# Certificate Management

## Prerequisites

Register your application with emCA and obtain credentials. Provide:

* **Username (appCode)**
* **Password**
* **Source IP address** for allowlisting

All API traffic must use HTTPS (TLS 1.2+).

##  Registration

1. Submit **appCode**, **password**, and **IP address**.
2. emCA issues a **ClientID** for your application.
3. Use the ClientID for all subsequent API requests.

## Authentication (JWT)

Certificate Management APIs use a short-lived **JWT** for authentication. To obtain a token, call the token endpoint with your **appCode**, **password**, and **ClientID**. The response returns a JWT and its expiry (`exp`). Include the token in each request header:

```
makefile

Authorization: Bearer <JWT>
```

Renew the token before expiry and discard expired tokens. Use one unique token per application context; do not share tokens across tenants or environments.

## Certificate Management APIs documentation

All APIs related to certificate issuance, management, and lifecycle operations:

* createCertificates
* createCustomCertificate
* createKeyStore
* getCAs
* getCertInfo
* getCertificate
* getCertificateChain
* getCertInfo
* getProfileInfo
* getProfiles
* reinstate
* rekey
* revoke
* suspend
* verifySignature

## emCA Version-Based Postman Links:

* [V4.3.1](https://documenter.getpostman.com/view/40123569/2sB34imfqj)

{% hint style="info" %}
Please refer in the respective version sections for older API Postman Collections.
{% endhint %}