#Pubkey [v1]

#/auth/v1/pubkey

#get Get public key

#Parameters

• Authorization (in header): string

  Given Bearer token will use this as authorization for the API

#Response

• 200 PasswordPublicKeyResponse: OK

#PasswordPublicKeyResponse

• pubkey: string
• pubkey_encode: string
• ts: string

#API usage

Use this API to get the RSA public key and timestamp used for encrypting password parameters.

#Request example

GET /auth/v1/pubkey

#Response fields

#Encryption workflow

1. Call /auth/v1/pubkey to get ts and pubkey.
2. Build a JSON payload with your plaintext password: {"ts":"<ts>","password":"<plain password>"}.
3. Encrypt the payload with the returned public key using RSA PKCS#1 v1.5.
4. Base64-encode the encrypted bytes.
5. Use the Base64 result as the value of password fields (for example password or old_password) in subsequent requests.

#End-to-end example

# 1) Get pubkey and timestamp
curl -s -H "Authorization: Bearer ${TOKEN}" \
  "${APISERVER}/auth/v1/pubkey" > /tmp/pubkey.json

# 2) Extract fields
TS=$(jq -r '.ts' /tmp/pubkey.json)
jq -r '.pubkey' /tmp/pubkey.json > /tmp/password_pubkey.pem

# 3) Build plaintext JSON payload
printf '{"ts":"%s","password":"%s"}' "${TS}" "${PLAIN_PASSWORD}" > /tmp/password_payload.json

# 4) Encrypt with RSA PKCS#1 v1.5, then Base64 encode
ENC_PASSWORD=$(openssl pkeyutl \
  -encrypt \
  -pubin \
  -inkey /tmp/password_pubkey.pem \
  -in /tmp/password_payload.json \
  -pkeyopt rsa_padding_mode:pkcs1 | base64 | tr -d '\n')

echo "${ENC_PASSWORD}"

#Use encrypted value in later requests

{
  "password": "<base64 encrypted value>"
}

If ts is expired, request /auth/v1/pubkey again and regenerate encrypted parameters.