emCA provides an open API (Application Programming Interface) for integrating signature modules with third party applications, portals, or websites, and to customize as per your needs. With the emCA REST API, you can extract Recruit data in JSON format and develop new applications or integrate with your existing business applications. As the emCA API is independent of programming languages, you can develop applications in any programming language (Java, .Net etc.).
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"40123569","collectionId":"4589f880-53f0-4981-bc7b-a5f4a5b47b07","publishedId":"2sBXqDuPtp","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2026-04-20T19:28:45.000Z"},"item":[{"name":"Authenticate","item":[{"name":"getJwt-token","event":[{"listen":"prerequest","script":{"exec":[""],"type":"text/javascript","packages":{},"requests":{},"id":"410e0a3e-9b4a-4ee1-ad9a-161041ac785e"}}],"id":"19096823-dbe4-413a-9305-68e8089ab201","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"username\": \"emcainternaluser1\",\r\n \"password\": \"Safe@123\",\r\n \"clientId\": \"tade1c9c-a272-42e8-a2a8-0803db4d5ec5\",\r\n \"validityInMins\": 1200\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/auth/token","description":"Authentication for Certificate Management in emCA REST APIs is handled using a JWT token with a configurable expiry time. This token must be included in the header of every request to the APIs for authentication.
\nRequired Header Parameters
\nTo obtain a JWT token for the Certificate Management REST APIs, users need to provide their registered username (appCode), password, and clientId to the API.
\nRegister Your Application: Ensure your application is registered as an external application in emCA before using the API.
\nShare Credentials: As part of the registration process, provide the emCA team with your username (appCode), password, and IP address.
\nObtain clientId: Receive the clientId from Team emCA upon registering an external application user.
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["auth","token"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"619bd1ce-74ae-4aad-ba90-0836381485e1","name":"200 OK – Token issued","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"username\": \"emcainternaluser1\",\r\n \"password\": \"Safe@123\",\r\n \"clientId\": \"tade1c9c-a272-42e8-a2a8-0803db4d5ec5\",\r\n \"validityInMins\": 1200\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/auth/token","description":"Authentication for Certificate Management in emCA REST APIs is handled using a JWT token with a configurable expiry time. This token must be included in the header of every request to the APIs for authentication.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nTo obtain a JWT token for the Certificate Management REST APIs, users need to provide their registered username (appCode), password, and clientId to the API.\n\n### Prerequisites\n\n1. **Register Your Application**: Ensure your application is registered as an external application in emCA before using the API.\n \n2. **Share Credentials**: As part of the registration process, provide the emCA team with your username (appCode), password, and IP address.\n \n3. **Obtain clientId**: Receive the clientId from Team emCA upon registering an external application user.\n \n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| username | String | Yes | Username (appCode) which is used as part of External Application Registartion at emCA.Authentication for the emCA REST API v5.0.0 is handled via JWT (JSON Web Token). A token must be obtained once and then included in every subsequent API request as the X-Emca-Api-Key header.
POST /auth/token with your registered username, password, and clientId.authToken (JWT) valid for the configured validityInMins.clientId from the emCA team after registration.validityInMins minutes — re-authenticate to get a new token.The \"createTenant\" API creates a new tenant in the emCA platform. A tenant is an isolated organisational unit under which CAs, certificates, and external applications are managed.
\nRequired Header Parameters
\nRequest Body Parameters
\nauthorizationMatrix fields
\nAuthorizationLimit fields
\n","urlObject":{"path":["create","tenant"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"ed1d3206-a9a0-4b9a-bf43-ef673f7612e2","name":"200 OK – Tenant created","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"tenantName\": \"emca_tenant_01\",\n \"description\": \"POC Group A\",\n \"maxCAs\": 99,\n \"encryptionKeyB64\": \"U29tZVJhbmRvbUVuY3J5cHRpb25LZXkxMjM0NTY3ODk=\",\n \"authorizationMatrix\": {\n \"admin\": {\n \"min\": 1,\n \"max\": 2\n },\n \"officer\": {\n \"min\": 1,\n \"max\": 2\n },\n \"auditor\": {\n \"min\": 1,\n \"max\": 2\n }\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/tenant","description":"The **\"createTenant\"** API creates a new tenant in the emCA platform. A tenant is an isolated organisational unit under which CAs, certificates, and external applications are managed.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| tenantName | String | Yes | Unique name for the tenant. Only alphanumeric characters and underscores are allowed; cannot start with an underscore.Registers an external application and generates API credentials (clientId and apiKey) for programmatic access to the emCA REST API.
\nRequired Header Parameters
\nRequest Body Parameters
\nResponse Parameters
\n","urlObject":{"path":["external-applications","register"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"728e599c-08ab-473e-a0f2-4a7d149a5088","name":"200 OK – Application registered","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"tenantName\": \"emca_tenant_01\",\n \"appName\": \"MyExternalApp\",\n \"username\": \"ext_app_user\",\n \"password\": \"P@ssw0rd123\",\n \"allowedIpAddres\": \"192.168.1.100\",\n \"caApiAccessEnabled\": \"1\",\n \"backupApiAccessEnabled\": \"0\",\n \"cmpAccessEnabled\": \"0\",\n \"estAccessEnabled\": \"0\",\n \"scepAccessEnabled\": \"0\",\n \"acmeAccessEnabled\": \"0\",\n \"ipValidationEnabled\": \"1\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/external-applications/register","description":"Registers an external application and generates API credentials (clientId and apiKey) for programmatic access to the emCA REST API.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| tenantName | String | Yes | The tenant under which the external application is registered |\n| appName | String | Yes | Unique name identifying the external application |\n| username | String | Yes | Username for the external application account |\n| password | String | Yes | Password for the external application account |\n| allowedIpAddres | String | No | IP address allowed to call the API (enforced when ipValidationEnabled = \"1\") |\n| caApiAccessEnabled | String | No | Enable CA management API access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| backupApiAccessEnabled | String | No | Enable Backup API access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| cmpAccessEnabled | String | No | Enable CMP (Certificate Management Protocol) access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| estAccessEnabled | String | No | Enable EST (Enrollment over Secure Transport) access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| scepAccessEnabled | String | No | Enable SCEP (Simple Certificate Enrollment Protocol) access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| acmeAccessEnabled | String | No | Enable ACME (Automatic Certificate Management Environment) access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| ipValidationEnabled | String | No | Enforce IP validation for all calls from this app: \"1\" to enable, \"0\" to disable (default: \"0\") |\n\n**Response Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| status | String | Operation status: \"Success\" or \"Failure\" |\n| result | String | Description of the operation result or error message |\n| clientId | String | Generated client ID for the external application |\n| apiKey | String | Generated API key for the external application |"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"SUCCESS\",\n \"message\": \"External application registered successfully\",\n \"clientId\": \"tade1c9c-a272-42e8-a2a8-0803db4d5ec5\"\n}"},{"id":"359f5caf-eca4-452d-8ec8-8ddbe7c30594","name":"400 Bad Request – Duplicate app name","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"tenantName\": \"emca_tenant_01\",\n \"appName\": \"MyExternalApp\",\n \"username\": \"ext_app_user\",\n \"password\": \"P@ssw0rd123\",\n \"allowedIpAddres\": \"192.168.1.100\",\n \"caApiAccessEnabled\": \"1\",\n \"backupApiAccessEnabled\": \"0\",\n \"cmpAccessEnabled\": \"0\",\n \"estAccessEnabled\": \"0\",\n \"scepAccessEnabled\": \"0\",\n \"acmeAccessEnabled\": \"0\",\n \"ipValidationEnabled\": \"1\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/external-applications/register","description":"Registers an external application and generates API credentials (clientId and apiKey) for programmatic access to the emCA REST API.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| tenantName | String | Yes | The tenant under which the external application is registered |\n| appName | String | Yes | Unique name identifying the external application |\n| username | String | Yes | Username for the external application account |\n| password | String | Yes | Password for the external application account |\n| allowedIpAddres | String | No | IP address allowed to call the API (enforced when ipValidationEnabled = \"1\") |\n| caApiAccessEnabled | String | No | Enable CA management API access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| backupApiAccessEnabled | String | No | Enable Backup API access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| cmpAccessEnabled | String | No | Enable CMP (Certificate Management Protocol) access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| estAccessEnabled | String | No | Enable EST (Enrollment over Secure Transport) access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| scepAccessEnabled | String | No | Enable SCEP (Simple Certificate Enrollment Protocol) access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| acmeAccessEnabled | String | No | Enable ACME (Automatic Certificate Management Environment) access: \"1\" to enable, \"0\" to disable (default: \"0\") |\n| ipValidationEnabled | String | No | Enforce IP validation for all calls from this app: \"1\" to enable, \"0\" to disable (default: \"0\") |\n\n**Response Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| status | String | Operation status: \"Success\" or \"Failure\" |\n| result | String | Description of the operation result or error message |\n| clientId | String | Generated client ID for the external application |\n| apiKey | String | Generated API key for the external application |"},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"FAILURE\",\n \"message\": \"Application with name 'ext_app_01' already registered for tenant\",\n \"clientId\": null\n}"}],"_postman_id":"db0d2dfa-0d90-463c-ae72-65d8c0dbbc33"},{"name":"initializeEncryptionKey","id":"d226d410-c494-4721-a9e9-300059631897","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"tenantName\": \"emca_tenant_01\",\n \"encryptionKeyB64\": \"U29tZVJhbmRvbUVuY3J5cHRpb25LZXk=\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/initialize-encryption-key","description":"The \"initializeEncryptionKey\" API sets the BYOK (Bring Your Own Key) encryption key for a tenant. This key is used to encrypt sensitive data stored by the tenant. Only X-Nonce is required — no JWT authentication.
Request Body Parameters
\n","urlObject":{"path":["initialize-encryption-key"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"26ca60e7-53af-409c-b6fa-f3c3e93df489","name":"200 OK – Key initialized","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"tenantName\": \"emca_tenant_01\",\n \"encryptionKeyB64\": \"U29tZVJhbmRvbUVuY3J5cHRpb25LZXk=\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/initialize-encryption-key","description":"The **\"initializeEncryptionKey\"** API sets the BYOK (Bring Your Own Key) encryption key for a tenant. This key is used to encrypt sensitive data stored by the tenant. Only `X-Nonce` is required — no JWT authentication.\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| tenantName | String | Yes | Name of the tenant.The \"updateTenantStatus\" API activates or deactivates a tenant. Deactivating a tenant prevents its external applications from authenticating to the platform.
\nRequired Header Parameters
\nRequest Body Parameters
\n","urlObject":{"path":["tenants","status"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"b19ac976-43f4-43c3-ac60-26cd64f8acb1","name":"200 OK – Status updated","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"tenantName\": \"emca_tenant_01\",\n \"action\": \"DEACTIVATE\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/tenants/status","description":"The **\"updateTenantStatus\"** API activates or deactivates a tenant. Deactivating a tenant prevents its external applications from authenticating to the platform.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| tenantName | String | Yes | Name of the tenant to update.The \"rotateKEK\" API replaces the current Key Encryption Key (KEK) for a tenant with a new one. Only X-Nonce is required — no JWT authentication.
Request Body Parameters
\n","urlObject":{"path":["rotate-kek"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"fed56155-d6d2-4c45-b19b-c43291013d99","name":"200 OK – KEK rotated","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"tenantName\": \"emca_tenant_01\",\n \"oldKek\": \"b2xkS2V5QmFzZTY0RW5jb2RlZA==\",\n \"newKek\": \"bmV3S2V5QmFzZTY0RW5jb2RlZA==\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/rotate-kek","description":"The **\"rotateKEK\"** API replaces the current Key Encryption Key (KEK) for a tenant with a new one. Only `X-Nonce` is required — no JWT authentication.\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| tenantName | String | Yes | Name of the tenant.Creates or updates a MyID policy configuration that maps certificate profiles to MyID client policy paths for automated certificate issuance.
\nRequired Header Parameters
\nRequest Body Parameters
\npolicies Array Items
\nResponse Parameters
\n","urlObject":{"path":["create","update","myid-policy"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"57b27a47-43ae-4bd5-acbc-8b79f669d794","name":"200 OK – Policy saved","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"caPath\": \"SubCA_Policy\",\n \"overrideKeyDefault\": \"1\",\n \"policies\": [\n {\n \"displayName\": \"Employee RSA 2048\",\n \"keyLength\": \"2048\",\n \"certProfileId\": \"3\"\n }\n ]\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/update/myid-policy","description":"Creates or updates a MyID policy configuration that maps certificate profiles to MyID client policy paths for automated certificate issuance.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caPath | String | Yes | Unique policy name used as the CA path identifier by MyID clients |\n| overrideKeyDefault | String | No | Override key defaults from the certificate profile: \"1\" to override, \"0\" to use profile defaults |\n| policies | Array | Yes | List of certificate profile policy objects to associate with this configuration |\n\n**policies Array Items**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| displayName | String | Yes | Human-readable label shown in MyID for this policy (e.g., \"Employee RSA 2048\") |\n| keyLength | String | Yes | Key length or algorithm: \"1024\", \"2048\", \"3072\", \"4096\" for RSA; \"ECC_P256\", \"ECC_P384\", \"ECC_P521\" for EC |\n| certProfileId | String | Yes | Unique identifier (as string) of the certificate profile to associate with this policy |\n\n**Response Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| status | String | Operation status: \"Success\" or \"Failure\" |\n| result | String | Description of the operation result or error message |"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"SUCCESS\",\n \"message\": \"MyID policy saved successfully\",\n \"caPath\": \"SubCA_Policy\"\n}"},{"id":"8faa4187-76b4-4e47-b8b7-717623873d80","name":"400 Bad Request – Invalid policy","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"caPath\": \"SubCA_Policy\",\n \"overrideKeyDefault\": \"1\",\n \"policies\": [\n {\n \"displayName\": \"Employee RSA 2048\",\n \"keyLength\": \"2048\",\n \"certProfileId\": \"3\"\n }\n ]\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/update/myid-policy","description":"Creates or updates a MyID policy configuration that maps certificate profiles to MyID client policy paths for automated certificate issuance.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caPath | String | Yes | Unique policy name used as the CA path identifier by MyID clients |\n| overrideKeyDefault | String | No | Override key defaults from the certificate profile: \"1\" to override, \"0\" to use profile defaults |\n| policies | Array | Yes | List of certificate profile policy objects to associate with this configuration |\n\n**policies Array Items**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| displayName | String | Yes | Human-readable label shown in MyID for this policy (e.g., \"Employee RSA 2048\") |\n| keyLength | String | Yes | Key length or algorithm: \"1024\", \"2048\", \"3072\", \"4096\" for RSA; \"ECC_P256\", \"ECC_P384\", \"ECC_P521\" for EC |\n| certProfileId | String | Yes | Unique identifier (as string) of the certificate profile to associate with this policy |\n\n**Response Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| status | String | Operation status: \"Success\" or \"Failure\" |\n| result | String | Description of the operation result or error message |"},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"FAILURE\",\n \"message\": \"Invalid policy configuration: profileId is required\",\n \"caPath\": null\n}"}],"_postman_id":"3160ca85-ed94-457e-a5d4-4e30cd880eed"}],"id":"0af85b1e-bc41-4aca-bf73-54386bb6ca87","description":"The Tenant Management APIs provide a secure, programmatic interface for managing tenants and external application registrations within the emCA platform. These APIs enable administrators to create tenants, register external applications, manage encryption keys (BYOK), control tenant lifecycle, and configure MyID policy integrations.
\nAll endpoints require X-Nonce for replay attack prevention. Endpoints that mutate tenant state additionally require X-Client-ID and X-Emca-Api-Key (JWT) headers.
Creates a new key profile defining the cryptographic hardware or software provider used for key operations in emCA.
\nRequired Header Parameters
\nRequest Body Parameters
\nKey Profile Types
\nResponse Parameters
\n","urlObject":{"path":["create","key-profile"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"7343d562-2fe4-451b-a997-78bb0a8bb168","name":"200 OK – Key profile created","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"profileName\": \"SampleKeyProfile\",\n \"keyProfileType\": \"PKCS11\",\n \"configData\": \"bmFtZSA9IGVtY2FfNDQxX3FhDQpsaWJyYXJ5ID0gL3Vzci9saWIvc29mdGhzbS9saWJzb2Z0aHNtMi5zbw0KYXR0cmlidXRlcyhnZW5lcmF0ZSwgQ0tPX1BVQkxJQ19LRVksICopID0gew0KICBDS0FfVE9LRU4gPSB0cnVlDQogIENLQV9WRVJJRlkgPSB0cnVlDQogIENLQV9FTkNSWVBUID0gdHJ1ZQ0KfQ0KYXR0cmlidXRlcyhnZW5lcmF0ZSwgQ0tPX1BSSVZBVEVfS0VZLCAqKSA9IHsNCiAgQ0tBX1RPS0VOID0gdHJ1ZQ0KICBDS0FfU0lHTiA9IHRydWUNCiAgQ0tBX0RFQ1JZUFQgPSB0cnVlDQogIENLQV9FWFRSQUNUQUJMRSA9IGZhbHNlDQp9DQoNCmF0dHJpYnV0ZXMoZ2VuZXJhdGUsIENLT19TRUNSRVRfS0VZLCBDS0tfQUVTKSA9IHsNCiAgQ0tBX1RPS0VOID0gdHJ1ZQ0KICBDS0FfRU5DUllQVCA9IHRydWUNCiAgQ0tBX0RFQ1JZUFQgPSB0cnVlDQogIENLQV9FWFRSQUNUQUJMRSA9IGZhbHNlDQp9DQpzbG90PTk0OTMyNDkzMg\",\n \"password\": \"654321\",\n \"keyVaultUrl\": \"https://my-vault.vault.azure.net/\",\n \"tenantId\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n \"clientId\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n \"clientSecret\": \"azure-client-secret-value\",\n \"cloudHsmUsername\": \"hsm_user_01\",\n \"crypto4aBaseUrl\": \"https://crypto4a.example.com/api\",\n \"crypto4aApiKey\": \"c4a-api-key-value\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/key-profile","description":"Creates a new key profile defining the cryptographic hardware or software provider used for key operations in emCA.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| profileName | String | Yes | Unique name for the key profile |\n| keyProfileType | String | Yes | Type of cryptographic provider (see Key Profile Types below) |\n| configData | String | No | Provider-specific configuration — e.g., Base64-encoded PKCS#11 config file for SOFTHSM/PKCS11 types |\n| password | String | No | Password or PIN to access the key store (for SOFTHSM, PKCS11, etc.) |\n| keyVaultUrl | String | Conditional | Azure Key Vault URL — required for AZURE_KEY_VAULT type (e.g., https://my-vault.vault.azure.net/) |\n| tenantId | String | Conditional | Azure Active Directory Tenant ID — required for AZURE_KEY_VAULT type |\n| clientId | String | Conditional | Azure Application (Client) ID — required for AZURE_KEY_VAULT type |\n| clientSecret | String | Conditional | Azure Client Secret — required for AZURE_KEY_VAULT type |\n| cloudHsmUsername | String | Conditional | Username for Cloud HSM authentication — required for CLOUD_HSM type |\n| crypto4aBaseUrl | String | Conditional | Base URL of the Crypto4A QASM server — required for CRYPTO4A type |\n| crypto4aApiKey | String | Conditional | API key for the Crypto4A service — required for CRYPTO4A type |\n\n**Key Profile Types**\n\n| Type | Description |\n|------|-------------|\n| SOFTHSM | SoftHSM2 software-based HSM |\n| PKCS11 | Generic PKCS#11 compatible hardware token or HSM |\n| MSSQL | Microsoft SQL Server-backed key storage |\n| AZURE_KEY_VAULT | Microsoft Azure Key Vault — requires keyVaultUrl, tenantId, clientId, clientSecret |\n| CLOUD_HSM | AWS CloudHSM or equivalent cloud-hosted HSM — requires cloudHsmUsername |\n| CRYPTO4A | Crypto4A Quantum-Safe HSM — requires crypto4aBaseUrl, crypto4aApiKey |\n\n**Response Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| status | String | Operation status: \"Success\" or \"Failure\" |\n| result | String | Description of the operation result or error message |\n| keyProfileId | Integer | The unique ID assigned to the created key profile |"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"result\": {\n \"status\": \"SUCCESS\",\n \"errorCode\": null,\n \"errorMessage\": null\n },\n \"keyProfileDetails\": {\n \"keyProfileId\": \"3\",\n \"profileName\": \"SampleKeyProfile\",\n \"keyProfileType\": \"PKCS11\"\n }\n}"},{"id":"b9c1333f-9048-4a3a-ae38-56c8de76b42b","name":"400 Bad Request – Profile exists","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"profileName\": \"SampleKeyProfile\",\n \"keyProfileType\": \"PKCS11\",\n \"configData\": \"bmFtZSA9IGVtY2FfNDQxX3FhDQpsaWJyYXJ5ID0gL3Vzci9saWIvc29mdGhzbS9saWJzb2Z0aHNtMi5zbw0KYXR0cmlidXRlcyhnZW5lcmF0ZSwgQ0tPX1BVQkxJQ19LRVksICopID0gew0KICBDS0FfVE9LRU4gPSB0cnVlDQogIENLQV9WRVJJRlkgPSB0cnVlDQogIENLQV9FTkNSWVBUID0gdHJ1ZQ0KfQ0KYXR0cmlidXRlcyhnZW5lcmF0ZSwgQ0tPX1BSSVZBVEVfS0VZLCAqKSA9IHsNCiAgQ0tBX1RPS0VOID0gdHJ1ZQ0KICBDS0FfU0lHTiA9IHRydWUNCiAgQ0tBX0RFQ1JZUFQgPSB0cnVlDQogIENLQV9FWFRSQUNUQUJMRSA9IGZhbHNlDQp9DQoNCmF0dHJpYnV0ZXMoZ2VuZXJhdGUsIENLT19TRUNSRVRfS0VZLCBDS0tfQUVTKSA9IHsNCiAgQ0tBX1RPS0VOID0gdHJ1ZQ0KICBDS0FfRU5DUllQVCA9IHRydWUNCiAgQ0tBX0RFQ1JZUFQgPSB0cnVlDQogIENLQV9FWFRSQUNUQUJMRSA9IGZhbHNlDQp9DQpzbG90PTk0OTMyNDkzMg\",\n \"password\": \"654321\",\n \"keyVaultUrl\": \"https://my-vault.vault.azure.net/\",\n \"tenantId\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n \"clientId\": \"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\",\n \"clientSecret\": \"azure-client-secret-value\",\n \"cloudHsmUsername\": \"hsm_user_01\",\n \"crypto4aBaseUrl\": \"https://crypto4a.example.com/api\",\n \"crypto4aApiKey\": \"c4a-api-key-value\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/key-profile","description":"Creates a new key profile defining the cryptographic hardware or software provider used for key operations in emCA.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| profileName | String | Yes | Unique name for the key profile |\n| keyProfileType | String | Yes | Type of cryptographic provider (see Key Profile Types below) |\n| configData | String | No | Provider-specific configuration — e.g., Base64-encoded PKCS#11 config file for SOFTHSM/PKCS11 types |\n| password | String | No | Password or PIN to access the key store (for SOFTHSM, PKCS11, etc.) |\n| keyVaultUrl | String | Conditional | Azure Key Vault URL — required for AZURE_KEY_VAULT type (e.g., https://my-vault.vault.azure.net/) |\n| tenantId | String | Conditional | Azure Active Directory Tenant ID — required for AZURE_KEY_VAULT type |\n| clientId | String | Conditional | Azure Application (Client) ID — required for AZURE_KEY_VAULT type |\n| clientSecret | String | Conditional | Azure Client Secret — required for AZURE_KEY_VAULT type |\n| cloudHsmUsername | String | Conditional | Username for Cloud HSM authentication — required for CLOUD_HSM type |\n| crypto4aBaseUrl | String | Conditional | Base URL of the Crypto4A QASM server — required for CRYPTO4A type |\n| crypto4aApiKey | String | Conditional | API key for the Crypto4A service — required for CRYPTO4A type |\n\n**Key Profile Types**\n\n| Type | Description |\n|------|-------------|\n| SOFTHSM | SoftHSM2 software-based HSM |\n| PKCS11 | Generic PKCS#11 compatible hardware token or HSM |\n| MSSQL | Microsoft SQL Server-backed key storage |\n| AZURE_KEY_VAULT | Microsoft Azure Key Vault — requires keyVaultUrl, tenantId, clientId, clientSecret |\n| CLOUD_HSM | AWS CloudHSM or equivalent cloud-hosted HSM — requires cloudHsmUsername |\n| CRYPTO4A | Crypto4A Quantum-Safe HSM — requires crypto4aBaseUrl, crypto4aApiKey |\n\n**Response Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| status | String | Operation status: \"Success\" or \"Failure\" |\n| result | String | Description of the operation result or error message |\n| keyProfileId | Integer | The unique ID assigned to the created key profile |"},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"result\": {\n \"status\": \"FAILURE\",\n \"errorCode\": \"EMCA-400\",\n \"errorMessage\": \"Invalid request parameters\"\n }\n}"}],"_postman_id":"a7757706-1e4b-4100-a2e3-6c9646c95b57"},{"name":"testkeyprofile","id":"f4bea156-9ccb-4a8f-949f-fde01dacff68","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"keyProfile\": \"1\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/test/key-profile","description":"The \"testKeyProfile\" API verifies that a key profile is correctly configured and that the system can successfully connect to and use the specified HSM or PKCS#11 device. This is useful for validating the key profile configuration before using it in CA certificate creation.
\nRequired Header Parameters
\nRequest Body Parameters
\n","urlObject":{"path":["test","key-profile"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"61b043b6-7a7d-4c97-a693-9bc6809688b7","name":"200 OK – Key profile valid","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"keyProfile\": \"1\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/test/key-profile","description":"The **\"testKeyProfile\"** API verifies that a key profile is correctly configured and that the system can successfully connect to and use the specified HSM or PKCS#11 device. This is useful for validating the key profile configuration before using it in CA certificate creation.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| keyProfile | String | Yes | The name or ID of the key profile to test.The \"getKeyProfiles\" API is used to retrieve the list of available key profiles that have been created in the CA system. The clientId is passed as a path variable.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["get-keyProfiles","{{x_client_id}}"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"d6bcd266-60c5-438f-84cf-97f8e540977c","name":"200 OK – Profiles listed","originalRequest":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"}],"url":"{{baseUrl}}/get-keyProfiles/{{x_client_id}}","description":"The \"**getKeyProfiles**\" API is used to retrieve the list of available key profiles that have been created in the CA system. The clientId is passed as a path variable.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n**Request Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| clientId | String | Yes | **clientId** is the unique client identifier received from emCA upon registering an external application. It needs to be passed as a path variable.The \"createCA\" API is used to generate a Certificate Authority (CA) certificate based on the provided input parameters. This API can generate both self-signed CA certificates and sub CA certificates by specifying the parent CA ID. The generated CA certificate is returned in base64 encoded X509 format.
\nRequired Header Parameters
\nRequest Body Parameters
\ncertificateRequestDetails Fields
\nSupported Algorithms
\ncaExtensions Fields
\nNote — crlDistribution: The crlURLs field (Array of Strings) can be used in place of the single crlURL field to specify multiple CRL distribution point URLs. When crlURLs is provided it takes precedence over crlURL.
The \"createOrUpdateCRLProfile\" API is used to create or update a Certificate Revocation List (CRL) template. The createOrUpdateCRLProfile API is used to create or update a Certificate Revocation List (CRL) template.
\nRequired Header Parameters
\nRequest Body Parameters
\ncrlProfileDetails Fields
\nSupported Algorithms
\n","urlObject":{"path":["create","update","crl-profile"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"c765fefb-50ad-40c0-819e-190eb530f012","name":"200 OK – CRL profile saved","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"crlProfileRequestDetails\": {\r\n \"crlProfileID\": 0,\r\n \"profileName\": \"CRL Profile\",\r\n \"validity\": 15,\r\n \"customCRLNumber\": 1,\r\n \"isCRLAutoGeneration\": \"1\",\r\n \"crlFrequency\": 1,\r\n \"extensions\": {\r\n \"authorityInformationAccess\": {\r\n \"isEnabled\": \"0\",\r\n \"sortOrder\": 0\r\n },\r\n \"deltaCRL\": {\r\n \"baseCRLNumber\": 0,\r\n \"isEnabled\": \"string\",\r\n \"sortOrder\": 0\r\n },\r\n \"freshestCRL\": {\r\n \"deltaCRLDistributionPoint\": \"string\",\r\n \"isEnabled\": \"string\",\r\n \"sortOrder\": 0\r\n },\r\n \"issuerAlternateName\": {\r\n \"isEnabled\": \"string\",\r\n \"sortOrder\": 0\r\n },\r\n \"issusingDistributionPoint\": {\r\n \"certificateCount\": 0,\r\n \"distributionPointUrl\": \"string\",\r\n \"inDirectCRL\": \"string\",\r\n \"isEnabled\": \"string\",\r\n \"onlyContainsCACerts\": \"string\",\r\n \"onlyContainsUserCert\": \"string\",\r\n \"partitionCount\": 0,\r\n \"sortOrder\": 0\r\n }\r\n }\r\n }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/update/crl-profile","description":"The \"**createOrUpdateCRLProfile**\" API is used to create or update a Certificate Revocation List (CRL) template. The createOrUpdateCRLProfile API is used to create or update a Certificate Revocation List (CRL) template.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| crlProfileRequestDetails | JSON | Yes | The crlProfileRequestDetails parameter is a required JSON object that contains specific details about the crl template to be generated.Creates or updates a Certificate Revocation List (CRL) for a specified Certification Authority.
\nRequired Header Parameters
\nRequest Body Parameters
\ncrlRequestDetails Object
\nResponse Parameters
\n","urlObject":{"path":["create","update","crl"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"bf95df36-4683-4e92-8f32-a2f63c4008cc","name":"200 OK – CRL issued","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"crlRequestDetails\": {\n \"caId\": 1,\n \"signingAlgorithm\": \"SHA256withRSA\",\n \"crlProfileId\": 1,\n \"emergencyCRL\": false,\n \"emergencyValidity\": 24\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/update/crl","description":"Creates or updates a Certificate Revocation List (CRL) for a specified Certification Authority.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| crlRequestDetails | Object | Yes | Wrapper object containing the CRL generation parameters |\n\n**crlRequestDetails Object**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caId | Integer | Yes | Unique identifier of the CA for which the CRL is generated |\n| signingAlgorithm | String | No | Algorithm used to sign the CRL (e.g., SHA256withRSA, SHA384withECDSA, SHA256withECDSA) |\n| crlProfileId | Integer | Yes | Unique identifier of the CRL profile to use |\n| emergencyCRL | Boolean | No | If true, generates an emergency off-schedule CRL; default: false |\n| emergencyValidity | Integer | No | Validity period in hours for the emergency CRL — only used when emergencyCRL = true |\n\n**Response Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| status | String | Operation status: \"Success\" or \"Failure\" |\n| result | String | Description of the operation result or error message |\n| crlId | Integer | Unique identifier of the created or updated CRL |"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"result\": {\n \"status\": \"SUCCESS\",\n \"errorCode\": null,\n \"errorMessage\": null\n },\n \"crlDetails\": {\n \"caId\": \"1\",\n \"crlData\": \"MIIBvgYJKoZIhvcNAQcCoIIBrzCCAasCAQMxbase64==\",\n \"thisUpdate\": \"2026-04-17T00:00:00\",\n \"nextUpdate\": \"2026-04-24T00:00:00\"\n },\n \"emergencyCrlDetails\": null\n}"},{"id":"608dcf20-bfb2-446f-9a40-53c5f41a1f8c","name":"400 Bad Request","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"crlRequestDetails\": {\n \"caId\": 1,\n \"signingAlgorithm\": \"SHA256withRSA\",\n \"crlProfileId\": 1,\n \"emergencyCRL\": false,\n \"emergencyValidity\": 24\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/update/crl","description":"Creates or updates a Certificate Revocation List (CRL) for a specified Certification Authority.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| crlRequestDetails | Object | Yes | Wrapper object containing the CRL generation parameters |\n\n**crlRequestDetails Object**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caId | Integer | Yes | Unique identifier of the CA for which the CRL is generated |\n| signingAlgorithm | String | No | Algorithm used to sign the CRL (e.g., SHA256withRSA, SHA384withECDSA, SHA256withECDSA) |\n| crlProfileId | Integer | Yes | Unique identifier of the CRL profile to use |\n| emergencyCRL | Boolean | No | If true, generates an emergency off-schedule CRL; default: false |\n| emergencyValidity | Integer | No | Validity period in hours for the emergency CRL — only used when emergencyCRL = true |\n\n**Response Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| status | String | Operation status: \"Success\" or \"Failure\" |\n| result | String | Description of the operation result or error message |\n| crlId | Integer | Unique identifier of the created or updated CRL |"},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"result\": {\n \"status\": \"FAILURE\",\n \"errorCode\": \"EMCA-400\",\n \"errorMessage\": \"Invalid request parameters\"\n }\n}"}],"_postman_id":"33ebb195-13d6-498e-b982-1327ce7ff159"},{"name":"getCRL","id":"e9e18646-ce2b-4cd0-acff-58f6e10b3182","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"caSerialNo\": \"e7bcea340a5c362193c06d6356be8b12\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/get-crl","description":"The \"getCRL\" API is used to download a Certificate Revocation List (CRL) by providing the CA's certificate serial number and app code.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["get-crl"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"27f4f150-64f3-469a-b94a-f30096c0e110","name":"200 OK – CRL data returned","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"caSerialNo\": \"e7bcea340a5c362193c06d6356be8b12\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/get-crl","description":"The \"**getCRL**\" API is used to download a Certificate Revocation List (CRL) by providing the CA's certificate serial number and app code.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n**Request Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caSerialNo | String | Yes | Certificate serial numberThe \"getCACertificate\" API exports the CA certificate for the specified CA.
\nRequired Header Parameters
\nRequest Body Parameters
\n","urlObject":{"path":["export","ca","certificate"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"dcef93b2-5b3d-440b-8c0f-a40805737744","name":"200 OK – Certificate exported","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"caId\": 1\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/export/ca/certificate","description":"The **\"getCACertificate\"** API exports the CA certificate for the specified CA.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caId | Long | Yes | The unique numeric identifier of the CA whose certificate is to be exported.The \"createCSR\" API generates a Certificate Signing Request (CSR) for a CA. The CSR can then be submitted to an external CA for signing and imported back via the importCertificate API.
\nRequired Header Parameters
\nRequest Body Parameters
\n","urlObject":{"path":["create","csr"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"9fad8836-b0d1-45eb-bc99-aec36dec799e","name":"200 OK – CSR generated","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"certificateRequestDetails\": {\n \"keyAlgorithm\": \"RSA2048\",\n \"signingAlgorithm\": \"SHA256WithRSA\",\n \"keyProfile\": \"PKCS11_PROFILE\",\n \"caSubjectAttributes\": [\n {\n \"dataType\": \"PrintableString\",\n \"oid\": \"2.5.4.3\",\n \"value\": \"Test CSR\"\n },\n {\n \"dataType\": \"PrintableString\",\n \"oid\": \"2.5.4.10\",\n \"value\": \"Example Corporation\"\n },\n {\n \"dataType\": \"PrintableString\",\n \"oid\": \"2.5.4.6\",\n \"value\": \"US\"\n }\n ]\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/csr","description":"The **\"createCSR\"** API generates a Certificate Signing Request (CSR) for a CA. The CSR can then be submitted to an external CA for signing and imported back via the importCertificate API.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| certificateRequestDetails | JSON | Yes | Object containing CSR generation details. See sub-fields below. |\n| keyAlgorithm | String | Yes | Key algorithm and size.The \"importCertificate\" API imports a signed CA certificate into the system. Used after an externally-signed CSR is returned by the parent CA.
\nRequired Header Parameters
\nRequest Body Parameters
\n","urlObject":{"path":["import","certificate"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"a892f610-9bed-4970-a694-83750cc8d409","name":"200 OK – Certificate imported","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"importType\": \"CA\",\n \"caId\": 1,\n \"certData\": \"BASE64_ENCODED_CERTIFICATE\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/import/certificate","description":"The **\"importCertificate\"** API imports a signed CA certificate into the system. Used after an externally-signed CSR is returned by the parent CA.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| importType | String | Yes | Type of import. Supported value: **CA**.The \"getCRL\" GET supported API is used to download a Certificate Revocation List (CRL) by providing the CA's serial number and client ID.
\nRequired Header Parameters
\nURL
\n{{baseUrl}}/get-crl/{caSerialNo}/{clientId}
Request Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["get-crl","e7bcea340a5c362193c06d6356be8b12","{{x_client_id}}"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"36547240-c1f5-4f30-b56e-4cd64bedd03c","name":"200 OK – CRL downloaded","originalRequest":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":"{{baseUrl}}/get-crl/e7bcea340a5c362193c06d6356be8b12/{{x_client_id}}","description":"The \"**getCRL**\" GET supported API is used to download a Certificate Revocation List (CRL) by providing the CA's serial number and client ID. \n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**URL**\n\n`{{baseUrl}}/get-crl/{caSerialNo}/{clientId}`\n\n**Request Body Parameters**\n\n**Request Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caSerialNo | String | Yes | Certificate serial number need to pass in path variableThe \"revoke/suspend/ca\" API facilitates the revocation or suspension of a CA Certificate based on its serial number and reason code. This functionality is crucial for invalidating certificates that are compromised or no longer trusted.
\nRequired Header Parameters
\nBy specifying the serial number of the certificate, this API ensures immediate termination or suspension of its validity, thereby maintaining security and compliance with organizational policies regarding CA management.
\nIf the reason code is 6, the certificate is treated as suspended (typically for temporary hold).
For all other reason codes, the certificate is treated as revoked.
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["revoke","suspend","ca"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"49428410-a039-4bb1-8b00-66cab7be75ed","name":"200 OK – CA revoked/suspended","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"revokeDetails\": {\r\n \"serialNo\": \"23f8a71aa6b4af877e6b5b45da5d75d4\",\r\n \"remarks\": \"test\",\r\n \"reason\": 1\r\n }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/revoke/suspend/ca","description":"The **\"revoke/suspend/ca\"** API facilitates the **revocation** or **suspension** of a CA Certificate based on its **serial number** and **reason code**. This functionality is crucial for invalidating certificates that are **compromised** or **no longer trusted**.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nBy specifying the serial number of the certificate, this API ensures **immediate termination or suspension** of its validity, thereby maintaining **security** and **compliance** with organizational policies regarding CA management.\n\nIf the **reason code is** **`6`**, the certificate is treated as **suspended** (typically for temporary hold).\n\nFor **all other reason codes**, the certificate is treated as **revoked**.\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | Yes | Certificate serial number for which revoke or suspend is initiated.The 'reinstateCA' API allows for the reinstatement of previously suspended CA Certificate. This functionality is used to restore certificates that were temporarily invalidated, or other reasons. By specifying the serial number of the suspended certificate, this API ensures the restoration of its validity, maintaining security and compliance with organizational certificate management policies.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["reinstate","ca"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"e4b2451e-7f68-442c-893e-c63ee706028b","name":"200 OK – CA reinstated","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"rereinstateDetails\": {\n \"serialNo\": \"23f8a71aa6b4af877e6b5b45da5d75d4\",\n \"remarks\": \"CA reinstated after resolution of compromise issue\"\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/reinstate/ca","description":"The '**reinstateCA**' API allows for the reinstatement of previously suspended CA Certificate. This functionality is used to restore certificates that were temporarily invalidated, or other reasons. By specifying the serial number of the suspended certificate, this API ensures the restoration of its validity, maintaining security and compliance with organizational certificate management policies.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n**Request Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | Yes | Certificate serial number for which reinstate is initiated.The \"createOrUpdateUserProfile\" API is used to create or update a user certificate template. This template defines the details and specifications for user certificates.
\nRequired Header Parameters
\nRequest Body Parameters
\n| profileRequestDetails | JSON | Yes | The profileRequestDetails parameter is a required JSON object that contains the details for creating or updating a user certificate template.
see certificateRequestDetails Fields below |
userProfileDetails Fields
\nSupported Algorithms
\n","urlObject":{"path":["create","update","user-profile"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"94ade315-a3d8-4430-a44a-5b6375080c05","name":"200 OK – Profile saved","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"caId\": \"1\",\n \"profileRequestDetails\": {\n \"certificateProfileID\": \"\",\n \"profileName\": \"End-Entity - Birth Identity Certificate3\",\n \"subjectAttributes\": [\n {\n \"value\": \"USER-2024-001234\",\n \"oid\": \"2.5.4.3\",\n \"isMandatory\": \"1\",\n \"dataType\": \"PrintableString\"\n },\n {\n \"value\": \"Devices\",\n \"oid\": \"2.5.4.11\",\n \"isMandatory\": \"0\",\n \"dataType\": \"PrintableString\"\n },\n {\n \"value\": \"Example Corporation\",\n \"oid\": \"2.5.4.10\",\n \"isMandatory\": \"0\",\n \"dataType\": \"PrintableString\"\n },\n {\n \"value\": \"US\",\n \"oid\": \"2.5.4.6\",\n \"isMandatory\": \"0\",\n \"dataType\": \"PrintableString\"\n }\n ],\n \"extensions\": {\n \"basicConstraints\": {\n \"isEnabled\": \"1\",\n \"isCritical\": \"0\",\n \"type\": \"endEntity\",\n \"pathLength\": \"none\",\n \"sortOrder\": \"1\"\n },\n \"keyUsageAttributes\": {\n \"encipherOnly\": \"0\",\n \"isEnabled\": \"1\",\n \"isCritical\": \"1\",\n \"nonRepudiation\": \"0\",\n \"digitalSignature\": \"1\",\n \"keyEncipherment\": \"0\",\n \"dataEncipherment\": \"0\",\n \"keyAgreement\": \"1\",\n \"keyCertSign\": \"0\",\n \"crlSign\": \"0\",\n \"decipherOnly\": \"0\",\n \"sortOrder\": \"2\"\n },\n \"extendedKeyUsageAttributes\": {\n \"isEnabled\": \"1\",\n \"isCritical\": \"0\",\n \"serverAuthentication\": \"1\",\n \"clientAuthentication\": \"1\",\n \"codeSigning\": \"0\",\n \"emailProtection\": \"0\",\n \"timeStamping\": \"0\",\n \"ocspSigning\": \"0\",\n \"msftDocumentSigning\": \"0\",\n \"smartCardLogon\": \"0\",\n \"adobeCertifiedDocumentSigning\": \"0\",\n \"encryptionFileSystem\": \"0\",\n \"sortOrder\": \"3\"\n },\n \"authInfoAccess\": {\n \"isEnabled\": \"0\",\n \"isCritical\": \"0\",\n \"ocspURL\": \"http://pki.example.com/ocsp/Example\",\n \"cAIssuerURL\": \"http://appemca.emudhra.com/repository/ca/ExampleIssuingCA02.cer\",\n \"sortOrder\": \"4\"\n },\n \"authorityKeyIdentifier\": {\n \"isEnabled\": \"1\",\n \"isCritical\": \"0\",\n \"sortOrder\": \"5\"\n },\n \"subjectKeyIdentifier\": {\n \"isEnabled\": \"1\",\n \"isCritical\": \"0\",\n \"sortOrder\": \"6\"\n },\n \"certificatePolicy\": {\n \"isEnabled\": \"1\",\n \"isCritical\": \"0\",\n \"policyOID\": [],\n \"cpsURL\": \"http://pki.example.com/repository/cps/CPS.pdf\",\n \"cpsPolicyOID\": \"2.16.356.100.1.8.1\",\n \"sortOrder\": \"7\"\n },\n \"crlDistribution\": {\n \"isEnabled\": \"0\",\n \"isCritical\": \"0\",\n \"crlURL\": \"http://appemca.emudhra.com/repository/crl/ExampleIssuingCA02.crl\",\n \"sortOrder\": \"8\"\n }\n }\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/create/update/user-profile","description":"The \"**createOrUpdateUserProfile**\" API is used to create or update a user certificate template. This template defines the details and specifications for user certificates.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caId | String | Yes | Unique identifier of the CA to which this certificate profile belongs |\n\n| profileRequestDetails | JSON | Yes | The **profileRequestDetails** parameter is a required JSON object that contains the details for creating or updating a user certificate template.The \"createUserCertificate\" API is used to generate a user certificate based on the provided input parameters. The request includes details such as the certificate profile ID, CSR, SAN attributes, subordinate CA ID, subject attributes, and validity details. The generated user certificate can be returned in base64 encoded X509 format along with the chain of certificates.
\nRequired Header Parameters
\nRequest Body Parameters
\ncertificateRequestDetails Fields
\ncustomExtensions Array Items (inside certificateRequestDetails)
\n","urlObject":{"path":["request","user-certificate"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"ec9b08fd-8f01-41bd-9d17-ccfda134b6f7","name":"200 OK – Certificate issued","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"certificateRequestDetails\": {\n \"certificateProfileID\": \"20\",\n \"csr\": \"MIICbDCCAVQCAQAwJzElMCMGA1UEAxMcVXNlciBDZXJ0aWZpY2F0ZSB3aXRoIEpXVCAwMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWhxvjou995s6tKopDI8W/+mkAPgKLproQqLIZtGt8o23gkw47bcW67GjXxKhoAssShvthjbU6rScFf6JoL41/rKOvQF3WWSfc+fe0VBmzKruZOLk+KvrjgTj5uPM9MgYwvZEh9gWfPIUNIWDL+O1O/PR2Zcuke3qenP180/gFE6IQ9/uWKZicLEhPrCW00dcJPD/fQipaFIT6VPHi0tbxUWmq6CaA36DJOPhx3Izs9B/JLXjmPRsY8aP0yLlCNJaDV0aSKfcnn2Pr0CWJid7d/mc7JDZrE4PPF10eXTPjiBYdXIr9ewfD+Mkl8aiIbiwZrsEduea0/9x7kGbbmzsMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBW8i3dyvlg251u9ZM4I+31RyrKs2WxbMecka8oIpS8KwtLx12hlulqZlsL/dfVIikDf/kE0hrJNEJXNTcMELCJSxoaVZKHXkgmXB4xHwBL2HbqvlohMJb+wAIMQ8RJgG5al52v+Rx1VwDh/S/mAjo3lCarXJb6IrgtaNBgLka4jKS6czOdCxcZ7YbUb4kShmLdgREmWtNasyn7K8kdypP5+IYAQqO2IW7N73fvbsz8D9UTuBXsLo/GKBoIZ9CdQn4DjKnX1ncU5S62gWfvvpguq9X2tskdNSDLE+ohsdHrAIdI8ntlbRR/Ryw9sMCBT/OJwdFo9JPWTYCBkIPSU7Ke\",\n \"subCAID\": \"7\",\n \"subjectAttributes\": [\n {\n \"value\": \"USER-2024-001234\",\n \"oid\": \"2.5.4.3\"\n },\n {\n \"value\": \"Devices\",\n \"oid\": \"2.5.4.11\"\n },\n {\n \"value\": \"Example Corporation\",\n \"oid\": \"2.5.4.10\"\n },\n {\n \"value\": \"US\",\n \"oid\": \"2.5.4.6\"\n }\n ],\n \"validityCriteria\": \"y\",\n \"validityValue\": \"5\",\n \"customExtensions\": [\n {\n \"type\": \"1.2.840.113549.1.9.14\",\n \"value\": \"custom-extension-value\",\n \"isCritical\": \"0\",\n \"isMandatory\": \"0\",\n \"dataType\": \"UTF8String\",\n \"sortOrder\": \"1\"\n }\n ]\n }\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/request/user-certificate","description":"The \"**createUserCertificate**\" API is used to generate a user certificate based on the provided input parameters. The request includes details such as the certificate profile ID, CSR, SAN attributes, subordinate CA ID, subject attributes, and validity details. The generated user certificate can be returned in base64 encoded X509 format along with the chain of certificates.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| certificateRequestDetails | JSON | Yes | The certificateRequestDetails parameter is a required JSON object that contains specific details about the certificate to be generated.The CA Management APIs provide comprehensive management of the Certificate Authority (CA) infrastructure within the emCA platform. These APIs support creating and managing key profiles (HSM/PKCS#11), generating root and sub-CA certificates, managing CRL profiles and CRL issuance, revoking/reinstating CAs, creating user certificate profiles, and issuing user certificates.
\nAll CA Management API requests must include the following HTTP headers:
\n","event":[{"listen":"prerequest","script":{"type":"text/javascript","packages":{},"exec":[""],"id":"387a9a3b-b526-41f1-9fce-62a3f82060eb"}},{"listen":"test","script":{"type":"text/javascript","packages":{},"exec":[""],"id":"948bec60-b527-4043-a01d-76bdae7614af"}}],"_postman_id":"bcc10c65-ac6c-4ec9-a2a2-9eb576f75e0d"},{"name":"Certificate Management","item":[{"name":"createCertificate","event":[{"listen":"prerequest","script":{"exec":[""],"type":"text/javascript","packages":{},"requests":{},"id":"3453dac8-6158-49e8-ad7a-6c3f794d4022"}}],"id":"a40b3f77-9394-4164-861b-bc959171b4fa","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"profile\": \"12\",\r\n \"output\": \"X509\",\r\n \"csr\": \"MIIBhzCCAQ4CAQAwUDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNhbGl4IEluYzEQMA4GA1UECxMHRGV2aWNlczEbMBkGA1UEAxMSQVhPUy1BWE9TLTEyMzQ1NjY3MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqATmpa/4d7L+78wyA4wXyZ9rGJpHZ8vOuGafKL9wMfmcQbJiIFmYv0Im6Pb2FeDGHQx1rBgJm7TNvSdFLi413a6ffHqbUhh5yWE2et0pDhMfu8hWRSnWO3JM8oZRjlRDoD8wPQYJKoZIhvcNAQkOMTAwLjAsBgNVHREEJTAjhiF1cm46Y2FsaXg6YXhvczpkZXZpY2U6U04xMjM0NTY3ODkwCgYIKoZIzj0EAwIDZwAwZAIwPZC1Hk6e9utWjHTblvxYAnW2qL+Hx5jmTn+Q1MRJxjZRhtgA4GRmy7GZN+pqp9qeAjBEiJ/6HMqrWxuUPuiRgwp/AdJauXh8eDUMOGIIpEHlF/jhytRVbuvOf8bECDXMegw=\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/request","description":"The \"createCertificate\" API is used to generate an X509 certificate for the provided CSR (PKCS10). The generated certificate can be returned either in base64 encoded X509 format or as a PEM, based on the specified requirements.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","request"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"8846eafe-bb31-4b2d-bfa7-197a5680e8e4","name":"200 OK – Certificate issued","originalRequest":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"profile\": \"12\",\r\n \"output\": \"X509\",\r\n \"csr\": \"MIIBhzCCAQ4CAQAwUDELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNhbGl4IEluYzEQMA4GA1UECxMHRGV2aWNlczEbMBkGA1UEAxMSQVhPUy1BWE9TLTEyMzQ1NjY3MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqATmpa/4d7L+78wyA4wXyZ9rGJpHZ8vOuGafKL9wMfmcQbJiIFmYv0Im6Pb2FeDGHQx1rBgJm7TNvSdFLi413a6ffHqbUhh5yWE2et0pDhMfu8hWRSnWO3JM8oZRjlRDoD8wPQYJKoZIhvcNAQkOMTAwLjAsBgNVHREEJTAjhiF1cm46Y2FsaXg6YXhvczpkZXZpY2U6U04xMjM0NTY3ODkwCgYIKoZIzj0EAwIDZwAwZAIwPZC1Hk6e9utWjHTblvxYAnW2qL+Hx5jmTn+Q1MRJxjZRhtgA4GRmy7GZN+pqp9qeAjBEiJ/6HMqrWxuUPuiRgwp/AdJauXh8eDUMOGIIpEHlF/jhytRVbuvOf8bECDXMegw=\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/request","description":"The \"createCertificate\" API is used to generate an X509 certificate for the provided CSR (PKCS10). The generated certificate can be returned either in base64 encoded X509 format or as a PEM, based on the specified requirements.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| profile | String | Yes | A Certificate Profile name or Certificate Profile ID is a unique profile or template created for certificates. Profiles can be created by an admin on emCA or using the CA Management APIs.The \"createCertificates\" API is designed to generate multiple X509 Certificates based on up to 10 provided Certificate Signing Requests (CSRs). This API allows for the creation of certificates in either Base64 encoded X509Certificates or PEM. It enables efficient management and creation of multiple certificates simultaneously.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","request","bulk"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"8b66df59-3870-400d-8441-b0fad8025a9d","name":"200 OK – Bulk certificates issued","originalRequest":{"method":"POST","header":[{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"profile\": \"3\",\r\n \"output\": \"X509\",\r\n \"csrInfo\": [\r\n {\r\n \"referenceId\": \"1001\",\r\n \"csr\": \"MIICzTCCAbUCAQAwgYcxCzAJBgNVBAYTAkdCMRYwFAYDVQQIEw1TdGFmZm9yZHNoaXJlMRcwFQYDVQQHEw5TdG9rZSBvbiBUcmVudDEjMCEGA1UEChMaUmVkIEtlc3RyZWwgQ29uc3VsdGluZyBMdGQxIjAgBgNVBAMTGXRlc3RjZXJ0LnJlZGtlc3RyZWwuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLeW88IeAIa3n23R99i874fh0jetf+STsGPgkfGXGJ++tclKGk3MJE0ijD4PNaxGXUCNULgn2ROyybm5sTmGzpEOD+1AAAyV+pLQoFNkHEFuudGqVM6XkPWfqaM2vKvdzUbPPC0X/MfDFGPxc8AY3TUM385c9c9/WOIF6NUcAvAFIQF0zG7evzJZBqDb4enUnatMSLHmxRWMi1JeHtfLINXhNitHewEQWgIB3j1xmh7CPO5FeTb6HzQDxc+f7uMisY6s9J/Ph3GeOCeIDooqU8jnfV5eGEzIMH5CFMZjajrNKF4DYK3YRyUI0K66+v0KILoUntEs++M20LhOn+VE9AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAUWE7oBX3SLjYNM53bsBOlNGnsgAp1P1fiCPpEKaZGEOUJ2xOguIHSu1N1ZigKpWmiAAZxuoagW1R/ANM3jXpvCLVBRv40AHCFsot9udrdCYjI43aDHAaYvLmT4/Pvpntcn0/7+g//elAHhr9UIooMZwwwo6yom67Jwfw/be/g7Mae7mPHZ2lsQTS02hEeqVynIRk2W9meQULrt+/atog0mqJSBx0WswtHliTc+nXFpQrwFIEzVuPGCOVw7LmCfNmHNCkZVuRSJB/9MdLmrfwchPI3NeTGSe+BZfsOtpt2/7j+bqeYKFu8B0stLoJBEnihxUoV18uZOmOeuVuX1N6nA==\"\r\n },\r\n {\r\n \"referenceId\": \"1002\",\r\n \"csr\": \"MIIBLzCB1gIBADB0MSkwJwYJKoZIhvcNAQkBFhp0YW5tb3kucHJhZGhhbkBlbXVkaHJhLmNvbTENMAsGA1UEERMEbnVsbDEPMA0GA1UEAxMGVGFubW95MREwDwYDVQQKEwhQZXJzb25hbDEJMAcGA1UECBMAMQkwBwYDVQQGEwAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+EAJgUf75U/UQ12h7ZR9AH4GLGByNOvgu4y/vQIKRkqZeY028EerKzpKjhhL4Ocb8CyNIl/pPElgRJzHawNBDoAAwCgYIKoZIzj0EAwIDSAAwRQIhAPABaUje1TrCD+RqlV4UFvo/pFO3GiMvr989qa8cZfBTAiBLhbbqAo/fx3fdKKahwuLMfbL2dvQXgMHFOdXiR0/oOA==\"\r\n }\r\n ]\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/request/bulk","description":"The \"createCertificates\" API is designed to generate multiple X509 Certificates based on up to 10 provided Certificate Signing Requests (CSRs). This API allows for the creation of certificates in either Base64 encoded X509Certificates or PEM. It enables efficient management and creation of multiple certificates simultaneously.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| profile | String | Yes | A Certificate Profile name or Certificate Profile ID is a unique profile or template created for certificates. Profiles can be created by an admin on emCA or using the CA Management APIs.The 'createCustomCertificate' API facilitates the creation of X509 Certificates or PEM by accepting a CSR (#PKCS10) along with additional parameters such as Subject Distinguished Name (DN) and Subject Alternative Name (SAN) details. This API allows for the customization of certificate attributes, enabling the creation of certificates tailored to specific requirements and ensuring flexibility in certificate management.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\nTabel no 2
\nTabel no 3
\nTabel no 4
\n","urlObject":{"path":["certificates","request","custom"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"6ce2ccf5-f364-4827-a157-94296e5f99f6","name":"200 OK – Custom certificate issued","originalRequest":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"profile\": \"3\",\r\n \"subjectDN\": {\r\n \"commonName\": \"test\",\r\n \"country\": \"IN\"\r\n },\r\n \"san\": {\r\n \"dnsName\": \"www.example.com\"\r\n },\r\n \"esign\": \"No\",\r\n \"output\": \"X509\",\r\n \"csr\": \"MIIBLzCB1gIBADB0MSkwJwYJKoZIhvcNAQkBFhp0YW5tb3kucHJhZGhhbkBlbXVkaHJhLmNvbTENMAsGA1UEERMEbnVsbDEPMA0GA1UEAxMGVGFubW95MREwDwYDVQQKEwhQZXJzb25hbDEJMAcGA1UECBMAMQkwBwYDVQQGEwAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT+EAJgUf75U/UQ12h7ZR9AH4GLGByNOvgu4y/vQIKRkqZeY028EerKzpKjhhL4Ocb8CyNIl/pPElgRJzHawNBDoAAwCgYIKoZIzj0EAwIDSAAwRQIhAPABaUje1TrCD+RqlV4UFvo/pFO3GiMvr989qa8cZfBTAiBLhbbqAo/fx3fdKKahwuLMfbL2dvQXgMHFOdXiR0/oOA==\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/request/custom","description":"The '**createCustomCertificate'** API facilitates the creation of X509 Certificates or PEM by accepting a CSR (#PKCS10) along with additional parameters such as Subject Distinguished Name (DN) and Subject Alternative Name (SAN) details. This API allows for the customization of certificate attributes, enabling the creation of certificates tailored to specific requirements and ensuring flexibility in certificate management.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| profile | String | Yes | A Certificate Profile name or Certificate Profile ID is a unique profile or template created for certificates. Profiles can be created by an admin on emCA or using the CA Management APIs.This is a method that is responsible for creating a keystore. A keystore is a repository for storing cryptographic keys and certificates.
\nRequired Header Parameters
\nThis refers to the type of keystore being generated. PKCS12 (Public-Key Cryptography Standards #12) is a standard for storing both X.509 certificates and private keys in a single file. It is widely used and supported by various systems.
\nCall the createKeyStore method, providing it with the necessary parameters, including the certificate profile.
\nThe createKeyStore method processes based on the provided input perameters and generates a new keystore in the PKCS12 format.
\nThe profile should be KRS (Key Recovery Service) enabled.
\nTo enable KRS, follow these steps when creating the user profile
\nLog in to the emCA UI Portal as an Administrator and navigate to the user profile (refer emCA User Manual). Then, select the \"Is KRS enabled\" checkbox.
\nRequest Body Parameters
\nRequest Parameters
\nTabel no 2
\nRequest Parameters
\nTabel no 4
\nTabel no 5
\n","urlObject":{"path":["certificates","request","keystore"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"433df6d9-f4f8-4e01-b0c1-d9e5d0357da4","name":"200 OK – KeyStore created","originalRequest":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"profile\": \"5\",\r\n \"subjectDN\": {\r\n \"commonName\": \"Encrypted Certificate\",\r\n \"country\": \"IN\"\r\n },\r\n \"keyAlgorithm\": \"RSA-2048\",\r\n \"keyStorePassword\": \"Test@123\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/request/keystore","description":"This is a method that is responsible for creating a keystore. A keystore is a repository for storing cryptographic keys and certificates.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nThis refers to the type of keystore being generated. PKCS12 (Public-Key Cryptography Standards #12) is a standard for storing both X.509 certificates and private keys in a single file. It is widely used and supported by various systems.\n\nCall the **createKeyStore** method, providing it with the necessary parameters, including the certificate profile.\n\nThe **createKeyStore** method processes based on the provided input perameters and generates a new keystore in the PKCS12 format.\n\n### Prerequisites\n\n1. The profile should be KRS (Key Recovery Service) enabled.\n \n2. To enable KRS, follow these steps when creating the user profile\n \n3. Log in to the emCA UI Portal as an Administrator and navigate to the user profile (refer emCA User Manual). Then, select the \"**Is KRS enabled**\" checkbox.\n \n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| profile | String | Yes | A Certificate Profile name or Certificate Profile ID is a unique profile or template created for certificates. Profiles can be created by an admin on emCA or using the CA Management APIs.The \"rekey\" API facilitates the regenerating a certificate's remaining validity period by revoking the existing certificate. It requires a Certificate Signing Request (CSR) to generate a new certificate with the remaining validity timeframe. This workflow ensures the secure replacement of compromised or lost certificates, maintaining continuous secure communication while adhering to best practices in certificate management.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","request","regenerate"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"3602eac2-84a3-44cb-9fe7-2a94d51c7390","name":"200 OK – Certificate rekeyed","originalRequest":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"serialNo\": \"551c7bf7e4494a965c7ab38ad1ff4892\",\r\n \"output\": \"X509\",\r\n \"remarks\": \"test\",\r\n \"csr\": \"MIICzTCCAbUCAQAwgYcxCzAJBgNVBAYTAkdCMRYwFAYDVQQIEw1TdGFmZm9yZHNoaXJlMRcwFQYDVQQHEw5TdG9rZSBvbiBUcmVudDEjMCEGA1UEChMaUmVkIEtlc3RyZWwgQ29uc3VsdGluZyBMdGQxIjAgBgNVBAMTGXRlc3RjZXJ0LnJlZGtlc3RyZWwuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLeW88IeAIa3n23R99i874fh0jetf+STsGPgkfGXGJ++tclKGk3MJE0ijD4PNaxGXUCNULgn2ROyybm5sTmGzpEOD+1AAAyV+pLQoFNkHEFuudGqVM6XkPWfqaM2vKvdzUbPPC0X/MfDFGPxc8AY3TUM385c9c9/WOIF6NUcAvAFIQF0zG7evzJZBqDb4enUnatMSLHmxRWMi1JeHtfLINXhNitHewEQWgIB3j1xmh7CPO5FeTb6HzQDxc+f7uMisY6s9J/Ph3GeOCeIDooqU8jnfV5eGEzIMH5CFMZjajrNKF4DYK3YRyUI0K66+v0KILoUntEs++M20LhOn+VE9AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAUWE7oBX3SLjYNM53bsBOlNGnsgAp1P1fiCPpEKaZGEOUJ2xOguIHSu1N1ZigKpWmiAAZxuoagW1R/ANM3jXpvCLVBRv40AHCFsot9udrdCYjI43aDHAaYvLmT4/Pvpntcn0/7+g//elAHhr9UIooMZwwwo6yom67Jwfw/be/g7Mae7mPHZ2lsQTS02hEeqVynIRk2W9meQULrt+/atog0mqJSBx0WswtHliTc+nXFpQrwFIEzVuPGCOVw7LmCfNmHNCkZVuRSJB/9MdLmrfwchPI3NeTGSe+BZfsOtpt2/7j+bqeYKFu8B0stLoJBEnihxUoV18uZOmOeuVuX1N6nA==\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/request/regenerate","description":"The \"**rekey**\" API facilitates the regenerating a certificate's remaining validity period by revoking the existing certificate. It requires a Certificate Signing Request (CSR) to generate a new certificate with the remaining validity timeframe. This workflow ensures the secure replacement of compromised or lost certificates, maintaining continuous secure communication while adhering to best practices in certificate management.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | Yes | Certificate serial number for which rekey is initiated.The \"rekey\" API facilitates the regenerating a certificate's remaining validity period by revoking the existing certificate. It requires a Certificate Signing Request (CSR) to generate a new certificate with the remaining validity timeframe. This workflow ensures the secure replacement of compromised or lost certificates, maintaining continuous secure communication while adhering to best practices in certificate management.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","request","keystore","regenerate"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"648c683c-c4ee-4628-b84c-f617115457d0","name":"200 OK – KeyStore regenerated","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"serialNo\": \"551c7bf7e4494a965c7ab38ad1ff4892\",\r\n \"output\": \"X509\",\r\n \"remarks\": \"test\",\r\n \"csr\": \"MIICzTCCAbUCAQAwgYcxCzAJBgNVBAYTAkdCMRYwFAYDVQQIEw1TdGFmZm9yZHNoaXJlMRcwFQYDVQQHEw5TdG9rZSBvbiBUcmVudDEjMCEGA1UEChMaUmVkIEtlc3RyZWwgQ29uc3VsdGluZyBMdGQxIjAgBgNVBAMTGXRlc3RjZXJ0LnJlZGtlc3RyZWwuY28udWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWLeW88IeAIa3n23R99i874fh0jetf+STsGPgkfGXGJ++tclKGk3MJE0ijD4PNaxGXUCNULgn2ROyybm5sTmGzpEOD+1AAAyV+pLQoFNkHEFuudGqVM6XkPWfqaM2vKvdzUbPPC0X/MfDFGPxc8AY3TUM385c9c9/WOIF6NUcAvAFIQF0zG7evzJZBqDb4enUnatMSLHmxRWMi1JeHtfLINXhNitHewEQWgIB3j1xmh7CPO5FeTb6HzQDxc+f7uMisY6s9J/Ph3GeOCeIDooqU8jnfV5eGEzIMH5CFMZjajrNKF4DYK3YRyUI0K66+v0KILoUntEs++M20LhOn+VE9AgMBAAGgADANBgkqhkiG9w0BAQUFAAOCAQEAUWE7oBX3SLjYNM53bsBOlNGnsgAp1P1fiCPpEKaZGEOUJ2xOguIHSu1N1ZigKpWmiAAZxuoagW1R/ANM3jXpvCLVBRv40AHCFsot9udrdCYjI43aDHAaYvLmT4/Pvpntcn0/7+g//elAHhr9UIooMZwwwo6yom67Jwfw/be/g7Mae7mPHZ2lsQTS02hEeqVynIRk2W9meQULrt+/atog0mqJSBx0WswtHliTc+nXFpQrwFIEzVuPGCOVw7LmCfNmHNCkZVuRSJB/9MdLmrfwchPI3NeTGSe+BZfsOtpt2/7j+bqeYKFu8B0stLoJBEnihxUoV18uZOmOeuVuX1N6nA==\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/request/keystore/regenerate","description":"The \"**rekey**\" API facilitates the regenerating a certificate's remaining validity period by revoking the existing certificate. It requires a Certificate Signing Request (CSR) to generate a new certificate with the remaining validity timeframe. This workflow ensures the secure replacement of compromised or lost certificates, maintaining continuous secure communication while adhering to best practices in certificate management.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | Yes | Certificate serial number for which rekey is initiated.The \"revoke\" API facilitates the revocation of a certificate based on its serial number. This functionality is crucial for invalidating certificates that are compromised or no longer trusted.
\nRequired Header Parameters
\nBy specifying the serial number of the certificate, this API ensures immediate termination of its validity, thereby maintaining security and compliance with organizational policies regarding certificate management.
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","revoke"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"950c343b-84f3-4bec-802b-58289da9f30c","name":"200 OK – Certificate revoked","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"serialNo\": \"5dad5c16425f16273e65581aff03e9b1\",\r\n \"remarks\": \"test\",\r\n \"reason\": 1\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/revoke","description":"The \"**revoke**\" API facilitates the revocation of a certificate based on its serial number. This functionality is crucial for invalidating certificates that are compromised or no longer trusted.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nBy specifying the serial number of the certificate, this API ensures immediate termination of its validity, thereby maintaining security and compliance with organizational policies regarding certificate management.\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | Yes | Certificate serial number for which revoke is initiated.The 'suspend' API suspends certificates based on their serial numbers, crucial for invalidating compromised, or untrusted certificates. Users can also reinstate suspended certificates as needed, ensuring security and compliance with organizational policies.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","suspend"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"a3c52623-045b-4645-8a7c-c75843d17d44","name":"200 OK – Certificate suspended","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"serialNo\": \"5dad5c16425f16273e65581aff03e9b1\",\r\n \"remarks\": \"test\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/suspend","description":"The '**suspend**' API suspends certificates based on their serial numbers, crucial for invalidating compromised, or untrusted certificates. Users can also reinstate suspended certificates as needed, ensuring security and compliance with organizational policies.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | Yes | Certificate serial number for which revoke is initiated.The 'reinstate' API allows for the reinstatement of previously suspended certificates. This functionality is used to restore certificates that were temporarily invalidated due to compromise, or other reasons. By specifying the serial number of the suspended certificate, this API ensures the restoration of its validity, maintaining security and compliance with organizational certificate management policies.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","reinstate"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"386d0ba7-1aa1-4c8d-acba-14b827045489","name":"200 OK – Certificate reinstated","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"serialNo\": \"5dad5c16425f16273e65581aff03e9b1\",\r\n \"remarks\": \"test\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/reinstate","description":"The '**reinstate**' API allows for the reinstatement of previously suspended certificates. This functionality is used to restore certificates that were temporarily invalidated due to compromise, or other reasons. By specifying the serial number of the suspended certificate, this API ensures the restoration of its validity, maintaining security and compliance with organizational certificate management policies.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | Yes | Certificate serial number for which reinstate is initiated.The \"getCertificate\" API allows users to download a User certificate based on its serial number or retrieve the status of a manually authorized request using the requestId. This functionality supports efficient certificate management by providing access to specific certificates or the status of requests in a straightforward manner.
\nRequired Header Parameters
\nRequest Body Parameters
\nNote: Users must provide either the serial number or the request ID; both parameters cannot be included in the same request
\nRequest Parameters
\n","urlObject":{"path":["certificates","export"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"c796c248-f2ee-4967-abb0-8bcb4eda972f","name":"200 OK – Certificate exported","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"serialNo\": \"5dad5c16425f16273e65581aff03e9b1\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/export","description":"The \"**getCertificate**\" API allows users to download a User certificate based on its serial number or retrieve the status of a manually authorized request using the requestId. This functionality supports efficient certificate management by providing access to specific certificates or the status of requests in a straightforward manner.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n**Note**: Users must provide either the serial number or the request ID; both parameters cannot be included in the same request\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | No | Certificate serial numberThe \"getProfiles\" API retrieves all profiles created for the issuing CA, providing basic information such as profile name, profile ID, and validity. By specifying the CA name, users can efficiently manage and review all profiles associated with that issuing CA.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["profiles","export"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"f6f3d725-6008-4071-8202-f4a0c13b3352","name":"200 OK – Profiles listed","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"caName\": \"Example Issuing CA 01\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/profiles/export","description":"The \"**getProfiles**\" API retrieves all profiles created for the issuing CA, providing basic information such as profile name, profile ID, and validity. By specifying the CA name, users can efficiently manage and review all profiles associated with that issuing CA.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caName | String | Yes | Common name of CA CertifictaeThe \"getProfileInfo\" API retrieves profile information for a CA or USER by providing the profile name or profile id. This API helps in obtaining detailed information about specific profiles, facilitating efficient management and verification of CA or user profiles
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["profiles","info"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"0e954cb8-58fa-4c7e-a854-ce733899a0c3","name":"200 OK – Profile info returned","originalRequest":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"profile\": \"AXOS End-Entity - mTLS Communications Certificate\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/profiles/info","description":"The \"**getProfileInfo**\" API retrieves profile information for a CA or USER by providing the profile name or profile id. This API helps in obtaining detailed information about specific profiles, facilitating efficient management and verification of CA or user profiles\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| profile | String | Yes | Pass Certificate profile name or Id to be used to get profile informationThe \"getCertInfo\" API retrieves user certificate information by providing the Issuing CA's common name. This API helps in obtaining detailed information about user certificates issued by a specific Certificate Authority, facilitating efficient certificate management
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","info"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"52efe8bf-1d3c-4417-a8fb-5d44459de44c","name":"200 OK – Certificate info returned","originalRequest":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"caName\": \"Example Issuing CA 01\",\r\n \"noOfCertificates\": 5,\r\n \"round\": 0\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/info","description":"The \"**getCertInfo**\" API retrieves user certificate information by providing the Issuing CA's common name. This API helps in obtaining detailed information about user certificates issued by a specific Certificate Authority, facilitating efficient certificate management\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caName | String | Yes | Common name of CA CertifictaeThe \"getCertCount\" API retrieves the total count of certificates issued under the specified Issuing CA. By providing the Issuing CA's details, users can obtain an accurate count of all certificates issued by that CA.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","count"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"1fd752ac-8049-42b9-9504-a49701180b79","name":"200 OK – Count returned","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"responseType\": \"Y\",\r\n \"caName\": [\r\n \"Example Issuing CA 01\"\r\n ]\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/count","description":"The \"**getCertCount**\" API retrieves the total count of certificates issued under the specified Issuing CA. By providing the Issuing CA's details, users can obtain an accurate count of all certificates issued by that CA.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| responseType | String | No | The response will vary based on the **responseType** parameter. Please refer to the following expected responses:The \"getExpiringSoonCertInfo\" API retrieves information about certificates that are expiring soon, based on the specified number of days. Users can optionally provide the CA name to filter results for a specific Certificate Authority, aiding in the efficient management of certificates nearing expiration within the defined time frame.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","expiring"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"f65ee406-b620-4821-ae9b-e3099150c4fe","name":"200 OK – Expiring certs returned","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"noOfDays\": 1900,\r\n \"caName\": [\r\n \"\"\r\n ],\r\n \"round\": 0\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/expiring","description":"The \"**getExpiringSoonCertInfo**\" API retrieves information about certificates that are expiring soon, based on the specified number of days. Users can optionally provide the CA name to filter results for a specific Certificate Authority, aiding in the efficient management of certificates nearing expiration within the defined time frame.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| noOfDays | Integer | Yes | Number of days until certificates are nearing expiration.The \"getCAs\" API returns the common names of all available Issuing CA certificates in its response.
\nRequired Header Parameters
\nNOTE: This API does not require any input parameters.
\n","urlObject":{"path":["ca","list"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"9789ccfe-8d3c-42ce-b340-2d305a4241ce","name":"200 OK – CA list returned","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":"{{baseUrl}}/ca/list","description":"The \"**getCAs**\" API returns the common names of all available Issuing CA certificates in its response.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n### **Request Input Parameters**\n\n**NOTE**: This API does not require any input parameters."},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"SUCCESS\",\n \"cas\": [\n {\n \"caId\": \"1\",\n \"commonName\": \"Test Root Certificate 2026\",\n \"caType\": \"root\",\n \"status\": \"ACTIVE\"\n },\n {\n \"caId\": \"7\",\n \"commonName\": \"Example Issuing CA 01\",\n \"caType\": \"subCA\",\n \"status\": \"ACTIVE\"\n }\n ]\n}"}],"_postman_id":"e922c74d-1a3e-45d6-95c4-2065bcad8520"},{"name":"getCertificateChain","id":"1bf41932-a6b5-4e33-a50d-8c5dfa50f1f8","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"caName\": \"Example Issuing CA 01\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/chain/export","description":"The \"getCertificateChain\" API retrieves the complete certificate chain in encoded PEM format by provding the CA name. This functionality enables users to obtain all certificates in the chain associated with a specific Certificate Authority, facilitating comprehensive certificate management and validation.
\nRequired Header Parameters
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","chain","export"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"359ad2a2-7a89-414c-95a7-2492bd47f174","name":"200 OK – Chain returned","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"caName\": \"Example Issuing CA 01\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/certificates/chain/export","description":"The \"**getCertificateChain**\" API retrieves the complete certificate chain in encoded PEM format by provding the CA name. This functionality enables users to obtain all certificates in the chain associated with a specific Certificate Authority, facilitating comprehensive certificate management and validation.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caName | String | Yes | Common name of CA CertifictaeThe 'getCAs' API is supported by GET requests. It returns the common names of all available Issuing CA certificates in its response, where clientId is passed as a path variable.
\nRequired Header Parameters
\nURL
\n{{baseUrl}}/ca/list/{clientId}
Request Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["ca","list","{{x_client_id}}"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"6a577cca-6680-4d2b-b8a4-80cdb5f18fad","name":"200 OK – CA list returned","originalRequest":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":"{{baseUrl}}/ca/list/{{x_client_id}}","description":"The '**getCAs**' API is supported by GET requests. It returns the common names of all available Issuing CA certificates in its response, where clientId is passed as a path variable.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**URL**\n\n`{{baseUrl}}/ca/list/{clientId}`\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| clientId | String | Yes | You need to pass the clientId in path variable You will get the clientId from emCA when you register an external application user for consuming APIs.The 'getCertificateChain' API is GET-supported API where clientId and caname is passed as a path variable, API retrieves the complete certificate chain in encoded PEM format by provding the CA name. This functionality enables users to obtain all certificates in the chain associated with a specific Certificate Authority, facilitating comprehensive certificate management and validation.
\nRequired Header Parameters
\nURL
\n{{baseUrl}}/certificates/chain/export/{clientId}/{caName}
Request Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["certificates","chain","export","{{x_client_id}}","Example Issuing CA 01"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"d94d7c48-827d-4f37-979a-63c96c8b5d39","name":"200 OK – Chain returned","originalRequest":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":"{{baseUrl}}/certificates/chain/export/{{x_client_id}}/Example Issuing CA 01","description":"The '**getCertificateChain**' API is GET-supported API where clientId and caname is passed as a path variable, API retrieves the complete certificate chain in encoded PEM format by provding the CA name. This functionality enables users to obtain all certificates in the chain associated with a specific Certificate Authority, facilitating comprehensive certificate management and validation.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**URL**\n\n`{{baseUrl}}/certificates/chain/export/{clientId}/{caName}`\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| clientId | String | Yes | You need to pass the clientId in path variable You will get the clientId from emCA when you register an external application user for consuming APIs.The 'getProfileInfo' API is supported by GET requests. It retrieves profile information for a CA or user, where clientId, profile name, or profile ID is passed as path variables. This API facilitates the retrieval of detailed information about specific profiles, enhancing the efficient management and verification of CA or user profiles.
\nRequired Header Parameters
\nURL
\n{{baseUrl}}/profiles/info/{clientId}/{profileId}
Request Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["profiles","info","{{x_client_id}}","7"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"5fa0a227-6073-45c7-99f7-e9da3701ca5c","name":"200 OK – Profile info returned","originalRequest":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":"{{baseUrl}}/profiles/info/{{x_client_id}}/7","description":"The '**getProfileInfo**' API is supported by GET requests. It retrieves profile information for a CA or user, where clientId, profile name, or profile ID is passed as path variables. This API facilitates the retrieval of detailed information about specific profiles, enhancing the efficient management and verification of CA or user profiles.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**URL**\n\n`{{baseUrl}}/profiles/info/{clientId}/{profileId}`\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| clientId | String | Yes | You need to pass the clientId in path variable You will get the clientId from emCA when you register an external application user for consuming APIs.The 'getProfiles' API is GET-supported API where clientId and caname is passed as a path variable, It retrieves all profiles created for the issuing CA, providing essential details such as profile name, profile ID, and validity. Users specify the CA name to efficiently manage and review profiles associated with that issuing CA.
\nRequired Header Parameters
\nURL
\n{{baseUrl}}/profiles/export/{clientId}/{caName}
Request Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["profiles","export","{{x_client_id}}","Example Issuing CA 01"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"e5f1364c-6d0d-42f0-a31b-b4d8ae7d8e57","name":"200 OK – Profiles listed","originalRequest":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":"{{baseUrl}}/profiles/export/{{x_client_id}}/Example Issuing CA 01","description":"The '**getProfiles**' API is GET-supported API where clientId and caname is passed as a path variable, It retrieves all profiles created for the issuing CA, providing essential details such as profile name, profile ID, and validity. Users specify the CA name to efficiently manage and review profiles associated with that issuing CA.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**URL**\n\n`{{baseUrl}}/profiles/export/{clientId}/{caName}`\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| clientId | String | Yes | You need to pass the clientId in path variable You will get the clientId from emCA when you register an external application user for consuming APIs.The \"getCertificate\" API is a GET-supported API where clientId is passed as a path variable, and the serial number and requestId parameters need to be passed from the query parameters. This API allows users to download a user certificate based on its serial number or retrieve the status of a manually authorized request using the requestId, supporting efficient certificate management.
\nRequired Header Parameters
\nURL
\n{{baseUrl}}/certificates/export/{clientId}?serialNo={serialNo}
Request Body Parameters
\nNote: Users must provide either the serial number or the request ID; both parameters cannot be included in the same request
\nRequest Parameters
\n","urlObject":{"path":["certificates","export","{{x_client_id}}"],"host":["{{baseUrl}}"],"query":[{"key":"serialNo","value":"14e9a3feda3859f1078171b0b6241842"}],"variable":[]}},"response":[{"id":"4432ae1d-ca44-4948-9f38-59a38540f03e","name":"200 OK – Certificate returned","originalRequest":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":{"raw":"{{baseUrl}}/certificates/export/{{x_client_id}}?serialNo=14e9a3feda3859f1078171b0b6241842","host":["{{baseUrl}}"],"path":["certificates","export","{{x_client_id}}"],"query":[{"key":"serialNo","value":"14e9a3feda3859f1078171b0b6241842"}]},"description":"The \"**getCertificate**\" API is a GET-supported API where clientId is passed as a path variable, and the serial number and requestId parameters need to be passed from the query parameters. This API allows users to download a user certificate based on its serial number or retrieve the status of a manually authorized request using the requestId, supporting efficient certificate management.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**URL**\n\n`{{baseUrl}}/certificates/export/{clientId}?serialNo={serialNo}`\n\n**Request Body Parameters**\n\n**Note**: Users must provide either the serial number or the request ID; both parameters cannot be included in the same request\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| clientId | String | Yes | You need to pass the clientId in path variable You will get the clientId from emCA when you register an external application user for consuming APIs.The Certificate Management APIs provide a robust and secure solution for handling the entire lifecycle of digital certificates. These APIs enable automated processes for certificate issuance, renewal, revocation, and validation, ensuring efficient management and enhanced security. Supporting both RSA and ECC algorithms, these APIs are designed to integrate seamlessly with existing systems and adhere to industry standards for security and interoperability. By utilizing these APIs, organizations can maintain a compliant and reliable public key infrastructure (PKI) with minimal manual intervention.
\nTo ensure secure communication and multi-tenant isolation, all requests must include the following headers:
\nX-Nonce: A unique, per-request identifier used to prevent replay attacks by ensuring freshness and uniqueness.
X-Client-ID: Identifies the tenant or organization initiating the request, enabling proper scoping and access control.
X-Emca-Api-Key: A secure API key used to authenticate the client and authorize access to certificate management operations.
By leveraging these headers and adhering to a security-first approach, the Certificate Management APIs enable organizations to maintain a compliant, scalable, and reliable public key infrastructure (PKI) with minimal manual intervention.
\n","_postman_id":"261138d1-c52a-40d8-89b0-67a0ce078115"},{"name":"OCSP Management","item":[{"name":"createOcspCertificate","event":[{"listen":"prerequest","script":{"exec":[""],"type":"text/javascript","packages":{},"requests":{},"id":"b875d977-6dbf-4d17-b892-63e4a6bf79f5"}}],"id":"5cc584cf-c6cb-48a5-929e-edcdcb82a6b0","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"certificateRequestDetails\": {\r\n \"issuerCA\": \"3\",\r\n \"validityCriteria\": \"y\",\r\n \"validityValue\": \"5\",\r\n \"keyAlgorithm\": \"RSA2048\",\r\n \"signingAlgorithm\": \"SHA256WithRSA\",\r\n \"keyProfile\": \"PKCS11_PROFILE\",\r\n \"autoRenewal\": false,\r\n \"renewalPeriod\": \"30\",\r\n \"ocspSubjectAttributes\": [\r\n {\r\n \"oid\": \"2.5.4.3\",\r\n \"value\": \"Managemet OCSP\",\r\n \"dataType\": \"PrintableString\"\r\n }\r\n ],\r\n \"ocspExtensions\": {\r\n \"basicConstraints\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"2\"\r\n },\r\n \"authInfoAccess\": {\r\n \"isEnabled\": \"0\",\r\n \"isCritical\": \"0\",\r\n \"ocspURL\": \"http://example.com/ocsp\",\r\n \"sortOrder\": \"1\",\r\n \"caIssuerURL\": \"http://example.com/ca/testca.cer\"\r\n },\r\n \"certificatePolicy\": {\r\n \"isEnabled\": \"0\",\r\n \"isCritical\": \"0\",\r\n \"policyOID\": [\r\n {\r\n \"oid\": \"1.3.24.33.34.34\",\r\n \"noticeText\": \"User Notice\"\r\n }\r\n ],\r\n \"cpsURL\": \"http://www.example.com/repository/cps/test.pdf\",\r\n \"cpsPolicyOID\": \"2.16.356.100.1.8.2\",\r\n \"sortOrder\": \"3\"\r\n },\r\n \"crlDistribution\": {\r\n \"isEnabled\": \"0\",\r\n \"isCritical\": \"0\",\r\n \"crlURL\": \"http://www.example.com/repository/crls/test.crl\",\r\n \"sortOrder\": \"4\"\r\n },\r\n \"keyUsageAttributes\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"5\"\r\n },\r\n \"extendedKeyUsageAttributes\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"6\"\r\n },\r\n \"subjectKeyIdentifier\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"7\"\r\n },\r\n \"authorityKeyIdentifier\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"8\"\r\n },\r\n \"sanDetails\": {\r\n \"isEnabled\": \"0\",\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"1\",\r\n \"attributes\": [\r\n {\r\n \"type\": \"rfc822Name\",\r\n \"value\": \"test@test.com\",\r\n \"isMandatory\": \"0\"\r\n }\r\n ]\r\n },\r\n \"ocspNoRevocationChecking\": {\r\n \"isOcspNoRevocationCheckingCritical\": \"0\",\r\n \"sortOrder\": \"9\"\r\n },\r\n \"customExtensions\": [\r\n {\r\n \"type\": \"1.3.6.1.4.1.41577.5.9\",\r\n \"value\": \"string\",\r\n \"isCritical\": \"0\",\r\n \"isMandatory\": \"0\",\r\n \"dataType\": \"PrintableString\",\r\n \"sortOrder\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/ocsp","description":"The \"createOcspCertificate\" API creates an OCSP responder certificate within the emCA platform. The OCSP responder certificate is used to sign OCSP responses for certificate status queries.
\nRequired Header Parameters
\nRequest Body Parameters
\n","urlObject":{"path":["ocsp"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"053dbc4d-af86-4aef-8fd4-957fcc6ff83f","name":"200 OK – OCSP certificate created","originalRequest":{"method":"POST","header":[{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"certificateRequestDetails\": {\r\n \"issuerCA\": \"3\",\r\n \"validityCriteria\": \"y\",\r\n \"validityValue\": \"5\",\r\n \"keyAlgorithm\": \"RSA2048\",\r\n \"signingAlgorithm\": \"SHA256WithRSA\",\r\n \"keyProfile\": \"PKCS11_PROFILE\",\r\n \"autoRenewal\": false,\r\n \"renewalPeriod\": \"30\",\r\n \"ocspSubjectAttributes\": [\r\n {\r\n \"oid\": \"2.5.4.3\",\r\n \"value\": \"Managemet OCSP\",\r\n \"dataType\": \"PrintableString\"\r\n }\r\n ],\r\n \"ocspExtensions\": {\r\n \"basicConstraints\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"2\"\r\n },\r\n \"authInfoAccess\": {\r\n \"isEnabled\": \"0\",\r\n \"isCritical\": \"0\",\r\n \"ocspURL\": \"http://example.com/ocsp\",\r\n \"sortOrder\": \"1\",\r\n \"caIssuerURL\": \"http://example.com/ca/testca.cer\"\r\n },\r\n \"certificatePolicy\": {\r\n \"isEnabled\": \"0\",\r\n \"isCritical\": \"0\",\r\n \"policyOID\": [\r\n {\r\n \"oid\": \"1.3.24.33.34.34\",\r\n \"noticeText\": \"User Notice\"\r\n }\r\n ],\r\n \"cpsURL\": \"http://www.example.com/repository/cps/test.pdf\",\r\n \"cpsPolicyOID\": \"2.16.356.100.1.8.2\",\r\n \"sortOrder\": \"3\"\r\n },\r\n \"crlDistribution\": {\r\n \"isEnabled\": \"0\",\r\n \"isCritical\": \"0\",\r\n \"crlURL\": \"http://www.example.com/repository/crls/test.crl\",\r\n \"sortOrder\": \"4\"\r\n },\r\n \"keyUsageAttributes\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"5\"\r\n },\r\n \"extendedKeyUsageAttributes\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"6\"\r\n },\r\n \"subjectKeyIdentifier\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"7\"\r\n },\r\n \"authorityKeyIdentifier\": {\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"8\"\r\n },\r\n \"sanDetails\": {\r\n \"isEnabled\": \"0\",\r\n \"isCritical\": \"0\",\r\n \"sortOrder\": \"1\",\r\n \"attributes\": [\r\n {\r\n \"type\": \"rfc822Name\",\r\n \"value\": \"test@test.com\",\r\n \"isMandatory\": \"0\"\r\n }\r\n ]\r\n },\r\n \"ocspNoRevocationChecking\": {\r\n \"isOcspNoRevocationCheckingCritical\": \"0\",\r\n \"sortOrder\": \"9\"\r\n },\r\n \"customExtensions\": [\r\n {\r\n \"type\": \"1.3.6.1.4.1.41577.5.9\",\r\n \"value\": \"string\",\r\n \"isCritical\": \"0\",\r\n \"isMandatory\": \"0\",\r\n \"dataType\": \"PrintableString\",\r\n \"sortOrder\": \"1\"\r\n }\r\n ]\r\n }\r\n }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/ocsp","description":"The **\"createOcspCertificate\"** API creates an OCSP responder certificate within the emCA platform. The OCSP responder certificate is used to sign OCSP responses for certificate status queries.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caId | String | Yes | The ID of the CA for which the OCSP certificate is being created.The \"revoke\" API facilitates the revocation of a certificate based on its serial number. This functionality is crucial for invalidating certificates that are compromised or no longer trusted.
\nRequired Header Parameters
\nBy specifying the serial number of the certificate, this API ensures immediate termination of its validity, thereby maintaining security and compliance with organizational policies regarding certificate management.
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["ocsp","revoke"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"6a2ef15f-92f7-4321-95d7-547dff22248e","name":"200 OK – OCSP certificate revoked","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"revokeDetails\": {\r\n \"serialNo\": \"b87103199550c58354fe6c6ff4fa52e3\",\r\n \"reason\": 1,\r\n \"remarks\": \"test\"\r\n }\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/ocsp/revoke","description":"The \"**revoke**\" API facilitates the revocation of a certificate based on its serial number. This functionality is crucial for invalidating certificates that are compromised or no longer trusted.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nBy specifying the serial number of the certificate, this API ensures immediate termination of its validity, thereby maintaining security and compliance with organizational policies regarding certificate management.\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| serialNo | String | Yes | Certificate serial number for which revoke is initiated.The \"mapOcspCertificate\" API associates an OCSP responder certificate with a specific CA. Once mapped, the OCSP responder certificate is used to sign OCSP responses for certificates issued by that CA.
\nRequired Header Parameters
\nRequest Body Parameters
\n","urlObject":{"path":["ocsp","map"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"509233f1-d156-4ba4-a212-21dc4a0c5c12","name":"200 OK – OCSP mapped to CA","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"caId\": \"123\",\n \"ocspCertId\": \"456\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/ocsp/map","description":"The **\"mapOcspCertificate\"** API associates an OCSP responder certificate with a specific CA. Once mapped, the OCSP responder certificate is used to sign OCSP responses for certificates issued by that CA.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| caId | String | Yes | The ID of the CA to associate with the OCSP certificate.The \"cacheOcspResponse\" API enables or disables OCSP response caching and configures the cache refresh frequency. Caching improves OCSP responder performance by serving pre-signed responses without querying the database on every request.
\nRequired Header Parameters
\nRequest Body Parameters
\n","urlObject":{"path":["ocspResponse","cache"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"96f076a3-f793-4453-8eb6-3f8ae9d2886e","name":"200 OK – Cache configured","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\n \"enableCache\": \"true\",\n \"cacheFrequency\": \"456\"\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/ocspResponse/cache","description":"The **\"cacheOcspResponse\"** API enables or disables OCSP response caching and configures the cache refresh frequency. Caching improves OCSP responder performance by serving pre-signed responses without querying the database on every request.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\n**Request Body Parameters**\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| enableCache | String | Yes | Enable or disable OCSP response caching. **true** to enable, **false** to disable.The OCSP Management APIs provide a programmatic interface for managing the Online Certificate Status Protocol (OCSP) infrastructure within the emCA platform. These APIs allow administrators to create OCSP responder certificates, map OCSP certificates to CAs, revoke OCSP certificates, and configure OCSP response caching.
\nAll endpoints require X-Nonce, X-Client-ID, and X-Emca-Api-Key headers.
The \"manualBackup\" API allows Administrator or authorized external application users to initiate a manual backup of the application's configuration files and database.
\nRequired Header Parameters
\nThis API is essential for creating point-in-time backups to ensure recovery, auditability, and continuity in case of failure or data loss.
\nBy triggering this API, users can programmatically initiate a backup process without relying on scheduled tasks, enabling integration with external backup management systems.
\nRequest Body Parameters
\nNote: Users must provide atlease one perameters of backupProperties or backupDatabase; both parameters also be included in the same request
\nRequest Parameters
\n","urlObject":{"path":["backup","manual"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"3677851d-0186-472c-950c-c51ce10a6dea","name":"200 OK – Backup initiated","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"backupProperties\": true,\r\n \"backupDatabase\": true,\r\n \"filePath\": \"/backup/emca\",\r\n \"async\": false\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/backup/manual","description":"The **\"manualBackup\"** API allows **Administrator** or authorized **external application users** to initiate a **manual backup** of the application's **configuration files** and **database**.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nThis API is essential for creating point-in-time backups to ensure **recovery**, **auditability**, and **continuity** in case of failure or data loss.\n\nBy triggering this API, users can **programmatically initiate** a backup process without relying on scheduled tasks, enabling integration with external backup management systems.\n\n**Request Body Parameters**\n\n**Note**: Users must provide atlease one perameters of **backupProperties** or **backupDatabase**; both parameters also be included in the same request\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| backupProperties | Boolean | No | Its Conditional, Indicates whether configuration files should be backed upThe \"manualBackupStatus\" API is used to track the status of a manual backup operation that was initiated with \"async\": true.
Required Header Parameters
\nWhen a manual backup is triggered asynchronously, the system immediately returns a unique transactionId. This API allows users or external systems to query the current state of that backup operation by passing the transactionId in the URL.
This is essential for monitoring long-running backup processes and ensuring timely notifications or follow-up actions based on the outcome.
\nPossible Status Values:
\nIN_PROGRESS – The backup is still running.
COMPLETED – The backup finished successfully.
FAILED – The backup process encountered an error.
Path Parameter: transactionId — the unique ID returned when a manual backup is triggered with \"async\": true
Request Body Parameters
\nNote: Users must provide either the serial number or the request ID; both parameters cannot be included in the same request
\nRequest Parameters
\n","urlObject":{"path":["backup","manual","status","The \"automaticBackup\" feature allows the application to schedule automated backups of configuration files and database at predefined time intervals.
\nRequired Header Parameters
\nThis functionality ensures that critical data and configuration are backed up regularly without manual intervention, supporting disaster recovery, compliance, and operational continuity.
\nAdministrators can configure backup frequency, location, and retention policies to align with organizational requirements.
\nOnce configured, the system will automatically perform backups as per the defined schedule, reducing the risk of data loss due to unexpected failures.
\nRequest Body Parameters
\nRequest Parameters
\n","urlObject":{"path":["backup","schedule"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"b2ac0db6-ecf9-4936-92ea-64ad857e981e","name":"200 OK – Schedule configured","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"backupProperties\": true,\r\n \"backupDatabase\": true,\r\n \"filePath\": \"/backup/emca\",\r\n \"frequency\": \"Daily\",\r\n \"scheduledTime\": \"02:00\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/backup/schedule","description":"The **\"automaticBackup\"** feature allows the application to **schedule automated backups** of configuration files and database at predefined **time intervals**.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nThis functionality ensures that critical data and configuration are **backed up regularly** without manual intervention, supporting **disaster recovery**, **compliance**, and **operational continuity**.\n\nAdministrators can configure backup frequency, location, and retention policies to align with organizational requirements.\n\nOnce configured, the system will automatically perform backups as per the defined **schedule**, reducing the risk of data loss due to unexpected failures.\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| backupProperties | Boolean | No | Indicates whether configuration files should be included in the backup. |\n| backupDatabase | Boolean | No | Indicates whether the database should be included in the backup. |\n| filePath | String | Yes | Absolute path where the backup files will be stored. |\n| frequency | String | Yes | How often the backup should occur. Supported values: **Daily**, **Weekly**, **Monthly**. |\n| scheduledTime | String | Yes | Time at which the backup should start (24-hour format, e.g., 02:00). |"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"SUCCESS\",\n \"result\": \"Automatic backup schedule configured successfully\",\n \"requestId\": null,\n \"subscriberId\": null\n}"},{"id":"0d94c031-6203-4831-b5cc-9670d3705cb3","name":"400 Bad Request","originalRequest":{"method":"POST","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"body":{"mode":"raw","raw":"{\r\n \"backupProperties\": true,\r\n \"backupDatabase\": true,\r\n \"filePath\": \"/backup/emca\",\r\n \"frequency\": \"Daily\",\r\n \"scheduledTime\": \"02:00\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{baseUrl}}/backup/schedule","description":"The **\"automaticBackup\"** feature allows the application to **schedule automated backups** of configuration files and database at predefined **time intervals**.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nThis functionality ensures that critical data and configuration are **backed up regularly** without manual intervention, supporting **disaster recovery**, **compliance**, and **operational continuity**.\n\nAdministrators can configure backup frequency, location, and retention policies to align with organizational requirements.\n\nOnce configured, the system will automatically perform backups as per the defined **schedule**, reducing the risk of data loss due to unexpected failures.\n\n**Request Body Parameters**\n\nRequest Parameters\n\n| Parameter | Type | Required | Description |\n|-----------|------|----------|-------------|\n| backupProperties | Boolean | No | Indicates whether configuration files should be included in the backup. |\n| backupDatabase | Boolean | No | Indicates whether the database should be included in the backup. |\n| filePath | String | Yes | Absolute path where the backup files will be stored. |\n| frequency | String | Yes | How often the backup should occur. Supported values: **Daily**, **Weekly**, **Monthly**. |\n| scheduledTime | String | Yes | Time at which the backup should start (24-hour format, e.g., 02:00). |"},"status":"Bad Request","code":400,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"FAILURE\",\n \"result\": \"Invalid frequency value. Supported values: Daily, Weekly, Monthly\",\n \"requestId\": null,\n \"subscriberId\": null\n}"}],"_postman_id":"2658a70e-e84a-49e1-b6e4-3f578862c371"},{"name":"AutomcaticbackupStatus","id":"1e3c0ddd-e97f-4d93-8440-d839556259b1","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":"{{baseUrl}}/backup/schedule/status","description":"The \"automaticBackupStatus\" API is used to check the current status and configuration of the scheduled automatic backup feature.
\nRequired Header Parameters
\nThis API provides detailed insights into:
\nWhether automatic backups are currently enabled
\nThe last backup execution time
\nThe next scheduled backup time
\nThis functionality ensures administrators can monitor scheduled backup health, verify execution history, and ensure backups are aligned with disaster recovery and compliance strategies.
\nBy querying this API, users gain visibility into backup automation and can take necessary actions if backups are missed or delayed.
\n","urlObject":{"path":["backup","schedule","status"],"host":["{{baseUrl}}"],"query":[],"variable":[]}},"response":[{"id":"1410ecc2-5b5d-41ad-8d23-12f84e83328e","name":"200 OK – Schedule status","originalRequest":{"method":"GET","header":[{"key":"X-Nonce","value":"{{x_nonce}}","type":"text"},{"key":"X-Client-ID","value":"{{x_client_id}}","type":"text"},{"key":"X-Emca-Api-Key","value":"{{x_emca_api_key}}","type":"text"}],"url":"{{baseUrl}}/backup/schedule/status","description":"The **\"automaticBackupStatus\"** API is used to **check the current status** and configuration of the scheduled automatic backup feature.\n\n**Required Header Parameters**\n\n| Parameter | Type | Description |\n|-----------|------|-------------|\n| X-Nonce | String | A unique one-time value to prevent replay attacks |\n| X-Client-ID | String | The client identifier for authentication |\n| X-Emca-Api-Key | String | The API key for authentication |\n\nThis API provides detailed insights into:\n\n- Whether **automatic backups** are currently **enabled**\n \n- The **last backup execution time**\n \n- The **next scheduled backup time**\n \n\nThis functionality ensures administrators can **monitor scheduled backup health**, verify **execution history**, and ensure backups are aligned with disaster recovery and compliance strategies.\n\nBy querying this API, users gain visibility into backup automation and can take necessary actions if backups are missed or delayed."},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"status\": \"COMPLETED\",\n \"lastBackupTime\": \"2026-04-17T02:00:00\",\n \"nextBackupTime\": \"2026-04-18T02:00:00\",\n \"message\": \"Last backup completed successfully\"\n}"}],"_postman_id":"1e3c0ddd-e97f-4d93-8440-d839556259b1"}],"id":"664f4b03-367d-48ee-90fa-0cedee2ea7b3","description":"The Backup Management APIs provide a secure and programmatic interface for managing the backup lifecycle of the application's critical components, including configuration files and databases. These APIs enable both automated and manual control over backup operations to support disaster recovery, compliance, and operational resilience.
\nThey are designed for use by administrators or authorized external applications, and can be easily integrated into enterprise backup workflows or third-party management systems.
\nManual Backup Initiation: Trigger on-demand backups via the manualBackup API.
Scheduled Backup Control: Configure and manage automatic backup schedules.
\nBackup Status Monitoring: Retrieve logs or status of current and past backup operations.
\nRetention & Cleanup Management: Manage backup retention policies and clean up outdated backup files.
\nAll backup operations are executed securely and recorded for audit and compliance purposes.
\nAccess to the Backup Management APIs is restricted to authorized users and systems via:
\nX-Client-ID for tenant scoping
\nX-Emca-Api-Key for authentication
\nX-Nonce to prevent replay attacks
\nBy using these APIs, organizations can maintain reliable backup and restore capabilities with flexibility, transparency, and automation, ensuring continuity and protection of critical data.
\nNote : This will only work if user have required preveledge for backup.
\n","_postman_id":"664f4b03-367d-48ee-90fa-0cedee2ea7b3"}],"event":[{"listen":"prerequest","script":{"type":"text/javascript","packages":{},"requests":{},"exec":["function generateUUID() {\r"," let d = new Date().getTime();\r"," if (typeof performance !== 'undefined' && typeof performance.now === 'function'){\r"," d += performance.now(); // use high-precision timer if available\r"," }\r"," return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {\r"," const r = (d + Math.random()*16)%16 | 0;\r"," d = Math.floor(d/16);\r"," return (c==='x' ? r : (r&0x3|0x8)).toString(16);\r"," });\r","}\r","\r","const nonce = `${Date.now()}-${generateUUID()}`;\r","\r","// Set it as a global or local variable\r","pm.variables.set(\"baseUrl\", \"https://appemca.emudhra.com:8443/441/emCAServices/rest/v5\");\r","pm.variables.set(\"x_nonce\", nonce);\r","pm.variables.set(\"x_client_id\", \"tade1c9c-a272-42e8-a2a8-0803db4d5ec5\");\r","pm.variables.set(\"x_emca_api_key\", \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJncnBJZCI6IjEiLCJDbGllbnRJZCI6InRhZGUxYzljLWEyNzItNDJlOC1hMmE4LTA4MDNkYjRkNWVjNSIsImlhdCI6MTc3NjA2ODMwNywiZXhwIjoxNzc2MTQwMzA3fQ.fARlqwSZCHk0D7lCsWB7NnZe6gX8-gipeNmoBLdoF-4\");"],"id":"d5fc6fb8-eb11-46af-a63e-27ec6c273b79"}},{"listen":"test","script":{"type":"text/javascript","packages":{},"requests":{},"exec":[""],"id":"f0351b1d-5a67-4284-a899-e6da549bd1ff"}}]}