Reference Parameters
Several parameters appear across many endpoints of the IDIAL REST API. This page documents their valid values and meanings.
security_policy
OPC UA security policy bitmask. Controls which security policies IDIAL accepts when connecting to an OPC UA server. Values can be combined (OR bitmask).
| Value | Security Policy | Notes |
|---|---|---|
1 | Basic128Rsa15 | Deprecated — not recommended for production. |
2 | Basic256 | |
4 | Aes128Sha256RsaOaep | |
8 | Basic256Sha256 | Recommended. |
16 | Aes256Sha256RsaPss | Strongest encryption. |
Default: 31 (all policies accepted — combination of 1+2+4+8+16)
Example: The value 9 enables Basic128Rsa15 + Basic256Sha256.
Basic128Rsa15 (value 1) is deprecated and disabled in modern OPC UA stacks. For production environments, use only Basic256Sha256 (8) or Aes256Sha256RsaPss (16).
security_mode
OPC UA security mode. Controls signing and encryption of OPC UA messages.
| Value | Mode | Description |
|---|---|---|
0 | None | No signing and no encryption. Insecure. |
1 | Sign | Messages are signed but not encrypted. |
2 | SignAndEncrypt | Messages are signed and encrypted. Recommended for production. |
Default: 0 (None — no authentication)
Operating with security_mode: 0 means OPC UA communication is neither signed nor encrypted. This mode must only be used in isolated test environments.
trustlist
Bitmask controlling which trust list components are read or written. Values can be combined.
| Value | Component | Description |
|---|---|---|
0 | None | No trust list component. |
1 | TrustedCertificates | Trusted endpoint certificates. |
2 | TrustedCrls | CRLs for trusted certificates. |
4 | IssuerCertificates | CA / issuer certificates. |
8 | IssuerCrls | CRLs for CA certificates. |
15 | All | All components (1+2+4+8). |
Default: 15 (All)
device_status
Controls whether IDIAL actively manages certificates for an inventory entry.
| Value | Status | Behavior |
|---|---|---|
0 | Inactive | IDIAL monitors the endpoint but does not trigger certificate or trust list updates. |
1 | Active | IDIAL actively manages the certificate lifecycle. |
2 | Deleted | Entry is marked for deletion and excluded from operations. |
Inactive devices are excluded from inventory responses by default. To include them, set show_inactive_devices: true via POST /systeminfo.