> ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Get configurations for various clients. This API can only be called by apps > Client configurations can be set at account level, group level or app level. Client config set on the app itself overrides config set at group level and similarly group level config overrides account level config. This API returns the combined client config according to the above explanation. ## OpenAPI ````json GET /sys/v1/apps/client_configs { "openapi": "3.0.0", "info": { "title": "Fortanix DSM REST API", "description": "This is a set of REST APIs for accessing the Fortanix Data Security Manager. This includes APIs for managing accounts, and for performing cryptographic and key management operations. \n\n **Note:** \n- All binary input should be base64-encoded. These fields are marked with `format: byte`. \n- For forward compatibility, any API client is expected to ignore any fields in the response not explicitly mentioned in the documentation. We reserve the right to add new fields at any time to provide new functionality without affecting existing API clients.", "termsOfService": "https://www.fortanix.com/legal/terms/", "contact": { "name": "Fortanix Support", "url": "https://support.fortanix.com/", "email": "support@fortanix.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "0.1.0-20260526" }, "servers": [ { "url": "https://amer.smartkey.io" } ], "paths": { "/sys/v1/apps/client_configs": { "get": { "operationId": "GetClientConfigs", "tags": [ "Apps" ], "security": [ { "bearerToken": [] }, { "apiKeyAuth": [] } ], "summary": "Get configurations for various clients. This API can only be called by apps", "description": "Client configurations can be set at account level, group level or app level.\nClient config set on the app itself overrides config set at group level and\nsimilarly group level config overrides account level config. This API returns\nthe combined client config according to the above explanation.", "responses": { "2XX": { "description": "Success result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ClientConfigurations" } } } } } } } }, "components": { "schemas": { "ClientConfigurations": { "allOf": [ { "type": "object", "properties": { "common": { "$ref": "#/components/schemas/CommonClientConfig" }, "pkcs11": { "$ref": "#/components/schemas/Pkcs11ClientConfig" }, "kmip": { "$ref": "#/components/schemas/KmipClientConfig" }, "tep": { "$ref": "#/components/schemas/TepClientConfig" } } } ] }, "CommonClientConfig": { "allOf": [ { "type": "object", "properties": { "retry_timeout_millis": { "type": "integer", "nullable": true }, "cache_ttl": { "type": "integer", "nullable": true }, "log": { "$ref": "#/components/schemas/ClientLogConfig" }, "h2_num_connections": { "type": "integer", "nullable": true }, "quorum_approval": { "$ref": "#/components/schemas/QuorumApprovalConfig" } } } ] }, "Pkcs11ClientConfig": { "allOf": [ { "type": "object", "properties": { "fake_rsa_x9_31_keygen_support": { "type": "boolean", "nullable": true }, "signing_aes_key_as_hmac": { "type": "boolean", "nullable": true }, "exact_key_ops": { "type": "boolean", "nullable": true }, "prevent_duplicate_opaque_objects": { "type": "boolean", "nullable": true }, "opaque_objects_are_not_certificates": { "type": "boolean", "nullable": true }, "max_concurrent_requests_per_slot": { "type": "integer", "nullable": true } } } ] }, "KmipClientConfig": { "allOf": [ { "type": "object", "properties": { "ignore_unknown_key_ops_for_secrets": { "type": "boolean", "nullable": true, "description": "Use `ignore_unknown_key_ops_for` with [SECRET] instead of `ignore_unknown_key_ops_for_secrets``" }, "ignore_unknown_key_ops_for": { "$ref": "#/components/schemas/ObjectTypeFilter" }, "key_ops_override": { "$ref": "#/components/schemas/KeyOpsOverride" } } } ] }, "TepClientConfig": { "allOf": [ { "type": "object", "properties": { "schema": { "$ref": "#/components/schemas/TepSchema" }, "key_map": { "$ref": "#/components/schemas/TepKeyMapList" } }, "required": [ "schema", "key_map" ] } ] }, "ClientLogConfig": { "allOf": [ { "type": "object", "properties": { "system": { "type": "boolean", "nullable": true }, "file": { "$ref": "#/components/schemas/ClientFileLogging" }, "level": { "type": "string", "nullable": true } } } ] }, "QuorumApprovalConfig": { "allOf": [ { "type": "object", "description": "Quorum Policy Configurations in clients", "properties": { "wait_for_quorum_approval": { "$ref": "#/components/schemas/ApprovalWaitConfig" } } } ] }, "ObjectTypeFilter": { "oneOf": [ { "$ref": "#/components/schemas/ObjectTypeFilterVariantAll" }, { "$ref": "#/components/schemas/ObjectTypeFilterVariantSelection" } ], "discriminator": { "propertyName": "$type", "mapping": { "All": "ObjectTypeFilterVariantAll", "Selection": "ObjectTypeFilterVariantSelection" } } }, "KeyOpsOverride": { "allOf": [ { "type": "object", "properties": { "add_key_ops": { "type": "array", "items": { "$ref": "#/components/schemas/KeyOperations" }, "nullable": true, "description": "The operations to add to any key creation request (only supported in KMIP).\n\nThe following operations can be specified:\n- `EXPORT`\n- `APPMANAGEABLE`\n- `HIGHVOLUME`\n\nThe operations specified cannot conflict with what's specified in the\n`key_ops` field of account and/or group policies (where applicable).\n\n**Note**: This is only enforced on (KMIP) creation requests since we assume\nupdates removing key operations are intentional." } } } ] }, "TepSchema": { "oneOf": [ { "$ref": "#/components/schemas/TepSchemaVariantOpenAPI" } ], "discriminator": { "propertyName": "$type", "mapping": { "OpenAPI": "TepSchemaVariantOpenAPI" } } }, "TepKeyMapList": { "allOf": [ { "type": "array", "items": { "$ref": "#/components/schemas/TepKeyMap" } } ] }, "ClientFileLogging": { "oneOf": [ { "$ref": "#/components/schemas/ClientFileLoggingVariantEnabled" }, { "$ref": "#/components/schemas/ClientFileLoggingVariantDisabled" } ], "discriminator": { "propertyName": "mode", "mapping": { "enabled": "ClientFileLoggingVariantEnabled", "disabled": "ClientFileLoggingVariantDisabled" } } }, "ApprovalWaitConfig": { "allOf": [ { "type": "object", "description": "Configurations for waiting for quorum approval.", "properties": { "enabled": { "type": "boolean", "description": "Indicates whether waiting for quorum approval is activated or disabled" }, "poll_interval_secs": { "type": "integer", "nullable": true, "description": "Time interval in seconds for client lib to check quorum status." }, "max_wait_for_secs": { "type": "integer", "nullable": true, "description": "Maximum time in seconds for client lib to wait for quorum reply." } }, "required": [ "enabled" ] } ] }, "ObjectTypeFilterVariantAll": { "allOf": [ { "type": "object", "properties": { "$type": { "type": "string", "enum": [ "All" ] } }, "required": [ "$type" ] }, { "type": "object", "properties": {} } ] }, "ObjectTypeFilterVariantSelection": { "allOf": [ { "type": "object", "properties": { "$type": { "type": "string", "enum": [ "Selection" ] } }, "required": [ "$type" ] }, { "$ref": "#/components/schemas/ObjectTypeFilterSelection" } ] }, "KeyOperations": { "description": "Operations allowed to be performed on a given key.\n\n\n\n SIGN:\n If this is set, the key can be used to for signing.\n\n\n VERIFY:\n If this is set, the key can used for verifying a signature.\n\n\n ENCRYPT:\n If this is set, the key can be used for encryption.\n\n\n DECRYPT:\n If this is set, the key can be used for decryption.\n\n\n WRAPKEY:\n If this is set, the key can be used wrapping other keys.\n The key being wrapped must have the EXPORT operation enabled.\n\n\n UNWRAPKEY:\n If this is set, the key can be used to unwrap a wrapped key.\n\n\n DERIVEKEY:\n If this is set, the key can be used to derive another key.\n\n\n TRANSFORM:\n If this is set, the key can be transformed.\n\n\n MACGENERATE:\n If this is set, the key can be used to compute a cryptographic\n Message Authentication Code (MAC) on a message.\n\n\n MACVERIFY:\n If they is set, the key can be used to verify a MAC.\n\n\n EXPORT:\n If this is set, the value of the key can be retrieved\n with an authenticated request. This shouldn't be set unless\n required. It is more secure to keep the key's value inside DSM only.\n\n\n APPMANAGEABLE:\n Without this operation, management operations like delete, destroy,\n rotate, activate, restore, revoke, revert, update, remove_private, etc.\n cannot be performed by a crypto App.\n A user with access or admin app can still perform these operations.\n This option is only relevant for crypto apps.\n\n\n HIGHVOLUME:\n If this is set, audit logs will not be recorded for the key.\n High volume here tries to signify a key that is being used a lot\n and will produce lots of logs. Setting this operation disables\n audit logs for the key.\n\n\n AGREEKEY:\n If this is set, the key can be used for key agreement.\n Both the private and public key should have this option enabled\n to perform an agree operation.\n\n\n ENCAPSULATE:\n If this is set, the key can be used for key encapsulation. The\n result is a new symmetric key and a ciphertext.\n\n\n DECAPSULATE:\n If this is set, the key can be used for key decapsulation. If\n decapsulation succeeds, the result is a new symmetric key.\n\n", "type": "string", "enum": [ "SIGN", "VERIFY", "ENCRYPT", "DECRYPT", "WRAPKEY", "UNWRAPKEY", "DERIVEKEY", "TRANSFORM", "MACGENERATE", "MACVERIFY", "EXPORT", "APPMANAGEABLE", "HIGHVOLUME", "AGREEKEY", "ENCAPSULATE", "DECAPSULATE" ] }, "TepSchemaVariantOpenAPI": { "allOf": [ { "type": "object", "properties": { "$type": { "type": "string", "enum": [ "OpenAPI" ] } }, "required": [ "$type" ] }, { "type": "object", "properties": { "openapi": { "type": "string" } } } ] }, "TepKeyMap": { "allOf": [ { "type": "object", "properties": { "path": { "$ref": "#/components/schemas/ApiPath" }, "kid": { "type": "string", "format": "uuid" }, "mode": { "$ref": "#/components/schemas/CipherMode" } }, "required": [ "path", "kid", "mode" ] } ] }, "ClientFileLoggingVariantEnabled": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "enabled" ] } }, "required": [ "mode" ] }, { "$ref": "#/components/schemas/ClientFileLoggingConfig" } ] }, "ClientFileLoggingVariantDisabled": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "disabled" ] } }, "required": [ "mode" ] }, { "type": "object", "properties": {} } ] }, "ObjectTypeFilterSelection": { "allOf": [ { "type": "object", "properties": { "selection": { "type": "array", "items": { "$ref": "#/components/schemas/ObjectType" } } }, "required": [ "selection" ] } ] }, "ApiPath": { "allOf": [ { "type": "object", "properties": { "api_path": { "type": "string" }, "method": { "type": "string" }, "context": { "$ref": "#/components/schemas/TepKeyContext" }, "key_path": { "type": "string" } }, "required": [ "api_path", "method", "context", "key_path" ] } ] }, "CipherMode": { "description": "Cipher mode used for symmetric key algorithms.", "type": "string", "enum": [ "ECB", "CBC", "CBCNOPAD", "CFB", "OFB", "CTR", "GCM", "CCM", "KW", "KWP", "FF1" ] }, "ClientFileLoggingConfig": { "allOf": [ { "type": "object", "properties": { "path": { "type": "string", "nullable": true }, "file_size_kb": { "type": "integer", "nullable": true }, "max_files": { "type": "integer", "minimum": 0, "maximum": 4294967295, "nullable": true } } } ] }, "ObjectType": { "description": "Type of security object.", "type": "string", "enum": [ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "SLIP10", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ] }, "TepKeyContext": { "type": "string", "enum": [ "request", "response" ] } } } } ````