Manage Transfer CFT protocols

This section describes the REST APIs that you can use to manage the PeSIT protocol in Transfer CFT, and information on how to deploy the configuration.

To access the Swagger documentation for these APIs, please refer to Central Governance API v2.1.

Client protocols

When you create or update a client protocol:

  • The port is ignored
  • Do not provide the keyAlias and securityProfile parameters

Server protocols

When you create or update a server protocol:

  • Port is mandatory
  • The keyAlias is mandatory (key to use)
  • The securityProfile is mandatory (initial reference to private key)
  • When you upload the SSH key, you specify a KeyAlias. And when you create an SSH key, you specifie a SecurityProfile. The KeyAlias and SecurityProfile work as a pair; Central Governance allows one SecurityProfile per KeyAlias, and vice versa.
  • If you create or update a protocol where there is an existing SecurityProfile that references the given KeyAlias, the given SecurityProfile is ignored, and the existing one is used instead. Otherwise, a SecurityProfile with the new name is created.

Create a protocol

POST /api/v2/cft/configuration/{businessId}/protocols

If you use the name of an existing certificate when creating an SSL PeSIT protocol, Central Governancedisregards the new certificate and uses the existing certificate instead. However, if the certificate name does not exist, then the protocol is created along with a new certificate.

For example, if the My_CERT certificate already exists, but you create a protocol using a certificate called My_CERT (but having different content from the existing one), Central Governance uses the existing certificate.

Update a protocol

When you update a protocol, you can also:

  • Disable the protocol
  • Change the key used by the protocol (keyAlias and securityProfile)
Note You must set TYPE=<PROTOCOL>, where <PROTOCOL> can be SFTP or PeSIT.
PUT /api/v2/cft/configuration/{businessId}/protocols/{name}

If you are updating an SSL PeSIT protocol with a new certificate but the new certificate has the same name as an existing certificate, Central Governance disregards the new certificate content and uses the existing certificate instead.

Delete a protocol

DELETE /api/v2/cft/configuration/{businessId}/protocols/{name}

Retrieve Transfer CFT protocol information

You can retrieve information about a specific Transfer CFT's configured protocols as follows:

GET /api/v2/cft/configuration/{businessId}/protocols

You can use options, such as deployed in the following example, to filter the retrieved protocols:

GET /api/v2/cft/configuration/{businessId}/protocols?deployed=true

Additionally, you can retrieve information about a protocol using its name:

GET /api/v2/cft/configuration/{businessId}/protocols/{name}

 

Central Governance | Document Directory

Related Links