{
  "_endpoints": [
    "/dsc/getTokenRequest",
    "/dsc/getTokenList?data={encryptedData}",
    "/dsc/getCertificateRequest?keyStoreDisplayName={tokenName}",
    "/dsc/getSigningRequest?signingRequestData={encryptedData}"
  ],
  "_auth_required": false,
  "_collection": "DSC Proxy — eMudhra Digital Signature Certificate Middleware",
  "_note": "Proxied through IDRBT Apache (/dsc/*) to the eMudhra middleware at https://localhost.emudhra.com:26769.",
  "_critical": "No auth — these are publicly callable. They initiate DSC signing sessions and enumerate tokens/certificates.",
  "_auth_mechanism": "Encrypted request/response payloads (encryptedData, encryptionKeyID). Auth is embedded in the encrypted payload, NOT via HTTP Authorization header.",
  "GET /dsc/getTokenRequest": {
    "request": "None (no params)",
    "response_fields": {
      "encryptedData": "string — Base64-encoded encrypted token request payload",
      "encryptionKeyID": "string — Key identifier for decryption"
    },
    "description": "Initiates a DSC token listing session. Returns encrypted data blob that the frontend then posts to /DSC/ListToken on the local middleware."
  },
  "GET /dsc/getTokenList": {
    "query_param": "data={encryptedData}",
    "response_fields": {
      "tokenNames": "array of strings — DSC token identifiers (e.g. 'eMudhra Token 0')"
    },
    "description": "Lists available DSC tokens. The encryptedData comes from getTokenRequest -> /DSC/ListToken response."
  },
  "GET /dsc/getCertificateRequest": {
    "query_param": "keyStoreDisplayName={tokenName}",
    "response_fields": {
      "encryptedData": "string — Base64-encoded encrypted certificate request payload",
      "encryptionKeyID": "string — Key identifier for decryption"
    },
    "description": "Requests certificate listing for a specific DSC token. The response is then posted to /DSC/ListCertificate on the middleware."
  },
  "GET /dsc/getSigningRequest": {
    "query_param": "signingRequestData={encryptedData}",
    "response_fields": {
      "encryptedData": "string",
      "encryptionKeyID": "string"
    },
    "description": "Requests a DSC signing operation. Used to sign domain registration undertakings. Called after certificate selection."
  }
}