About the APIs
2 minute read
DigiCert® ONE provides REST API access for each trust workflow. With over 1,000 APIs across CertCentral APIs and DigiCert® ONE, organizations can automate enterprise-scale machine identity management, certificate lifecycle operations, secure code signing, private PKI infrastructure, and device trust workflows at scale. All products share the same authentication model, error semantics, rate limits, and versioning strategy.
Append the base path in the catalog below to the environment base URL (
https://one.digicert.com or https://demo.one.digicert.com). For mTLS, prefix the hostname with clientauth. (for example, https://clientauth.one.digicert.com).Platform at a glance
https://{hostname}/{product}/api/v{n}/{resource}URL pattern- HTTPS with TLS 1.2+
- JSON request/response bodies
- Header-based authentication with an
x-api-key(or client TLS cert for mTLS) - Consistent pagination, error format, and rate limits
Product API catalog
| Product | Base path | API operations | Typical use cases |
|---|---|---|---|
| DigiCert® Account Manager | /account/api/v1 | 18 | Service users, roles, divisions, audit logs |
| DigiCert® Private CA | /certificate-authority/api/v1 | 132 | Private roots, subordinate CAs, CRL/OCSP |
| DigiCert® Trust Lifecycle Manager | /mpki/api/v1 | 158 | Public and private TLS issuance, discovery, renewals |
| DigiCert® Software Trust Manager | /signingmanager/api/v1 | 158 | HSM-backed keys, code/container signing, SBOM |
| DigiCert® Device Trust Manager | /devicetrustmanager/api/v3 or/devicetrustmanager/{resource}/v{n} | 228 | IoT/OT device registration and management, bulk cert rotation |
| DigiCert® IoT Trust Manager | /iot/api/v1 | 183 | IoT device management |
| DigiCert® Content Trust Manager | /documentmanager/api/v1 | 54 | PDF signing, qualified e-signatures, timestamping |
CertCentral provides an additional 350+ API operations for traditional public certificate management workflows.
Choose the right product
| If you need to… | Use… |
|---|---|
| Automate user or API-key tasks | Account Manager |
| Create and operate a private root CA | DigiCert Private CA |
| Issue public/private TLS certs at scale | Trust Lifecycle Manager |
| Sign code, containers, or SBOMs | Software Trust Manager |
| Provision device identities in manufacturing | Device Trust Manager |
| Digitally sign PDFs with legal compliance | Content Trust Manager |
Most products use v1 APIs. Device Trust uses v1 to v4 and a slightly different versioning path (see ). Always check the most recent API reference before coding hard-wired paths.
Was this page helpful?
Provide feedback