GetObject object types

The application info object that can be used as first call against the system. This object type is non-encrypted.

The name of the application (e.g. Pointsharp Net iD Portal).

The current version of the application (e.g. 6.0.0.10).

The copyright information of the application.

The date time when the application latest was updated. The date time is ISO 8601 encoded.

Seconds of cache against the GUI that should be used as local idle time before automatically log out of current user.

A generic message against the users before login. This can be configured by officers or administrators if needed.

A list of certificate authority key ids that are allowed to be used for login into the system.

A subordinated object for security information used for the login procedure.

Indication if security mode should be used and will always be set to true as boolean.

The algorithm used for encryption (e.g. AES).

The length of the encryption algorithm (e.g. 256).

The algorithm used for compression (e.g. GZ).

The algorithm used for signature (e.g. SHA256-HMAC).

The audit log object. This object will contain information of events of the system, for example logins, logouts and tasks that will be executed into the system.

The unique id of the audit log.

The date time when the audit log was created in the system. The date time is ISO 8601 encoded.

The version flag of the audit log for backward compability.

The id of the entity of the audit log.

The type of the entity of the audit log (e.g. User, Token, Certificate etc.).

The id of the event of the audit log. This can be either static events (e.g. 500000) or a type id if the event is a task.

The name of the event of the audit log. This can be either static events (e.g. Login) or a type name if the event is a task.

The information of the device used when login into the system, if available.

The level of the event. Available types are: Completed (the operation is done), Warning (the operation is done with warnings), Failed (the operation has failed, usually for tasks), Cancelled (a task has been cancelled), Released (a task has been released), TimedOut (a task has been timed out (expired)), Initialized (task has been initialized (created)), Executed (a task has been executed), ExecutedFunction (a function of a task has been executed) and Rejected (an officer has rejected a task).

The name of the organization of the audit log.

The name of the office of the audit log, if available.

The name of the requestor that called the event which is the current user of the event. If the event is a task, the requestor is the user that created the task from the beginning.

The unique name of the requestor above.

The serial number of the requestor above.

The name of the processor that the called the event which is the current user of the event.

The unique name of the processor above.

The serial number of the processor above.

The name of the user entity, if available. The user entity is usally used for tasks when an officer (the processor) creates event for another user.

The unique name of the user entity above.

The serial number of the user entity above.

The serial number of the token entity, if available.

The name of the token template for the token entity above, if available.

The serial number of the certificate entity, if available.

The additional information of the audit log, if available. This can be different type of information depending on the event.

The additional task type, if available, if the event is a task with a specified type.

The description of the entity, if available, if the event is a task (e.g. the name for a user, the serial number for a token, the name for an end entity etc.).

The serialized task, if available, if the event is a task. The task will be viewed in the current state depending on the status of the task.

The certificate object. This object will contain information of a certificate.

The unique id of the certificate.

The name (common name of the subject extension) of the certificate.

The reference information of the owner object of the certificate.

The information of the native certificate authority.

The template information of the certificate.

The subject content of the certificate.

The subject alternative name content of the certificate.

The issuer of the certificate.

The serial number of the certificate.

The thumbprint of the certificate.

The key usage names of the certificate.

The extra customized information of the certificate, if available.

The validity when the certificate was issued. The date time is ISO 8601 encoded.

The validity when the certificate will be expired. The date time is ISO 8601 encoded.

The status of the certificate. Available types are: Unknown, Valid, Expired, Revoked and NotApproved

The status reason of the certificate. Available types are, NotRevoked, Unspecified, KeyCompromise, CACompromise, AffiliationChanged, Superseded, CessationOfOperation, CertificateHold, PrivilegeWithdrawn and AaCompromise.

The date and time when the certificate was revoked.

The name of the user that processed the revocation of the certificate. If no user has processed the revocation, the user will be marked as SYSTEM.

The type of enrollment. Available types are: Undefined, FromRequest, FromTemplate and FromInput.

The reference type of the certificate. Available types are: Undefined, External, ManufacturerDatabase, User and EndEntity.

The current level of notification of the certificate.

The certificate as base64-encoded PEM string.

The additional information of the certificate, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The optional list of activities that the client can use for further actions.

The certificate authority object. This object will contain information of a certificate authority against the native CA-service.

The unique id of the certificate authority.

The organization id of the certificate authority,if available.

The type of enrollment structure for the certificate authority. Available types are: AgentSigner, Modifier and Stamp.

The name of the certificate authority.

The description of the certificate authority, if available.

The server URL against the CA-service.

The thumbprint of the authentication certificate of the CA-service, if available.

The thumbprint of the signature certificate of the CA-service, if available.

The CRL list of the certificate authority.

The OCSP list of the certificate authority.

The authority key id of the certificate authority.

The certificate of the certificate authority as a base64 string.

The credential domain name of the certificate authority, if available.

The credential user name of the certificate authority, if available.

The credential password of the certificate authority, if available.

The indication if the certificate authority is enabled.

The indication if the certificate authority should be used for login into the system.

The optional list of activities that the client can use for further actions.

The additional information of the certificate, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The certificate template object. This object will contain information of a certificate template.

The unique id of the certificate template.

The organization id of the certificate template.

The information of the native certificate authority (name and id).

The type of the certificate template. Available types: External, ManufacturerDatabase, User and EndEntity.

The name of the certificate template.

The description of the certificate template.

The name of the template of the native certificate authority.

The name of the profile of the native certificate authority.

The name of the end entity of the native certificate authority.

The key of validity of the certificate template.

The value of the validity of the certificate template.

The indication if the template should use recover.

The indication if the template should be visible.

The optional list of activities that the client can use for further actions.

The additional information of the certificate template, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The citizen service object. This object will contain information of a citizen service.

The unique id of the citizen service.

The organization id of the citizen service.

The type of the citizen service. Available types: SwedishTaxAgencyNavet and SwedishTaxAgencySPAR.

The name of the citizen service.

The URL of the server of the citizen service.

The thumbprint (hash/digest) of the authentication certificate of the citizen service.

The customer id of the citizen service.

The order id of the citizen service.

The additional information of the citizen service, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The optional list of activities that the client can use for further actions.

The contactless service object. This object will contain information of a contactless service used for external purposes like follow-me-print solutions.

The unique id of the contactless service.

The organization id of the contactless service.

The type of the contactless service. Available types are: PaperCut

The server URL of the contactless service.

The server port of the contactless service.

The hash of the authentication of the contactless service if required.

The credential username of the contactless service if required.

The credential username of the contactless service if required.

The optional list of activities that the client can use for further actions.

The additional information of the citizen service, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The diagnostic log object. This object will contain information of all call events against the service.

The unique id of the diagnostic log.

The date time when the diagnostic log was created in the system. The date time is ISO 8601 encoded.

The name of the application component of the call (e.g. Portal).

The name of the service of the application component of the call (e.g. Application or OrderReceiver).

The call method type of the call (e.g. GetObject, GetData, CreateTask etc.).

The subordinated type of the call (e.g. User, Token, EndEntity etc.).

The type of argument of the call (e.g. Id > GetObject<User, Id>).

The value of the argument of the call (e.g. 123 > GetObject<User, Id, 123>).

The id of the requestor of the call which is the current user. However, some call can be made without requirement of login (e.g. GetObject<ApplicationInfo>), these calls are anonymous.

The name of the requestor.

The unique name of the requestor.

The serial number of the requestor, if available.

The organization name of the requestor.

The id of the entity, if available (e.g. GetObject<User>).

The name of the entity, if available (e.g. name of user or end entity).

The serial number of the entity, if available (e.g. user, end entity, token etc.).

The organization name of the entity, if available.

The additional information of the diagnostic log (e.g. some arguments for some calls).

The directory service object. This object will contain information of a directory service.

The unique id of the directory service.

The organization id of the directory service, if available.

The type of the directory service. Available types are: MSAD, MSADLDS and MSEntraID.

The URL of the server of the directory service.

The authentication type of the directory service.

The credential domain name of the directory service.

The credential user name of the directory service.

The credential password of the directory service.

The thumbprint (hash/digest) of the authentication certificate. Used for authentication against MSEntraId.

The id of the client of the directory service that will be used against the client of the MSEntraId.

The additional information of the office, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive

The optional list of activities that the client can use for further actions.

The end entity object. This object can be used for other kinds of certificate holder that is not a specified token and is not owned by a user (e.g. computers and other services).

The unique id of the end entity.

The name of the end entity.

The type of the end entity. Available types are: Undefined (no specification), Computer (end entity is specified as a computer/server) and Service (end entity is specified as a service).

The additional type of the end entity if available.

The name of the organization of the end entity.

The optional organization value of the the end entity if available.

The organization number of the end entity if available.

The locality of the organization of the end entity if available.

The country of the organization of the end entity if available.

The name of the office of the end entity if available.

The serial number of the end entity if available.

The email address of the end entity if available.

The phone / mobile number of the end entity if available.

The date time when the end entity was created in the system. If the time is specified as 00:00:00, only the date will be presented. The date time is ISO 8601 encoded.

The date time when the end entity expires if available. The date time is until the entire last day. The date time is ISO 8601 encoded.

The name of the responsible person of the end entity if available.

The email address of the responsible person of the end entity if available.

The phone / mobile number of the responsible person of the end entity if available.

The date time when the the end entity latest was synchronized against external origin service if available.

The extra customized information of the end entity if exists. This value has no logical function in the system.

The current status of the end entity. Available types are: Unused (the end entity is registered in the system but is not set to active), Active (the end entity is active), Inactive (the end entity is inactive), Expired (the end entity has been expired) and Revoked (the end entity has been blocked).

The additional status of the end entity if available.

The additional information of the end entity if available.

The optional list of activities that the client can use for further actions.

The office object. This object will contain information of an office.

The unique id of the office.

The organization id of the office, if available.

The name of the office.

The name of the organization of the office, if available.

The street address of the office.

The postal address of the office. This should be used when sending post to the office (e.g. receiver of token orders).

The postal code of the office.

The postal city of the office.

The postal country of the office.

The email address of the office.

The phone number of the office.

The contact person of the office.

The secondary contact person of the office.

The invoicing postal address of the office. This should be used when sending invoices to the office (e.g. receiver of the invoice of token orders).

The invoicing postal code of the office.

The invoicing postal city of the office.

The invoicing postal country of the office.

The cost center of the office. This should be used when sending invoices to the office (e.g. receiver of the invoice of token orders).

The reference id of the token manufacturer office structure. This should be used when sending post to the office (e.g. receiver of token orders).

The status of the office. Available types are: Active and Inactive.

The additional information of the office, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The optional list of activities that the client can use for further actions.

The organization object. This object will contain information of an organization.

The unique id of the organization.

The id reference of the image of the organization, if available.

The name of the organization.

The number value of the organization.

The domain suffix of the organization (e.g. domain.net).

The email address of the organization.

The locality of the organization.

The state of the organization.

The country of the organization.

The information of graphic style of the organization.

The status of the organization. Available types are Active and Inactive.

The additional information of the organization, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The task configuration structure of the organization, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The optional list of activities that the client can use for further actions.

The organization certificate object. This object will contain information of an organization certificate. The certificate is used as encryption certificate for end- to-end encryption between the client and the server.

The unique id of the organization certificate.

The organization id of the organization certificate, if available.

The public key algorithm of the organization certificate. Available types are: RSA, ECDH_P256, ECDH_P384 and ECDH_P521.

The hash (thumbprint) of the organization certificate.

The organization certificate as base64-encoded string.

The optional list of activities that the client can use for further actions.

The organization style object. This object will contain information of the style or an organization. This can be used when loading the organization list when call, primary for the GUI.

The base64 encoded data of the organization image.

The mime type of the image of the organization.

The structure of the HTML color codes used by the GUI.

The privilege object. This object will contain information of a privilege.

The unique id of the privilege.

The name of the privilege.

The optional list of activities that the client can use for further actions.

The report object. This object will generate a predefined report.

The unique id of the report.

The name of the report.

The description of the report.

The information of headers. The data of the header is pipe-separated.

The mime type of the value to be presented by the client (e.g. text/csv).

The result item.

The optional list of activities that the client can use for further actions.

The generic status object of the call.

The report object. This object will not generate the predefined report like the "Report" type, instead the entire object will be returned for administration purpose (e.g. Edit/Delete).

The unique id of the report.

The name of the report.

The description of the report.

The query of the report that will be used when generate the report.

The optional list of activities that the client can use for further actions.

The role object. This object will contain information of a role.

The unique id of the role.

The organization id of the role.

The name of the role.

The array of privilege names of the role.

The optional list of activities that the client can use for further actions.

The short message service object. This object will contain information of a short message service. This service can be used for sending text message to a mobile phone of a user.

The unique id of the short message service.

The organization id of the short message service, if available.

The name of the short message service.

The URL to the short message service.

The additional information of the short message service, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The optional list of activities that the client can use for further actions.

The SMTP service object. This object will contain information of a SMTP service. This service can be used for sending email message to a user.

The unique id of the SMTP service.

The organization id of the SMTP service, if available.

The name of the SMTP service.

The server URL of the SMTP service.

The server port of the SMTP service.

The condition of requirement using SSL.

The subject name of the SMTP service. This value will be viewed as subject by the email receiver.

The sender name of the SMTP service. This value will be viewed as name by the email receiver.

The sender address of the SMTP service. This value will be viewed as email address by the receiver.

The additional information of the SMTP service, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The optional list of activities that the client can use for further actions.

The system configuration object. This object will contain information of the system configuration that is not dedicated explicit to an organization. No identifier is needed in the request because the system configuration is global in the system.

The unique id of the system configuration item.

The additional information of the system configuration document. Note that the document is an XML-document but type is defined as a string. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The optional list of activities that the client can use for further actions.

The system message object. This object will contain information of a system message that will be presented by the client either for the current organization or into the entire system

The unique id if the object.

The name of the system message.

The text value to be presented by the client.

The indication if the system message is enabled or not.

The optional list of activities that the client can use for further actions.

The task counter object. This object will contain information of active task counter per usage. This can be used by the client to present current counter of tasks for the logged in user.

Number of active tasks.

Number of active user tasks.

The optional list of activities that the client can use for further actions.

Number of active token tasks.

The optional list of activities that the client can use for further actions.

Number of active end entity tasks.

The optional list of activities that the client can use for further actions.

Number of active certificate tasks.

The optional list of activities that the client can use for further actions.

Number of active administration tasks.

The optional list of activities that the client can use for further actions.

The task info object. This object will contain information of a that can be used as status purpose. The read only information of the task is configured dynamically (see System configuration chapter for more information).

The name of the type (e.g. Requestor).

The value of the type (e.g. John Doe).

The text object. This object will contain information of a text structure. When receiving this text object the id should be the language code for the request (e.g. sv-SE, en-US, de-DE etc.).

The unique id of the text document.

The additional information of the text document which is the text document itself. Note that the document is an XML-document but type is defined as a string. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The optional list of activities that the client can use for further actions.

The text agreement object. This object will contain different kind of agreements that a user has approved and need to be saved by the system.

The unique id if the object.

The type of the agreement.

The text agreement approved by a user.

The token object. This object is primarly a hardware token as a certificate carrier, but can also be a soft- or file token.

The unique id of the token.

The name of the token (the name of the token profile as default).

The name of the template of the token if exists.

The name of the profile of the token.

The name of the organization of the token.

The serial number of the token.

The sequence number of the token if exists.

The secondary sequence number of the token if exists.

The value of the contactless data of the token if exists.

The extra customized information of the token if exists. This value has no logical function in the system.

The date time when the token was created in the system. If the time is specified as 00:00:00, only the date will be presented. The date time is ISO 8601 encoded.

The date time when the token expires if available. The date time is until the entire last day. The date time is ISO 8601 encoded.

The date time when the token was set as a history token depending on the type of the token. The date time is ISO 8601 encoded.

The current status of the token. The types are: Unused (the token is registered in the system but not in use), Active (the token is registered in the system and has a relation to a user and certificate), WaitForExternalObject (activation is in progress), WaitForDistribution (the token is activated but waits for to be distributed to the user, then the status will be set to Active), Revoked (the token has been blocked and can be reactivated), Retired (the token has been blocked and can not be reactivated again) and Expired (the token has been expired).

The additional status information if available.

The optional list of activities that the client can use for further actions.

The token manufacturer object. This object will contain information of a token manufacturer that will be used as receiver when sending orders of e.g. new tokens.

The unique id of the token manufacturer.

The name of the token manufacturer.

The type of the token manufacturer service. Available types are: Order (the receiver for orders), Status (the service for status control) and Revoke (the service for revocation of tokens).

The server URL to the service.

The reference value of the customer against the token manufacturer.

The type of authentication against the service. Available types are: Certificate and Password.

The thumbprint of the certificate if the authentication type is set to Certificate.

The thumbprint of the certificate used for signing orders against the token manufacturer.

The optional list of activities that the client can use for further actions.

The additional information of the token manufacturer, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most

The token manufacturer article object. This object will contain information of a token manufacturer article that will be used as product when sending orders of

The unique id of the token manufacturer article.

The name of specification of the article.

The description of the article.

The information of the native token manufacturer (name and id).

The type of article. Available types are: Token (e.g. smart cards), Reader (e.g. smart card readers), Accessories (e.g. lanyards) and Other (non-specified product).

The indication of the article is enabled or not.

The optional list of activities that the client can use for further actions.

The additional information of the article, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The token profile object. This object will contain information of a specified type of token and the behavior of the token.

The unique id of the token profile.

The organization id of the token profile, if available.

The friendly name of the token profile.

The description of the token profile, if available.

The native label used for matching current token against the profile.

The native model used for matching current token against the profile.

The native ATR (Answer To Reset) used for matching current token against the profile.

The type of token. Available types are: SmartCard, KeyToken, VirtualToken, MobileToken, FileToken and NonToken.

The subordinated type of the token. Available types are: Undefined, YubiKey, eToken, SoftToken, TPM, Access and PKCS12.

The optional list of activities that the client can use for further actions.

The additional information of the token profile containing the entire configuration. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape

The token template object. This object will contain information of a specified template used for different kind of token enrollment scenarios.

The unique id of the token template.

The organization id of the token template, if available.

The name id of the token template.

The description id of the token template, if available.

The usage (purpose) of the token template. Available types are: Standard and Limited.

The minimum validity key for an enrollment scenario. Available types are: Years, Months, Weeks, Days, Hours, Minutes, Seconds

The minimum validity value.

The default validity key for an enrollment scenario. Available types are: Years, Months, Weeks, Days, Hours, Minutes, Seconds

The default validity value.

The maximum validity key for an enrollment scenario. Available types are: Years, Months, Weeks, Days, Hours, Minutes, Seconds

The maximum validity value.

The indication if the template should be visible.

The information of the token manufacturer article, if available. This is used for binding specific article and template.

The array of certificate template names of the token template, if available.

The array of bounded token profiles. This reference list is optional and can be used to bind specific token profiles against the token template to make fewer selections in the UI.

The optional list of activities that the client can use for further actions.

The additional information of the token template, if available. Note that this type is defined as a string but can contain XML-data for configuration. When receive XML-data the client receiver need to escape HTML/XML tags. Most common are the "<" and ">" tags that need to be escaped from "<" and ">"

The user object.

The unique id of the user.

The name of the user.

The type of employment of the user. Available types are: PermanentContract, Termination, Consultant, ConsultantTermination and Other.

The date time when the user was created in the system. If the time is specified as 00:00:00, only the date will be presented. The date time is ISO 8601 encoded.

The date time when the user will expire if exists. The date time is until the entire last day. The date time is ISO 8601 encoded.

The id of the image of the user if exists.

The id of the signature image of the user if exists.

The serial number of the user if exists.

The phone / mobile number of the user if exists.

The email address of the user if exists.

The extra customized information of the user if exists. This value has no logical function in the system.

The name of the organization of the user.

The name of the office of the user if exists.

The optional list of special indications for the client presentation. Available types are: 0x0 (None (nothing to handle)), 0x1 (Secrecy (person has secrecy and need to be flagged with this indication in the presentation)) and 0x2 (user is a VIP person and need to be flagged with this in the presentation)).

The optional list of activities that the client can use for further actions.

The user group object. This object will contain information of a specified user group in the system.

The unique id of the user group.

The organization id of the user group, if available.

The name of the user group.

The array of bounded role names of the user group, if available.

The optional list of activities that the client can use for further actions.

The user group restriction object. This object will contain information of a specified user group in the system that has restrictions.

The unique id of the user group.

The organization id of the user group, if available.

The name of the user group.

The array of bounded restricted group names, if available.

The optional list of activities that the client can use for further actions.