Setup
Create an X.509 Certificate Service when you need to issue IACA or Document Signer certificates through the Enterprise API.
Create the service
Endpoint: /v1/{target}/resource-api/services/create | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/resource-api/services/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"type": "x509-service"
}'
Body
{
"type": "x509-service"
}
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.waltid.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant in which to create the new X.509 Certificate service and the service's ID ({organizationID}.{tenantID}.[NewX509ServiceID]), e.g.test.tenant1.x509-service-1.
Body Parameters
type: serviceType - Specifies the type of service to create. In this casex509-service.
Response Codes
201- Service created successfully.
Attach a KMS service
Attach a KMS service if you want to use kms-hosted-key-descriptor in issuance requests.
Endpoint: /v1/{target}/x509-service-api/dependencies/add
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/x509-service-api/dependencies/add' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '"test.tenant1.kms1"'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.waltid.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + X.509 Certificate service to which to add an existing dependency service ({organizationID}.{tenantID}.{x509ServiceID}), e.g.test.tenant1.x509-service-1.
Body Parameters
dependency: String - JSON string containing the fully-qualified path of the KMS service to link, for exampletest.tenant1.kms1.
Response Codes
201- Dependency attached successfully.
If a request uses jwk-encoded-key-descriptor, the key is supplied directly in the request and no KMS dependency is required for that key input.
Attach an X.509 Store service
Attach one or more X.509 Store services if you want issued certificates to be persisted automatically.
Endpoint: /v1/{target}/x509-service-api/dependencies/add
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/x509-service-api/dependencies/add' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '"test.tenant1.x509-store-1"'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.waltid.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + X.509 Certificate service to which to add an existing dependency service ({organizationID}.{tenantID}.{x509ServiceID}), e.g.test.tenant1.x509-service-1.
Body Parameters
dependency: String - JSON string containing the fully-qualified path of the X.509 Store service to link, for exampletest.tenant1.x509-store-1.
Response Codes
201- Dependency attached successfully.
When one or more X.509 Store services are attached, the X.509 Certificate Service uses one shared storedCertificateId across all attached stores for each issuance request.