RA API
Overview
The Redtrust RA API is a REST API that implements the operations of a registration authority (RA). It lets partners with certificate issuance capabilities manage the complete certificate lifecycle: authentication, key generation, CSR creation, and certificate issuance and renewal.
It is designed for integrators acting as registration authorities within the Redtrust PKI infrastructure.
Base URL
https://YOUR_REDTRUST_IP:PORT/raapi
The default port is 8082. For example: https://localhost:8082/raapi/v1/csr/create.
Where:
YOUR_REDTRUST_IPis the IP address or host name of your Redtrust server.PORTis the port used to access the service.
Authentication
The RA API supports two authentication mechanisms:
Direct login with credentials
For server-to-server integrations, authenticate the user directly with POST /raapi/v1/auth/login. This endpoint returns an access token and a refresh token ready to use.
HMAC redirect flow
For integrations that require the user to authenticate through a Redtrust web interface, use the redirect flow: redirect the user to /authclient/auth/loginrequest with Consumer=RA_API, exchange the received temporary token for an access token, and use it to call the RA API. See the Certificate Enroll integration guide for a step-by-step walkthrough of this flow.
In both cases, include the access token in all calls to protected endpoints:
Authorization: Bearer YOUR_ACCESS_TOKEN
You can refresh the access token at any time with PUT /raapi/v1/auth/refresh-token, without re-authenticating.
Response format
All endpoints return the following JSON structure:
{
"message": "string",
"messageType": "SUCCESS",
"errorCode": "string",
"data": {}
}
| Field | Description |
|---|---|
message | Descriptive message of the result. |
messageType | SUCCESS if the operation completed successfully; ERROR if a problem occurred. |
errorCode | Error identifier code, or OK when the operation succeeds. |
data | Response content. The type varies by endpoint. |