Request Vault Access

curl --request POST \
  --url https://api.bkey.id/v1/vault/access \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "itemName": "<string>",
  "fieldPath": "<string>",
  "purpose": "<string>",
  "ephemeralPublicKey": "<string>",
  "expiresInSecs": 120
}
'

{
  "id": "<string>",
  "status": "<string>",
  "challengeHex": "<string>",
  "ephemeralPublicKey": "<string>",
  "expiresAt": "2023-11-07T05:31:56Z",
  "createdAt": "2023-11-07T05:31:56Z"
}

POST

vault

access

Request Vault Access

curl --request POST \
  --url https://api.bkey.id/v1/vault/access \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "itemName": "<string>",
  "fieldPath": "<string>",
  "purpose": "<string>",
  "ephemeralPublicKey": "<string>",
  "expiresInSecs": 120
}
'

{
  "id": "<string>",
  "status": "<string>",
  "challengeHex": "<string>",
  "ephemeralPublicKey": "<string>",
  "expiresAt": "2023-11-07T05:31:56Z",
  "createdAt": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization

string

header

required

EdDSA-signed JWT obtained via OAuth 2.1 client_credentials or CIBA

Body

application/json

itemName

string

required

Required string length: 1 - 128

fieldPath

string

required

Required string length: 1 - 64

purpose

string

required

Required string length: 1 - 512

ephemeralPublicKey

string

required

Required string length: 1 - 256

expiresInSecs

integer

default:120

Required range: 30 <= x <= 600

Response

Default Response

string

required

Access request ID — use this to poll status

status

string

required

Initial status — typically "pending"

challengeHex

string

required

Challenge the mobile device signs on approval

ephemeralPublicKey

string

required

expiresAt

string<date-time>

required

createdAt

string<date-time>

required

List Vault Keys Get Vault Access Status