To send API request, you can create a service account (which is a bit like a user account) within your organisation. You can then set its permissions. For example, a service account might be permitted to issue certificates from a particular scheme.
Within a service account, you can create and name one or more API keys. These behave like passwords to authenticate the service account when it makes a request.
It is good practice to restrict the permissions of an API service account to only those that are needed. You should also keep your API keys secret and only share then with people you trust, for example an IT consultant setting up your APIs.
For logged in, trusted organisations, we have more detailed API schema information available here. If you are not permitted to see this page, you can contact us to apply.
We'll be adding more details and examples to this page soon, but if in the meantime you need help to automate certificate issuance, for example, please just get in touch.
Currently the supported automation services are those instigated externally - i.e. your platform makes a request to us. For the future, we are also investigating some webhook services whereby we 'push' information to your system when a change has occured.