Skip to main content
CertForge exposes a REST API for programmatic management. All endpoints require an API key.

Authentication

Generate API keys in Admin → API Keys → New Key. Keys are org-scoped. Store them securely — they are shown once at creation time.

Base URL

Certificates

List

Get

Returns the certificate record plus PEM-encoded certificate.

Revoke

Valid reasons: key_compromise, ca_compromise, affiliation_changed, superseded, cessation_of_operation.

Approvals

List

Get

Approve

Reject

Audit

Query events

Organizations (platform API)

Requires a platform admin API key.

Error format

Rate limiting

1000 requests per minute per API key. Response headers:

mTLS enrollment API

The device enrollment API is separate from the REST API and uses mutual TLS:
Requires a client certificate in the TLS handshake. See the Certificates guide for details.