Privicore
  1. Profile
Privicore
  • Privicore API
  • Utility
    • Utility
    • Check server health
      GET
    • Request command id status
      GET
  • Profile
    • Profile Model and Authentication Workflow
    • Register new profile
      POST
    • Authenticate
      POST
    • Retrieve profile id
      GET
    • Change password
      POST
    • Generate qr token for authorization
      POST
    • Reauthorize authorization token
      POST
    • Revoke authorization token
      POST
    • Retrieve token expiry
      POST
  • OAuth Application
    • OAuth Application Management
    • Register OAuth Application
      POST
    • Retrieve OAuth app configuration
      POST
    • Request OAuth app authorization code
      GET
    • Retrieve OAuth app authorization code
      POST
    • Obtain OAuth app access token
      POST
    • OAuth application list
      GET
    • Retrieve OAuth application scope
      GET
    • Refresh OAuth app access token
      POST
  • Public key
    • Public and Private Key Management
    • Generate your private and public keys
      GET
    • Register public key
      POST
    • Retrieve public key
      GET
    • Retrieve CAB public key
      GET
  • Data Token
    • Data Token Management
    • Reserve token space
    • Retrieve temporary data token
    • Exchange data for token
    • Upstream file via stream auth
    • Request data via token
    • Download data
    • Configure information security risk meta
    • Configure file meta
    • List data tokens
    • Update data token
    • Delete data
    • Get data token transaction count statistics.
  • Device
    • Request unique identifier (i.e. Register new device)
    • Retrieve unique identifier
    • Retrieve profile devices
    • Configure device meta
    • Approve device
    • Reject device
    • Retrieve device configuration
    • Remove device
  • Storage
    • Register storage device
    • List storage devices
    • Synchronize device
    • Remove storage
  • Verified authenticator
    • Register authenticator
    • List verified authenticators
    • Retrieve voting strategy
    • Set quorum size
    • Set quorum strategy
    • Set voting time limit
    • Set maximum voting attempts
    • Remove authenticator
    • Register voting configuration
    • Update voting configuration
    • List voting configurations
    • Retrieve voting configuration
  • Policy
    • List policy templates
    • Register policy
    • List active policies
    • List inactive policies
    • Activate policy
    • Deactivate policy
    • Delete policy
    • List registered policies
    • Retrieve registered policy
  • Directory
    • Register Directory
    • Retrieve owned Directories
    • Retrieve assigned directories
    • Retrieve Directory
    • Create Directory User
    • Update user information
    • Invite Profile
    • Set profile password
    • List Directory Invites
    • Process Invitation
    • Retrieve directory profile
    • List directory users
    • Directory profiles info
    • Create profile device
    • Add storage device to profile
    • List directory devices
    • Create directory voting pool
    • Store directory meta information
  • Voting
    • Create voting
    • Check pool status
  • Schemas
    • Response
      • CommandAccepted
      • Unauthorized
      • ValidationErrors
    • Schemas
    • profileId
    • deviceIdentifier
    • directoryId
    • directoryName
    • directoryShortName
    • givenName
    • familyName
    • createdAt
    • meta
  1. Profile

Profile Model and Authentication Workflow

Introduction#

A Profile represents an external actor that interacts with the system via authenticated API calls. Each profile encapsulates the following core attributes:
username: Unique identifier used for authentication
password: Secret credential associated with the username
publicKey: A registered cryptographic public key used for verifying request signatures and securing communication

Profile Types#

The system supports two types of profiles:
User: A profile that uses the system for uploading/downloading data, registering devices, and managing their account
Device: A storage device or authenticator that is registered under a user profile

Profile Activation Requirements#

For a profile to become active and fully functional within the system, its associated public key must be successfully registered. Without a registered public key, the profile remains incomplete and cannot initiate system-level operations.
Public key registration is a mandatory step in the provisioning process. Until this is completed, the profile cannot participate in any authenticated workflow.

Authentication and Authorization#

Token-Based Authentication#

Before a profile can interact with protected system resources, it must obtain a valid authorization token through the authentication endpoint using its credentials (username and password).

Using Authorization Tokens#

Once obtained, the authorization token must be included in all subsequent requests:
For API requests: Include as an X-DPT-AUTHORIZATION header
For messages: Include as a token field

Token Lifecycle Management#

Authorization tokens have a limited lifespan for security purposes. The Profile Management API provides several endpoints to manage token lifecycle:
Reauthorize: Extend token validity by specifying a new time-to-live (TTL)
Revoke: Invalidate a token immediately (useful for logout or security incidents)
Check Expiry: Query when your current token will expire to plan reauthorization

Profile Activation Requirements#

For a profile to become an active and fully functional identity within the system, its associated publicKey must be successfully registered. The absence of a registered key renders the profile incomplete and unable to initiate system-level operations.
Note: Public key registration is a mandatory step in the provisioning process. Until this is completed, the profile cannot participate in any authenticated workflow.

Profile Management Features#

The Profile Management API provides the following capabilities:

Security Operations#

Change Password: Update your password with entropy validation to ensure strong credentials
Token Management: Control token lifecycle through reauthorization, revocation, and expiry checking

Identity and Integration#

Retrieve Profile ID: Obtain your unique identifier for third-party integrations
Generate QR Token: Create scannable tokens for easy device registration and onboarding

Workflow Summary#

1.
Provision: Create a profile with username, password, and public key
2.
Register: Complete public key registration to activate the profile
3.
Authenticate: Obtain an authorization token using credentials
4.
Operate: Use the token to access protected resources and manage your profile
5.
Maintain: Monitor token expiry and reauthorize or revoke as needed
Modified at 2025-12-02 16:35:57
Previous
Request command id status
Next
Register new profile
Built with