Certificates API

Certificates API

Manage certificates programmatically using the TigerTrust API.

Base URL

https://api.tigertrust.io/api

Response Format

All responses follow a consistent structure:

// Success (list)
{
  "data": [...],
  "pagination": {
    "page": 1,
    "limit": 50,
    "total": 150,
    "totalPages": 3
  }
}

// Success (single)
{
  "data": {...}
}

// Error
{
  "error": {
    "code": "ERROR_CODE",
    "message": "Human-readable message",
    "details": {}
  }
}

---

List Certificates

GET /api/certificates

Query Parameters: Example:

curl -X GET "https://api.tigertrust.io/api/certificates?status=expiring&limit=10" \
  -H "X-Agent-API-Key: ak_your_key"

Response:

{
  "data": [
    {
      "id": 1,
      "commonName": "example.com",
      "issuer": "Let's Encrypt Authority X3",
      "serialNumber": "03:ab:cd:ef:12:34",
      "fingerprint": "SHA256:abc123...",
      "subjectAlternativeNames": ["example.com", "www.example.com"],
      "validFrom": "2024-01-01T00:00:00Z",
      "validTo": "2024-04-01T00:00:00Z",
      "keyType": "RSA",
      "keySize": 2048,
      "status": "active",
      "renewalStatus": "pending",
      "certificateAuthorityId": 5,
      "createdAt": "2024-01-01T00:00:00Z"
    }
  ],
  "pagination": {
    "page": 1,
    "limit": 10,
    "total": 45,
    "totalPages": 5
  }
}

---

Get Certificate

GET /api/certificates/:id

Response:

{
  "data": {
    "id": 1,
    "commonName": "example.com",
    "issuer": "Let's Encrypt Authority X3",
    "serialNumber": "03:ab:cd:ef:12:34",
    "fingerprint": "SHA256:abc123...",
    "subjectAlternativeNames": ["example.com", "www.example.com"],
    "validFrom": "2024-01-01T00:00:00Z",
    "validTo": "2024-04-01T00:00:00Z",
    "keyType": "RSA",
    "keySize": 2048,
    "status": "active",
    "certificate": "-----BEGIN CERTIFICATE-----\n...",
    "chain": "-----BEGIN CERTIFICATE-----\n...",
    "locations": [
      {
        "agentId": "agent-01",
        "hostname": "web-server-1",
        "path": "/etc/nginx/ssl/server.crt",
        "hasPrivateKey": true
      }
    ]
  }
}

---

Create Certificate

POST /api/certificates

Request Body:

{
  "commonName": "newsite.example.com",
  "subjectAlternativeNames": ["www.newsite.example.com"],
  "certificateAuthorityId": 5,
  "keyType": "RSA",
  "keySize": 2048,
  "validityDays": 90,
  "autoRenew": true,
  "renewalThresholdDays": 30
}

---

Update Certificate

PUT /api/certificates/:id

Request Body:

{
  "autoRenew": true,
  "renewalThresholdDays": 14,
  "deploymentTargets": ["nginx-main", "haproxy-lb"]
}

---

Revoke Certificate

POST /api/certificates/:id/revoke

Request Body:

{
  "reason": "keyCompromise",
  "comments": "Key was exposed in security incident"
}

Revocation Reasons:

• unspecified
• keyCompromise
• cACompromise
• affiliationChanged
• superseded
• cessationOfOperation

---

Renew Certificate

POST /api/certificates/:id/renew

Request Body:

{
  "method": "acme",
  "deployAfterRenewal": true
}

Renewal Methods:

• acme - ACME protocol (Let's Encrypt, ZeroSSL)
• csr - Generate CSR for manual renewal
• api - CA API integration (DigiCert, Sectigo)

---

Deploy Certificate

POST /api/certificates/:id/deploy

Request Body:

{
  "targets": ["nginx-main"],
  "agentId": "agent-prod-01"
}

---

Get Certificate Statistics

GET /api/certificates/stats

Response:

{
  "data": {
    "total": 150,
    "active": 120,
    "expiring7Days": 5,
    "expiring30Days": 15,
    "expired": 8,
    "revoked": 7,
    "byAuthority": {
      "Let's Encrypt": 80,
      "DigiCert": 40,
      "Self-Signed": 30
    },
    "byKeyType": {
      "RSA": 100,
      "ECDSA": 50
    }
  }
}

---

Discovered Certificates

List Discovered Certificates

GET /api/discovered-certificates

Query Parameters:

---

Import Discovered Certificate

POST /api/discovered-certificates/:id/import

Request Body:

{
  "autoRenew": true,
  "renewalThresholdDays": 30,
  "certificateAuthorityId": 5
}

---

Error Codes