Create trust anchor

Available in Classic and VPC

Create a trust anchor.

Note

To create a trust anchor, you must first create a private CA in the Private CA service of NAVER Cloud Platform. See the following for how to create a CA.

Create from NAVER Cloud Platform console: Private CA User Guide
Create using API: Private CA API guide

Request

This section describes the request format. The method and URI are as follows:

Method	URI
POST	/api/v1/trust-anchors

Request headers

For information about the headers common to all Sub Account APIs, see Sub Account request headers.

Request body

You can include the following data in the body of your request:

Field	Type	Required	Description
`name`	String	Required	Trust anchor name 3-30 characters using Korean, English uppercase and lowercase letters, Japanese, and special characters . _ - First letter must be Korean, English uppercase and lowercase letter, or Japanese.
`description`	String	Optional	Trust anchor description (byte) 0-300
`enabled`	Boolean	Optional	Status `true` \| `false` (default) `true`: enabled `false`: disabled
`source`	Object	Required	CA information
`source.sourceType`	String	Required	CA type `NCP_PCA` \| `CERTIFICATE_BUNDLE` `NCP_PCA`: when using NAVER Cloud Platform's Private CA `CERTIFICATE_BUNDLE`: when using a CA created externally by the user
`source.sourceData`	Object	Required	CA target information
`source.sourceData.caId`	Integer	Optional	NAVER Cloud Platform Private CA's ID `sourceType`: If `NCP_PCA`, the caId field must be included.
`source.sourceData.x509CertificateData`	String	Optional	CA certificate data created by the user externally PEM format `sourceType`: If `CERTIFICATE_BUNDLE`, the x509CertificateData field must be included.

Request example

The request example is as follows:

If source.sourceType is NCP_PCA

curl --location --request POST 'https://externalaccess.apigw.ntruss.com/api/v1/trust-anchors' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
    "name": "ta000",
    "description": "test",
    "enabled": false,
    "source": {
        "sourceType": "NCP_PCA",
        "sourceData": {
            "caId": ****
        }
    }
}'

If source.sourceType is CERTIFICATE_BUNDLE

curl --location --request POST 'https://externalaccess.apigw.ntruss.com/api/v1/trust-anchors' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
    "name": "ta000",
    "description": "test",
    "enabled": false,
    "source": {
        "sourceType": "CERTIFICATE_BUNDLE",
        "sourceData": {
            "x509CertificateData": "-----BEGIN CERTIFICATE-----\n{CA}\n-----END CERTIFICATE-----"
        }
    }
}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field	Type	Required	Description
`trustAnchorId`	String	-	Trust anchor ID
`trustAnchorNrn`	String	-	NAVER Cloud Platform resource identification value for trust anchor
`name`	String	-	Trust anchor name
`description`	String	-	Trust anchor description
`enabled`	Boolean	-	Status `true` \| `false` `true`: enabled `false`: disabled
`createTime`	String	-	Creation date and time ISO 8601 format
`updateTime`	String	-	Last modification date and time ISO 8601 format
`source`	Object	-	CA information
`source.sourceType`	String	-	CA type `NCP_PCA` \| `CERTIFICATE_BUNDLE` `NCP_PCA`: when using NAVER Cloud Platform's Private CA `CERTIFICATE_BUNDLE`: when using a CA created externally by the user
`source.sourceData`	Object	-	CA target information
`source.sourceData.caId`	Integer	-	NAVER Cloud Platform Private CA's ID `sourceType`: if `NCP_PCA`
`source.sourceData.x509CertificateData`	String	-	CA certificate data created by the user externally PEM format `sourceType`: if `CERTIFICATE_BUNDLE`

Response status codes

For information about the HTTP status codes common to all Sub Account APIs, see Sub Account response status codes.

Response example

The response example is as follows:

If source.sourceType is NCP_PCA

{
    "trustAnchorId": "a271f5b5-****-****-****-bda95123e58e",
    "trustAnchorNrn": "nrn:PUB:ExternalAccess::*******:TrustAnchor/a271f5b5-****-****-****-bda95123e58e",
    "name": "ta000",
    "description": "test",
    "enabled": false,
    "createTime": "2024-12-13T13:16:50.330726376+09:00",
    "updateTime": "2024-12-13T13:16:50.330726376+09:00",
    "source": {
        "sourceType": "NCP_PCA",
        "sourceData": {
            "caId": *****
        }
    }
}

If source.sourceType is CERTIFICATE_BUNDLE

{
    "trustAnchorId": "a271f5b5-****-****-****-bda95123e58e",
    "trustAnchorNrn": "nrn:PUB:ExternalAccess::*******:TrustAnchor/a271f5b5-****-****-****-bda95123e58e",
    "name": "ta000",
    "description": "test",
    "enabled": false,
    "createTime": "2024-12-13T13:16:50.330726376+09:00",
    "updateTime": "2024-12-13T13:16:50.330726376+09:00",
    "source": {
        "sourceType": "CERTIFICATE_BUNDLE",
        "sourceData": {
            "x509CertificateData": "-----BEGIN CERTIFICATE-----\n{CA}\n-----END CERTIFICATE-----"
        }
    }
}