Skip to main content

Admin API

Contact your PKWARE Professional Services representative if you did not receive these sample script files, or if you need assistance with using the PKWARE Smartcrypt Admin API. To access the full api documentation, enter the following as a URL in your browser. <insert SEM URL>/mds/api-docs/index.html


Managing Admins

This Advanced screen displays a list of all administrators (Admins) with rights on this Smartcrypt Enterprise Manager (SEM) site.

From this screen, you can:

  • Add Admins
  • Change Admin Settings
  • Enable API or RevokeAPI
  • Delete Admins

Admin Roles

When you add an admin, you must assign a role. Each role designates a set of permissions to complete tasks on SEM.

RoleDescription

Read-Only

Can access Smartcrypt Manager, including the Reporting and Event Logs. Cannot change settings or policy.
Sys AdminCan change settings in the Basics and Advanced pages, with approval from another Sys Admin. Can create a policy and set the "scope" - the users and groups who will be ruled by that policy.
Security AdminCan change the parameters in the policy except the scope. Cannot create new policies. If a security admin is assigned to a policy, then the Sys Admin cannot change that policy.
Super Sys AdminCan change any setting, create and chance any  policy. Can approve own actions.

Admin API

For more information on this API: Admin API

ItemDescription
EnableAPIWhen clicked, an API key is generated and displayed once.
RevokeAPIUsed to revoke the current in use API Key for an admin.

Admin MFA

You can set up a separate Multi-Factor Authentication account for Admins. 

Admin MFA Setup

When you are logged in with your Admin account, click MFA in the upper right corner. You'll see the MFA Setup Options page.

Smartcrypt menu for MFA

Click Setup MFA. You’ll be asked to open your mobile device and scan a QR code to send to your Authenticator.  You can also type the secret code directly into the Authenticator. Enter the code generated by the Authenticator into the MFA Code box. You should then name the device that you are Pairing with. Save to confirm the TOTP setup.

Linking Admin Account to User Account

After setting up your Admin account, you may link the Admin MFA credential to a user account. Return to the MFA Setup Options page and click Link to an End User Account. Enter the username and password for the account you want to link to, and you’ll be asked to generate another Authenticator code. Click Login.

Unlinking a User Account: If you don’t want your user account connected to the Admin account, Go to Advanced > Admins and Edit the local user to unlink. Check Unlink MFA and click Save. This action must be approved by another admin.

Linking to a Common Admin Account

Instead of each admin linking MFA to their own user account, your admin team can choose to create an Admin account called Auth, for example, and then have each admin link to the Auth user, using the same process described in the previous section.

Adding Admins

Smartcrypt Enterprise Manager needs at least one Sys Admin to manage accounts. The first system administrator account created during the installation (described in the Installation and Setup Guide) holds the role of Super Sys Admin. We recommend creating a new, less powerful Sys Admin for day-to-day tasks. From the Advanced tab, go to Admins.

Admins can be created from:

  • Domain Users: Individual Active Directory users with accounts connected to Smartcrypt.
  • Domain Groups: You can assign an entire Active Directory Group as Admins.
  • Local Users: If you want an admin that can access SEM without an Active Directory account, you can assign a username or email address with a password.

Changing an Admin's Settings

To change an existing Admin's password or role:

  1. Go to Advanced > Admins. The Admins page appears with the current list of Admins.
  2. Click Edit for the Admin's settings.
  3. You can replace a Domain User's email address, or the Domain Group attached to this Role. Delete the existing email address or group name. Add the new address/group.
    You can also use the drop-down menu to change the Role of this Admin.
  4. Click Save.

Deleting an Admin

To delete an Admin from the database:

  1. Go to Advanced > Admins. The Admins page appears with the list of Admins.
  2. Click Delete for the Admin you want to remove.
  3. Click Confirm - Delete.

Unless you hold the Super Sys Admin role, another admin must confirm the deletion.










Using the Admin API

To begin using API calls within your application, you must first connect and establish a session. This will use your Admin API key that was issued when EnableAPI was selected for your SEM admin ID. The steps to establish this session are shown below using PowerShell.

CODE 
$mySmartcryptHost = "pkware.smartcrypt.com"
$myAdminAPItoken  = "DFRmZPCdGDqg3wgOcJ7FUA"
$ConnectURL       = "https://"+$mySmartcryptHost+"/mds/su/api/v1.0/Login"
$setToken = @{
           token = $myAdminAPItoken
       }
Write-Host " "
Write-Host "GETTING ADMIN API CONNECT TOKEN-$ConnectURL"
$RESP = Invoke-RestMethod -Uri $ConnectURL -Method Post -Body $setToken
Write-Host "Token=$RESP"


The value returned from this call will be the authorization string that must be included within the header of each subsequent call you make. The value returned will be similar to what appears below:

CODE 
Token=eyJleHBpcmF0aW9uIjoiMjAxOS0xMi0wNVQxOTowODoyMloiLCJub25jZSI6Ikp4Q2hLc0pFR2hkX29tdVptM XZsRVcyTmghNXh3TURKd3ZRX1lSY0UhQlUiLCJzaWduYXR1cmUiOiIxNDk2NzpydDgzdjI0ZFRZRnRHL1dvVTdrRUw2 VmlOQkFjdER0bGJnS2V5ekhRN2FFPSIsInVzZXJJZCI6Nzd9




You can insert your authorization string into your request header as shown.

CODE 
$setAuthToken = @{
Authorization = "MDS $RESP"
}



Make sure you include the string prefix “MDS “ in front of the value of your authorization string. You can then make calls using other Admin API functions. For example, the lines below will request all Communities.

CODE 
$CommunityURL = "https://"+$mySmartcryptHost+"/mds/su/api/v1.0/Archive/Community" Write-Host "GETTING ALL COMMUNITIES " Invoke-RestMethod -Uri $CommunityURL -Method Get -Header $setAuthToken




Additional Samples Using the Admin API

Contact your PKWARE Professional Services representative if you did not receive these sample script files, or if you need assistance with using the PKWARE Smartcrypt Admin API. Most often, the best way for a developer to learn a new API is through working samples. PKWARE provides several sample scripts showing commonly used operations with Communities and Assignments. These samples include using methods to list (GET), create (POST), update (PUT) and delete (DELETE) both community and assignment records. These samples are currently only available for PowerShell. The samples that accompany this guide include these files:

assignments.ps1 – Examples using communities with assignments. Includes GET, POST, PUT, and DELETE operations.

community.ps1 - Examples using communities. Includes GET, POST, PUT, and DELETE operations. Before running these scripts, you will need to edit several variables that require values from your

Smartcrypt Enterprise Manager. Set the following using values from your SEM configuration:

CODE 
$mySmartcryptHost = "SET THIS TO MATCH YOUR SEM"
$myAdminAPItoken = "SET THIS TO MATCH TOUR SEM"
$myUser1 = "user1@smartcrypt.com"
$myUser2 = "user2@smartcrypt.com"
$myUser3 = "user3@smartcrypt.com"






JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close