Version: 4.42

RA API endpoint reference

This page documents all RA API endpoints. For information on authentication and the response format, see the RA API overview.

Authentication

Log in

Authenticates a user with their credentials and returns an access token and a refresh token.

POST /raapi/v1/auth/login

Parameter	Value
Authentication	Not required
Content-Type	`application/json`

Body

{
  "username": "string",
  "password": "string",
  "domain": "string"
}

Response

{
  "message": "string",
  "messageType": "SUCCESS",
  "errorCode": "OK",
  "data": {
    "accessToken": "string",
    "refreshToken": "string",
    "expiration": "string"
  }
}

Refresh the token

Obtains a new access token using a valid refresh token.

PUT /raapi/v1/auth/refresh-token

Parameter	Value
Authentication	Not required
Content-Type	`application/json`

Body

{
  "refreshToken": "string"
}

Response

{
  "message": "string",
  "messageType": "SUCCESS",
  "errorCode": "OK",
  "data": {
    "accessToken": "string",
    "refreshToken": "string",
    "expiration": "string"
  }
}

Log out

Invalidates the authenticated user's refresh token.

DELETE /raapi/v1/auth/logout

Parameter	Value
Authentication	`Authorization: Bearer YOUR_ACCESS_TOKEN`
Body	—

Response

{
  "message": "string",
  "messageType": "SUCCESS",
  "errorCode": "OK",
  "data": {}
}

CSR generation

Create the CSR

Generates a key pair on the server and returns a CSR along with a requestCode to complete the issuance or renewal.

POST /raapi/v1/csr/create

Parameter	Value
Authentication	`Authorization: Bearer YOUR_ACCESS_TOKEN`
Content-Type	`application/json`

Body

{
  "dn": [
    {
      "attribute": "string",
      "value": "string"
    }
  ],
  "hashType": "SHA384",
  "keyLength": 2048,
  "keyType": "RSA",
  "provider": "string",
  "requestCode": "string",
  "info": {
    "proident_9b": "string"
  },
  "groupIds": [0],
  "thumbprintToRenew": "string"
}

Field	Type	Required	Description
`dn`	`array`	Yes	List of Distinguished Name (DN) attributes. Each element has an `attribute` (for example, `cn`, `o`, `c`) and a `value`.
`hashType`	`string`	Yes	Hash algorithm. For example: `SHA256`, `SHA384`, `SHA512`.
`keyLength`	`integer`	Yes	Key length in bits. For example: `2048`, `4096`.
`keyType`	`string`	Yes	Key type. For example: `RSA`, `DSA`.
`provider`	`string`	Yes	Name of the certificate provider (CA) configured in Redtrust.
`requestCode`	`string`	No	Request identifier. Optional on first issuance.
`info`	`object`	No	Additional provider-specific information.
`groupIds`	`array`	No	List of certificate group identifiers the certificate is assigned to.
`thumbprintToRenew`	`string`	No	Thumbprint of the certificate being renewed. Include this field only in renewal operations.

Response

{
  "message": "string",
  "messageType": "SUCCESS",
  "errorCode": "OK",
  "data": {
    "requestCode": "string",
    "csr": "string"
  }
}

Field	Description
`data.requestCode`	Request identifier. You must include it in the call to `PUT /raapi/v1/csr/finalize`.
`data.csr`	Generated CSR encoded in Base64.

Issuance example

Request

{
  "dn": [
    { "attribute": "cn", "value": "john doe" },
    { "attribute": "o", "value": "Redtrust" },
    { "attribute": "c", "value": "Brasil" },
    { "attribute": "st", "value": "PJE" },
    { "attribute": "l", "value": "Sao Paolo" },
    { "attribute": "ou", "value": "Development" }
  ],
  "hashType": "SHA384",
  "keyLength": 2048,
  "keyType": "RSA",
  "provider": "CA_BRASIL"
}

Response

{
  "message": "Operation finalized successfully",
  "messageType": "SUCCESS",
  "errorCode": "OK",
  "data": {
    "requestCode": "P775W98SSW4Z1774PMZU",
    "csr": "MIIDYzCCAksCAQAwADCCASIwDQ..."
  }
}

Finalization

Finalize issuance

Completes the issuance or renewal process using the requestCode obtained when creating the CSR.

PUT /raapi/v1/csr/finalize

Parameter	Value
Authentication	`Authorization: Bearer YOUR_ACCESS_TOKEN`
Content-Type	`application/json`

Body

{
  "dataInB64": "string",
  "requestCode": "string"
}

Field	Type	Required	Description
`dataInB64`	`string`	Yes	Additional data encoded in Base64, if required by the provider.
`requestCode`	`string`	No	Request identifier obtained in the call to `POST /raapi/v1/csr/create`.

Response

{
  "message": "string",
  "messageType": "SUCCESS",
  "errorCode": "OK",
  "data": {
    "idCertificate": 0,
    "thumbprint": "string",
    "csrAuditDataValues": {}
  }
}

Field	Description
`data.idCertificate`	Identifier of the certificate issued in Redtrust.
`data.thumbprint`	Thumbprint of the issued certificate.
`data.csrAuditDataValues`	Audit data from the CSR creation process.

Authentication​

Log in​

Body​

Response​

Refresh the token​

Body​

Response​

Log out​

Response​

CSR generation​

Create the CSR​

Body​

Response​

Issuance example​

Finalization​

Finalize issuance​

Body​

Response​

Authentication

Log in

Body

Response

Refresh the token

Body

Response

Log out

Response

CSR generation

Create the CSR

Body

Response

Issuance example

Finalization

Finalize issuance

Body

Response