5. API Keys

API-keys Integration Manual

Create API Keys

1. Log in to HARICA CertManager

Visit HARICA’s CertManager and sign up to create your account. Fill in all the necessary fields.
Your personal information must be accurate and fully matched (letter-by-letter) with a government-issued identification document.

2. Activate 2FA

Once you log in, from the top right corner, click on your name and select Profile. From the Account Settings menu, click Enable and follow the on-screen instructions to activate Two-Factor Authentication (2FA) as it is required for granting access to roles and API Keys.

3. Access Role

After the process is completed, please inform the Enterprise Manager or an already assigned Enterprise Admin of your Enterprise in order to provide you access as Enterprise Admin or Enterprise Approver.

4. Create API Keys

Once you have been assigned a role, select the Profile tab again. Now, you will be able to see the option to create an API key. Click Create to generate your API key.
Please note that each user can create a maximum of 3 API Keys.

Give your API Key a friendly name. Click Create.

Save the code for the API Key.
CAUTION! Please note that, this is the only time you'll be able to view your API Key code. Make sure to copy and save it securely before checking the boxes below.

Introduction

These APIs allow enterprise-grade operations (e.g., certificate bulk issuance, data retrieval, request management) via secure authentication using API Keys (with the HTTP header X-API-Key). All endpoints return data in JSON format.

Common Requirements

  • All requests require a valid API Key via HTTP Header X-API-Key.

  • Responses are always in JSON.

  • This integrations supports only Enterprise Admin and Enterprise Approvers (SSL, S/MIME, Client Auth).

  • There are two endpoint styles:

    1. Form Data – for file uploads (e.g. CSV for Bulk Issuance)

    2. Body Data – for actions via structured JSON requests

  • Only predefined actionName (and where required, type) values are supported. Invalid values result in an error.

1. Bulk Certificate Issuance API

Endpoint

  • POST /cm/v1/bulk/create/{actionName}

Usage

  • Used for uploading CSV files to issue certificates in bulk:

    clientauth

    smime

Example Request

 
POST/cm/v1/bulk/create/clientauth
Headers:
  X-API-Key: {API_KEY}
Content-Type: multipart/form-data

Form fields:
  Value: {OrganizationId}
  File: the CSV (file upload)

The response will be a zip file with certificates. In case of error a JSON with the action outcome (status, error messages, etc.).

2. Get Data for Enterprise Admin and Approver

Endpoint

  • GET /cm/v1/admin/{actionName}

  • GET /cm/v1/enterprise/{actionName}/{type}

Usage

Supported actions include

Enterprise Admin:

  • enterprises

  • users

  • certificates

For revocation with Enterprise Admin APIs, a type path parameter (single, bulk, acme) is required.

Enterprise Approvers:

  • certificates

  • requests

For certain actions, a type path parameter (ssl, clientauth, smime) is required.
Note that the most of these GET APIs has a search/filtering functionality on url.

Enterprise Admin Endpoints

User Search:

  • /cm/v1/admin/users/email/support@harica.gr- Search for a specific user in your Enterprise by email address.

Certificate Search:

  • /cm/v1/admin/certificates/serial/{serialNumber}- Search for a specific certificate by serial number.

Certificate Lists by Status:

  • /cm/v1/admin/certificates/list/valid- Retrieve all valid certificates.

  • /cm/v1/admin/certificates/list/revoked- Retrieve all revoked certificates.

  • /cm/v1/admin/certificates/list/expired- Retrieve all expired certificates.

Enterprise Approver Endpoints

Transaction Search:

  • /cm/v1/enterprise/requests/ssl/id/{transactionId}- Search for an SSL request by transaction ID.

Request Lists by Status:

  • /cm/v1/enterprise/requests/ssl/list/pending- Retrieve all pending SSL requests.

  • /cm/v1/enterprise/requests/ssl/list/completed- Retrieve all completed SSL requests.

  • /cm/v1/enterprise/requests/ssl/list/cancelled- Retrieve all cancelled SSL requests.

  • /cm/v1/enterprise/requests/ssl/list/ready- Retrieve all ready SSL requests.

Examples

Get Enterprises

 
GET /cm/v1/admin/enterprises
Headers:
  X-API-Key: {API_KEY}
Content-Type: application/json

Get SSL Requests

 
GET /cm/v1/enterprise/requests/ssl
Headers:
  X-API-Key: {API_KEY}
Content-Type: application/json

3. Post Data for Enterprise Admin and Approver

Endpoint

  • POST /cm/v1/admin/{actionName}/{type}

  • POST /cm/v1/enterprise/{actionName}/{type}

Usage

Supported actions include

Enterprise Approver:

  • revoke

For revocation with Enterprise Admin API, a type path parameter (single, bulk, acme) is required.

Enterprise Approver:

  • accept

  • cancel

  • revoke

For certain actions, a type path parameter (ssl, clientauth, smime) is required.

Examples

Cancel SSL request

 
POST /cm/v1/enterprise/cancel/ssl
Headers:
  X-API-Key: {API_KEY}
Content-Type: application/json

Body:
{
  "TransactionId": "id1234",
  "Message": "Reason for cancel",
  "InformUser": true
}

Revoke SSL Certificate

 
POST /cm/v1/enterprise/revoke/ssl
Headers:
  X-API-Key: {API_KEY}
Content-Type: application/json

Body:
{
  "transactionId": "TransactionId",
  "message": "",
  "value": "4.9.1.1.1.1", //unspecified
  "informUser": true
}

Accept SSL Certificate

 
POST /cm/v1/enterprise/accept/ssl
Headers:
  X-API-Key: {API_KEY}
Content-Type: application/json

Body:
{
  "transactionId": "11591573-ad24-41ce-ad57-54c3f602e5e4",
  "message": "test"
}

Core Validations

  • Only supported actions and types are accepted (otherwise HTTP 400/404).

  • Invalid or missing API Key rejects the request.

  • File upload actions require valid and complete fields.

Endpoint Summary Table

Action Endpoint Method Description
Create Bulk Auth Certs /cm/v1/bulk/create/clientauth POST Bulk issuance client authentication certs
Create Bulk S/MIME Certs /cm/v1/bulk/create/smime POST Bulk issuance S/MIME certs
Get Enterprises /cm/v1/admin/enterprises GET Retrieve Enterprises
Get Enterprise Users (Enterprise Admin) /cm/v1/admin/users GET Retrieve Enterprise Users
Get Enterprise Certificates (Enterprise Admin) /cm/v1/admin/certificates GET Retrieve Enterprise Certificates
Revoke Certificate (Enterprise Admin) /cm/v1/admin/revoke/{type} POST Revoke Certificate (single, bulk, ACME)
Get Requests (SSL) /cm/v1/enterprise/requests/ssl GET Retrieve SSL requests
Accept Request (SSL) /cm/v1/enterprise/accept/ssl POST Accept SSL request
Cancel Request (SSL) /cm/v1/enterprise/cancel/ssl POST Cancel SSL request
Revoke Certificate (SSL) /cm/v1/enterprise/revoke/ssl POST Revoke SSL certificate

Additional variations exist for clientauth and smime types, following the same request/response patterns.