About the APIs

DigiCert® provides product-specific REST API access for each trust workflow. All products share the same authentication model, error semantics, rate limits, and versioning strategy.

Tip

Append the base path in the catalog below to the environment base URL (https://one.digicert.com or https://demo.one.digicert.com). For mTLS, prefix the hostname with clientauth. (for example, https://clientauth.one.digicert.com).

Platform at a glance

https://{hostname}/{product}/api/v{n}/{resource} URL pattern
HTTPS with TLS 1.2+
JSON request/response bodies
Header-based authentication with an x-api-key (or client TLS cert for mTLS)
Consistent pagination, error format, and rate limits

Product API catalog

Table 1. Product, base path, usage, and API reference

Product	Base path	Typical use cases	API reference
DigiCert® Account Manager	`/account/api/v1`	Service users, roles, divisions, audit logs	/account/api/v1
DigiCert® CA Manager	`/certificate-authority/api/v1`	Private roots, subordinate CAs, CRL/OCSP	/certificate-authority/api/v1
DigiCert® Trust Lifecycle	`/mpki/api/v1`	Public and private TLS issuance, discovery, renewals	/mpki/api/v1
DigiCert® Software Trust	`/signingmanager/api/v1`	HSM-backed keys, code/container signing, SBOM	/signingmanager/api/v1
DigiCert® Device Trust	`/devicetrustmanager/api/v3` or `/devicetrustmanager/{resource}/v{n}`	IoT/OT device registration, bulk cert rotation	/devicetrustmanager/api/v3
DigiCert® Document Trust	`/documentmanager/api/v1`	PDF signing, qualified e-signatures, timestamping	/documentmanager/api/v1

Choose the right product

Table 2. Task and product matrix

If you need to…	Use this product
Automate user or API-key tasks	Account Manager
Issue public/private TLS certs at scale	Trust Lifecycle
Sign code, containers, or SBOMs	Software Trust
Provision device identities in manufacturing	Device Trust
Digitally sign PDFs with legal compliance	Document Trust
Create and operate a private root CA	CA Manager

Note

Most products use v1 APIs. Device Trust uses v1 to v4 and a slightly different versioning path (see Base URL pattern). Always check the most recent Swagger API reference before coding hard-wired paths.

In this section: