Skip to main content

System & Status

This page documents the endpoints that expose and control the system state of IDIAL. This includes general system information, scheduler settings, GDS and CRL status, and supported device types.

GET /systeminfo

Returns general system information. No authentication required — intended for monitoring systems and health checks.

Authentication: Not required

Request

curl -X GET http://localhost:5000/systeminfo

Response 200

{
"status": 0,
"software": "IDIAL @ BxC",
"version": "1.2.3",
"infrastructure": {
"db_version": "v1.2.0",
"sqlite_version": "3.45.1",
"python_version": "3.11.7",
"debian_version": "Debian 12.4",
"openssl_version": "OpenSSL 3.0.11 19 Sep 2023",
"idial_version": "0.3.1",
"updated_at": "2026-03-06 10:30:45"
},
"eol": "2027-12-31",
"eol_days_remaining": 605,
"gds_push_scheduler_status": "running",
"gds_push_scheduler_active": true,
"gds_push_scheduler_renewal_days": 30,
"gds_push_scheduler_scan_interval_sec": 3600,
"monitor_scheduler_status": "running",
"monitor_scheduler_active": true,
"monitor_scheduler_scan_interval_sec": 3600,
"show_inactive_devices": false
}

Response Fields

FieldTypeDescription
statusintegerSystem operating status. Value: 0 = ready.
softwarestringFixed value: "IDIAL @ BxC".
versionstringIDIAL software version. Format: semantic versioning (e.g. "1.2.3").
infrastructure.db_versionstringDatabase schema version.
infrastructure.sqlite_versionstringSQLite engine version.
infrastructure.python_versionstringPython interpreter version.
infrastructure.debian_versionstringContainer OS version.
infrastructure.openssl_versionstringOpenSSL library version.
infrastructure.idial_versionstringIDIAL application version.
infrastructure.updated_atstringTimestamp of last infrastructure info update. ISO 8601.
eolstringEnd-of-life date for this IDIAL version.
eol_days_remainingintegerDays until EOL. -1 if unknown.
gds_push_scheduler_statusstringCurrent execution status of the GDS push scheduler.
gds_push_scheduler_activebooleanWhether the GDS push scheduler is active.
gds_push_scheduler_renewal_daysintegerDays before expiry at which renewal is triggered.
gds_push_scheduler_scan_interval_secintegerScheduler scan interval in seconds.
monitor_scheduler_statusstringCurrent execution status of the monitor scheduler.
monitor_scheduler_activebooleanWhether the monitor scheduler is active.
monitor_scheduler_scan_interval_secintegerMonitor scheduler scan interval in seconds.
show_inactive_devicesbooleanWhether inactive devices are included in inventory responses.

Response 500

{"error": "string"}

POST /systeminfo

Updates system configuration. Schedulers can be enabled or disabled and scan intervals adjusted. At least one field must be provided.

Authentication: Required (X-API-Key header)

Request

curl -X POST http://localhost:5000/systeminfo \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{"gds_push_scheduler_active": true, "gds_push_scheduler_renewal_days": 30}'

Request Body

{
"gds_push_scheduler_active": true,
"gds_push_scheduler_renewal_days": 30,
"gds_push_scheduler_scan_interval_sec": 3600,
"monitor_scheduler_active": true,
"monitor_scheduler_scan_interval_sec": 3600,
"show_inactive_devices": false
}

Request Fields

FieldTypeRequiredDescription
gds_push_scheduler_activebooleanNoEnable or disable the GDS push scheduler.
gds_push_scheduler_renewal_daysinteger ≥ 0NoDays before certificate expiry at which renewal is triggered.
gds_push_scheduler_scan_interval_secinteger ≥ 1NoScan interval in seconds.
monitor_scheduler_activebooleanNoEnable or disable the monitor scheduler.
monitor_scheduler_scan_interval_secinteger ≥ 1NoMonitor scan interval in seconds.
show_inactive_devicesbooleanNoInclude inactive devices in inventory responses.

Response 200

Response matches the format of GET /systeminfo.

Response 400

{"error": "At least one of ... is required"}

GET /gds/systeminfo

Returns GDS-specific system information including supported OPC UA security policies, security modes, and operating modes.

Authentication: Required (X-API-Key header)

Request

curl -X GET http://localhost:5000/gds/systeminfo \
-H "X-API-Key: your-api-key"

Response 200

{
"max_allowed_policy_mask": 63,
"max_allowed_mode_mask": 7,
"device_status_bits": [
{"name": "inactive", "value": 0},
{"name": "active", "value": 1},
{"name": "deleted", "value": 2}
],
"security_policy_bits": [
{"name": "none", "enum_value": 0, "bit": null, "mask": 0},
{"name": "Basic128Rsa15", "enum_value": 1, "bit": 0, "mask": 1},
{"name": "Basic256", "enum_value": 2, "bit": 1, "mask": 2},
{"name": "Aes128Sha256RsaOaep", "enum_value": 3, "bit": 2, "mask": 4},
{"name": "Basic256Sha256", "enum_value": 4, "bit": 3, "mask": 8},
{"name": "Aes256Sha256RsaPss", "enum_value": 5, "bit": 4, "mask": 16}
],
"security_mode_bits": [
{"name": "none", "enum_value": 0, "bit": null, "mask": 0},
{"name": "Sign", "enum_value": 1, "bit": 0, "mask": 1},
{"name": "SignAndEncrypt", "enum_value": 2, "bit": 1, "mask": 2}
],
"operating_mode_bits": [
{"name": "run", "value": 0},
{"name": "stop", "value": 1}
]
}
note

This endpoint returns the OPC UA GDS configuration as supported by the IDIAL OPC UA client stack. Use it to determine valid bitmask values for security_policy and security_mode fields throughout the API. See also reference-parameters.md.


GET /crl/systeminfo

Returns the status of the CRL subsystem and the status/reason code mappings used by IDIAL during certificate revocation checks.

Authentication: Required (X-API-Key header)

Request

curl -X GET http://localhost:5000/crl/systeminfo \
-H "X-API-Key: your-api-key"

Response 200

{
"statuses": [
{"id": 0, "name": "unknown", "description": "certificate revocation status is unknown or was not checked yet", "is_revoked": null },
{"id": 1, "name": "not_revoked", "description": "certificate was checked against a CRL and is not revoked", "is_revoked": false },
{"id": 2, "name": "revoked", "description": "certificate is listed as revoked in the CRL", "is_revoked": true },
{"id": 3, "name": "certificate_missing", "description": "no certificate is stored for this asset", "is_revoked": null },
{"id": 4, "name": "crl_missing", "description": "no CRL was available for the certificate", "is_revoked": null },
{"id": 5, "name": "ca_missing", "description": "no issuing CA certificate was available for CRL validation", "is_revoked": null },
{"id": 6, "name": "cert_chain_invalid", "description": "certificate chain is invalid for the configured issuing CA", "is_revoked": null },
{"id": 7, "name": "ca_crlsign_missing", "description": "issuing CA certificate does not allow CRL signing", "is_revoked": null },
{"id": 8, "name": "crl_issuer_mismatch", "description": "CRL issuer does not match the configured issuing CA", "is_revoked": null },
{"id": 9, "name": "crl_signature_invalid","description": "CRL signature could not be verified with the issuing CA", "is_revoked": null },
{"id": 10, "name": "crl_time_invalid", "description": "CRL is outside its validity window", "is_revoked": null },
{"id": 11, "name": "parsing_error", "description": "certificate, CA, or CRL could not be parsed correctly", "is_revoked": null },
{"id": 12, "name": "self_signed", "description": "certificate is a self-signed certificate", "is_revoked": false }
],
"reasons": [
{"id": 0, "name": "unspecified", "description": "no specific revocation reason was provided" },
{"id": 1, "name": "keyCompromise", "description": "the subject private key is suspected to be compromised" },
{"id": 2, "name": "cACompromise", "description": "the issuing CA private key is suspected to be compromised" },
{"id": 3, "name": "affiliationChanged", "description": "the subject affiliation changed" },
{"id": 4, "name": "superseded", "description": "the certificate was superseded" },
{"id": 5, "name": "cessationOfOperation", "description": "the certificate is no longer needed because operations ceased" },
{"id": 6, "name": "certificateHold", "description": "the certificate was temporarily placed on hold" },
{"id": 8, "name": "removeFromCRL", "description": "the certificate was removed from a delta CRL" },
{"id": 9, "name": "privilegeWithdrawn", "description": "the subject privileges were withdrawn" },
{"id": 10, "name": "aACompromise", "description": "the attribute authority is suspected to be compromised" }
]
}

Response Fields

statuses[] — All known CRL check statuses

FieldTypeDescription
idintegerInternal status identifier, referenced in inventory entries.
namestringMachine-readable status name.
descriptionstringHuman-readable description.
is_revokedboolean | nulltrue = revoked, false = not revoked, null = indeterminate.

reasons[] — RFC 5280-compliant revocation reason codes

FieldTypeDescription
idintegerNumeric reason code per RFC 5280.
namestringReason code name in CamelCase.
descriptionstringHuman-readable explanation.

GET /supported-devices

Returns a list of all OPC UA device types that IDIAL supports for certificate management via GDS Push.

Authentication: Required (X-API-Key header)

Request

curl -X GET http://localhost:5000/supported-devices \
-H "X-API-Key: your-api-key"

Response 200

[
{"id": 0, "device_name": "SIMATIC S7-1500 OPC UA", "firmware_version": "V02.09.04"},
{"id": 1, "device_name": "SIMATIC S7-1500 OPC UA", "firmware_version": "V03.01.03"}
]

Response Fields

FieldTypeDescription
idintegerInternal identifier of the device/firmware combination.
device_namestringDevice manufacturer and model name.
firmware_versionstringTested and supported firmware version.
tip

Use this endpoint before adding an OPC UA device to the inventory to verify that the device model is supported.