Safewhere Identify 5.14 REST API Release Notes

This document summarizes all changes made to Identify REST API in version 5.14.

Certificates endpoint

The GET /Certificates endpoint has some new parameters: ignoreRawData, searchType, and searchValue.

  • Affected operations: GET /Certificates.
  • Behaviors:

    Name Data type Require? Default value Description
    ignoreRawData boolean ⬜️ false An option to reduce response size. When this setting is set to true, this endpoint will return certificates' information without raw data
    searchType string ⬜️ Thumbprint Specifies the certificate attribute that is used to search for certificates. Valid values are Thumbprint and Subject. The default value is Thumbprint.
    searchValue string ⬜️ N/A When this value is specified, Identify uses the {searchType, searchValue} pair to search for matched certificates. Search by Thumbprint uses exact comparison. Search by Subject looks for subjects that contain the searchValue. All comparisons are case-insensitive.

Connections endpoint

The OAuth authentication connection configuration section model has some new attributes:

  • New configuration fields:

    • jwksEndpoint
    • jwsAlgorithm:
    • Supported value: RSASigning, HMACSymmetric, and None
    • Default value: None
    • symmetricSigningKey: this field is required when you configure the jwsAlgorithm to HMACSymmetric.
    • signingCertificateRevocationCheck:
    • Supported modes: None, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot, and CheckChainExcludeRootCacheOnly
    • Default value: None
  • Affected operations: POST /connections, PUT /connections.

  • Behaviors:

    Name Data type Require? Default value Description
    jwksEndpoint string N/A Specifies the Jwks URL where Identify can fetch the public keys' information of OIDC Identity provider in the JWKS format. The setting can be filled automatically when the authenticationType is one of these values: Facebook, Microsoft, Google or when a valid .well-known/openid-configuration URL is specified
    jwsAlgorithm string ⬜️ None Specifies the JWS algorithm. Supported values are {None, RSASigning, HMACSymmetric}
    symmetricSigningKey string ⬜️ N/A Specifies the symmetric signing key. Required when jWSAlgorithm is HMACSymmetric
    signingCertificateRevocationCheck string ⬜️ None Specifies the signing certificate revocation check mode: Node, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot or CheckChainExcludeRootCacheOnly.