DigiCert® ONE is a modern PKI platform that provides a scalable foundation for fast and flexible PKI deployments. The DigiCert ONE APIs provide a powerful interface for managing your certificates and devices, customizing and automating workflows, and integrating DigiCert ONE with your existing PKI management tools.
DigiCert ONE includes APIs for managing activities found in these consoles:
Before you can use the DigiCert ONE APIs, you need:
The DigiCert ONE APIs support header-based API key authentication. Additionally, a subset of the IoT Device Manager APIs support authentication using an enrollment passcode or client certificate.
To authenticate with an API key, include the custom HTTP header x‑api‑key in your request. Provide your own API key as the value for this header when you submit your request.
For example, here's a request to the endpoint for creating a new device:
curl -X POST \
'https://one.digicert.com/iot/api/v1/device' \
-H 'x-api-key: {{api_key}}' \
-H 'Content-Type: application/json' \
-d '{
"division_id": {{division_id}},
"device_identifier": "MyDevice",
"device_profile_id": {{device_profile_id}}
}'To create a new API key:
Each API key is only displayed once. There is no way to retrieve a lost API key. If you ever lose an API key, revoke it and generate a new one.
The following endpoints in the IoT Device Manager API support the option to authenticate with an enrollment passcode instead of an API key:
To authenticate with an enrollment passcode, use the custom HTTP header x-passcode. The value of the x-passcode header is the passcode associated with the enrollment profile you specify in the body of the request. Requests that use enrollment passcode authentication do not include the x-api-key header.
For example, here’s a call to the endpoint for requesting a new certificate:
curl --request POST 'https://one.digicert.com/iot/api/v1/certificate' \
--header 'x-passcode: {{enrollment_passcode}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"csr": {{csr}},
"enrollment_profile_id": {{enrollment_profile_id}},
...
}'Related topics
Many endpoints in the IoT Device Manager API support the option for mutual TLS authentication. With mutual TLS authentication, a client can access the endpoint by presenting a trusted certificate in the request.
To use mutual TLS authentication:
clientauth.https://clientauth.one.digicert.comx-api-key header.Supported endpoints
Clients can authenticate to the following endpoints by presenting a certificate associated with the device:
Clients can authenticate to the following endpoints by presenting a certificate that is registered to the enrollment profile specified in the request payload:
Use this base URL to construct DigiCert ONE API requests:
https://one.digicert.comSome endpoints use URL query strings to filter results. To append query strings to the endpoint URL, use ?. To append additional query strings, use &.
This example uses the division_id query string to filter results to the specified division:
https://one.digicert.com/iot/api/v1/device/{{device_identifier}}?division_id={{division_id}}All requests are submitted via RESTful URLs using REST features, including header-based authentication and JSON request types.
The data character set encoding for requests is UTF-8. A well-formed request uses port 443 and specifies the user-agent and content-length HTTP headers.
The DigiCert ONE APIs use standard HTTP methods, including:
GETPOSTPUTDELETEUnless otherwise noted, most requests require passing either JSON or XML formatted data. Supported values for the Content-Type header include:
application/jsonResponses consist of headers and a body. The formatting of the response body depends on the content-type you specify in the request.
For more information about individual HTTP header response codes, see Glossary – Headers.