The client public key in PEM format. The Volt will create a session that is bound to this public key.

The client public key - must be in PEM format. If the client DID is lost or unknown for some reason, providing the public key here will allow the Volt to match it with the previously registered DID.

Note this is only valid when a DID has previously been registered using this public key.

An existing DID owned by the client.

The JWT presented with the authenticate call must be signed by the private key corresponding to this DID.

If the client doesn't have an existing DID, a DID document can be provided here.

The Volt will register the DID on behalf of the client.

The JWT presented with the authenticate call must be signed by the private key corresponding to this document.

A base64-encoded signature of the DID document, only required if `did_document` is provided above.

A human-readable name of the entity requesting to authenticate.

The volt challenge code, signed by the private key component of the `public_key` field above, and base64 encoded.

This is optional.

The host name to add as a SAN to the issued certificate.

This is optional, if you don't intend to host services with the certificate this can be omitted.

Optional verifiable credentials describing the client.

Reserved for internal use.

Optional additional name to differentiate between multiple sessions for a given client.

Details of any error that occurred on the call.

The identity id assigned to this authentication.

A certificate issued by the volt CA, binding the request public key to the identity.

Only valid for PERMIT authenticate decisions.

The volt CA chain. This is used by the client in subsequent API calls to secure the connection.

The authenticate decision.

Reserved for internal use.

Reserved for internal use.

The subject of the access request.

This is optional, and if omitted will default to the authenticated account.

The subject of the access request.

This is optional, and if omitted will default to the authenticated account.

The resource in question.

The type of access that is required.

Details of any error that occurred on the call.

The identity subject that the access relates to.

The resource the access relates to.

The access type.

The policy decision for this access request.

The client platform API version.

Details of any error that occurred on the call.

The target Volt API version.

A unique identifier for this connection.

The current time on the Volt.

The interval at which the target will send ping requests to the client.

An authentication request event.

A resource event notification, such as updated or deleted.

A DID registry entry update.

Details of any error that occurred on the call.

Set if the connection was ended gracefully, as opposed to errored.

Optionally specify the grpc server address of the client. Only used if the client is a Volt (or service).

Set to automatically make **all** services owned by the calling identity online.

Set to receive notification of resource events.

Set this if you are connecting to a relay, i.e. the Volt you are sending to this message is a relay.

This indicates that you are happy to receive method invocations from clients of the Relay.

This will usually be set to the `id` of your Volt, but in theory any client could receive remote invocation requests in this way.

A friendly name to present to Relay clients.

The certificate authority to present to Relay clients.

Set to indicate the connection is discoverable to other Relay clients.

Optionally specify the address of the HTTP server to use for HTTP proxying. If set, a relay will forward HTTP requests to this address from the subdomain that matches the client's DID.

Set to receive notification of authentication requests.

Set to indicate the connection will accept method invocation requests.

Set to subscribe to DID registry updates from the peer.

The interval at which the client will send ping requests to the target.

The current time on the client.

Optionally specify the DID registries supported.

Indicates the Relay connection status.

A ConnectHello message is the first message a client sends to the target upon successfully starting the call.

Indicates the client is closing the connection.

Clients should periodically send ping requests to the target to confirm the stream is still live.

Send invocation responses back to the caller.

n.b. The 'request' and 'response' semantics are inverted with remote invocations because the Relayed connection is established by a request **from** the 'target' Volt to the Relay. Hence any invocation on behalf of a client of the Relay involves sending a **response** back down the Relay connection to the 'target' Volt.

Send HTTP response back to the originating request.

n.b. The 'request' and 'response' semantics are inverted with HTTP proxying for the same reason as `invoke_response` above.

The type of resource event that has occurred.

Details of the resource.

Details of any error that occurred on the call.

Server response to initial handshake.

Indicates the server is ending the connection.

Notifies clients of various events on the Volt.

Periodic ping response.

Send an invocation request to a remote target.

n.b. The 'request' and 'response' semantics are inverted for remote invocations because the Relayed connection is established by a request **from** the 'target' Volt to the Relay. Hence any invocation on behalf of a client of the Relay involves sending a **response** back down the Relay connection to the 'target' Volt.

Send an HTTP request to a remote target.

n.b. The 'request' and 'response' semantics are inverted for HTTP requests for the same reason as `invoke_request` above.

The id of the resource to copy.

The id of the resource to receive the new copy.

The copy mode to use.

Indicates if all descendants of the resource should be copied too. Only relevant for COPY_RESOURCE_MODE_COPY mode.

The parent resource to link from, only relevant for COPY_RESOURCE_MODE_LINK mode.

Details of any error that occurred on the call.

The id of the access rule to delete.

Details of any error that occurred on the call.

The resource to delete.

Set to indicate all descendant resources should also be deleted.

If this is not set and the resource has descendants, the call will fail.

Set to attempt to unlink the resource from this parent resource, rather than completely delete it.

The resource will be removed as a descendant from the `parent_id` resource. If the resource is has more than one parent, it will not be removed from those other parents.

Note that if the resource's only parent is `parent_id` it will be removed from that parent and deleted as normal.

Details of any error that occurred on the call.

List the service APIs that should be discovered.

The response will include services that match **any of** the terms given.

Use of '*' to indicate wildcards is supported.

Set to indicate that offline services should be included in the response.

Set to include the service attributes in the response.

Set to include the service protobuf in the response.

Details of any error that occurred on the call.

The services that were discovered.

The resource id that is the target of the access rule. If omitted, all resources will be considered.

The identity id that is the subject of the access rule. If omitted, all identities will be considered.

The type of access to retrieve, if omitted all access will be considered.

The type of decision, if omitted all decisions will be considered.

Details of any error that occurred on the call.

The access rules that match the criteria.

Optional name of the identity.

Use '*' to perform a wildcard search.

If omitted all identities will be retrieved.

The identity alias criteria, if omitted all identities will be considered.

Details of any error that occurred on the call.

The identity list that matched the criteria.

The id of the identity to retrieve.

The public key fingerprint of the identity to retrieve.

Details of any error that occurred on the call.

The identity details.

Optional token TTL, in seconds. Default is 10 seconds.

Details of any error that occurred on the call.

The one-time token.

Details of any error that occurred on the call.

The retrieved Volt parameters.

Set to only retrieve the custom policy document.

Details of any error that occurred on the call.

The live policy in JSON format.

The resource id whose ancestors will be retrieved.

Optional - if set the resource_id resource will be included in the set of resources returned.

Optional - restrict the depth search, e.g. for immediate parents depth = 1

Optional - only match ancestors of the given kind.

Optional - can be used to determine if a resource is an ancestor.

Set to include the service attributes in the response.

Set to include the service protobuf in the response.

Details of any error that occurred on the call.

The retrieved ancestors.

The resource id whose descendants will be retrieved.

Optional - if set, the fully populated `resource_id` resource (i.e. the parent) will be included in the set of resources returned.

Optional - restrict the depth search, e.g. for immediate children depth = 1

Optional - only match descendants of the given kind.

If multiple kinds are given, resources matching **any of** the kinds will be included.

Optional - can be used to determine if a resource is a descendant.

Optional - restrict to descendants of a given parent, for use in multi-parent hierarchies.

Restrict to a specific named resource.

Only retrieve resources that have been modified after the given timestamp. Default is 0, which means all resources will be returned.

Set to include the service attributes in the response.

Set to include the service protobuf in the response.

Details of any error that occurred on the call.

The retrieved descendants.

The id of the resource to retrieve.

Set to include the resource attributes in the response.

Set to include service description protobuf in the response, if applicable.

Details of any error that occurred on the call.

The retrieved resource metadata.

Wildcards permitted.

Wildcards permitted.

Wildcards permitted.

Wildcards permitted.

Indicates that the above terms should be combined using 'or' rather than 'and' (the default).

Attributes to search by.

If set, will return resources where *any of* the attribute queries apply, otherwise will only return resources where *all of* the attribute queries apply.

Set to include the resource attributes in the response.

Set to include service description protobuf in the response where applicable.

Only retrieve resources that have been modified after the given timestamp. Default is 0, which means all resources will be returned.

Limit the number of resources returned. Default is 0, which means all resources will be returned.

Details of any error that occurred on the call.

The list of resources that match the lookup.

Details of any error that occurred on the call.

Client-assigned identifier for the request. Will be used to match responses and any subsequent requests.

Optional client token to use for the invocation. This is for use by the websocket proxy and is only necessary on the first request of the rpc.

The DID of the target at each hop of the path to the service.

This is used by Relays to route the request.

The initialisation vector for the request payload encryption. This should be a random 16 byte value, that is different for each request.

A serialised and encrypted instance of `RemoteResponse` in pure binary format.

A serialised and encrypted instance of `RemoteResponse` as serialised JSON.

Indicates the client has ended the invocation.

Reserved for internal use.

Reserved for internal use.

The invocation id to match the originating request.

The initialisation vector for the response payload encryption. This will be a random 16 byte value, that is different for each response.

A serialised and encrypted instance of `RemoteRequest` in pure binary format.

A serialised and encrypted instance of `RemoteRequest` as serialised JSON.

Details of any error that occurred on the call.

Indicates the server has ended the invocation.

The id of the resource to move.

The resource the parent folder to move the resource from.

The target folder to move the resource into.

Details of any error that occurred on the call.

The target resource id.

The type of access requested.

Details of any error that occurred on the call.

The resource being accessed.

The identity attempting access.

Requested access.

Assigned decision.

Time at which the request was made.

Time at which the decision was taken.

Counter of number times this access was requested.

Omit `id` if creating new access.

Details of any error that occurred on the call.

Details of the identity to save.

Set to indicate this is a new identity.

The list of aliases that should be removed.

For example, this allows a simple form of key rotation whereby an existing public key alias is replaced by a new one while still maintaining the same root identity id.

Reserved for system use.

Set to indicate the identity aliases should be purged before saving the identity.

If the `identity` field contains aliases they will be saved after the purge.

If the `identity` field does not contain aliases this effectively deletes all aliases for this identity.

This allows you to selectively update aliases if required, i.e. don't set this flag and include a single alias in the update.

The signature of the identity did document, if present.

Details of any error that occurred on the call.

The updated identity details.

The updated parameters.

The current root key passphrase. Only necessary if changes are being made to the Volt key.

The new root key passphrase. Only necessary if changes are being made to the Volt key.

Details of any errors that occurred on the call.

The updated Volt parameters.

If set, the client will need to reconnect (usually because the key has changed).

Details of the resource to save.

Set to indicate this is a new resource.

The id of the folder resource in which a new resource should be created.

If omitted, the home folder of the currently authenticated identity will be used.

Set to indicate the resource attributes should be purged before saving the resource.

If the `resource` field contains attributes they will be saved after the purge.

If the `resource` field does not contain attributes this effectively deletes all attributes for this resource.

This allows you to selectively update attributes if required, i.e. don't set this flag and include a single attribute in the update.

Details of any error that occurred on the call.

The updated resource.

Details of any error that occurred on the call.

The id of the access request.

The decision to save against the access request.

Details of any error that occurred on the call.

Details of any error that occurred on the call.

The service description details.

Details of any error that occurred on the call.

The updated service resource details.

Details of any error that occurred on the call.

Set to indicate this is a request to verify rather than sign.

Set to indicate the signature should be base64 encoded in the response.

Only valid when signing.

The message to sign.

Only valid when signing.

The digest in raw binary form.

Only valid if verifying.

The digest encoded using base64.

Only valid if verifying.

Details of any error that occurred on the call.

The signature in raw binary form.

The signature encoded using base64.

A simple error code that can be easily handled by the client.

Mirrors the grpc StatusCode enum, 0 => OK

A developer-facing human-readable error message in English. It should both explain the error and offer an actionable resolution to it.

Long form error description.

The resource being accessed.

A human-readable short identifier of the resource.

The identity that owns the resource.

The kind of resource.

The identity attempting access.

The JSON path array for looking up verifiable credentials.

A human-readable short identifier of the subject.

The kind of identity.

Requested access.

Optional extra data.

Assigned decision.

Time at which the request was made.

Time at which the decision was taken.

Counter of number times this access was requested.

The alias id.

The corresponding identity id.

The actual alias, e.g. a common name or key fingerprint.

This will only be populated if alias_type == tdx:public-key

This will only be populated if alias_type == tdx:public-key, and the key is stored in the Volt.

The alias type, for example public key, email, phone number etc.

The identity that issued this alias.

Indicates if this alias has an authenticate policy decision assigned.

Optional description of this alias.

The path name of the proto file, relative to the 'root' of the namespace, e.g. "tdx/volt_api/volt/v1/volt.proto".

The actual protobuf file contents.

Optional - the service(s) contained in this protobuf file, if omitted here they will be loaded dynamically from the protobuf.

Unique connection id.

A human-readable name for the connection.

The remote address of the proxy service.

The certificate authority of the proxy service.

Indicates this connection is enabled.

Indicates this connection is currently in use.

Indicates that this connection will handle HTTP proxying as well as GRPC.

Set to indicate the Volt API itself is not automatically exposed to the connection.

Optional challenge that can be presented in the authentication request.

The id of the target Volt that this connection is bound to.

Indicates that this connection hosts a DID registry that we should synchronise with.

The id of the last DID registry operation that was synchronised.

Indicates that this connection hosts a DID registry that we should synchronise with.

The timestamp of the last VC registry operation that was synchronised.

The globally unique resource id.

Optional description.

Human-readable resource name.

Not in use.

The id of the Volt that hosts this resource.

Optional description of any services exposed by this resource.

Attributes assigned to the resource.

The version of the platform.

The resource version.

The identity of the resource owner.

Creation timestamp, milliseconds since epoch.

Last modification timestamp, milliseconds since epoch.

Not in use.

The taxonomy of the resource.

The online status.

For most kinds of resource this indicates that the server hosting the resource is online, the exception being identity resources, in which case the status reflects whether or not the identity has a live connection.

All built-in resources are hosted by the Volt itself and are therefore always online when the Volt is running.

Resources hosted by external servers are online if the server itself is online and has registered the resource as online using `setServiceStatus`.

The size of the resource store in bytes.

The path to the resource store.

Alias(es) that can be used to refer to the resource rather than the id.

Each alias must be unique to the Volt, this is enforced by the API.

No format restrictions are currently applied to alias, but this may change in future, for the time being it makes sense to stick to alphanumeric characters and '_' or '-'.

The hash of the resource content contained in the store.

Not yet supported.

The configuration used by the host of this service.

The identity of the client that is exposing the service.

For example, if a third party is exposing a database service via a Volt, it will first authenticate and obtain a client DID and credentials in order to be able to create service resource(s).

Any resources that are owned by this client will be marked as online if the client itself is online, i.e. has a live connection to the Volt.

This will be empty if the service is a built-in Volt service.

The id of the resource that holds the protobuf definition for this resource.

For example, if a third party is exposing a database service via a Volt, it will create a service resource that holds details of the protobuf methods exposed by the service.

For built-in services, i.e. those hosted by the Volt, this will set to the Volt id.

The address of the grpc server hosting this service.

Only relevant to grpc-hosted services.

The certificate authority (chain) that signed the service server certificate.

This is only relevant to grpc-hosted services.

The public key of the service host, which is used to encrypt payloads.

This may change as the service comes and goes online.

The connection id currently used to host this service.

Internal use only.

The discovery mode.

The ping timestamp of the server hosting this service.

The protobuf definitions of the APIs exposed by this service.

The fully qualified names of the protobuf services, for example tdx.volt_api.webcam.v1.WebcamControlAPI.

Internal use only.

The alias id.

The corresponding session id.

The credential type, for example public key, verifiable credential, challenge etc.

Optional description of this credential.

The id of the verifiable credential, if the credential type is volt:vc-claim.

The verifiable credential in JSON format, if the credential type is volt:vc-claim.

The subject id extracted from the `vc_json` field.

The issuer id extracted from the `vc_json` field.

The comma-separated type(s) extracted from the `vc_json` field.

The challenge string, if the credential type is volt:challenge.

The key fingerprint, if the credential type is volt:public-key.

The PEM-encoded public key, if the credential type is volt:public-key.

Optional PEM-encoded private key, if the credential type is volt:public-key. Only used for ephemeral REST-base sessions created dynamically after OTP authentication.

Type-specific extra data stored with the credential.

More type-specific data stored with the credential.

The globally unique Volt id.

Human-readable name of the Volt.

The actual host/ip the volt is physically running on (might be a local ip if behind firewall).

The address of the endpoint HTTP server.

The global (Relay) address of the volt. Any given volt may be advertising on more than one Relay instance. The value given here will depend on the Relay instance that handled the endpoint query response.

The root certificate of the Relay instance referred to in `relay_address`.

The self-signed certificate used by the volt to sign client certificates.

The Volt public key in PEM format.

The base58 fingerprint of the Volt public key.

The online status of the Volt.

Indicates that this Volt acts as a Relay.

The API version supported by the endpoint.

Optional description of the endpoint.

The list of DID registries that this Volt trusts.

The name of the Volt.

Human-readable description of the Volt.

The database driver in use.

The local file path location of the Volt storage.

The key strategy in use, this determines how the root key is stored.

The identifier for the key, the semantics depend on the key strategy in use.

The Volt certificate authority.

The Volt API server certificate.

Optional hostname of the Volt if using DNS or a static IP address, e.g. tdxvolt.com

Port to use for hosting the Volt management service.

Port to use for hosting the Volt grpc service.

The Volt http server key file path.

The Volt http server certificate file path.

The Volt http server certificate authority chain file path.

Indicates the Volt will be discoverable by clients using the discovery api.

Optional challenge code that can be used aid in the process of authenticating clients.

Indicates that clients must present the correct challenge code in order to be able to authenticate.

Internal use only.

Internal use only.

Internal use only.

Set to indicate this Volt acts as a Relay.

This means this Volt can act as a proxy for other Volts (or in fact any client) that connect to it.

Set to run the Relay open to any client, i.e. clients can utilise the Relay without first authenticating.

Determines if the Volt HTTP server is enabled.

Determines whether the HTTP server employs TLS.

Determines whether the HTTP server supports forwarding.

Determines if the Volt REST API is exposed via the HTTP server.

Determines if the Volt Websocket API is exposed via the HTTP server.

The hostname:port at which the Volt API is currently running.

Set to indicate the Volt file store is encrypted.

This is a unique connection id.

Indicates that these parameters refer to a connection to a remote Volt rather than a local Volt.

The certificate authority of the Relay if this is a remote connection via a Relay.

Optional override of the http address, rather than using the default of fixed_host:http_port.

This is useful if the Volt is behind a firewall or NAT, and the http server is listening on a different port

from 80 or 443 but this is hidden by the proxy. For example, if the `fixed_host` is `coreid.com` and http server is

listening on 2115, but the proxy is forwarding 443 to 2115, then the http_address_override would be set to

`https://coreid.com`.

An optional alias that can be used to refer to the Volt rather than the `id` field.

This alias must be unique within the scope of the Battery in which the Volt is stored.

The runtime version this Volt is running.

If set, indicates that any client that provides the correct challenge during authentication will automatically be approved to access the Volt.

If set, indicates that any client that proves ownership of a DID known to the Volt will automatically be approved to access the Volt.

If set, indicates that clients can register DIDs with this Volt.

Zero or more URLs of trusted peer DID registries.

If set, enables outbound SMTP.

The SMTP host to use for sending emails.

The SMTP port to use for sending emails.

The SMTP username to use for sending emails.

The SMTP password to use for sending emails.

If set, enables sessions that authenticate using credentials rather than a DID to create resources in the 'anonymous' system folder.

The decision to apply to all authentication requests that do not match any other policy.

The default is PROMPT.

If set, enables caching of policy decisions.

If set, enables the terminal API.

The time at which the Volt was started.