Setup

Create an X.509 Store service when you need to persist certificates directly through the Enterprise API or indirectly from an attached X.509 Certificate Service.

Create the service

CURL

Endpoint: /v1/{target}/resource-api/services/create | API Reference

Example Request

curl -X 'POST' \
  'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/resource-api/services/create' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourToken}' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "x509-store"
}'

Body

{
  "type": "x509-store"
}

Path Parameters

  • orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is named test, your default Base URL will be test.enterprise-sandbox.waltid.dev when using the sandbox environment.
  • target: resourceIdentifier - The target indicates the organization + tenant in which to create the new X.509 Store service and the service's ID ({organizationID}.{tenantID}.[NewX509StoreServiceID]), e.g. test.tenant1.x509-store-1.

Body Parameters

  • type: serviceType - Specifies the type of service to create. In this case x509-store.

Response Codes

  • 201 - Service created successfully.

Attach the store to an X.509 Certificate Service

This step is optional. Attach the X.509 Store to an existing X.509 Certificate Service if you want issued IACA or Document Signer certificates to be written into the store automatically.

CURL

Endpoint: /v1/{target}/x509-service-api/dependencies/add

Example Request

curl -X 'POST' \
  'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/x509-service-api/dependencies/add' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer {yourToken}' \
  -H 'Content-Type: application/json' \
  -d '"test.tenant1.x509-store-1"'

Path Parameters

  • orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is named test, your default Base URL will be test.enterprise-sandbox.waltid.dev when using the sandbox environment.
  • target: resourceIdentifier - The target indicates the organization + tenant + X.509 service to which to add an existing X.509 Store ({organizationID}.{tenantID}.{x509ServiceID}), e.g. test.tenant1.x509-service-1.

Body Parameters

  • dependency: String - JSON string containing the fully-qualified path of the X.509 Store service to link, for example test.tenant1.x509-store-1.

Response Codes

  • 201 - Dependency attached successfully.

When one or more X.509 Stores are attached to an X.509 Certificate Service, issued certificates are stored in all attached stores using one shared storedCertificateId.

If no X.509 Store is attached, storedCertificateId is ignored on X.509 issuance requests and omitted from issuance responses.

Last updated on March 10, 2026
OverviewManage Certificates