{ "swagger": "2.0", "info": { "contact": { "email": "info@ehealth.fgov.be", "name": "eHealth Platform Belgium" }, "title": "API ETEE", "version": "1.0" }, "host": "api.ehealth.fgov.be", "basePath": "/etee/v1", "schemes": [ "https" ], "paths": { "/etks": { "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "Identifier of the ETK owner", "in": "query", "name": "identifier", "required": true, "type": "string" }, { "description": "Type of identifier (e.g. ssin/nihii/cbe)", "in": "query", "name": "type", "required": true, "type": "string" }, { "description": "The application Id of the key. This optional parameter allows the requester retrieving a specific", "in": "query", "name": "applicationIdentifier", "type": "string" } ], "responses": { "200": { "description": "Success", "schema": { "items": { "$ref": "#/definitions/Etk" }, "type": "array" } }, "400": { "description": "Unknown search criteria", "schema": { "$ref": "#/definitions/Problem" } }, "404": { "description": "There exists no ETK matching your search criteria", "schema": { "$ref": "#/definitions/Problem" } }, "default": { "description": "default error", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Encryption Token Registry" ], "description": "Gets an etks list by owner identifier, type and application identifier", "operationId": "getEtks" } }, "/pubKeys/cacerts/jwks": { "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "Identifier of the ETK owner", "in": "query", "name": "identifier", "required": true, "type": "string" }, { "description": "Type of identifier", "in": "query", "name": "type", "required": true, "type": "string" }, { "description": "Application identifier", "in": "query", "name": "applicationIdentifier", "type": "string" }, { "description": "Use of the JWKS: see RFC7517 §4.2 for more information", "in": "query", "name": "use", "required": true, "type": "string" }, { "description": "lookup moment default is now", "format": "date-time", "in": "query", "name": "time", "type": "string" }, { "description": "Requested fields to specify the response", "in": "query", "name": "select", "type": "string" } ], "responses": { "200": { "description": "Success", "schema": { "$ref": "#/definitions/JsonWebKeySet" } }, "400": { "description": "Unknown search criteria", "schema": { "$ref": "#/definitions/Problem" } }, "404": { "description": "There exists no ETK matching your search criteria", "schema": { "$ref": "#/definitions/Problem" } }, "default": { "description": "default error", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Public Keys Registry" ], "description": "Gets an etks list by owner identifier, type and application identifier", "operationId": "getJwks" } }, "/pubKeys/cacerts/jwks/{kid}": { "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "The identifier of a key. This information is returned in the response of the operation getJwks", "in": "path", "name": "kid", "required": true, "type": "string" } ], "responses": { "200": { "description": "Success", "schema": { "$ref": "#/definitions/JsonWebKeySet" } }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Public Keys Registry" ], "description": "Method to retrieve only one specific ETK by the key identifier", "operationId": "getJwkByKid" } }, "/pubKeys/cacerts/keyholders/{kid}": { "get": { "produces": [ "application/json", "application/xml", "application/problem+json" ], "parameters": [ { "description": "The identifier of a key. This information is returned in the response of the operation getJwks", "in": "path", "name": "kid", "required": true, "type": "string" }, { "description": "If not present application/json is assumed", "in": "header", "name": "Accept", "type": "string" } ], "responses": { "200": { "description": "Success", "schema": { "type": "object" } }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Public Keys Registry" ], "description": "Method to retrieve (via a kid) the key holder of an ETK", "operationId": "getKeyHolderByKid" } }, "/pubKeys/webauthn/accounts/{accountId}": { "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "Account id of the user. This id is returned in the response of the method /pubKeys/webauthn/attestation/options", "in": "path", "name": "accountId", "required": true, "type": "string" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/AccountDetails" } }, "204": { "description": "No Content" }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/Problem" } }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Public Keys Registry" ], "description": "Method to retrieve all the keys linked to a person (public keys, keys created,…)", "operationId": "getAccount" } }, "/pubKeys/webauthn/attestation/options": { "post": { "consumes": [ "application/json" ], "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "in": "body", "name": "body", "required": false, "schema": { "$ref": "#/definitions/ServerPublicKeyCredentialCreationOptionsRequest" } } ], "responses": { "200": { "description": "Success - attestation authorisation returned", "schema": { "$ref": "#/definitions/ServerPublicKeyCredentialCreationOptionsResponse" } }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/Problem" } }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [ "manage-keys" ] } ], "tags": [ "Public Keys Registry" ], "description": "Requests authorization options linked to navigator.credentials.create(). This initial request is necessary to retry attestation information before send an atttestationObject or JsonObject to register a key", "operationId": "postAttestationOptions", "x-codegen-request-body-name": "ServerPublicKeyCredentialCreationOptionsRequest" } }, "/pubKeys/webauthn/attestation/result": { "post": { "consumes": [ "application/json" ], "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "attestation details", "in": "body", "name": "body", "required": false, "schema": { "$ref": "#/definitions/ServerPublicKeyCredentialAttestationRequest" } } ], "responses": { "201": { "description": "Created" }, "412": { "description": "Precondition failed" }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [ "manage-keys" ] } ], "tags": [ "Public Keys Registry" ], "description": "navigator.credentials.create() - Post request to send an attestation to eHealth and so register a public key. This attestation contains mainly the public key of an ‘assymetric keys pair’ as object", "operationId": "postAttestationResult", "x-codegen-request-body-name": "ServerPublicKeyCredential" } }, "/pubKeys/webauthn/attestations/{kid}": { "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "The identifier of a key (its credential ID)", "in": "path", "name": "kid", "required": true, "type": "string" } ], "responses": { "200": { "description": "Success", "schema": { "$ref": "#/definitions/AttestationObject" } }, "204": { "description": "No Content" }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/Problem" } }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Public Keys Registry" ], "description": "Method to retrieve the attestationObject linked to the public key", "operationId": "getAttestation" } }, "/pubKeys/webauthn/jwks": { "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "Id type of the client (SSIN, NIHII, CBE, EHP)", "in": "query", "name": "type", "required": true, "type": "string" }, { "description": "Value of the client’s id", "in": "query", "name": "value", "required": true, "type": "string" }, { "description": "The use specification of the public key(s) which must be retrieved: 2 values possible: sig or enc", "in": "query", "name": "use", "type": "string" }, { "description": "The application name of the public key(s) which must be retrieved", "in": "query", "name": "application", "type": "string" }, { "description": "This parameter is a date. It allows to filter the response in order to return only the key(s) which was(were) valid at this time", "format": "date-time", "in": "query", "name": "validityTime", "type": "string" } ], "responses": { "200": { "description": "OK", "schema": { "$ref": "#/definitions/JsonWebKeySet" } }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Public Keys Registry" ], "description": "Method to retrieve all the user’s public keys for a specified usage", "operationId": "getKeyAsJwks" } }, "/pubKeys/webauthn/jwks/{kid}": { "delete": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "The identifier of a key (its credential ID)", "in": "path", "name": "kid", "required": true, "type": "string" } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Not Found" }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [ "manage-keys" ] } ], "tags": [ "Public Keys Registry" ], "description": "Method to delete a specific public key", "operationId": "deleteJwk" }, "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "The identifier of a key (its credential ID)", "in": "path", "name": "kid", "required": true, "type": "string" } ], "responses": { "200": { "description": "Success", "schema": { "$ref": "#/definitions/JsonWebKey" } }, "204": { "description": "No Content" }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Public Keys Registry" ], "description": "Method to retrieve only one specific public key", "operationId": "getJwk" }, "patch": { "consumes": [ "application/merge-patch+json" ], "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "The identifier of a key (its credential ID)", "in": "path", "name": "kid", "required": true, "type": "string" }, { "in": "body", "name": "body", "required": true, "schema": { "$ref": "#/definitions/JsonWebKeyOptions" } } ], "responses": { "204": { "description": "No Content" }, "404": { "description": "Not Found" }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [ "manage-keys" ] } ], "tags": [ "Public Keys Registry" ], "description": "Method to add information to an existing public key already registered by a POST method", "operationId": "patchJwk", "x-codegen-request-body-name": "options" } }, "/pubKeys/webauthn/keyholder/{kid}": { "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "The identifier of a key (its credential ID)", "in": "path", "name": "kid", "required": true, "type": "string" } ], "responses": { "200": { "description": "Success", "schema": { "$ref": "#/definitions/KeyHolder" } }, "204": { "description": "No Content" }, "400": { "description": "Bad Request", "schema": { "$ref": "#/definitions/Problem" } }, "default": { "description": "Failure server response", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [] } ], "tags": [ "Public Keys Registry" ], "description": "Method which allows to retrieve the information about a key holder", "operationId": "getKeyHolder" } }, "/symKeys": { "post": { "consumes": [ "application/json" ], "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "Key information", "in": "body", "name": "body", "required": true, "schema": { "$ref": "#/definitions/SymKey" } } ], "responses": { "200": { "description": "Success - symkey information returned", "schema": { "$ref": "#/definitions/JsonWebKeySet" } }, "default": { "description": "default error", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [ "manage-keys" ] } ], "tags": [ "Symmetric Keys Registry" ], "description": "Creates a new KGSS symmetric key", "operationId": "postSymKeys", "x-codegen-request-body-name": "symKey," } }, "/symKeys/{keyIdentifier}": { "delete": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "Identifier of the symmetric key", "in": "path", "name": "keyIdentifier", "required": true, "type": "string" } ], "responses": { "204": { "description": "Success" }, "404": { "description": "No key found", "schema": { "$ref": "#/definitions/Problem" } }, "default": { "description": "default error", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [ "manage-keys" ] } ], "tags": [ "Symmetric Keys Registry" ], "description": "Delete a KGSS symmetric key by identifier (only the key creator is authorized to delete his own key)", "operationId": "deleteSymKey" }, "get": { "produces": [ "application/json", "application/problem+json" ], "parameters": [ { "description": "Identifier of the symmetric key", "in": "path", "name": "keyIdentifier", "required": true, "type": "string" } ], "responses": { "200": { "description": "Success - symkey information returned", "schema": { "$ref": "#/definitions/JsonWebKeySet" } }, "404": { "description": "No key found", "schema": { "$ref": "#/definitions/Problem" } }, "default": { "description": "default error", "schema": { "$ref": "#/definitions/Problem" } } }, "security": [ { "OAuth2": [ "read-keys" ] } ], "tags": [ "Symmetric Keys Registry" ], "description": "Gets a KGSS symmetric key by identifier ", "operationId": "getSymKey" } } }, "definitions": { "AccountDetail": { "example": { "attestationObjectRef": { "href": "/attestations/b37101e1-7409-4529-8b94-64f024421a09" }, "jwkRef": { "href": "/jwk/b37101e1-7409-4529-8b94-64f024421a09" }, "name": "moto g 2013" }, "properties": { "attestationObjectRef": { "$ref": "#/definitions/AccountDetail_attestationObjectRef" }, "jwkRef": { "$ref": "#/definitions/AccountDetail_jwkRef" }, "name": { "description": "Meaningfull name of the key", "example": "moto g 2013", "type": "string" } }, "type": "object" }, "AccountDetail_attestationObjectRef": { "description": "Reference to the AttestationObject of the public keys linked to the accountId", "example": { "href": "/attestations/b37101e1-7409-4529-8b94-64f024421a09" }, "properties": { "href": { "example": "/attestations/b37101e1-7409-4529-8b94-64f024421a09", "type": "string" } } }, "AccountDetail_jwkRef": { "description": "References to the public keys linked to the accountId", "example": { "href": "/jwk/b37101e1-7409-4529-8b94-64f024421a09" }, "properties": { "href": { "example": "/jwk/b37101e1-7409-4529-8b94-64f024421a09", "type": "string" } } }, "AccountDetails": { "example": { "accountId": "08455776-6b71-45a9-bf07-9f98d3776dc3", "details": [ { "attestationObjectRef": { "href": "/attestations/b37101e1-7409-4529-8b94-64f024421a09" }, "jwkRef": { "href": "/jwk/b37101e1-7409-4529-8b94-64f024421a09" }, "name": "moto g 2013" }, { "attestationObjectRef": { "href": "/attestations/b37101e1-7409-4529-8b94-64f024421a09" }, "jwkRef": { "href": "/jwk/b37101e1-7409-4529-8b94-64f024421a09" }, "name": "moto g 2013" } ], "username": "hanndecl" }, "properties": { "accountId": { "example": "08455776-6b71-45a9-bf07-9f98d3776dc3", "type": "string" }, "details": { "items": { "$ref": "#/definitions/AccountDetail" }, "type": "array" }, "username": { "description": "The username linked to the user", "example": "hanndecl", "type": "string" } }, "type": "object" }, "AttestationConveyancePreference": { "description": "none: Relying Party is not interested in authenticator attestation /indirect: Relying Party prefers an attestation conveyance yielding verifiable attestation statements, but allows the client to decide how to obtain such attestation statements/direct:Relying Party wants to receive the attestation statement as generated by the authenticator", "enum": [ "none", "indirect", "direct" ], "example": "direct", "type": "string" }, "AttestationObject": { "description": "This attribute contains an attestation object, which is opaque to, and cryptographically protected against tampering by, the client. The attestation object contains both authenticator data and an attestation statement. The former contains the AAGUID, a unique credential ID, and the credential public key. The contents of the attestation statement are determined by the attestation statement format used by the authenticator. It also contains any additional information that the Relying Party's server requires to validate the attestation statement, as well as to decode and validate the authenticator data along with the JSON-serialized client data", "example": { "fmt": "fmt" }, "properties": { "fmt": { "description": "Type of the returned attestation object (e.g. packed). See Webauthn specification for more details", "type": "string" } }, "type": "object" }, "AuthenticatorAttachment": { "enum": [ "platform", "cross-platform" ], "example": "platform", "type": "string" }, "AuthenticatorSelectionCriteria": { "example": { "authenticatorAttachment": "platform", "requireResidentKey": true, "userVerification": "required" }, "properties": { "authenticatorAttachment": { "$ref": "#/definitions/AuthenticatorAttachment" }, "requireResidentKey": { "description": "This member describes the Relying Parties requirements regarding resident credentials. If the parameter is set to true, the authenticator MUST create a client-side-resident public key credential source when creating a public key credential", "type": "boolean" }, "userVerification": { "$ref": "#/definitions/UserVerificationRequirement" } }, "type": "object" }, "CoseAlgorithmIdentifier": { "description": "See RFC8152 for more information", "type": "integer" }, "Etk": { "example": { "key": { "applicationIdentifier": "applicationIdentifier" }, "value": "ZXRr" }, "properties": { "key": { "$ref": "#/definitions/EtkKey" }, "value": { "example": "ZXRr", "format": "byte", "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$", "type": "string" } }, "required": [ "key", "value" ], "type": "object" }, "EtkKey": { "example": { "applicationIdentifier": "applicationIdentifier" }, "properties": { "applicationIdentifier": { "description": "The application Id of the key, defined by the key holder during the key creation", "type": "string" } }, "type": "object" }, "JsonWebKey": { "description": "JSON Web Key", "example": { "crv": "P-256", "kid": 1, "kty": "EC", "use": "enc", "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM" }, "properties": { "kid": { "description": "The identifier of the key", "type": "string" }, "kty": { "description": "The key type", "type": "string" }, "use": { "$ref": "#/definitions/KeyUsage" } }, "required": [ "kty" ], "type": "object" }, "JsonWebKeyOptions": { "properties": { "name": { "description": "Meaningfull name that the user wants to define for the key", "example": "moto g 2013", "type": "string" }, "use": { "description": "A use specification if the public key has a limitation to a specific usage", "example": "sig", "type": "string" } }, "type": "object" }, "JsonWebKeySet": { "example": { "keys": [ { "crv": "P-256", "kid": 1, "kty": "EC", "use": "enc", "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM" }, { "crv": "P-256", "kid": 1, "kty": "EC", "use": "enc", "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM" } ] }, "properties": { "keys": { "items": { "$ref": "#/definitions/JsonWebKey" }, "type": "array" } }, "type": "object" }, "KeyHolder": { "description": "claim containing the key holder identification", "type": "object" }, "KeyUsage": { "description": "The use specification of the public key ", "enum": [ "sig", "enc" ], "example": "sig", "type": "string" }, "Problem": { "description": "A Problem Details object (RFC 7807)", "properties": { "detail": { "description": "A human-readable explanation specific to this occurrence of the problem", "type": "string" }, "instance": { "description": "A URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.", "format": "uri", "type": "string" }, "status": { "description": "The HTTP status code generated by the origin server for this occurrence of the problem.", "example": 503, "exclusiveMaximum": true, "format": "int32", "maximum": 600, "minimum": 400, "type": "integer" }, "title": { "description": "A short, summary of the problem type. Written in english and readable for engineers (usually not suited for non technical stakeholders and not localized)", "example": "Service Unavailable", "type": "string" }, "type": { "default": "about:blank", "description": "An URI reference that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type (e.g. using HTML).", "format": "uri", "type": "string" } }, "type": "object" }, "PublicKeyCredentialParameters": { "example": { "alg": 0, "type": "public-key" }, "properties": { "alg": { "description": "See RFC8152 for more information", "type": "integer" }, "type": { "$ref": "#/definitions/PublicKeyCredentialType" } }, "type": "object" }, "PublicKeyCredentialRpEntity": { "example": { "icon": "icon", "id": "id", "name": "name" }, "properties": { "icon": { "type": "string" }, "id": { "type": "string" }, "name": { "type": "string" } }, "type": "object" }, "PublicKeyCredentialType": { "description": "Value is the string public-key", "enum": [ "public-key" ], "example": "public-key", "type": "string" }, "ServerAuthenticatorAttestationResponse": { "example": { "attestationObject": "attestationObject", "clientDataJSON": "clientDataJSON" }, "properties": { "attestationObject": { "description": "This attribute contains an attestation object, which is opaque to, and cryptographically protected against tampering by, the client. The attestation object contains both authenticator data and an attestation statement. The former contains the AAGUID, a unique credential ID, and the credential public key. The contents of the attestation statement are determined by the attestation statement format used by the authenticator. It also contains any additional information that the Relying Party's server requires to validate the attestation statement, as well as to decode and validate the authenticator data along with the JSON-serialized client data", "type": "string" }, "clientDataJSON": { "description": "This attribute contains a JSON serialization (This is the result of JSON stringifying and UTF-8 encoding to bytes a CollectedClientData dictionary) of the client data passed to the authenticator by the client in its call to either create() or get()", "type": "string" } }, "type": "object" }, "ServerPublicKeyCredentialAttestationRequest": { "example": { "id": "id", "rawId": "rawId", "response": { "attestationObject": "attestationObject", "clientDataJSON": "clientDataJSON" }, "type": "public-key" }, "properties": { "id": { "description": "The credential’s identifier which is present in the attestation object", "type": "string" }, "rawId": { "description": "The credential’s identifier which is present in the attestation object. Same value than field id", "type": "string" }, "response": { "$ref": "#/definitions/ServerAuthenticatorAttestationResponse" }, "type": { "$ref": "#/definitions/PublicKeyCredentialType" } }, "type": "object" }, "ServerPublicKeyCredentialCreationOptionsRequest": { "example": { "displayName": "Adam Powers", "username": "apowers" }, "properties": { "attestation": { "$ref": "#/definitions/AttestationConveyancePreference" }, "authenticatorSelection": { "$ref": "#/definitions/AuthenticatorSelectionCriteria" }, "displayName": { "description": "String of the display name defined by the user", "type": "string" }, "username": { "description": "String of the username defined by the user", "type": "string" } }, "required": [ "displayName", "username" ], "type": "object" }, "ServerPublicKeyCredentialCreationOptionsResponse": { "example": { "attestation": "direct", "authenticatorSelection": { "authenticatorAttachment": "platform", "requireResidentKey": true, "userVerification": "required" }, "challenge": "challenge", "pubKeyCredParams": [ { "alg": 0, "type": "public-key" }, { "alg": 0, "type": "public-key" } ], "rp": { "icon": "icon", "id": "id", "name": "name" }, "timeout": 60000, "user": { "accountId": "08455776-6b71-45a9-bf07-9f98d3776dc3", "displayName": "Adam Powers", "username": "apowers" } }, "properties": { "attestation": { "$ref": "#/definitions/AttestationConveyancePreference" }, "authenticatorSelection": { "$ref": "#/definitions/AuthenticatorSelectionCriteria" }, "challenge": { "description": "This member represents a challenge that the selected authenticator signs, along with other data, when producing an authentication assertion", "format": "byte", "pattern": "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$", "type": "string" }, "pubKeyCredParams": { "description": "Information about the desired properties of the credential to be created", "items": { "$ref": "#/definitions/PublicKeyCredentialParameters" }, "type": "array" }, "rp": { "$ref": "#/definitions/PublicKeyCredentialRpEntity" }, "timeout": { "description": "This member specifies a time, in milliseconds, that the caller is willing to wait for the call to complete", "example": 60000, "type": "integer" }, "user": { "$ref": "#/definitions/UserInformation" } }, "type": "object" }, "SymKey": { "example": { "allowedReaders": [ null, null ], "deletionStrategy": { "expirationDate": "expirationDate" }, "jwk": { "crv": "P-256", "kid": 1, "kty": "EC", "use": "enc", "x": "MKBCTNIcKUSDii11ySs3526iDZ8AiTo7Tu6KPAqv7D4", "y": "4Etl6SRW2YiLUrN5vfvVHuhp7x8PxltmWWlbbM4IFyM" }, "keyIdentifier": "keyIdentifier", "purpose": "purpose" }, "properties": { "allowedReaders": { "description": "The claims which define who is authorized to retrieve the symkey by using the secured GET operation", "items": { "$ref": "#/definitions/SymKeyAllowedReader" }, "type": "array" }, "deletionStrategy": { "$ref": "#/definitions/SymKeyDeletionStrategy" }, "jwk": { "$ref": "#/definitions/JsonWebKey" }, "keyIdentifier": { "description": "The identifier of the key generated by the backend", "type": "string" }, "purpose": { "description": "The context of the key creation. The values are fixed by eHealth. By example: recipe, chapterIV", "type": "string" } }, "type": "object" }, "SymKeyAllowedReader": { "type": "object" }, "SymKeyDeletionStrategy": { "example": { "expirationDate": "expirationDate" }, "properties": { "expirationDate": { "description": "Date when the symkey must become inactive", "type": "string" } }, "required": [ "expirationDate" ], "type": "object" }, "UserInformation": { "example": { "accountId": "08455776-6b71-45a9-bf07-9f98d3776dc3", "displayName": "Adam Powers", "username": "apowers" }, "properties": { "displayName": { "description": "String of the display name defined by the user", "type": "string" }, "id": { "description": "AccountId generated by the backend and linked to the user", "type": "string" }, "name": { "description": "String of the username defined by the user", "type": "string" } }, "required": [ "displayName", "id", "name" ], "type": "object" }, "UserVerificationRequirement": { "enum": [ "required", "preferred", "discouraged" ], "example": "required", "type": "string" } }, "securityDefinitions": { "OAuth2": { "authorizationUrl": "https://api.ehealth.fgov.be/auth/realms/YourRealm/protocol/openid-connect/auth", "flow": "accessCode", "scopes": { "manage-keys": "Grants write access", "read-keys": "default role no consent required" }, "tokenUrl": "https://api.ehealth.fgov.be/auth/realms/YourRealm/protocol/openid-connect/token", "type": "oauth2" } }, "x-components": {} }