [ { "type": "object", "properties": { "url": { "type": "string" }, "tls": { "$ref": "#/components/schemas/TlsConfig" }, "slot": { "type": "integer" }, "pin": { "type": "string" }, "hsm_order": { "type": "integer", "format": "int32", "nullable": true, "description": "The priority of this `HmgConfig`. This is used when a group is\nconfigured with an `HmgRedundancyScheme`, and is otherwise\nunused. (See the docs for `HmgRedundancyScheme` for more\ninformation about the interpretation of this field.)" } }, "required": [ "url", "tls", "slot" ] } ] }, "HmgConfigAwsKms": { "allOf": [ { "type": "object", "properties": { "url": { "type": "string" }, "tls": { "$ref": "#/components/schemas/TlsConfig" }, "access_key": { "type": "string", "nullable": true }, "secret_key": { "type": "string" }, "region": { "type": "string", "nullable": true }, "service": { "$ref": "#/components/schemas/AwskmsService" }, "account_id": { "type": "string", "nullable": true }, "key_material_mapping": { "$ref": "#/components/schemas/AwsKmsKeyMaterialMapping" } }, "required": [ "url", "tls" ] } ] }, "HmgConfigFortanix": { "allOf": [ { "type": "object", "properties": { "url": { "type": "string" }, "tls": { "$ref": "#/components/schemas/TlsConfig" }, "pin": { "type": "string" } }, "required": [ "url", "tls" ] } ] }, "HmgConfigFortanixFipsCluster": { "allOf": [ { "type": "object", "properties": { "url": { "type": "string" }, "tls": { "$ref": "#/components/schemas/TlsConfig" }, "pin": { "type": "string" }, "credentials": { "type": "array", "items": { "type": "string" }, "nullable": true }, "hsm_order": { "type": "integer", "format": "int32", "nullable": true, "description": "The priority of this `HmgConfig`. This is used when a group is\nconfigured with an `HmgRedundancyScheme`, and is otherwise\nunused. (See the docs for `HmgRedundancyScheme` for more\ninformation about the interpretation of this field.)" } }, "required": [ "url", "tls" ] } ] }, "HmgConfigAzureKeyVault": { "allOf": [ { "type": "object", "properties": { "url": { "type": "string" }, "tls": { "$ref": "#/components/schemas/TlsConfig" }, "auth_config": { "$ref": "#/components/schemas/AzureAuthConfig" }, "secret_key": { "type": "string", "description": "Deprecated, left this for backward compatibility. Should use auth_config." }, "tenant_id": { "type": "string", "format": "uuid", "description": "A tenant ID is a unique way to identify an Azure AD instance\nwithin an Azure subscription." }, "client_id": { "type": "string", "format": "uuid", "description": "The client ID is the unique Application ID assigned\nto your app by Azure AD when the app was registered." }, "subscription_id": { "type": "string", "format": "uuid", "description": "A subscription ID is a unique alphanumeric string\nthat identifies your Azure subscription." }, "key_vault_type": { "$ref": "#/components/schemas/AzureKeyVaultType" }, "endpoints": { "$ref": "#/components/schemas/AzureServiceEndpoints" } }, "required": [ "url", "tls", "auth_config", "tenant_id", "client_id", "subscription_id" ] } ] }, "HmgConfigOciVault": { "allOf": [ { "type": "object", "properties": { "region": { "type": "string" }, "compartment_ocid": { "type": "string" }, "credential_id": { "$ref": "#/components/schemas/CredentialId" }, "vault_id": { "type": "string", "nullable": true } }, "required": [ "region", "compartment_ocid", "credential_id" ] } ] }, "GcpKeyRingConfig": { "allOf": [ { "type": "object", "properties": { "service_account_email": { "type": "string", "description": "Email for the service account to be used." }, "project_id": { "type": "string", "description": "The project ID is a unique identifier for a project" }, "location": { "type": "string", "description": "For a given project in GCP KMS, resources can be created in one of many locations.\nThese represent the geographical regions where a resource is stored and can be accessed.\nA key's location impacts the performance of applications using the key.\nhttps://cloud.google.com/kms/docs/locations" }, "key_ring": { "type": "string", "nullable": true, "description": "A key ring organizes keys in a specific GCP location and allows you to manage\naccess control on groups of keys.\nhttps://cloud.google.com/kms/docs/resource-hierarchy#key_rings" }, "private_key": { "type": "string", "format": "byte", "description": "Private component of the service account key pair that can be\nobtained from the GCP cloud console. It is used to authenticate\nthe requests made by DSM to the GCP cloud." } }, "required": [ "service_account_email", "project_id", "location" ] } ] }, "TlsConfig": { "description": "TLS client settings.", "oneOf": [ { "$ref": "#/components/schemas/TlsConfigVariantDisabled" }, { "$ref": "#/components/schemas/TlsConfigVariantOpportunistic" }, { "$ref": "#/components/schemas/TlsConfigVariantRequired" } ], "discriminator": { "propertyName": "mode", "mapping": { "disabled": "TlsConfigVariantDisabled", "opportunistic": "TlsConfigVariantOpportunistic", "required": "TlsConfigVariantRequired" } } }, "AwskmsService": { "description": "Specifies the AWS service. Only `kms` is supported for now.", "type": "string", "enum": [ "kms", "kms-fips" ] }, "AwsKmsKeyMaterialMapping": { "type": "string", "enum": [ "aws_key_container_maps_to_sobject", "aws_key_material_maps_to_sobject" ] }, "AzureAuthConfig": { "oneOf": [ { "$ref": "#/components/schemas/AzureAuthConfigVariantClientSecret" }, { "$ref": "#/components/schemas/AzureAuthConfigVariantTokenAuthConfig" } ], "discriminator": { "propertyName": "mode", "mapping": { "client_secret": "AzureAuthConfigVariantClientSecret", "token_auth_config": "AzureAuthConfigVariantTokenAuthConfig" } } }, "AzureKeyVaultType": { "description": "Types of Azure Key Vault based on the protection level.", "type": "string", "enum": [ "STANDARD", "PREMIUM", "MANAGED" ] }, "AzureServiceEndpoints": { "allOf": [ { "type": "object", "description": "The set of endpoints to use when connecting with Azure cloud.\n\nToday, only Azure global and Azure Government cloud endpoints are supported,\nand they cannot be mixed together. The Azure global endpoints are\n- `management`: management.azure.com\n- `key_vault`: vault.azure.net\n- `key_vault_managed_hsm`: managedhsm.azure.net\n- `iam`: login.microsoftonline.com\n\nand the Azure Government endpoints are\n- `management`: management.usgovcloudapi.net\n- `key_vault`: vault.usgovcloudapi.net\n- `key_vault_managed_hsm`: managedhsm.usgovcloudapi.net\n- `iam`: login.microsoftonline.us\n\n(In the future, this restriction may be relaxed to support custom clouds.)", "properties": { "management": { "type": "string", "description": "The API endpoint for managing Azure APIs and resources." }, "key_vault": { "type": "string", "description": "The API endpoint for Azure Key Vault (for Standard and Premium SKUs)." }, "key_vault_managed_hsm": { "type": "string", "description": "The API endpoint for Azure Key Vault Managed HSM." }, "iam": { "type": "string", "description": "The API endpoint for Azure AD (and authentication)." } }, "required": [ "management", "key_vault", "key_vault_managed_hsm", "iam" ] } ] }, "CredentialId": { "description": "A wrapper type to provide better clarity of the id being\nreferenced and whether it's to a integration credential.", "allOf": [ { "type": "string", "format": "uuid" } ] }, "TlsConfigVariantDisabled": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "disabled" ] } }, "required": [ "mode" ] }, { "type": "object", "properties": {} } ] }, "TlsConfigVariantOpportunistic": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "opportunistic" ] } }, "required": [ "mode" ] }, { "type": "object", "properties": {} } ] }, "TlsConfigVariantRequired": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "required" ] } }, "required": [ "mode" ] }, { "$ref": "#/components/schemas/TlsConfigRequired" } ] }, "AzureAuthConfigVariantClientSecret": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "client_secret" ] } }, "required": [ "mode" ] }, { "$ref": "#/components/schemas/AzureAuthConfigClientSecret" } ] }, "AzureAuthConfigVariantTokenAuthConfig": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "token_auth_config" ] } }, "required": [ "mode" ] }, { "$ref": "#/components/schemas/AzureAuthConfigTokenAuthConfig" } ] }, "TlsConfigRequired": { "allOf": [ { "type": "object", "properties": { "validate_hostname": { "type": "boolean" }, "ca": { "$ref": "#/components/schemas/CaConfig" }, "client_key": { "type": "string", "format": "byte" }, "client_cert": { "type": "string", "format": "byte" } }, "required": [ "validate_hostname", "ca" ] } ] }, "AzureAuthConfigClientSecret": { "allOf": [ { "type": "object", "properties": { "client_secret": { "type": "string" } }, "required": [ "client_secret" ] } ] }, "AzureAuthConfigTokenAuthConfig": { "allOf": [ { "type": "object", "properties": { "client_cert": { "type": "string", "format": "byte" }, "client_key": { "type": "string", "format": "byte" } }, "required": [ "client_cert", "client_key" ] } ] }, "CaConfig": { "description": "CA settings.", "oneOf": [ { "title": "CaConfigVariantCaSet", "type": "object", "properties": { "ca_set": { "$ref": "#/components/schemas/CaSet" } }, "required": [ "ca_set" ] }, { "title": "CaConfigVariantPinned", "type": "object", "properties": { "pinned": { "type": "array", "items": { "type": "string", "format": "byte" } } }, "required": [ "pinned" ] } ] }, "CaSet": { "description": "Predefined CA sets.", "type": "string", "enum": [ "global_roots" ] } } } } ````