Inventory Management
The inventory is IDIAL's central database of all managed endpoints. It stores connection parameters, credentials, certificate status, and PKI assignment for every managed device.
The inventory contains cached information from the last monitoring run — not live data from the endpoints. To refresh data, trigger a monitoring run via POST /gds/monitor/crt.
The service field identifies the connection protocol for each entry:
gds-push-<identifier>— OPC UA GDS Push protocol. The<identifier>is device- and firmware-specific.ssh-<identifier>— SSH-based certificate management.rest-<identifier>— REST API-based certificate management.
GET /inventory
Returns the full list of all inventory entries across all service types (GDS, SSH, etc.). This is the primary endpoint for monitoring and reporting. Inactive devices are excluded unless show_inactive_devices is enabled via POST /systeminfo.
Authentication: Required (X-API-Key header)
Request
curl -X GET http://localhost:5000/inventory \
-H "X-API-Key: your-api-key"
Response 200
[
{
"id": 1,
"name": "PLC Line 1",
"url": "opc.tcp://192.168.1.10:4840",
"service": "gds-push-siemens",
"server": "192.168.1.10",
"port": 4840,
"device_status": 1,
"device_status_name": "active",
"pki_endpoint": "est-production",
"username": "admin",
"cert_subjectdn": "CN=plc-line1,O=ExampleCorp,C=DE",
"cert_issuerdn": "CN=Issuing CA,O=ExampleCorp,C=DE",
"cert_validfrom": "2025-01-01 00:00:00",
"cert_validto": "2026-01-01 00:00:00",
"cert_base64": "MIIDxDCC...",
"cert_expdays": 241,
"cert_revoked": false,
"renewal_days": 30,
"security_policy": 8,
"security_mode": 2,
"security_policys": ["Basic256Sha256"],
"security_modes": ["SignAndEncrypt"]
}
]
Response Fields
| Field | Type | Description |
|---|---|---|
id | integer | Internal database identifier. |
name | string | null | Display name of the endpoint. |
url | string | Full connection URL (e.g. opc.tcp://host:port). |
service | string | Service type identifier. |
server | string | IP address or DNS hostname of the endpoint. |
port | integer | Network port of the endpoint. |
device_status | integer | null | 0 = inactive, 1 = active, 2 = deleted. See reference-parameters. |
device_status_name | string | null | Human-readable status name. |
pki_endpoint | string | null | Configured PKI endpoint ID for certificate enrollment. |
username | string | null | Configured username for endpoint authentication. |
cert_subjectdn | string | null | Subject DN of the certificate currently active at the endpoint. |
cert_issuerdn | string | null | Issuer DN of the certificate currently active at the endpoint. |
cert_validfrom | string | null | Certificate validity start date and time. |
cert_validto | string | null | Certificate validity end date and time. |
cert_base64 | string | null | DER certificate encoded as base64. |
cert_expdays | integer | null | Days until certificate expiry. |
cert_revoked | boolean | null | Whether the certificate is revoked. |
renewal_days | integer | null | Days before expiry at which renewal is triggered. |
security_policy | integer | null | Security policy bitmask. See reference-parameters. |
security_mode | integer | null | Security mode bitmask. See reference-parameters. |
security_policys | string[] | Human-readable security policy names. |
security_modes | string[] | Human-readable security mode names. |
POST /inventory
Adds a raw entry to the database using a low-level db_connect.py payload. Intended for advanced or legacy use. Enforces the license endpoint limit for GDS, OPC, and SSH tables.
Authentication: Required (X-API-Key header)
Request
curl -X POST http://localhost:5000/inventory \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"table": "gds", "add": "{\"server\": \"192.168.1.10\"}"}'
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
table | string | Yes | Target table name. Must contain gds, opc, ssh, pki, or ca. |
add | string | Yes | JSON or string payload to add. |
Response 200
{
"success": true,
"execution": "ok",
"error": "",
"result": null
}
Response Fields
| Field | Type | Description |
|---|---|---|
success | boolean | Whether the operation succeeded. |
execution | string | Execution status string. |
error | string | Error message if the operation failed. |
result | object | null | Parsed result from the operation. |
Response 400
{"error": "table must contain one of: gds, opc, ssh, pki, ca"}
Response 403
Returned when the license endpoint limit is reached for GDS/OPC/SSH tables.
PATCH /inventory
Updates a raw entry in the database using a low-level db_connect.py payload.
Authentication: Required (X-API-Key header)
Request
curl -X PATCH http://localhost:5000/inventory \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"table": "gds", "add": "{\"server\": \"192.168.1.10\", \"name\": \"Updated Name\"}"}'
Request Fields
Same as POST /inventory.
Response 200
Same schema as POST /inventory.
Response 400
{"error": "table must contain one of: gds, opc, ssh, pki, ca"}
GET /gds/inventory
Returns all GDS (OPC UA) inventory entries. Inactive devices are excluded unless show_inactive_devices is enabled.
Authentication: Required (X-API-Key header)
Request
curl -X GET http://localhost:5000/gds/inventory \
-H "X-API-Key: your-api-key"
Response 200
Array of inventory objects. Response format matches GET /inventory.
POST /gds/inventory
Creates a new GDS inventory entry. Enforces the license endpoint limit.
Authentication: Required (X-API-Key header)
Request
curl -X POST http://localhost:5000/gds/inventory \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"server": "192.168.1.10",
"port": 4840,
"name": "PLC Line 1",
"security_policy": 8,
"security_mode": 2,
"renewal_days": 30
}'
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
server | string | Yes | Hostname or IP address of the endpoint. |
port | integer (1–65535) | No | OPC UA port (default: 4840). |
name | string | No | Display name. |
userinfo_name | string | No | Authentication username. Must be paired with userinfo_password. |
userinfo_password | string | No | Authentication password (write-only). |
userinfo_pkcs12_base64 | string (≥ 160 chars) | No | Base64-encoded PKCS#12 for certificate authentication (write-only). |
userinfo_pkcs12_password | string (≤ 1024 chars) | No | Password for the PKCS#12 file (write-only). |
device_status | integer (0/1/2) | No | Device status. |
pki | integer ≥ 0 | No | ID of the associated PKI inventory entry. |
security_policy | integer | No | Security policy bitmask. See reference-parameters. |
security_mode | integer | No | Security mode bitmask. See reference-parameters. |
renewal_days | integer ≥ 0 | No | Days before expiry to trigger renewal. |
Response 200
Created inventory entry. Response format matches GET /inventory.
Response 403
Returned when the license endpoint limit is reached.
PATCH /gds/inventory
Updates an existing GDS inventory entry. The entry is identified by server + port.
Authentication: Required (X-API-Key header)
Request
curl -X PATCH http://localhost:5000/gds/inventory \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"server": "192.168.1.10", "name": "Updated Name"}'
Request Fields
Same fields as POST /gds/inventory. All fields are optional except server.
Response 200
Updated inventory entry. Response format matches GET /inventory.
Response 404
{"error": "string"}
GET /gds/inventory/{host_or_url}
Returns a single GDS inventory entry by host or URL.
Authentication: Required (X-API-Key header)
Request
curl -X GET http://localhost:5000/gds/inventory/192.168.1.10 \
-H "X-API-Key: your-api-key"
# or using full OPC UA URL:
curl -X GET "http://localhost:5000/gds/inventory/opc.tcp://192.168.1.10:4840" \
-H "X-API-Key: your-api-key"
The {host_or_url} path parameter accepts:
- Hostname or IP:
192.168.1.10 - Host and port:
192.168.1.10:4840 - Full OPC UA URL:
opc.tcp://192.168.1.10:4840
Response 200
Single inventory entry. Response format matches GET /inventory.
Response 400
{"error": "string"}
Response 404
{"error": "string"}
DELETE /gds/inventory/{host_or_url}
Deletes a GDS inventory entry and all associated user credential data.
Authentication: Required (X-API-Key header)
Request
curl -X DELETE http://localhost:5000/gds/inventory/192.168.1.10 \
-H "X-API-Key: your-api-key"
Response 200
Deleted inventory entry. Response format matches GET /inventory.
Response 400
{"error": "string"}
Response 404
{"error": "string"}
POST /gds/inventory/user
Writes user credentials (username/password or PKCS#12) for a GDS inventory entry. Creates the entry if it does not exist.
Authentication: Required (X-API-Key header)
Request
curl -X POST http://localhost:5000/gds/inventory/user \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"server": "192.168.1.10",
"port": 4840,
"userinfo_name": "admin",
"userinfo_password": "secret"
}'
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
server | string | Yes | Hostname or IP address. |
port | integer (1–65535) | No | Port (default: 4840). |
userinfo_name | string | No | Authentication username. |
userinfo_password | string | No | Authentication password (write-only). |
userinfo_pkcs12_base64 | string (≥ 160 chars) | No | Base64-encoded PKCS#12 (write-only). |
userinfo_pkcs12_password | string (≤ 1024 chars) | No | PKCS#12 password (write-only). |
Response 200
Inventory entry. Response format matches GET /inventory.
PATCH /gds/inventory/user
Updates user credentials for an existing GDS inventory entry. The entry must already exist.
Authentication: Required (X-API-Key header)
Request
curl -X PATCH http://localhost:5000/gds/inventory/user \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"server": "192.168.1.10", "userinfo_password": "new-secret"}'
Request Fields
Same as POST /gds/inventory/user.
Response 200
Updated inventory entry. Response format matches GET /inventory.
GET /gds/inventory/trustlist
Returns GDS trustlist data stored in the inventory database for all managed endpoints.
Authentication: Required (X-API-Key header)
Request
curl -X GET http://localhost:5000/gds/inventory/trustlist \
-H "X-API-Key: your-api-key"
Response 200
[
{
"url": "opc.tcp://192.168.1.10:4840",
"trustlist_trusted_ca": ["MIIBxDCC..."],
"trustlist_trusted_crl": [],
"trustlist_issuer_ca": ["MIIBxDCC..."],
"trustlist_issuer_crl": []
}
]
Response Fields
| Field | Type | Description |
|---|---|---|
url | string | OPC UA connection URL identifying the endpoint. |
trustlist_trusted_ca | string[] | Trusted endpoint certificates. |
trustlist_trusted_crl | string[] | CRLs for trusted certificates. |
trustlist_issuer_ca | string[] | Issuer CA certificates. |
trustlist_issuer_crl | string[] | CRLs for issuer CA certificates. |
GET /ssh/inventory
Returns all SSH inventory entries.
Authentication: Required (X-API-Key header)
Request
curl -X GET http://localhost:5000/ssh/inventory \
-H "X-API-Key: your-api-key"
Response 200
Array of inventory objects. Response format matches GET /inventory.