DigiCert ONE

DigiCert® ONE is a modern PKI platform that provides a scalable foundation for fast and flexible PKI deployments. The DigiCert ONE APIs provide a powerful interface for managing your certificates and devices, customizing and automating workflows, and integrating DigiCert ONE with your existing PKI management tools.

DigiCert ONE includes APIs for managing activities found in these consoles:

Getting started

Before you can use the DigiCert ONE APIs, you need:

  • DigiCert ONE account
  • DigiCert ONE API key
  • Ability to make REST API requests

Create an API key

To create a new API key:

  1. Sign in to your DigiCert ONE account.
  2. Navigate to the Account Manager console.
  3. From the left menu, select Access > API Tokens.
  4. Select Create API token.
  5. Fill out the form to create the key.

Each API key is only displayed once. There is no way to retrieve a lost API key. If you ever lose an API key, revoke it and generate a new one.


The DigiCert ONE APIs use header-based authentication. Each request includes the custom HTTP header x‑api‑key. Use your own API key as the value for this header when you submit your requests.

For example, here's a request to the endpoint for creating a new device:

curl -X POST \
  'https://one.digicert.com/iot/api/v1/device' \
  -H 'x-api-key: {{api_key}}' \
  -H 'Content-Type: application/json' \
  -d '{
    "division_id": {{division_id}},
    "device_identifier": "MyDevice",
    "device_profile_id": {{device_profile_id}}
import requests

url = "https://stage.one.digicert.com/iot/api/v1/device"

payload = "{\n  \"division_id\": {{division_id}},\n  \"device_identifier\": \"MyDevice\",\n  \"device_profile_id\": {{device_profile_id}}\n}"
headers = {
  'x-api-key': {{api_key}},
  'Content-Type': 'application/json'

response = requests.request("POST", url, headers=headers, data = payload)

package main

import (

func main() {

  url := "https://stage.one.digicert.com/iot/api/v1/device"
  method := "POST"

  payload := strings.NewReader("{\n  \"division_id\": {{division_id}},\n  \"device_identifier\": \"MyDevice\",\n  \"device_profile_id\": {{device_profile_id}}\n}")

  client := &http.Client {
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
  req.Header.Add("x-api-key", {{api_key}})
  req.Header.Add("Content-Type", "application/json")

  res, err := client.Do(req)
  defer res.Body.Close()
  body, err := ioutil.ReadAll(res.Body)

var request = require('request');
var options = {
  'method': 'POST',
  'url': 'https://stage.one.digicert.com/iot/api/v1/device',
  'headers': {
    'x-api-key': {{api_key}},
    'Content-Type': 'application/json'
  body: "{\n  \"division_id\": {{division_id}},\n  \"device_identifier\": \"MyDevice\",\n  \"device_profile_id\": {{device_profile_id}}\n}"

request(options, function (error, response) { 
  if (error) throw new Error(error);

Base URL

Use this base URL to construct DigiCert ONE API requests:


URL query strings

Some endpoints use URL query strings to filter results. To append query strings to the endpoint URL, use ?. To append additional query strings, use &.

This example uses the division_id query string to filter results to the specified division:



All requests are submitted via RESTful URLs using REST features, including header-based authentication and JSON request types.

The data character set encoding for requests is UTF-8. A well-formed request uses port 443 and specifies the user-agent and content-length HTTP headers.


The DigiCert ONE APIs use standard HTTP methods, including:

  • GET
  • POST
  • PUT


Unless otherwise noted, most requests require passing either JSON or XML formatted data. Supported values for the Content-Type header include:

  • application/json


Responses consist of headers and a body. The formatting of the response body depends on the content-type you specify in the request.

For more information about individual HTTP header response codes, see Glossary – Headers.