> ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Lookup an application. > Lookup an application. ## OpenAPI ````json GET /sys/v1/apps/{app_id} { "openapi": "3.0.0", "info": { "title": "Fortanix DSM REST API", "description": "This is a set of REST APIs for accessing the Fortanix Data Security Manager. This includes APIs for managing accounts, and for performing cryptographic and key management operations. \n\n **Note:** \n- All binary input should be base64-encoded. These fields are marked with `format: byte`. \n- For forward compatibility, any API client is expected to ignore any fields in the response not explicitly mentioned in the documentation. We reserve the right to add new fields at any time to provide new functionality without affecting existing API clients.", "termsOfService": "https://www.fortanix.com/legal/terms/", "contact": { "name": "Fortanix Support", "url": "https://support.fortanix.com/", "email": "support@fortanix.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "0.1.0-20260526" }, "servers": [ { "url": "https://amer.smartkey.io" } ], "paths": { "/sys/v1/apps/{app_id}": { "get": { "operationId": "GetApp", "tags": [ "Apps" ], "security": [ { "bearerToken": [] }, { "apiKeyAuth": [] } ], "summary": "Lookup an application.", "description": "Lookup an application.", "parameters": [ { "name": "app_id", "in": "path", "required": true, "schema": { "type": "string", "format": "uuid" } }, { "$ref": "#/components/parameters/GetAppParams" } ], "responses": { "2XX": { "description": "Success result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/App" } } } } } } } }, "components": { "parameters": { "GetAppParams": { "in": "query", "name": "GetAppParams", "schema": { "$ref": "#/components/schemas/GetAppParams" }, "explode": true } }, "schemas": { "App": { "allOf": [ { "type": "object", "properties": { "account_membership": { "$ref": "#/components/schemas/AppAccountMembership" }, "acct_id": { "type": "string", "format": "uuid", "description": "The id of the Account that this application belongs to." }, "app_id": { "type": "string", "format": "uuid", "description": "Unique id to identify the application." }, "app_type": { "type": "string", "description": "The user-defined type of this application." }, "cert_not_after": { "type": "string", "pattern": "^\\d{4}\\d{2}\\d{2}T\\d{2}\\d{2}\\d{2}Z$", "example": "20170509T070912Z", "description": "Certificate expiration date for apps that use client certificate or trusted CA auth.\n\nFor a client certificate app, this field is the expiry date of the client certifiate. For a trusted CA app, this field is the maximum expiry date among all configured root CA certs in the app's config.\n\nFor all other apps, this field is omitted." }, "client_configurations": { "$ref": "#/components/schemas/ClientConfigurations" }, "created_at": { "type": "string", "pattern": "^\\d{4}\\d{2}\\d{2}T\\d{2}\\d{2}\\d{2}Z$", "example": "20170509T070912Z", "description": "Timestamp when the application was created." }, "creator": { "$ref": "#/components/schemas/Principal" }, "default_group": { "type": "string", "format": "uuid", "nullable": true, "description": "The default group an application belongs to." }, "description": { "type": "string", "nullable": true, "description": "Description of this application." }, "enabled": { "type": "boolean", "description": "Whether this application is enabled." }, "groups": { "$ref": "#/components/schemas/AppGroups" }, "interface": { "type": "string", "nullable": true, "description": "Interface used with this application (PKCS11, CNG, JCE, KMIP, etc)." }, "ip_address_policy": { "$ref": "#/components/schemas/IpAddressPolicy" }, "last_operations": { "$ref": "#/components/schemas/LastAppOperationTimestamp" }, "lastused_at": { "type": "string", "pattern": "^\\d{4}\\d{2}\\d{2}T\\d{2}\\d{2}\\d{2}Z$", "example": "20170509T070912Z", "description": "Timestamp when the application was most recently used." }, "legacy_access": { "type": "boolean", "description": "If a requester is updating an App or retrieving its credentials,\nthey must have the relevant permissions in all Groups that App has access to.\nBut for legacy Apps, requester is required to have relevant permissions\nin any of the groups that App has access to." }, "name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$", "description": "Name of this application, which must be unique within an account." }, "oauth_config": { "$ref": "#/components/schemas/AppOauthConfig" }, "role": { "$ref": "#/components/schemas/AppRole" } }, "required": [ "acct_id", "app_id", "app_type", "client_configurations", "created_at", "creator", "enabled", "groups", "ip_address_policy", "last_operations", "legacy_access", "name", "role" ] }, { "$ref": "#/components/schemas/AppAuthType" } ] }, "GetAppParams": { "allOf": [ { "type": "object", "description": "Query params for individual App APIs", "properties": { "group_permissions": { "type": "boolean", "description": "Flag specifying if group permissions should be returned with the app group." }, "role": { "type": "string", "description": "The App's role." } } } ] }, "AppAccountMembership": { "allOf": [ { "type": "object", "properties": { "roles": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/components/schemas/AppAccountRoleDescriptor" } } }, "required": [ "roles" ] } ] }, "ClientConfigurations": { "allOf": [ { "type": "object", "properties": { "common": { "$ref": "#/components/schemas/CommonClientConfig" }, "pkcs11": { "$ref": "#/components/schemas/Pkcs11ClientConfig" }, "kmip": { "$ref": "#/components/schemas/KmipClientConfig" }, "tep": { "$ref": "#/components/schemas/TepClientConfig" } } } ] }, "Principal": { "description": "A security principal.", "oneOf": [ { "title": "PrincipalVariantApp", "type": "object", "properties": { "app": { "type": "string", "format": "uuid" } }, "required": [ "app" ] }, { "title": "PrincipalVariantUser", "type": "object", "properties": { "user": { "type": "string", "format": "uuid" } }, "required": [ "user" ] }, { "title": "PrincipalVariantPlugin", "type": "object", "properties": { "plugin": { "type": "string", "format": "uuid" } }, "required": [ "plugin" ] }, { "title": "PrincipalVariantUserViaApp", "type": "object", "properties": { "userviaapp": { "$ref": "#/components/schemas/PrincipalUserViaApp" } }, "required": [ "userviaapp" ] }, { "title": "PrincipalVariantSystem", "type": "string", "enum": [ "system" ] }, { "title": "PrincipalVariantUnregisteredUser", "type": "string", "enum": [ "unregistereduser" ] } ] }, "AppGroups": { "oneOf": [ { "type": "object", "additionalProperties": { "type": "array", "items": { "$ref": "#/components/schemas/AppPermissions" } } }, { "type": "array", "items": { "type": "string", "format": "uuid" }, "uniqueItems": true } ] }, "IpAddressPolicy": { "description": "The IPs that are allowed for an application. ipv4 or ipv6 both are acceptable types.", "oneOf": [ { "title": "IpAddressPolicyVariantAllowAll", "type": "string", "enum": [ "allow_all" ] }, { "title": "IpAddressPolicyVariantWhitelist", "type": "object", "properties": { "whitelist": { "type": "array", "uniqueItems": true, "items": { "type": "string" } } }, "required": [ "whitelist" ] } ] }, "LastAppOperationTimestamp": { "allOf": [ { "type": "object", "properties": { "generic": { "type": "integer", "nullable": true }, "tokenization": { "type": "integer", "nullable": true }, "tep": { "type": "integer", "nullable": true }, "accelerator": { "type": "integer", "nullable": true }, "secrets_management": { "type": "integer", "nullable": true } } } ] }, "AppOauthConfig": { "description": "OAuth settings for an app. If enabled, an app can request to act on behalf of a user.", "oneOf": [ { "$ref": "#/components/schemas/AppOauthConfigVariantEnabled" }, { "$ref": "#/components/schemas/AppOauthConfigVariantDisabled" } ], "discriminator": { "propertyName": "state", "mapping": { "enabled": "AppOauthConfigVariantEnabled", "disabled": "AppOauthConfigVariantDisabled" } } }, "AppRole": { "description": "App's role.", "type": "string", "enum": [ "admin", "crypto" ] }, "AppAuthType": { "allOf": [ { "type": "object", "properties": { "auth_type": { "$ref": "#/components/schemas/AppAuthTypeVariants" }, "auth_type_all": { "type": "array", "items": { "$ref": "#/components/schemas/OneAppAuthType" }, "nullable": true, "description": "If `auth_type` is `all`, this field will include the list of individual auth\ntypes for the app" } }, "required": [ "auth_type" ] } ] }, "AppAccountRoleDescriptor": { "oneOf": [ { "$ref": "#/components/schemas/AppAccountRoleDescriptorVariantSystemDefined" }, { "$ref": "#/components/schemas/AppAccountRoleDescriptorVariantCustom" } ], "discriminator": { "propertyName": "$type", "mapping": { "SystemDefined": "AppAccountRoleDescriptorVariantSystemDefined", "Custom": "AppAccountRoleDescriptorVariantCustom" } } }, "CommonClientConfig": { "allOf": [ { "type": "object", "properties": { "retry_timeout_millis": { "type": "integer", "nullable": true }, "cache_ttl": { "type": "integer", "nullable": true }, "log": { "$ref": "#/components/schemas/ClientLogConfig" }, "h2_num_connections": { "type": "integer", "nullable": true }, "quorum_approval": { "$ref": "#/components/schemas/QuorumApprovalConfig" } } } ] }, "Pkcs11ClientConfig": { "allOf": [ { "type": "object", "properties": { "fake_rsa_x9_31_keygen_support": { "type": "boolean", "nullable": true }, "signing_aes_key_as_hmac": { "type": "boolean", "nullable": true }, "exact_key_ops": { "type": "boolean", "nullable": true }, "prevent_duplicate_opaque_objects": { "type": "boolean", "nullable": true }, "opaque_objects_are_not_certificates": { "type": "boolean", "nullable": true }, "max_concurrent_requests_per_slot": { "type": "integer", "nullable": true } } } ] }, "KmipClientConfig": { "allOf": [ { "type": "object", "properties": { "ignore_unknown_key_ops_for_secrets": { "type": "boolean", "nullable": true, "description": "Use `ignore_unknown_key_ops_for` with [SECRET] instead of `ignore_unknown_key_ops_for_secrets``" }, "ignore_unknown_key_ops_for": { "$ref": "#/components/schemas/ObjectTypeFilter" }, "key_ops_override": { "$ref": "#/components/schemas/KeyOpsOverride" } } } ] }, "TepClientConfig": { "allOf": [ { "type": "object", "properties": { "schema": { "$ref": "#/components/schemas/TepSchema" }, "key_map": { "$ref": "#/components/schemas/TepKeyMapList" } }, "required": [ "schema", "key_map" ] } ] }, "PrincipalUserViaApp": { "allOf": [ { "type": "object", "description": "UserViaApp signifies a user authorizing some app to act on its behalf through OAuth.", "properties": { "user_id": { "type": "string", "format": "uuid" }, "scopes": { "type": "array", "uniqueItems": true, "items": { "$ref": "#/components/schemas/OauthScope" } } }, "required": [ "user_id", "scopes" ] } ] }, "AppPermissions": { "description": "Operations allowed to be performed by an app.\n\n\n\n SIGN:\n\n\n VERIFY:\n\n\n ENCRYPT:\n\n\n DECRYPT:\n\n\n WRAPKEY:\n\n\n UNWRAPKEY:\n\n\n DERIVEKEY:\n\n\n MACGENERATE:\n\n\n MACVERIFY:\n\n\n EXPORT:\n\n\n MANAGE:\n\n\n AGREEKEY:\n\n\n MASKDECRYPT:\n\n\n AUDIT:\n\n\n TRANSFORM:\n\n\n CREATE_SOBJECTS:\n\n\n COPY_SOBJECTS:\n\n\n ROTATE_SOBJECTS:\n\n\n ACTIVATE_SOBJECTS:\n\n\n REVOKE_SOBJECTS:\n\n\n REVERT_SOBJECTS:\n\n\n MOVE_SOBJECTS:\n\n\n UPDATE_SOBJECTS_PROFILE:\n\n\n UPDATE_SOBJECTS_ENABLED_STATE:\n\n\n UPDATE_SOBJECT_POLICIES:\n\n\n UPDATE_KEY_OPS:\n\n\n DELETE_KEY_MATERIAL:\n\n\n DELETE_SOBJECTS:\n\n\n DESTROY_SOBJECTS:\n\n\n RESTORE_EXTERNAL_SOBJECTS:\n\n\n CALCULATE_DIGEST:\n\n\n ENCAPSULATE:\n\n\n DECAPSULATE:\n\n", "type": "string", "enum": [ "SIGN", "VERIFY", "ENCRYPT", "DECRYPT", "WRAPKEY", "UNWRAPKEY", "DERIVEKEY", "MACGENERATE", "MACVERIFY", "EXPORT", "MANAGE", "AGREEKEY", "MASKDECRYPT", "AUDIT", "TRANSFORM", "CREATE_SOBJECTS", "COPY_SOBJECTS", "ROTATE_SOBJECTS", "ACTIVATE_SOBJECTS", "REVOKE_SOBJECTS", "REVERT_SOBJECTS", "MOVE_SOBJECTS", "UPDATE_SOBJECTS_PROFILE", "UPDATE_SOBJECTS_ENABLED_STATE", "UPDATE_SOBJECT_POLICIES", "UPDATE_KEY_OPS", "DELETE_KEY_MATERIAL", "DELETE_SOBJECTS", "DESTROY_SOBJECTS", "RESTORE_EXTERNAL_SOBJECTS", "CALCULATE_DIGEST", "ENCAPSULATE", "DECAPSULATE" ] }, "AppOauthConfigVariantEnabled": { "allOf": [ { "type": "object", "properties": { "state": { "type": "string", "enum": [ "enabled" ] } }, "required": [ "state" ] }, { "$ref": "#/components/schemas/AppOauthConfigEnabled" } ] }, "AppOauthConfigVariantDisabled": { "allOf": [ { "type": "object", "properties": { "state": { "type": "string", "enum": [ "disabled" ] } }, "required": [ "state" ] }, { "type": "object", "properties": {} } ] }, "AppAuthTypeVariants": { "oneOf": [ { "title": "AppAuthTypeVariantsVariantAll", "type": "string", "enum": [ "All" ] }, { "$ref": "#/components/schemas/OneAppAuthType" } ] }, "OneAppAuthType": { "description": "Authentication method of an app.", "type": "string", "enum": [ "Secret", "GoogleServiceAccount", "SignedJwt", "Ldap", "AwsIam", "AwsXks", "GoogleWorkspaceCSE", "Certificate", "TrustedCa" ] }, "AppAccountRoleDescriptorVariantSystemDefined": { "allOf": [ { "type": "object", "properties": { "$type": { "type": "string", "enum": [ "SystemDefined" ] }, "value": { "$ref": "#/components/schemas/AppAccountRole" } }, "required": [ "$type", "value" ] } ] }, "AppAccountRoleDescriptorVariantCustom": { "allOf": [ { "type": "object", "properties": { "$type": { "type": "string", "enum": [ "Custom" ] }, "value": { "type": "string", "format": "uuid" } }, "required": [ "$type", "value" ] } ] }, "ClientLogConfig": { "allOf": [ { "type": "object", "properties": { "system": { "type": "boolean", "nullable": true }, "file": { "$ref": "#/components/schemas/ClientFileLogging" }, "level": { "type": "string", "nullable": true } } } ] }, "QuorumApprovalConfig": { "allOf": [ { "type": "object", "description": "Quorum Policy Configurations in clients", "properties": { "wait_for_quorum_approval": { "$ref": "#/components/schemas/ApprovalWaitConfig" } } } ] }, "ObjectTypeFilter": { "oneOf": [ { "$ref": "#/components/schemas/ObjectTypeFilterVariantAll" }, { "$ref": "#/components/schemas/ObjectTypeFilterVariantSelection" } ], "discriminator": { "propertyName": "$type", "mapping": { "All": "ObjectTypeFilterVariantAll", "Selection": "ObjectTypeFilterVariantSelection" } } }, "KeyOpsOverride": { "allOf": [ { "type": "object", "properties": { "add_key_ops": { "type": "array", "items": { "$ref": "#/components/schemas/KeyOperations" }, "nullable": true, "description": "The operations to add to any key creation request (only supported in KMIP).\n\nThe following operations can be specified:\n- `EXPORT`\n- `APPMANAGEABLE`\n- `HIGHVOLUME`\n\nThe operations specified cannot conflict with what's specified in the\n`key_ops` field of account and/or group policies (where applicable).\n\n**Note**: This is only enforced on (KMIP) creation requests since we assume\nupdates removing key operations are intentional." } } } ] }, "TepSchema": { "oneOf": [ { "$ref": "#/components/schemas/TepSchemaVariantOpenAPI" } ], "discriminator": { "propertyName": "$type", "mapping": { "OpenAPI": "TepSchemaVariantOpenAPI" } } }, "TepKeyMapList": { "allOf": [ { "type": "array", "items": { "$ref": "#/components/schemas/TepKeyMap" } } ] }, "OauthScope": { "description": "OAuth scope.", "type": "string", "enum": [ "app", "openid", "email", "profile" ] }, "AppOauthConfigEnabled": { "allOf": [ { "type": "object", "properties": { "redirect_uris": { "type": "array", "items": { "type": "string" } } }, "required": [ "redirect_uris" ] } ] }, "AppAccountRole": { "type": "string", "enum": [ "AccountAdministrator", "AccountMember", "AccountAuditor" ] }, "ClientFileLogging": { "oneOf": [ { "$ref": "#/components/schemas/ClientFileLoggingVariantEnabled" }, { "$ref": "#/components/schemas/ClientFileLoggingVariantDisabled" } ], "discriminator": { "propertyName": "mode", "mapping": { "enabled": "ClientFileLoggingVariantEnabled", "disabled": "ClientFileLoggingVariantDisabled" } } }, "ApprovalWaitConfig": { "allOf": [ { "type": "object", "description": "Configurations for waiting for quorum approval.", "properties": { "enabled": { "type": "boolean", "description": "Indicates whether waiting for quorum approval is activated or disabled" }, "poll_interval_secs": { "type": "integer", "nullable": true, "description": "Time interval in seconds for client lib to check quorum status." }, "max_wait_for_secs": { "type": "integer", "nullable": true, "description": "Maximum time in seconds for client lib to wait for quorum reply." } }, "required": [ "enabled" ] } ] }, "ObjectTypeFilterVariantAll": { "allOf": [ { "type": "object", "properties": { "$type": { "type": "string", "enum": [ "All" ] } }, "required": [ "$type" ] }, { "type": "object", "properties": {} } ] }, "ObjectTypeFilterVariantSelection": { "allOf": [ { "type": "object", "properties": { "$type": { "type": "string", "enum": [ "Selection" ] } }, "required": [ "$type" ] }, { "$ref": "#/components/schemas/ObjectTypeFilterSelection" } ] }, "KeyOperations": { "description": "Operations allowed to be performed on a given key.\n\n\n\n SIGN:\n If this is set, the key can be used to for signing.\n\n\n VERIFY:\n If this is set, the key can used for verifying a signature.\n\n\n ENCRYPT:\n If this is set, the key can be used for encryption.\n\n\n DECRYPT:\n If this is set, the key can be used for decryption.\n\n\n WRAPKEY:\n If this is set, the key can be used wrapping other keys.\n The key being wrapped must have the EXPORT operation enabled.\n\n\n UNWRAPKEY:\n If this is set, the key can be used to unwrap a wrapped key.\n\n\n DERIVEKEY:\n If this is set, the key can be used to derive another key.\n\n\n TRANSFORM:\n If this is set, the key can be transformed.\n\n\n MACGENERATE:\n If this is set, the key can be used to compute a cryptographic\n Message Authentication Code (MAC) on a message.\n\n\n MACVERIFY:\n If they is set, the key can be used to verify a MAC.\n\n\n EXPORT:\n If this is set, the value of the key can be retrieved\n with an authenticated request. This shouldn't be set unless\n required. It is more secure to keep the key's value inside DSM only.\n\n\n APPMANAGEABLE:\n Without this operation, management operations like delete, destroy,\n rotate, activate, restore, revoke, revert, update, remove_private, etc.\n cannot be performed by a crypto App.\n A user with access or admin app can still perform these operations.\n This option is only relevant for crypto apps.\n\n\n HIGHVOLUME:\n If this is set, audit logs will not be recorded for the key.\n High volume here tries to signify a key that is being used a lot\n and will produce lots of logs. Setting this operation disables\n audit logs for the key.\n\n\n AGREEKEY:\n If this is set, the key can be used for key agreement.\n Both the private and public key should have this option enabled\n to perform an agree operation.\n\n\n ENCAPSULATE:\n If this is set, the key can be used for key encapsulation. The\n result is a new symmetric key and a ciphertext.\n\n\n DECAPSULATE:\n If this is set, the key can be used for key decapsulation. If\n decapsulation succeeds, the result is a new symmetric key.\n\n", "type": "string", "enum": [ "SIGN", "VERIFY", "ENCRYPT", "DECRYPT", "WRAPKEY", "UNWRAPKEY", "DERIVEKEY", "TRANSFORM", "MACGENERATE", "MACVERIFY", "EXPORT", "APPMANAGEABLE", "HIGHVOLUME", "AGREEKEY", "ENCAPSULATE", "DECAPSULATE" ] }, "TepSchemaVariantOpenAPI": { "allOf": [ { "type": "object", "properties": { "$type": { "type": "string", "enum": [ "OpenAPI" ] } }, "required": [ "$type" ] }, { "type": "object", "properties": { "openapi": { "type": "string" } } } ] }, "TepKeyMap": { "allOf": [ { "type": "object", "properties": { "path": { "$ref": "#/components/schemas/ApiPath" }, "kid": { "type": "string", "format": "uuid" }, "mode": { "$ref": "#/components/schemas/CipherMode" } }, "required": [ "path", "kid", "mode" ] } ] }, "ClientFileLoggingVariantEnabled": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "enabled" ] } }, "required": [ "mode" ] }, { "$ref": "#/components/schemas/ClientFileLoggingConfig" } ] }, "ClientFileLoggingVariantDisabled": { "allOf": [ { "type": "object", "properties": { "mode": { "type": "string", "enum": [ "disabled" ] } }, "required": [ "mode" ] }, { "type": "object", "properties": {} } ] }, "ObjectTypeFilterSelection": { "allOf": [ { "type": "object", "properties": { "selection": { "type": "array", "items": { "$ref": "#/components/schemas/ObjectType" } } }, "required": [ "selection" ] } ] }, "ApiPath": { "allOf": [ { "type": "object", "properties": { "api_path": { "type": "string" }, "method": { "type": "string" }, "context": { "$ref": "#/components/schemas/TepKeyContext" }, "key_path": { "type": "string" } }, "required": [ "api_path", "method", "context", "key_path" ] } ] }, "CipherMode": { "description": "Cipher mode used for symmetric key algorithms.", "type": "string", "enum": [ "ECB", "CBC", "CBCNOPAD", "CFB", "OFB", "CTR", "GCM", "CCM", "KW", "KWP", "FF1" ] }, "ClientFileLoggingConfig": { "allOf": [ { "type": "object", "properties": { "path": { "type": "string", "nullable": true }, "file_size_kb": { "type": "integer", "nullable": true }, "max_files": { "type": "integer", "minimum": 0, "maximum": 4294967295, "nullable": true } } } ] }, "ObjectType": { "description": "Type of security object.", "type": "string", "enum": [ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "SLIP10", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ] }, "TepKeyContext": { "type": "string", "enum": [ "request", "response" ] } } } } ````