System & Status
This page documents the endpoints that expose and control the system state of IDIAL. This includes general system information, scheduler settings, GDS and CRL status, and supported device types.
GET /systeminfo
Returns general system information. No authentication required — intended for monitoring systems and health checks.
Authentication: Not required
Request
curl -X GET http://localhost:5000/systeminfo
Response 200
{
"status": 0,
"software": "IDIAL @ BxC",
"version": "1.2.3",
"infrastructure": {
"db_version": "v1.2.0",
"sqlite_version": "3.45.1",
"python_version": "3.11.7",
"debian_version": "Debian 12.4",
"openssl_version": "OpenSSL 3.0.11 19 Sep 2023",
"idial_version": "0.3.1",
"updated_at": "2026-03-06 10:30:45"
},
"eol": "2027-12-31",
"eol_days_remaining": 605,
"gds_push_scheduler_status": "running",
"gds_push_scheduler_active": true,
"gds_push_scheduler_renewal_days": 30,
"gds_push_scheduler_scan_interval_sec": 3600,
"monitor_scheduler_status": "running",
"monitor_scheduler_active": true,
"monitor_scheduler_scan_interval_sec": 3600,
"show_inactive_devices": false
}
Response Fields
| Field | Type | Description |
|---|---|---|
status | integer | System operating status. Value: 0 = ready. |
software | string | Fixed value: "IDIAL @ BxC". |
version | string | IDIAL software version. Format: semantic versioning (e.g. "1.2.3"). |
infrastructure.db_version | string | Database schema version. |
infrastructure.sqlite_version | string | SQLite engine version. |
infrastructure.python_version | string | Python interpreter version. |
infrastructure.debian_version | string | Container OS version. |
infrastructure.openssl_version | string | OpenSSL library version. |
infrastructure.idial_version | string | IDIAL application version. |
infrastructure.updated_at | string | Timestamp of last infrastructure info update. ISO 8601. |
eol | string | End-of-life date for this IDIAL version. |
eol_days_remaining | integer | Days until EOL. -1 if unknown. |
gds_push_scheduler_status | string | Current execution status of the GDS push scheduler. |
gds_push_scheduler_active | boolean | Whether the GDS push scheduler is active. |
gds_push_scheduler_renewal_days | integer | Days before expiry at which renewal is triggered. |
gds_push_scheduler_scan_interval_sec | integer | Scheduler scan interval in seconds. |
monitor_scheduler_status | string | Current execution status of the monitor scheduler. |
monitor_scheduler_active | boolean | Whether the monitor scheduler is active. |
monitor_scheduler_scan_interval_sec | integer | Monitor scheduler scan interval in seconds. |
show_inactive_devices | boolean | Whether inactive devices are included in inventory responses. |
Response 500
{"error": "string"}
POST /systeminfo
Updates system configuration. Schedulers can be enabled or disabled and scan intervals adjusted. At least one field must be provided.
Authentication: Required (X-API-Key header)
Request
curl -X POST http://localhost:5000/systeminfo \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"gds_push_scheduler_active": true, "gds_push_scheduler_renewal_days": 30}'
Request Body
{
"gds_push_scheduler_active": true,
"gds_push_scheduler_renewal_days": 30,
"gds_push_scheduler_scan_interval_sec": 3600,
"monitor_scheduler_active": true,
"monitor_scheduler_scan_interval_sec": 3600,
"show_inactive_devices": false
}
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
gds_push_scheduler_active | boolean | No | Enable or disable the GDS push scheduler. |
gds_push_scheduler_renewal_days | integer ≥ 0 | No | Days before certificate expiry at which renewal is triggered. |
gds_push_scheduler_scan_interval_sec | integer ≥ 1 | No | Scan interval in seconds. |
monitor_scheduler_active | boolean | No | Enable or disable the monitor scheduler. |
monitor_scheduler_scan_interval_sec | integer ≥ 1 | No | Monitor scan interval in seconds. |
show_inactive_devices | boolean | No | Include inactive devices in inventory responses. |
Response 200
Response matches the format of GET /systeminfo.
Response 400
{"error": "At least one of ... is required"}
GET /gds/systeminfo
Returns GDS-specific system information including supported OPC UA security policies, security modes, and operating modes.
Authentication: Required (X-API-Key header)
Request
curl -X GET http://localhost:5000/gds/systeminfo \
-H "X-API-Key: your-api-key"
Response 200
{
"max_allowed_policy_mask": 63,
"max_allowed_mode_mask": 7,
"device_status_bits": [
{"name": "inactive", "value": 0},
{"name": "active", "value": 1},
{"name": "deleted", "value": 2}
],
"security_policy_bits": [
{"name": "none", "enum_value": 0, "bit": null, "mask": 0},
{"name": "Basic128Rsa15", "enum_value": 1, "bit": 0, "mask": 1},
{"name": "Basic256", "enum_value": 2, "bit": 1, "mask": 2},
{"name": "Aes128Sha256RsaOaep", "enum_value": 3, "bit": 2, "mask": 4},
{"name": "Basic256Sha256", "enum_value": 4, "bit": 3, "mask": 8},
{"name": "Aes256Sha256RsaPss", "enum_value": 5, "bit": 4, "mask": 16}
],
"security_mode_bits": [
{"name": "none", "enum_value": 0, "bit": null, "mask": 0},
{"name": "Sign", "enum_value": 1, "bit": 0, "mask": 1},
{"name": "SignAndEncrypt", "enum_value": 2, "bit": 1, "mask": 2}
],
"operating_mode_bits": [
{"name": "run", "value": 0},
{"name": "stop", "value": 1}
]
}
This endpoint returns the OPC UA GDS configuration as supported by the IDIAL OPC UA client stack. Use it to determine valid bitmask values for security_policy and security_mode fields throughout the API. See also reference-parameters.md.
GET /crl/systeminfo
Returns the status of the CRL subsystem and the status/reason code mappings used by IDIAL during certificate revocation checks.
Authentication: Required (X-API-Key header)
Request
curl -X GET http://localhost:5000/crl/systeminfo \
-H "X-API-Key: your-api-key"
Response 200
{
"statuses": [
{"id": 0, "name": "unknown", "description": "certificate revocation status is unknown or was not checked yet", "is_revoked": null },
{"id": 1, "name": "not_revoked", "description": "certificate was checked against a CRL and is not revoked", "is_revoked": false },
{"id": 2, "name": "revoked", "description": "certificate is listed as revoked in the CRL", "is_revoked": true },
{"id": 3, "name": "certificate_missing", "description": "no certificate is stored for this asset", "is_revoked": null },
{"id": 4, "name": "crl_missing", "description": "no CRL was available for the certificate", "is_revoked": null },
{"id": 5, "name": "ca_missing", "description": "no issuing CA certificate was available for CRL validation", "is_revoked": null },
{"id": 6, "name": "cert_chain_invalid", "description": "certificate chain is invalid for the configured issuing CA", "is_revoked": null },
{"id": 7, "name": "ca_crlsign_missing", "description": "issuing CA certificate does not allow CRL signing", "is_revoked": null },
{"id": 8, "name": "crl_issuer_mismatch", "description": "CRL issuer does not match the configured issuing CA", "is_revoked": null },
{"id": 9, "name": "crl_signature_invalid","description": "CRL signature could not be verified with the issuing CA", "is_revoked": null },
{"id": 10, "name": "crl_time_invalid", "description": "CRL is outside its validity window", "is_revoked": null },
{"id": 11, "name": "parsing_error", "description": "certificate, CA, or CRL could not be parsed correctly", "is_revoked": null },
{"id": 12, "name": "self_signed", "description": "certificate is a self-signed certificate", "is_revoked": false }
],
"reasons": [
{"id": 0, "name": "unspecified", "description": "no specific revocation reason was provided" },
{"id": 1, "name": "keyCompromise", "description": "the subject private key is suspected to be compromised" },
{"id": 2, "name": "cACompromise", "description": "the issuing CA private key is suspected to be compromised" },
{"id": 3, "name": "affiliationChanged", "description": "the subject affiliation changed" },
{"id": 4, "name": "superseded", "description": "the certificate was superseded" },
{"id": 5, "name": "cessationOfOperation", "description": "the certificate is no longer needed because operations ceased" },
{"id": 6, "name": "certificateHold", "description": "the certificate was temporarily placed on hold" },
{"id": 8, "name": "removeFromCRL", "description": "the certificate was removed from a delta CRL" },
{"id": 9, "name": "privilegeWithdrawn", "description": "the subject privileges were withdrawn" },
{"id": 10, "name": "aACompromise", "description": "the attribute authority is suspected to be compromised" }
]
}
Response Fields
statuses[] — All known CRL check statuses
| Field | Type | Description |
|---|---|---|
id | integer | Internal status identifier, referenced in inventory entries. |
name | string | Machine-readable status name. |
description | string | Human-readable description. |
is_revoked | boolean | null | true = revoked, false = not revoked, null = indeterminate. |
reasons[] — RFC 5280-compliant revocation reason codes
| Field | Type | Description |
|---|---|---|
id | integer | Numeric reason code per RFC 5280. |
name | string | Reason code name in CamelCase. |
description | string | Human-readable explanation. |
GET /supported-devices
Returns a list of all OPC UA device types that IDIAL supports for certificate management via GDS Push.
Authentication: Required (X-API-Key header)
Request
curl -X GET http://localhost:5000/supported-devices \
-H "X-API-Key: your-api-key"
Response 200
[
{"id": 0, "device_name": "SIMATIC S7-1500 OPC UA", "firmware_version": "V02.09.04"},
{"id": 1, "device_name": "SIMATIC S7-1500 OPC UA", "firmware_version": "V03.01.03"}
]
Response Fields
| Field | Type | Description |
|---|---|---|
id | integer | Internal identifier of the device/firmware combination. |
device_name | string | Device manufacturer and model name. |
firmware_version | string | Tested and supported firmware version. |
Use this endpoint before adding an OPC UA device to the inventory to verify that the device model is supported.