Skip to main content

Integrate with certificate issuance APIs

DigiCert® ONE Device Trust Manager offers two main categories of APIs:

  • Certificate issuance APIs: These are standards-based APIs for issuing and renewing X.509 certificates (RFC 5280). Supported industry-standard protocols include:

    • EST

    • SCEP

    • ACME

    • CMPv2

    • REST

  • Management REST APIs: Used for integrating your connected product solutions with Device Trust Manager. These APIs perform CRUD operations on all Device Trust Manager objects, such as Divisions, Device groups, Devices, Certificates, Artifacts, Releases, and so on.

Before you begin

Understand how Device Trust Manager APIs authenticate your system before making API calls. Device Trust Manager offers various APIs for device management and certificate issuance, each supporting multiple authentication methods. See Authentication for details.

What are certificate issuance APIs?

When you create a Certificate management policy in Device Trust Manager, you choose how certificates will be issued to devices. Your available methods include:

  • Single certificate request through portal and API

  • Batch certificate request through portal and API

  • DigiCert​​®​​ TrustEdge agent

  • EST (Enrollment over Secure Transport)

  • CMPv2 (Certificate Management Protocol version 2)

  • SCEP (Simple Certificate Enrollment Protocol)

  • ACME (Automated Certificate Management Environment Protocol)

Find your API endpoints

To find the endpoint URLs for your chosen certificate method:

  1. In the Device Trust Manager menu, go to Certificate management > Certificate management policies.

  2. Select a certificate management policy you’ve created.

  3. Navigate to the section showing the endpoint information.

    For example, if your policy uses EST, navigate to the EST section.

    Your EST endpoint URL should resemble the following example:

    Enroll     https://clientauth.demo.one.digicert.com/.well-known/est/devicetrustmanager/IOT_353b088e-8a60-40f3-8ecf-71e7edf430b5/device-group/{device-group-id}/simpleenroll
Reenroll   https://clientauth.demo.one.digicert.com/.well-known/est/devicetrustmanager/IOT_353b088e-8a60-40f3-8ecf-71e7edf430b5/device-group/{device-group-id}/simplereenroll

The procedure is the same for finding SCEP, ACME, and other endpoints.

In this section: