Skip to main content

Parameter Reference

Several parameters appear across numerous endpoints of the IDIAL REST API. This page documents their valid values and their meaning.

security_policy

OPC UA Security Policy bitmask. Controls which security policies IDIAL accepts when establishing a connection to an OPC UA server. Values can be combined (OR bitmask).

ValueSecurity PolicyNote
1Basic128Rsa15Deprecated, not recommended for production use
2Basic256
4Aes128Sha256RsaOaep
8Basic256Sha256Recommended
16Aes256Sha256RsaPssStrongest encryption

Default: 31 (all policies accepted — combination of 1+2+4+8+16)

Example: The value 9 enables Basic128Rsa15 + Basic256Sha256.

warning

Basic128Rsa15 (value 1) is deprecated and disabled in modern OPC UA stacks. For production environments, only Basic256Sha256 (8) or Aes256Sha256RsaPss (16) should be used.

security_mode

OPC UA Security Mode. Controls the signing and encryption of messages in OPC UA connections.

ValueModeDescription
0NoneNo signing and no encryption. Insecure.
1SignMessages are signed but not encrypted.
2SignAndEncryptMessages are signed and encrypted. Recommended for production use.

Default: 0 (None — no authentication)

danger

Operating with security_mode: 0 means that OPC UA communication is neither signed nor encrypted. This mode must only be used in isolated test environments.

trustlist

Bitmask controlling which components of the trust list are read or written. Values can be combined.

ValueComponentDescription
0NoneNo trust list component
1TrustedCertificatesTrusted endpoint certificates
2TrustedCrlsCRLs for trusted certificates
4IssuerCertificatesCA / issuer certificates
8IssuerCrlsCRLs for CA certificates
15AllAll components (1+2+4+8)

Default: 15 (All)

device_status

Controls whether IDIAL actively manages certificates for an inventory entry.

ValueStatusBehavior
0InactiveIDIAL monitors the endpoint but does not trigger any certificate or trust list updates.
1ActiveIDIAL actively manages the certificate lifecycle.