API reference
OpenAPI reference documentation for Device Trust
Device Trust API
4 minute read
DigiCert® Device Trust Manager API helps you automate device identity management, certificate lifecycle operations, and software deployment for your IoT and connected device fleet.
What you can do
- Manage devices: Register, organize, and control device lifecycle states across your fleet.
- Issue and manage certificates: Automatically issue, renew, and revoke device certificates.
- Deploy software: Create artifacts, manage releases, and orchestrate deployments to device groups.
- Configure policies: Define certificate and authentication policies to control device access and identity requirements.
- Monitor operations: Query audit logs to track device activities, certificate operations, and deployment status.
Tip
See Get started for complete details on making your first API call to DigiCert® ONE APIs.Authentication
| Method | Best for | How it works |
|---|---|---|
| API key (default) | CI/CD pipelines, backend services | Add the service user API token in the x-api-key request header. |
| Mutual TLS (mTLS) | High-assurance, network-restricted, or key-rotation-averse environments | Present a client TLS certificate and call the clientauth. hostname. |
Base URL and endpoints
DigiCert® provides both production and demo environments across four geographic regions. Each API call starts with a region-specific hostname (base URL), followed by a predictable versioned path.
| Environment | Purpose |
|---|---|
| Demo | Safe testing, proof-of-concepts |
| Production | Live operations |
| Segment | Description | examples |
|---|---|---|
{hostname} | DigiCert® ONE hostname | one.digicert.comdemo.one.digicert.comone.digicert.co.jp |
{product} | DigiCert® ONE product-specific path segment | /devicetrustmanager (Device Trust Manager) |
api/v{n} | API version | /api/v4 (device management)/api/v2 (certificate operations)/api/v1 (authentication services)/{resource}/api/v{n} * |
{resource} | Specific endpoint path | /device/device/{device_id}/device-group/certificate/artifacts/api/v4/artifact * |
* Some API endpoints use a slightly different versioning pattern.
Device lifecycle states
Devices in Device Trust Manager progress through distinct lifecycle states. Understanding these states helps you manage device operations effectively.
| State | Description | Common transitions |
|---|---|---|
| Registered | Device identity is created but not yet issued a certificates | Provisioned |
| Provisioned | Device has been issued a valid certificate and is fully operational | Disabled, Deleted |
| Disabled | Device is temporarily inactive; certificates remain valid | Enabled (returns to Provisioned) |
| Deleted | Device is permanently removed; cannot be restored | Terminal state |
Note
Devices must be registered before they can receive certificates. Use the/devicetrustmanager/api/v4/device/registration endpoint to create devices, then issue certificates through certificate policies.Software deployment workflow
Device Trust Manager uses a three-tier approach to manage software updates, which provides precise control over your deployment strategy.
- Artifacts: Upload software packages or firmware images. An artifact represents the actual binary or package you want to deploy.
- Releases: Associate artifacts with specific device groups. A release defines which artifact version should be deployed to which devices.
- Deployments: Execute the deployment to push releases to target devices. Monitor deployment status and abort if needed.
Roles and permissions
Assigned roles determine what actions a user can perform. Roles are manager-specific and provide a granular permission structure. Use the /account/api/v1/role endpoint to see available roles for Device Trust Manager.
curl -X GET https://demo.one.digicert.com/account/api/v1/role?application_code=device_manager \
-H "x-api-key: USER_API_TOKEN" \
-H "Content-Type: application/json" | jq '.'
Important considerations
- Device deletion is permanent. Deleting a device immediately invalidates all associated certificates and removes the device from all groups. Deleted devices cannot be restored.
- Certificate policies define enrollment behavior. Before devices can request certificates, you must create certificate policies that specify certificate templates, validity periods, and approval workflows.
- Divisions organize your device fleet. Use divisions to create organizational boundaries. Devices, device groups, and policies belong to divisions, allowing you to delegate management to different teams.
- Batch operations for scale. Use batch enrollment endpoints for bulk operations like registering hundreds of devices or uploading authentication certificates at once.
- Deployment monitoring is critical. Always monitor deployment status using the deployment summary endpoint. Abort deployments that encounter errors to prevent fleet-wide issues.
Common operations
| Method | Endpoint | Description |
|---|---|---|
| POST | /devicetrustmanager/api/v4/device/registration | Register a new device; required before certificate issuance |
| GET | /devicetrustmanager/api/v4/device | List all devices; use query parameters to filter by status ?status=PROVISIONED |
| GET | /devicetrustmanager/api/v4/device/{device_id} | Get details for the specified device |
| POST | /devicetrustmanager/certificate-issuance-service/api/v2/certificate | Request a certificate for a device using a certificate policy |
| PUT | /devicetrustmanager/certificate-issuance-service/api/v2/certificate/{certificate_id}/revoke | Revoke a certificate by ID; use for compromised devices |
| POST | /devicetrustmanager/artifacts/api/v4/artifact | Create a new artifact for software deployment |
| POST | /devicetrustmanager/release/api/v4/deployment | Create and execute a deployment to push software to devices |
| GET | /devicetrustmanager/api/v4/device-group | List device groups; use to organize devices by location, type, or function |
| GET | /devicetrustmanager/audit-log-service/api/v1/audit-log | View audit logs; track device operations and certificate lifecycle events |
Was this page helpful?
Provide feedback