RA API
Overview
The Redtrust RA API is a REST API that implements the operations of a registration authority (RA). It lets partners with certificate issuance capabilities manage the complete certificate lifecycle: authentication, key generation, CSR creation, and certificate issuance and renewal. It currently supports integration with Camerfirma.
It is designed for integrators acting as registration authorities within the Redtrust PKI infrastructure.
Base URL
https://YOUR_REDTRUST_IP:PORT/raapi
The default port is 8082. For example: https://localhost:8082/raapi/v1/csr/create.
Where:
YOUR_REDTRUST_IPis the IP address or host name of your Redtrust server.PORTis the port used to access the service.
Authentication
The RA API supports two authentication mechanisms:
Direct login with credentials
For server-to-server integrations, authenticate the user directly with POST /raapi/v1/auth/login. This endpoint returns an access token and a refresh token ready to use.
HMAC redirect flow
For integrations that require the user to authenticate through a Redtrust web interface, use the redirect flow: redirect the user to /authclient/auth/loginrequest with Consumer=RA_API, exchange the received temporary token for an access token, and use it to call the RA API. See the RA API integration guide for a step-by-step walkthrough of this flow.
In both cases, include the access token in all calls to protected endpoints:
Authorization: Bearer YOUR_ACCESS_TOKEN
You can refresh the access token at any time with PUT /raapi/v1/auth/refresh-token, without re-authenticating.
Response format
All endpoints return the following JSON structure:
{
"message": "string",
"messageType": "SUCCESS",
"errorCode": "string",
"data": {}
}
| Field | Description |
|---|---|
message | Descriptive message of the result. |
messageType | SUCCESS if the operation completed successfully; ERROR if a problem occurred. |
errorCode | Error identifier code, or OK when the operation succeeds. |
data | Response content. The type varies by endpoint. |