P2PE Manager APIs

Integrate software services with the P2PE Manager Application using the APIs

The P2PE Manager APIs are designed to be used by both Decryptx partners and Key Injection Facilities (KIFs). User role permissions vary depending on the role. Client-level user roles do not have access to the P2PE Manager APIs.

Partner User Access

The following table outlines the REST operations that a partner can access. These APIs are designed to allow partners to integrate functionality for their clients on their own services; therefore, partners have increased access to P2PE resources on the Management APIs when compared to the GUI. For example, a partner cannot alter a device's state on the P2PE Manager GUI, whereas they can with the Management APIs.

EndPointGET (all)POSTGET (Single)PATCHDELETE
/api/v1/users✔*
/api/v1/partners
/api/v1/clients
/api/v1/decryption
/api/v1/devices✔*
/api/v1/deviceBuilds
/api/v1/deviceTypes
/api/v1/deviceStates
/api/v1/devices/{serial}/{type}/custody
/api/v1/locations✔*
/api/v1/shipments
/api/v1/attestations
/api/v1/transactions
/api/v1/kifs
/api/v1/injectkeys
/api/v1/virtualDevices/{partner}

*If a resource has been used one or more times, it cannot be deleted.

KIF User Access

The following table outlines the subset of Management APIs that a user with a KIF role can access. Some resources will only appear if they are in a particular state. For example, a device will appear in the GET all endpoint if its deviceState is set to Unassigned, Assigned, or Injected. Once it is received by the merchant and set to stored or activating, it will no longer appear on the GET all devices response for the originating KIF.

EndpointGET (all)POSTGET (Single)PATCHDELETE
/api/v1/users✔*
/api/v1/partners
/api/v1/clients
/api/v1/decryption
/api/v1/devices
/api/v1/deviceBuilds
/api/v1/deviceTypes
/api/v1/deviceStates
/api/v1/devices/{serial}/{type}/custody
/api/v1/locations✔*
/api/v1/shipments
/api/v1/attestations
/api/v1/transactions
/api/v1/kifs
/api/v1/injectkeys
/api/v1/virtualDevices/{partner}

*If a resource has been used one or more times, it cannot be deleted.

Authentication

Our Management APIs support basic, HMAC and RSA authentication. For testing purposes you can use basic or RSA encryption for authentication; however, our production environment requires the use of HMAC.

Authentication

Resource Mutability

With the Management APIs, as with the P2PE Manager, once a resource has been utilized it cannot be deleted. Only three resource types can be deleted: users, devices and locations. However, if a user has logged into the system even once, or a location/device has been used, they cannot be deleted. As an alternative to deletion, each of these resources can be set to inactive.

Transactions Endpoints

The transaction endpoints are included in the Management APIs for partners that have their own (Domain 5) P2PE compliant decryption environment and who wish to use the P2PE Manager to manage their partners, merchants and devices. Our transaction endpoints allow them to journal their decryption activity into the P2PE Manager, allowing the partner to utilize the P2PE Manager for their device management and chain of custody. The partner's client can then benefit from the device management, chain of custody, and historical decryption activity even when decryptions occur outside of the Decryptx system.


What’s Next

To begin your implementation, start with our Authentication guide. If you have already covered that, continue on to our other guides.