Skip to main content
All requests to the Digital Certificate Confirmation API must include your Institution API Secret key in the X-DigiCert-Secret request header. There is no token exchange step — you use the key directly.

Generate your API Secret key

  1. Log in to the Digital Certificate platform with your Institution account.
  2. Navigate to your profile settings.
  3. Generate an API Secret key. Copy and store it immediately — the platform will not show it again in full.
Production and sandbox are separate environments, each with its own API Secret key. Generate a key for each environment from your Institution profile. See Environments for the base URLs.

Include the key in requests

Pass the key in the X-DigiCert-Secret header of every API request: 
X-DigiCert-Secret: <your_api_secret_key>

curl --request POST \
  --url https://api.smartdocument.org/api/v1/external/certificate/confirm \
  --header 'X-DigiCert-Secret: YOUR_API_SECRET_KEY' \
  --header 'Content-Type: application/json' \
  --data '{ "certificates": [] }'

Handling authentication errors

A missing or invalid key returns 401 Unauthorized: 
{
    "status": "FAILED",
    "message": "Invalid key provided.",
    "data": null,
    "subCode": null
}
If you receive a 401, verify the key value and confirm it was generated for the correct Institution account.

Keeping your key secure

Your API Secret key grants full access to your Institution account. Never embed it in client-side code, mobile app binaries, or commit it to version control.
Store the key in an environment variable and read it at runtime:
DIGICERT_SECRET_KEY=your_api_secret_key_here
For production deployments, use a dedicated secrets manager such as AWS Secrets Manager or HashiCorp Vault instead of a .env file.