Skip to main content

Reference Parameters

Several parameters appear across many endpoints of the IDIAL REST API. This page documents their valid values and meanings.

security_policy

OPC UA security policy bitmask. Controls which security policies IDIAL accepts when connecting to an OPC UA server. Values can be combined (OR bitmask).

ValueSecurity PolicyNotes
1Basic128Rsa15Deprecated — not recommended for production.
2Basic256
4Aes128Sha256RsaOaep
8Basic256Sha256Recommended.
16Aes256Sha256RsaPssStrongest encryption.

Default: 31 (all policies accepted — combination of 1+2+4+8+16)

Example: The value 9 enables Basic128Rsa15 + Basic256Sha256.

warning

Basic128Rsa15 (value 1) is deprecated and disabled in modern OPC UA stacks. For production environments, use only Basic256Sha256 (8) or Aes256Sha256RsaPss (16).

security_mode

OPC UA security mode. Controls signing and encryption of OPC UA messages.

ValueModeDescription
0NoneNo signing and no encryption. Insecure.
1SignMessages are signed but not encrypted.
2SignAndEncryptMessages are signed and encrypted. Recommended for production.

Default: 0 (None — no authentication)

danger

Operating with security_mode: 0 means OPC UA communication is neither signed nor encrypted. This mode must only be used in isolated test environments.

trustlist

Bitmask controlling which trust list components are read or written. Values can be combined.

ValueComponentDescription
0NoneNo trust list component.
1TrustedCertificatesTrusted endpoint certificates.
2TrustedCrlsCRLs for trusted certificates.
4IssuerCertificatesCA / issuer certificates.
8IssuerCrlsCRLs for CA certificates.
15AllAll components (1+2+4+8).

Default: 15 (All)

device_status

Controls whether IDIAL actively manages certificates for an inventory entry.

ValueStatusBehavior
0InactiveIDIAL monitors the endpoint but does not trigger certificate or trust list updates.
1ActiveIDIAL actively manages the certificate lifecycle.
2DeletedEntry is marked for deletion and excluded from operations.
note

Inactive devices are excluded from inventory responses by default. To include them, set show_inactive_devices: true via POST /systeminfo.