Get started

Learn the API basics for authentication, base URLs, request patterns, and example calls.

  2 minute read  

DigiCert® ONE offers a family of RESTful APIs that automate certificate lifecycle management, code signing, device identity, and more. All APIs share the same authentication model, error semantics, and URL patterns.

Authentication

MethodBest forHow it works
API token (default)CI/CD pipelines, backend servicesAdd the service user API token in the x-api-key request header.
Mutual TLS (mTLS)High-assurance, network-restricted, or key-rotation-averse environmentsPresent a client TLS certificate and prepend clientauth. to the hostname. See Set up service user multi-factor authentication.
Need help generating keys or client certificates? See Authentication.

URL pattern

All product APIs share a predictable structure.

https://{hostname}/{product}/api/v{n}/{resource}
SegmentDescriptionExamples
{hostname}DigiCert ONE hostnameone.digicert.com
demo.one.digicert.com
one.digicert.co.jp
{product}DigiCert ONE product-specific path segmentaccount (Account Manager)
certificate-authority (DigiCert Private CA)
mpki (Trust Lifecycle Manager)
signingmanager (Software Trust Manager)
devicetrustmanager (Device Trust Manager)
api/v{n}API version; most products are v1 and follow this convention. Device Trust Manager uses nested versioning for some endpoints, for example /{resource}/api/v{n}.api/v1
api/v3
/{resource}/api/v{n}*
{resource}Specific endpoint pathusers
division
/enrollment/{enrollment_id}/status
/certificate-configuration-service/api/v2/certificate-policy*

* Examples specific to Device Trust API endpoints.

Example request

List all service users in Account Manager. Replace SERVICE_API_KEY with your service user API token.

curl -X GET \
  -H "x-api-key: SERVICE_API_KEY" \
  "https://demo.one.digicert.com/account/api/v1/user?user_type=service"

Successful response:

[
  {
    "id": "783a6a45-b74b-4635-bb4b-69855910ccd3",
    "email": "jane@example.com",
    "status": "ACTIVE",
    "access_scope": "account",
    "primary_account_id": "130deba5-3ebb-43b2-8183-1a9940d460f5",
    "created_at": "2021-06-23T08:55:19Z",
    "created_by": "8f7f8b1f-63c1-4580-af7d-ea4cd890e8f7",
    "user_type": "service",
    "friendly_name": "Example service user",
    "description": "",
    "locale": "en_US",
    "applications": [
      {
        "id": "2d3a72fd-ad44-4a9b-952a-2bcadb14a741",
        "name": "Trust Lifecycle",
        "permissions": [
          "VIEW_EM_SEAT",
          "VIEW_EM_AUDIT_LOG",
          "VIEW_EM_CERTIFICATE",
          "VIEW_EM_PROFILE"
        ]
      },
      {
        "id": "1a05282a-ec70-4da9-b921-933c070fcf80",
        "name": "IoT Trust",
        "permissions": [
          "VIEW_IOT_CERTIFICATE",
          "VIEW_IOT_ENROLLMENT_PROFILE"
        ]
      },
      {
        "id": "97b97f1b-8d1d-4203-a62c-0a209a1bea0a",
        "name": "Document Trust",
        "permissions": [
          "MANAGE_DSM_VIEW_CERTIFICATE_PROFILES",
          "MANAGE_DSM_ADD_VALIDATIONS",
          "MANAGE_DSM_VIEW_CERTIFICATE_TEMPLATES",
          "MANAGE_DSM_VIEW_VALIDATIONS"
        ]
      },
      {
        "id": "78c0355a-e1ca-4978-b60c-e9d66b9e1f30",
        "name": "Account Manager",
        "permissions": [
          "MANAGE_AM_ACCOUNT",
          "VIEW_AM_AUDIT_LOG"
        ]
      },
      {
        "id": "fd2b688d-43bd-4b4a-9fd6-f883ad9e813d",
        "name": "CA Manager",
        "permissions": [
          "VIEW_CM_LICENSE"
        ]
      },
      {
        "id": "7660bdb3-66e7-46e6-928f-dcae4d64ee91",
        "name": "Software Trust",
        "permissions": [
          "MANAGE_SM_CERTIFICATE_PROFILE",
          "VIEW_SM_CERTIFICATE",
          "SIGN_SM_HASH"
        ]
      }
    ],
    "accounts": [
      {
        "id": "4b13f12d-c8b2-4c49-a21f-9b399364f2ce",
        "name": "Example account",
        "active": true,
        "service_period": {
          "from": "2021-05-06",
          "to": "2030-05-06"
        },
        "friendly_identifier": "1234567",
        "locale": "en_US"
      }
    ]
  }
]
Authentication

Learn how service users authenticate API requests with tokens or client certificates.

Environments & base URLs

Choose the right environment, regional hostname, and base URL pattern for API requests.

Make your first API call

Create credentials, send a test request, and explore common GET request patterns.

Error handling & rate limits

Learn how to parse API errors, handle status codes, and implement retry logic.

About the APIs

Review available API families, common platform patterns, and when to use each API.