Direct CA API v3.0

RESTful API for issuing Direct Certificate using Direct Trust Accrediated CA.

Manage Direct Certificates

Issue/Reissue/Renew/Revoke/Retrieve signing and encryption certificate using Direct Trust Accrediated CA

Authentication

Access Token is required in order to access CA API functions. Click here for OAuth2 authentication instruction.
Put a valid Access Token in each HTTP Request Header:
Authorization: Bearer {access_token}

Endpoints

FunctionEndpoint
Issue
post https://directca.maxmddirect.com/api/certificate/

Issue new signing and encryption certificate. The commonName of the subject is the identifier to be used by other functions.

Sample Codes:
Reissue
patch https://directca.maxmddirect.com/api/certificate/{commonName}

Reissue the signing and encryption certificates. This function allows you to re-key or update parameters. In HTTP Request body , no parameter is required. If any parameter is provided, the CA will re-issue the certificate with new provided parameters. No payment is required.

Sample Codes:
Renew
post https://directca.maxmddirect.com/api/certificate/renew/{commonName}

Renew the signing and encryption certificates. In HTTP Request body , only "durationYear" parameter is required. If other parameters are provided, the CA will renewed certificate with new provided parameters.

Sample Codes:
Revoke
post https://directca.maxmddirect.com/api/certificate/revoke/{commonName}/{reason}

Revoke the singing and encryption certificates. reason parameter should be one of the following values:

  • unspecified
  • keyCompromise
  • cACompromise
  • affiliationChanged
  • superseded
  • cessationOfOperation
  • certificateHold
  • removeFromCRL
  • privilegeWithdrawn
  • aACompromise
No HTTP Request body is required. No payment is required.

Sample Codes:
Retrieve
GET https://directca.maxmddirect.com/api/certificate/{commonName}

Retrieve the certificate record.

Sample Codes:

HTTP Request Header

Authorization: Bearer {accessToken}

Content-Type: application/json

Request Body (format: application/json)

NameTypeDescription
signingCertificatePkcs10Data String Signing Certificate CSR in base64 encoded format
encryptionCertificatePkcs10Data String Encryption Certificate CSR in base64 encoded format
contact ContactObject Certificate Contact Inforamtion with the following parameters
name String contact name
email String contact email
phone String contact phone
category String Use one of the following value:
  • CE : Covered Entiy
  • HE : Healthcare Entiy
  • BA : Business Associate
  • PATIENT : Patient
durationYear int Certificate valid period. Use 1, 2 or 3 .
npi String 10-digits NPI number. This parameter is required for CE certificate

HTTP Response Code

HTTP Code Description
200 Success.
400 Bad Request. Invalid action. Or some parameter is missing or invalid.
401 Unauthorized. No valid access token is found at request.
403 Forbidden. Permission denied for the requested action
404 Endpoint is not found
500 Server Error.

Error Response Body (format: application/json)

NameTypeDescription
error String Error message
description String Error description

Success Response Body (format: application/json)

NameTypeDescription
description String Description
certificate CertificateObject Certificate information with the following parameters
owner String TUser Username
identifier String Certificate common name
subject String Certificate Subject
issuer_subject String Certificate Issuer Subject
authority_key_identifier String Certificate Issuer Key Identifier
loa int Certificate Level of Authority level
category String Certificate category
npi String NPI number
valid_from String Certificate valid peroid start time (format: yyyy-MM-dd hh:mm:ss zzz)
valid_to String Certificate valid peroid end time (format: yyyy-MM-dd hh:mm:ss zzz)
contact_name String Certificate contact name
contact_email String Certificate contact email
contact_phone String Certificate contact phone
signing_cert_pkcs10 String Signing Certificate CSR in base64 encoded format
signing_cert_pkcs7 String Signing Certificate x509 certificate in base64 encoded format
signing_cert_serial String Signing Certificate Serial number in HEX format
encryption_cert_pkcs10 String Encryption Certificate CSR in base64 encoded format
encryption_cert_pkcs7 String Encryption Certificate x509 certificate in base64 encoded format
encryption_cert_serial String Encryption Certificate Serial number in HEX format
status String Certificate Status: valid, expired or revoked
created_ts String Certificate record created time (format: yyyy-MM-dd hh:mm:ss zzz)
updated_ts String Certificate record last updated time (format: yyyy-MM-dd hh:mm:ss zzz)
payment PaymentObject Payment information with the following parameters
recordId int Created Certificate record id
orderId int Order number
amount double Payment amount
durationYear int Certificate issued duration