Setup
Create an X.509 Store service when you need to persist certificates directly through the Enterprise API or indirectly from an attached X.509 Certificate Service.
Create the service
Endpoint: /v1/{target}/resource-api/services/create | API Reference
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/resource-api/services/create' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '{
"type": "x509-store"
}'
Body
{
"type": "x509-store"
}
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.waltid.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant in which to create the new X.509 Store service and the service's ID ({organizationID}.{tenantID}.[NewX509StoreServiceID]), e.g.test.tenant1.x509-store-1.
Body Parameters
type: serviceType - Specifies the type of service to create. In this casex509-store.
Response Codes
201- Service created successfully.
Attach the store to an X.509 Certificate Service
This step is optional. Attach the X.509 Store to an existing X.509 Certificate Service if you want issued IACA or Document Signer certificates to be written into the store automatically.
Endpoint: /v1/{target}/x509-service-api/dependencies/add
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/x509-service-api/dependencies/add' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '"test.tenant1.x509-store-1"'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.waltid.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + X.509 service to which to add an existing X.509 Store ({organizationID}.{tenantID}.{x509ServiceID}), e.g.test.tenant1.x509-service-1.
Body Parameters
dependency: String - JSON string containing the fully-qualified path of the X.509 Store service to link, for exampletest.tenant1.x509-store-1.
Response Codes
201- Dependency attached successfully.
When one or more X.509 Stores are attached to an X.509 Certificate Service, issued certificates are stored in all attached stores using one shared storedCertificateId child ID. Issuance responses return full stored certificate paths in storedCertificateIds.
If no X.509 Store is attached, storedCertificateId is ignored on X.509 issuance requests and storedCertificateIds is omitted from issuance responses.
Attach the store to a VICAL Service
This step is optional. Attach the X.509 Store to an existing VICAL Service if the store contains vical-entry IACA certificates that should be included in published VICAL versions.
Endpoint: /v1/{target}/vical-service-api/dependencies/add
Example Request
curl -X 'POST' \
'https://{orgID}.enterprise-sandbox.waltid.dev/v1/{target}/vical-service-api/dependencies/add' \
-H 'accept: */*' \
-H 'Authorization: Bearer {yourToken}' \
-H 'Content-Type: application/json' \
-d '"test.tenant1.x509-store-1"'
Path Parameters
orgID: - When performing operations within an organization, it is essential to use the organization's Base URL or another valid host alias. For example, if your organization is namedtest, your default Base URL will betest.enterprise-sandbox.waltid.devwhen using the sandbox environment.target: resourceIdentifier - The target indicates the organization + tenant + VICAL service to which to add an existing X.509 Store ({organizationID}.{tenantID}.{vicalServiceID}), e.g.test.tenant1.vical-service.
Body Parameters
dependency: String - JSON string containing the fully-qualified path of the X.509 Store service to link, for exampletest.tenant1.x509-store-1.
Response Codes
201- Dependency attached successfully.
Each VICAL publication reads all attached X.509 Stores and includes only certificates stored as vical-entry.