OSG PKI CLI accesses OIM Rest API in order to fulfill various user requests. Currently, OSG PKI CLI is the only intended client for OIM Rest API.
OIM Rest API can be accessed via HTTP/POST method and receives input parameters in standard HTTP key/value parameters. OIM Rest API then reply in application/json content type.
All API will return "detail", and "status" attributes at minumum. "detail" contains human readable status information, and "status" attribute could be set to one of following values.
- OK: Request was fulfilled successfully.
- FAILED: Request could not be fulfilled successfully due to various reasons such as in correct parameters, access issue, or missing certificate, etc..
- PENDING: Request could not be fulfilled at this time due to pending processes such as certificate currently being signed by the signer.
Some API can be accessed via both http or https, however depending on API different sets of input parameters maybe used. When access via https, OIM user certificate needs to be provided in order to be authenticated / authorized by OIM. Some API, such as host_cert_approve can only be accessed via https with valid OIM user certificate for a registered GridAdmin.
Following code block shows example of how to access OIM API (host_certs_retrieve)
OSG PKI CLI will access various OIM Rest API in sequence in order to accomplish its tasks. For example, following is the sequence of API call in order to request & retrieve host certificate by GridAdmin
- host_certs_request (http/https)
- host_certs_approve (https)
- host_certs_issue (http)
- host_certs_retrieve (http *repeat until all certificates are issued)
Please see sub-pages for details on specific API.