API-Edge-Schemas: API schemas reference for Aembit Edge # Aembit Edge API - Data Schemas > Data schemas and models for Aembit Edge API # Aembit Edge API - Data Schemas [Section titled “Aembit Edge API - Data Schemas”](#aembit-edge-api---data-schemas) **Version:** v1 ### ApiCredentialsRequest [Section titled “ApiCredentialsRequest”](#apicredentialsrequest) Request payload for retrieving credentials for a Client Workload **Type:** object **Properties:** * **client** *(optional)*: any * **server** *(optional)*: any * **credentialType** *(optional)*: any ### ApiCredentialsResponse [Section titled “ApiCredentialsResponse”](#apicredentialsresponse) Response containing credentials that a Client Workload requests with expiration details **Type:** object **Properties:** * **credentialType** *(optional)*: any * **expiresAt** *(optional)*: string (date-time) | null - Token expiration time in ISO 8601 format, null for non-expiring credentials * **data** *(optional)*: any ### AuthRequest [Section titled “AuthRequest”](#authrequest) Identity and attestation information for Client Workload authentication **Type:** object **Properties:** * **clientId** *(optional)*: string | null - Trust Provider Client Id for authentication * **client** *(optional)*: any ### AwsDTO [Section titled “AwsDTO”](#awsdto) AWS-specific attestation data for Client Workload identification **Type:** object **Properties:** * **instanceIdentityDocument** *(optional)*: string | null - Base64-encoded AWS instance identity document * **instanceIdentityDocumentSignature** *(optional)*: string | null - Base64-encoded signature for AWS instance identity document verification * **lambda** *(optional)*: any * **ecs** *(optional)*: any * **stsGetCallerIdentity** *(optional)*: any ### AwsEcsDTO [Section titled “AwsEcsDTO”](#awsecsdto) AWS ECS container and task metadata for workload attestation **Type:** object **Properties:** * **containerMetadata** *(optional)*: string | null - JSON string containing AWS ECS container metadata * **taskMetadata** *(optional)*: string | null - JSON string containing AWS ECS task metadata ### AzureAttestationDTO [Section titled “AzureAttestationDTO”](#azureattestationdto) Azure-specific attestation data for Client Workload identification **Type:** object **Properties:** * **attestedDocument** *(optional)*: any ### AzureAttestedDocumentDTO [Section titled “AzureAttestedDocumentDTO”](#azureattesteddocumentdto) Azure attested document with signature and nonce for verification **Type:** object **Properties:** * **encoding** *(optional)*: string | null - Encoding format of the Azure attestation document * **signature** *(optional)*: string | null - Digital signature for Azure attestation document verification * **nonce** *(optional)*: string | null - Cryptographic nonce for Azure attestation document freshness ### ClientWorkloadDetails [Section titled “ClientWorkloadDetails”](#clientworkloaddetails) Identity and attestation information for a Client Workload requesting credentials **Type:** object **Properties:** * **sourceIP** *(optional)*: string | null - IP address of the requesting Client Workload * **aws** *(optional)*: any * **azure** *(optional)*: any * **gcp** *(optional)*: any * **os** *(optional)*: any * **k8s** *(optional)*: any * **host** *(optional)*: any * **github** *(optional)*: any * **terraform** *(optional)*: any * **gitlab** *(optional)*: any * **oidc** *(optional)*: any ### CredentialProviderTypes [Section titled “CredentialProviderTypes”](#credentialprovidertypes) Type of credential being requested from your configured Credential Provider **Type:** string **Possible values:** `Unknown`, `ApiKey`, `UsernamePassword`, `GoogleWorkloadIdentityFederation`, `OAuthToken`, `AwsStsFederation` ### CrowdStrikeDTO [Section titled “CrowdStrikeDTO”](#crowdstrikedto) CrowdStrike agent information for endpoint security attestation **Type:** object **Properties:** * **agentId** *(optional)*: string | null - Unique identifier for the CrowdStrike agent ### EdgeCredentials [Section titled “EdgeCredentials”](#edgecredentials) Credential data returned to Client Workloads based on your configured Credential Providers **Type:** object **Properties:** * **apiKey** *(optional)*: string | null - API key credential for authenticating to target services * **token** *(optional)*: string | null - Bearer token credential for authenticating to target services * **username** *(optional)*: string | null - Username for basic authentication credentials * **password** *(optional)*: string | null - Password for basic authentication credentials * **awsAccessKeyId** *(optional)*: string | null - AWS access key ID for programmatic access * **awsSecretAccessKey** *(optional)*: string | null - AWS secret access key for programmatic access * **awsSessionToken** *(optional)*: string | null - AWS session token for temporary credentials ### EnvironmentDTO [Section titled “EnvironmentDTO”](#environmentdto) Environment variables available to the Client Workload **Type:** object **Properties:** * **K8S\_POD\_NAME** *(optional)*: string | null - Kubernetes pod name environment variable * **CLIENT\_WORKLOAD\_ID** *(optional)*: string | null - Aembit Client Workload identifier environment variable * **KUBERNETES\_PROVIDER\_ID** *(optional)*: string | null - Kubernetes Trust Provider identifier environment variable * **AEMBIT\_RESOURCE\_SET\_ID** *(optional)*: string | null - Aembit Resource Set identifier environment variable ### GcpAttestationDTO [Section titled “GcpAttestationDTO”](#gcpattestationdto) GCP-specific attestation data for Client Workload identification **Type:** object **Properties:** * **identityToken** *(optional)*: string | null - Identity token for workload attestation * **instanceDocument** *(optional)*: string | null - Base64-encoded GCP instance identity document ### GenericResponseDTO [Section titled “GenericResponseDTO”](#genericresponsedto) DTO for a Generic API Response **Type:** object **Properties:** * **success** *(optional)*: boolean - True if the API call was successful, False otherwise * **message** *(optional)*: string | null - Message to indicate why the API call failed * **id** *(optional)*: integer (int32) - Unique identifier of the API response ### HostDTO [Section titled “HostDTO”](#hostdto) Host system information for Client Workload attestation **Type:** object **Properties:** * **hostname** *(optional)*: string | null - Client Workload hostname * **domainName** *(optional)*: string | null - Domain name of the Client Workload host * **process** *(optional)*: any * **sensors** *(optional)*: any * **systemSerialNumber** *(optional)*: string | null - Hardware serial number of the Client Workload system * **networkInterfaces** *(optional)*: Array ### IdentityTokenAttestationDTO [Section titled “IdentityTokenAttestationDTO”](#identitytokenattestationdto) JWT-based identity token attestation for CI/CD platforms **Type:** object **Properties:** * **identityToken** *(optional)*: string | null - Identity token for workload attestation ### K8sDTO [Section titled “K8sDTO”](#k8sdto) Kubernetes-specific attestation data for Kubernetes pod identification **Type:** object **Properties:** * **serviceAccountToken** *(optional)*: string | null - Kubernetes service account JWT token ### LambdaDTO [Section titled “LambdaDTO”](#lambdadto) AWS Lambda function information for serverless workload attestation **Type:** object **Properties:** * **arn** *(optional)*: string | null - AWS Lambda function ARN ### NetworkInterfacesDTO [Section titled “NetworkInterfacesDTO”](#networkinterfacesdto) **Type:** object **Properties:** * **name** *(optional)*: string | null * **macAddress** *(optional)*: string | null * **ipv4Addresses** *(optional)*: Array * **ipv6Addresses** *(optional)*: Array ### OsDTO [Section titled “OsDTO”](#osdto) Operating system environment information for Client Workload attestation **Type:** object **Properties:** * **environment** *(optional)*: any ### ProcessDTO [Section titled “ProcessDTO”](#processdto) Process information for Client Workload identification **Type:** object **Properties:** * **name** *(optional)*: string | null - Process name * **pid** *(optional)*: integer (int32) - Process identifier (PID) * **userId** *(optional)*: integer (int32) - User identifier running the process * **userName** *(optional)*: string | null - Username running the process * **exePath** *(optional)*: string | null - Executable file path of the process ### SensorsDTO [Section titled “SensorsDTO”](#sensorsdto) Security sensor data for enhanced Client Workload attestation **Type:** object **Properties:** * **crowdStrike** *(optional)*: any ### ServerWorkloadDetails [Section titled “ServerWorkloadDetails”](#serverworkloaddetails) Target server connection details for credential requests **Type:** object **Properties:** * **transportProtocol** *(optional)*: any * **host** *(optional)*: string | null - Target server hostname or IP address * **port** *(optional)*: integer (int32) - Target server port number ### StsGetCallerIdentityDTO [Section titled “StsGetCallerIdentityDTO”](#stsgetcalleridentitydto) AWS STS GetCallerIdentity request data for identity verification **Type:** object **Properties:** * **headers** *(optional)*: object | null - HTTP headers for AWS STS GetCallerIdentity request * **region** *(optional)*: string | null - AWS region for STS GetCallerIdentity request ### TokenDTO [Section titled “TokenDTO”](#tokendto) OAuth2-style access token response with expiration details **Type:** object **Properties:** * **accessToken** *(optional)*: string | null - Bearer token for authenticating subsequent API requests * **tokenType** *(optional)*: string | null - Token type, typically ”Bearer” for OAuth2-style tokens * **expiresIn** *(optional)*: integer (int32) - Token expiration time in seconds from issuance ### TransportProtocol [Section titled “TransportProtocol”](#transportprotocol) **Type:** string **Possible values:** `TCP`