About the APIs

DigiCert® ONE provides REST API access for each trust workflow. With over 1,000 APIs across DigiCert CertCentral® and DigiCert® ONE, organizations can automate enterprise-scale machine identity management, certificate lifecycle operations, secure code signing, private PKI infrastructure, and device trust workflows at scale. All products share the same authentication model, error semantics, rate limits, and versioning strategy.

Tip

Append the base path in the catalog below to the environment base URL (https://one.digicert.com or https://demo.one.digicert.com). For mTLS, prefix the hostname with clientauth. (for example, https://clientauth.one.digicert.com).

Platform at a glance

https://{hostname}/{product}/api/v{n}/{resource} URL pattern
HTTPS with TLS 1.2+
JSON request/response bodies
Header-based authentication with an x-api-key (or client TLS cert for mTLS)
Consistent pagination, error format, and rate limits

Product API catalog

Table 1. Product, base path, usage, and API reference

Product	Base path	API operations	Typical use cases
DigiCert® Account Manager	`/account/api/v1`	18	Service users, roles, divisions, audit logs
DigiCert® Private CA	`/certificate-authority/api/v1`	132	Private roots, subordinate CAs, CRL/OCSP
DigiCert® Trust Lifecycle Manager	`/mpki/api/v1`	158	Public and private TLS issuance, discovery, renewals
DigiCert® Software Trust Manager	`/signingmanager/api/v1`	158	HSM-backed keys, code/container signing, SBOM
DigiCert® Device Trust Manager	`/devicetrustmanager/api/v3` or `/devicetrustmanager/{resource}/v{n}`	228	IoT/OT device registration and management, bulk cert rotation
DigiCert® IoT Trust Manager	`/iot/api/v1`	183	IoT device management
DigiCert® Document Trust Manager	`/documentmanager/api/v1`	54	PDF signing, qualified e-signatures, timestamping

Note

CertCentral provides an additional 350+ API operations for traditional public certificate management workflows.

Choose the right product

Table 2. Task and product matrix

If you need to…	Use...
Automate user or API-key tasks	Account Manager
Create and operate a private root CA	DigiCert Private CA
Issue public/private TLS certs at scale	Trust Lifecycle Manager
Sign code, containers, or SBOMs	Software Trust Manager
Provision device identities in manufacturing	Device Trust Manager
Digitally sign PDFs with legal compliance	Document Trust Manager

Note

Most products use v1 APIs. Device Trust uses v1 to v4 and a slightly different versioning path (see Base URL pattern). Always check the most recent API reference before coding hard-wired paths.

In this section: