{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"ca7fc443-d7a0-4eec-b685-c167bb9d2298","name":"CERTInext API v2","description":"# CERTInext API v2 - REST APIs\n\nRESTful API for CERTInext certificate lifecycle management - issue, track, validate, renew, and revoke certificates programmatically. This collection is curated for **enterprise integrations**: BR-compliant SSL/TLS issuance, AATL-trusted Document Signer, and customer-owned Private PKI.\n\n---\n\n## Three-step setup\n\n1. **Pick your environment** (top-right env dropdown): Production, Sandbox, Demo, QA, or Localhost.\n    \n2. **Set credentials** in the environment: `accountNumber` (your account number) and `clientSecret` (the OAuth client secret - generate under **Integrations -> APIs** in the portal, **OAuth mode**).\n    \n3. **Get a Bearer token**: open **Authentication -> Get Bearer Token** and hit **Send**. The test script captures `access_token` into `{{accessToken}}` - every other request reuses it automatically.\n    \n\nAfter that, run any folder top-to-bottom. Test scripts auto-capture `orderId`, `requestId`, `domainId` between calls so the next request works without editing.\n\n---\n\n## What's covered\n\n| Folder | Endpoints | What you do here |\n| --- | --- | --- |\n| **Authentication** | 2 | Mint + refresh OAuth2 Bearer tokens |\n| **SSL/TLS Certificates** | 18 | Public-trust SSL - 8 product variants (DV / DV Wildcard / DV UCC / DV Wildcard UCC + same OV permutations) and full lifecycle |\n| **Document Signer Certificates** | 9 | AATL-trusted PDF signing - 3 subject types (Natural / Legal Person / Legal Entity) and lifecycle |\n| **Private PKI Certificates** | 8 | Customer-CA issuance - 2 variants (Intranet SSL / IGTF Host) and lifecycle |\n| **Domains** | 11 | Pre-register and validate domains: add, list, view, get DCV, change method, verify, resend, deactivate, attempt history |\n| **Accounts** | 4 | Identity, billing groups, organizations |\n| **Catalog** | 2 | Product entitlements + per-product custom fields |\n| **Reports** | 2 | Orders report, ledger statement |\n| **Reference** | 3 | Error codes, product codes, country codes |\n\n---\n\n## SSL/TLS workflow\n\n```\n1. Get Bearer Token\n2. Pick the right Create - Variant (DV / DV Wildcard / DV UCC / OV / OV Wildcard / …)\n3. Get DCV Challenges   ← optional: defaults to order's primary domain + dns-txt\n4. Publish the TXT record / HTTP file / reply to email\n5. Verify DCV\n6. Submit CSR\n7. Accept Agreement\n8. Track Order until status = issued\n9. Download Certificate   ← Accept: application/json | application/x-pem-file | application/pkix-cert\n\n ```\n\nOptional: **Cancel** before issuance, **Revoke** after, **Reissue** to rekey or add SANs.\n\n## Document Signer workflow\n\n```\n1. Get Bearer Token\n2. Create - Natural Person (or Legal Person, Legal Entity)\n3. Upload Documents (multipart)\n4. Submit CSR\n5. Accept Agreement\n6. Track until status = issued\n7. Download Certificate\n\n ```\n\n## Private PKI workflow\n\n```\n1. Get Bearer Token\n2. Create - Intranet SSL (or IGTF Host)\n3. Submit CSR\n4. Track until status = issued\n5. Download Certificate\n\n ```\n\n_No DCV, no Subscriber Agreement, no documents - your CA, your rules._\n\n## Domains workflow (pre-register)\n\n```\n1. Add Domain      ← persists row; method-id resolved against your account\n2. Get DCV       ← the TXT/HTTP challenge token is generated on first read\n3. Publish, then Verify DCV\n4. Domain becomes reusable in any later SSL order under the same account\n\n ```\n\nUse **Change DCV Method** to switch from DNS-TXT to HTTP-File or email; **Resend DCV Email** for email-based methods only.\n\n---\n\n## Conventions\n\n| Aspect | Standard |\n| --- | --- |\n| Auth header | `Authorization: Bearer` on every protected call |\n| Token endpoint | `POST /oauth/token` - `application/x-www-form-urlencoded` (RFC 6749 §3.2) |\n| Timestamps | ISO-8601 with timezone - `2026-05-08T13:00:00Z` (UTC; `06:00 PT` / `09:00 ET`) |\n| Phones | E.164 - e.g. `+14155551234` |\n| Countries | ISO 3166-1 alpha-2 - `US` for United States |\n| Currencies | ISO 4217 - `USD`, `CAD`, `MXN` |\n| State codes | Two-letter state codes - `NY`, `CA`, `TX`, `WA`, `MA` |\n| Errors | RFC 7807 `application/problem+json` |\n| IDs | Opaque strings - never parse, never guess |\n| Pagination | Two styles - see per-endpoint docs:  <br>• **Domains, DCV attempts** -> `?offset=0&limit=50`  <br>• **Reports (orders + ledger)** -> `?page=1&size=50` (1-based; `size` clamped to 1-100) |\n| `X-Product-Code` | Required header on every order create |\n\n---\n\n## Environment variables (collection-managed)\n\n| Variable | Filled by | Purpose |\n| --- | --- | --- |\n| `accountNumber` | You | Account number from CERTInext portal |\n| `clientSecret` | You | OAuth client secret (long-lived secret) |\n| `accessToken` | Get Bearer Token script | Bearer JWT - auto on every call |\n| `refreshToken` | Get Bearer Token script | Future token refresh |\n| `orderId` | Create Order scripts | Threaded into lifecycle calls |\n| `requestId` | Create Order scripts | Draft / reissue requests |\n| `domainId` | Add Domain script | Threaded into domain lifecycle |\n| `organizationNumber` | You | Pre-vetted org number for OV orders |\n| `groupNumber` | You (optional) | Cost-centre allocation |\n| `productCodeSslDv / DvWildcard / …` | Pre-filled per env | `X-Product-Code` for SSL variants |\n| `productCodeDocSignerNp1Y / Lp1Y / Le1Y` | Pre-filled per env | `X-Product-Code` for Document Signer |\n| `productCodePkiIntranet / Igtf` | Pre-filled per env | `X-Product-Code` for Private PKI |\n| `caProfileId / masterProductId` | You (optional) | Private PKI override - only set when you need to force a specific CA template / subscription slot. Otherwise the server derives both from `X-Product-Code`. |","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"40123569","team":1526668,"collectionId":"ca7fc443-d7a0-4eec-b685-c167bb9d2298","publishedId":"2sBXqJJLFh","public":true,"publicUrl":"https://documenter-api.postman.tech/view/40123569/2sBXqJJLFh","privateUrl":"https://go.postman.co/documentation/40123569-ca7fc443-d7a0-4eec-b685-c167bb9d2298","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":"API collection for eMudhra's Certificate Lifecycle Management Application - CERTInext"},{"name":"title","value":"CERTInext API Collection"}],"appearance":{"default":"light","themes":[{"name":"dark","logo":"https://content.pstmn.io/ce619835-b831-40a0-b66e-19ebd2ef74fa/Y2VydGluZXh0LWxvZ28ucG5n","colors":{"top-bar":"212121","right-sidebar":"303030","highlight":"FF6C37"}},{"name":"light","logo":"https://content.pstmn.io/ce619835-b831-40a0-b66e-19ebd2ef74fa/Y2VydGluZXh0LWxvZ28ucG5n","colors":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"}}]}},"version":"8.11.6","publishDate":"2026-05-13T06:31:51.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"CERTInext API Collection","description":"API collection for eMudhra's Certificate Lifecycle Management Application - CERTInext"},"logos":{"logoLight":"https://content.pstmn.io/ce619835-b831-40a0-b66e-19ebd2ef74fa/Y2VydGluZXh0LWxvZ28ucG5n","logoDark":"https://content.pstmn.io/ce619835-b831-40a0-b66e-19ebd2ef74fa/Y2VydGluZXh0LWxvZ28ucG5n"}},"statusCode":200},"environments":[{"name":"CERTInext V2 - Sandbox","id":"d6a16ee6-c158-4543-a8cb-9b98878e0cd9","owner":"40123569","values":[{"key":"v2BaseURL","value":"https://sandbox-us-api.certinext.io","type":"default","enabled":true,"description":"CERTInext API v2 base URL."},{"key":"accountNumber","value":"<your-account-number>","type":"default","enabled":true,"description":"Account number from the CERTInext portal -> Integration -> APIs."},{"key":"clientSecret","value":"<your-client-secret>","type":"secret","enabled":true,"description":"OAuth client secret. Generated in the CERTInext portal -> Integration -> APIs -> Create API Credentials (OAuth mode). Shown only once at creation; store securely."},{"key":"accessToken","value":"","type":"default","enabled":true,"description":"OAuth access token — populated automatically after first use; refreshed proactively before expiry."},{"key":"refreshToken","value":"","type":"default","enabled":true,"description":"OAuth refresh token — populated automatically; used by the pre-request script to refresh before expiry."},{"key":"orderId","value":"","type":"default","enabled":true,"description":"Auto-captured from order-create responses."},{"key":"requestId","value":"","type":"default","enabled":true},{"key":"groupNumber","value":"","type":"default","enabled":true},{"key":"organizationNumber","value":"","type":"default","enabled":true},{"key":"productCodeSslDv","value":"842","type":"default","enabled":true,"description":"SSL DV."},{"key":"productCodeSslOv","value":"846","type":"default","enabled":true,"description":"SSL OV."},{"key":"productCodeSslEv","value":"850","type":"default","enabled":true,"description":"SSL EV."},{"key":"productCodeDocSignerNp1Y","value":"819","type":"default","enabled":true,"description":"Document Signer - Natural Person, 1 year."},{"key":"productCodeDocSignerLp1Y","value":"822","type":"default","enabled":true,"description":"Document Signer - Legal Person, 1 year."},{"key":"productCodeDocSignerLe1Y","value":"825","type":"default","enabled":true,"description":"Document Signer - Legal Entity, 1 year."},{"key":"productCodePkiIntranet","value":"","type":"default","enabled":true,"description":"Private PKI Intranet SSL - from your private catalog."},{"key":"productCodePkiIgtf","value":"","type":"default","enabled":true},{"key":"productCodeSslEvUcc","value":"","type":"default","enabled":true},{"key":"productCodeSslDvWildcard","value":"","type":"default","enabled":true},{"key":"productCodeSslDvUcc","value":"","type":"default","enabled":true},{"key":"productCodeSslDvWildcardUcc","value":"","type":"default","enabled":true},{"key":"productCodeSslOvWildcard","value":"","type":"default","enabled":true},{"key":"productCodeSslOvUcc","value":"","type":"default","enabled":true},{"key":"productCodeSslOvWildcardUcc","value":"","type":"default","enabled":true},{"key":"tokenExpiresAt","value":"","type":"default","description":"Absolute ms timestamp of access-token expiry — written by the pre-request script. Do not edit manually.","enabled":true}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/17586df23c11a2bb1331efbf99ef6eb0999f58d68692dccd36307e8468d68b57","favicon":"https://res.cloudinary.com/postman/image/upload/v1707393252/team/gokkhzfpbnqw8ko5elkd.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"CERTInext V2 - Sandbox","value":"40123569-d6a16ee6-c158-4543-a8cb-9b98878e0cd9"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/2sBXqJJLFh"}