API Reference

/create-auth-method-cert

post
https://api.akeyless.io/create-auth-method-cert
Body Params
int64
Defaults to 0

Access expiration date in Unix timestamp (select 0 for access without expiry date)

allowed-client-type
array of strings

limit the auth method usage for specific client types [cli,ui,gateway-admin,sdk,mobile,extension]

allowed-client-type
string

Comma separated list of allowed CORS domains to be validated as part of the authentication flow.

audit-logs-claims
array of strings

Subclaims to include in audit logs, e.g "--audit-logs-claims email --audit-logs-claims username"

audit-logs-claims
bound-common-names
array of strings

A list of names. At least one must exist in the Common Name. Supports globbing.

bound-common-names
bound-dns-sans
array of strings

A list of DNS names. At least one must exist in the SANs. Supports globbing.

bound-dns-sans
bound-email-sans
array of strings

A list of Email Addresses. At least one must exist in the SANs. Supports globbing.

bound-email-sans
bound-extensions
array of strings

A list of extensions formatted as "oid:value". Expects the extension value to be some type of ASN1 encoded string. All values much match. Supports globbing on "value".

bound-extensions
bound-ips
array of strings

A CIDR whitelist with the IPs that the access is restricted to

bound-ips
bound-organizational-units
array of strings

A list of Organizational Units names. At least one must exist in the OU field.

bound-organizational-units
bound-uri-sans
array of strings

A list of URIs. At least one must exist in the SANs. Supports globbing.

bound-uri-sans
string

The certificate data in base64, if no file was provided

string

Protection from accidental deletion of this object [true/false]

string

Auth Method description

expiration-event-in
array of strings

How many days before the expiration of the auth method would you like to be notified.

expiration-event-in
boolean

if true: enforce role-association must include sub claims

gw-bound-ips
array of strings

A CIDR whitelist with the GW IPs that the access is restricted to

gw-bound-ips
boolean
Defaults to false

Set output format to JSON

int64
Defaults to 0

Jwt TTL

string
required

Auth Method name

product-type
array of strings

Choose the relevant product type for the auth method [sm, sra, pm, dp, ca]

product-type
boolean

Require certificate CRL distribution points (CDP) and enforce CRL validation during authentication.

revoked-cert-ids
array of strings

A list of revoked cert ids

revoked-cert-ids
string

Authentication token (see /auth and /configure)

string

The universal identity token, Required only for universal_identity authentication

string
required

A unique identifier (ID) value should be configured, such as common_name or organizational_unit Whenever a user logs in with a token, these authentication types issue a "sub claim" that contains details uniquely identifying that user. This sub claim includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization.

Responses

Updated 7 months ago

Language
Response 
Click Try It! to start a request and see the response here! Or choose an example:
application/json
Updated 7 months ago 



    
    
    Footer Section