luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
open-vault/website/source/api/system/wrapping-unwrap.html.md

70 lines
1.9 KiB
Markdown
Raw Normal View History

Redo docs for system backend This commit updates the API documentation for the system backend to break things apart on a per-page basis and provide specific examples. This pattern will give more flexibility for future documentation as well.
2017-03-15 06:40:33 +00:00
---
/docs/http -> /api
2017-03-17 18:06:03 +00:00
layout: "api"
Redo docs for system backend This commit updates the API documentation for the system backend to break things apart on a per-page basis and provide specific examples. This pattern will give more flexibility for future documentation as well.
2017-03-15 06:40:33 +00:00
page_title: "/sys/wrapping/unwrap - HTTP API"
sidebar_current: "docs-http-system-wrapping-unwrap"
description: |-
The `/sys/wrapping/unwrap` endpoint unwraps a wrapped response.
---
# `/sys/wrapping/unwrap`
The `/sys/wrapping/unwrap` endpoint unwraps a wrapped response.
## Wrapping Unwrap
This endpoint returns the original response inside the given wrapping token.
Unlike simply reading `cubbyhole/response` (which is deprecated), this endpoint
provides additional validation checks on the token, returns the original value
on the wire rather than a JSON string representation of it, and ensures that the
response is properly audit-logged.
This endpoint can be used by using a wrapping token as the client token in the
API call, in which case the `token` parameter is not required; or, a different
token with permissions to access this endpoint can make the call and pass in the
wrapping token in the `token` parameter. Do _not_ use the wrapping token in both
locations; this will cause the wrapping token to be revoked but the value to be
unable to be looked up, as it will basically be a double-use of the token!
| Method | Path | Produces |
| :------- | :--------------------------- | :--------------------- |
| `POST` | `/sys/wrapping/unwrap` | `200 application/json` |
### Parameters
- `token` `(string: "")`  Specifies the wrapping token ID. This is required if
the client token is not the wrapping token. Do not use the wrapping token in
both locations.
### Sample Payload
```json
{
"token": "abcd1234..."
}
```
### Sample Request
```
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
https://vault.rocks/v1/sys/wrapping/unwrap
```
### Sample Response
```json
{
"request_id": "8e33c808-f86c-cff8-f30a-fbb3ac22c4a8",
"lease_id": "",
"lease_duration": 2592000,
"renewable": false,
"data": {
"zip": "zap"
},
"warnings": null
}
```