Siqn
Back to documentation

API Endpoints

This page provides detailed documentation for the API endpoints exposed by each service in the Quantum-Safe PKI project. These endpoints allow you to interact with the services programmatically.

CA Service API Endpoints

The CA Service provides endpoints for certificate signing, revocation, and status checking.

Sign CSR

POST /sign

Signs a Certificate Signing Request (CSR) and returns a certificate chain.

Request:

  • Content-Type: application/x-pem-file
  • Body: PEM-encoded CSR
  • Authentication: mTLS

Response:

  • Content-Type: application/x-pem-file
  • Body: PEM-encoded certificate chain (leaf certificate followed by intermediate and root certificates)
  • Status Codes: 200 OK, 400 Bad Request, 401 Unauthorized, 500 Internal Server Error

Revoke Certificate

POST /revoke-cert

Revokes a certificate by its serial number.

Request:

  • Content-Type: application/json
  • Body: JSON object with "serial" field containing the certificate serial number in hexadecimal
  • Authentication: mTLS

Response:

  • Content-Type: application/json
  • Body: JSON object with "status" field indicating success or failure
  • Status Codes: 200 OK, 400 Bad Request, 401 Unauthorized, 404 Not Found, 500 Internal Server Error

Certificate Revocation List

GET /crl

Returns the current Certificate Revocation List (CRL).

Request:

  • Authentication: None

Response:

  • Content-Type: application/pkix-crl
  • Body: DER-encoded X.509 CRL
  • Status Codes: 200 OK, 500 Internal Server Error

OCSP Responder

POST /ocsp

Processes Online Certificate Status Protocol (OCSP) requests and returns OCSP responses.

Request:

  • Content-Type: application/ocsp-request
  • Body: DER-encoded OCSP request
  • Authentication: None

Response:

  • Content-Type: application/ocsp-response
  • Body: DER-encoded OCSP response
  • Status Codes: 200 OK, 400 Bad Request, 500 Internal Server Error

Health Check

GET /healthz

Returns the health status of the CA Service.

Response:

  • Content-Type: application/json
  • Body: JSON object with "status" field set to "ok" if the service is healthy
  • Status Codes: 200 OK, 500 Internal Server Error

Readiness Check

GET /readyz

Returns the readiness status of the CA Service.

Response:

  • Content-Type: application/json
  • Body: JSON object with "status" field set to "ready" if the service is ready to accept requests
  • Status Codes: 200 OK, 503 Service Unavailable

Next Steps

Now that you understand the API endpoints provided by each service, you can proceed to:

  • Authentication: Learn about the authentication mechanisms used by the services.
  • Revocation: Learn about certificate revocation and CRL management.