# NIST CMVP API Reference Static JSON API for NIST Cryptographic Module Validation Program data. - **1,084** active validated modules - **4,147** historical modules - **331** modules in process - **5,231** certificate detail records - **1,608** certificates with algorithm summaries - No auth required, unofficial project, GitHub Pages hosted. Base URL: `https://hackidle.github.io/nist-cmvp-api/` ## Endpoints ### Index `GET api/index.json` — API discovery endpoint with resource paths, documentation links, feature flags, and current counts. ### Metadata `GET api/metadata.json` — Generation timestamp, source URLs, dataset counts, and algorithm extraction status. ### Active Modules `GET api/modules.json` — All 1,084 active validated modules. Example response (truncated): ```json { "metadata": { "generated_at": "2026-04-15T03:31:05.200146Z", "total_modules": 1084 }, "modules": [ { "Certificate Number": "5242", "Vendor Name": "Amazon Web Services, Inc.", "Module Name": "AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider)", "Module Type": "Software", "Validation Date": "04/14/2026", "standard": "FIPS 140-3", "status": "Active", "overall_level": 1, "sunset_date": "3/10/2030", "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA", "ECDSA", "HMAC", "KAS", "KDF", "KTS", "RSA", "SHA", "SSH", "TLS" ], "security_policy_url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5242.pdf", "certificate_detail_url": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5242", "detail_available": true, "description": "The AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider) is a software library providing a C-language application program interface (API) for use by...", "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)." } ] } ``` Each active module includes certificate identifiers, vendor/module names, validation metadata, direct Security Policy links, NIST detail URLs, and detail availability flags. ### Historical Modules `GET api/historical-modules.json` — All 4,147 expired or revoked modules for historical lookups. ### Modules In Process `GET api/modules-in-process.json` — All 331 modules currently in the validation pipeline. ### Algorithms `GET api/algorithms.json` — Algorithm usage summary across 1,608 certificates in the current build. Example response (truncated): ```json { "total_unique_algorithms": 17, "total_certificate_algorithm_pairs": 14302, "algorithms": { "AES": { "count": 1474, "certificates": [ 5242, 5241, 5240, 5238, 5237 ] } } } ``` ### Certificate Details `GET api/certificates/{certificate}.json` — Structured detail record for a specific certificate, including vendor/contact data, related files, validation history, and extracted algorithms when available. Example response (truncated): ```json { "metadata": { "generated_at": "2026-04-15T03:31:05.200146Z", "dataset": "active", "source": "https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/5242" }, "certificate": { "certificate_number": "5242", "dataset": "active", "vendor_name": "Amazon Web Services, Inc.", "module_name": "AWS OpenSSL FIPS Module (based on the OpenSSL FIPS Provider)", "standard": "FIPS 140-3", "status": "Active", "module_type": "Software", "overall_level": 1, "validation_dates": [ "4/14/2026" ], "sunset_date": "3/10/2030", "caveat": "When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys).", "security_level_exceptions": [ "Physical security: N/A", "Non-invasive security: N/A", "Life-cycle assurance: Level 3" ], "vendor": { "name": "Amazon Web Services, Inc.", "website_url": "https://aws.amazon.com/", "contact_email": "aws-fips-external@amazon.com" }, "related_files": [ { "label": "Security Policy", "url": "https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp5242.pdf" } ], "validation_history": [ { "date": "4/14/2026", "type": "Initial", "lab": "Lightship Security, Inc." } ], "algorithms": [ "AES", "CVL", "DES", "DRBG", "DSA" ] } } ``` Current build contains 5,231 certificate detail records across active and historical datasets. ## Workflows ### Discover the API surface ``` GET api/index.json → endpoints, docs links, feature flags, counts GET api/metadata.json → freshness and scrape provenance ``` ### Find a module and pull the full certificate record ``` GET api/modules.json → locate the certificate number or vendor/module pair GET api/certificates/5242.json → full detail record for that certificate ``` ### Check validation status and history for a certificate ``` GET api/certificates/5242.json → status, sunset_date, validation_history, related_files ``` ### Explore algorithm coverage ``` GET api/algorithms.json → counts and certificate lists per algorithm GET api/modules.json → filter module rows by algorithms[] entries ``` ## Caveats - **Unofficial:** This project mirrors public CMVP data and is not affiliated with NIST. Use `https://csrc.nist.gov/projects/cryptographic-module-validation-program` for authoritative source material. - **Static JSON:** There is no server-side filtering or search. Download the relevant JSON file and filter client-side. - **CORS:** GitHub Pages does not send permissive CORS headers. Browser JavaScript on another origin will usually need a proxy. - **404s:** Invalid certificate numbers or file paths return GitHub Pages' default 404 page at `https://hackidle.github.io/nist-cmvp-api`. - **Algorithms coverage:** `api/algorithms.json` summarizes 1,608 certificates that had algorithm data in this build.