Overview
IDIAL provides a REST API for managing connected OPC UA endpoints and their certificates. The API also covers PKI and EST integration configuration, certificate lifecycle monitoring, license management, maintenance scheduling, and TLS settings for the IDIAL container itself. The API is built with APIFlask (Python) and automatically publishes an OpenAPI specification at /openapi.json and interactive documentation at /docs.
Base URL
The default base URL of the IDIAL REST API is:
http://127.0.0.1:5000
The host can be overridden at container start. TLS can be enabled via POST /tls. Once TLS is active:
https://<host>:5000
Authentication
Most endpoints require an API key passed as an HTTP header:
X-API-Key: <your-api-key>
Alternatively, Bearer token format is accepted:
Authorization: Bearer <your-api-key>
The API key is configured via secrets/idial_api_key.txt inside the IDIAL container. The environment variable IDIAL_API_KEY_FILE can be used to specify a different path.
Endpoints without authentication
The following endpoints are accessible without an API key:
GET /docsGET /openapi.jsonGET /pki/ca/{pki_id}GET /pki/crl/{pki_id}
Content-Type
All requests and responses use Content-Type: application/json, except certificate/CRL download endpoints which return binary data.
Error Format
When an error occurs, the API returns a JSON response in the following format:
{
"error": "string"
}
Interactive Documentation
The OpenAPI specification is available at /openapi.json. An interactive Swagger UI is available at /docs while IDIAL is running. The aliases /swagger, /swagger-ui, and /api/docs also redirect to /docs.
Endpoint Overview
The following table lists all 74 endpoints of the IDIAL REST API, grouped by category.
| Category | Method | Path | Auth |
|---|---|---|---|
| System | GET | /systeminfo | No |
| System | POST | /systeminfo | Yes |
| System | GET | /gds/systeminfo | Yes |
| System | GET | /crl/systeminfo | Yes |
| System | GET | /supported-devices | Yes |
| System | GET | / | Yes |
| System | GET | /opcua_gds_dashboard.html | No |
| TLS | GET | /tls | Yes |
| TLS | POST | /tls | Yes |
| License | POST | /systeminfo/lic | Yes |
| License | GET | /systeminfo/lic | Yes |
| License | DELETE | /systeminfo/lic | Yes |
| Inventory | GET | /inventory | Yes |
| Inventory | POST | /inventory | Yes |
| Inventory | PATCH | /inventory | Yes |
| Inventory | GET | /gds/inventory | Yes |
| Inventory | POST | /gds/inventory | Yes |
| Inventory | PATCH | /gds/inventory | Yes |
| Inventory | GET | /gds/inventory/{host_or_url} | Yes |
| Inventory | DELETE | /gds/inventory/{host_or_url} | Yes |
| Inventory | POST | /gds/inventory/user | Yes |
| Inventory | PATCH | /gds/inventory/user | Yes |
| Inventory | GET | /gds/inventory/trustlist | Yes |
| Inventory | GET | /ssh/inventory | Yes |
| Certificate Monitoring | POST | /gds/monitor/crt | Yes |
| Certificate Monitoring | GET | /gds/monitor/crt/{host_or_url} | Yes |
| Certificate Monitoring | POST | /gds/inventory/crt | Yes |
| Certificate Monitoring | GET | /gds/inventory/crt/{host_or_url} | Yes |
| Certificate Monitoring | GET | /gds/monitor/plc/{host_or_url} | Yes |
| Certificate Monitoring | GET | /gds/monitor/firmware/{host_or_url} | Yes |
| Certificate Monitoring | GET | /gds/monitor/status/{host_or_url} | Yes |
| Trust List | POST | /gds/monitor/trustlist | Yes |
| Trust List | GET | /gds/monitor/trustlist/{host_or_url} | Yes |
| Trust List | DELETE | /gds/monitor/trustlist | Yes |
| Trust List | DELETE | /gds/monitor/trustlist/{host_or_url} | Yes |
| GDS Push | POST | /gds/push | Yes |
| GDS Push | GET | /gds/push/{host_or_url} | Yes |
| GDS Push | POST | /gds/push/onboarding | Yes |
| GDS Push | GET | /gds/push/onboarding/{host_or_url} | Yes |
| GDS Push | POST | /gds/push/change | Yes |
| GDS Firmware | POST | /gds/firmware | Yes |
| GDS Firmware | GET | /gds/monitor/firmware/{host_or_url} | Yes |
| GDS Client Certificate | GET | /gds/crt | Yes |
| PKI | GET | /pki | Yes |
| PKI | GET | /pki/inventory | Yes |
| PKI | GET | /pki/inventory/{pki_id} | Yes |
| PKI | GET | /pki/inventory/creator/{creator_id} | Yes |
| PKI | POST | /pki/inventory | Yes |
| PKI | PATCH | /pki/inventory/{pki_id} | Yes |
| PKI | DELETE | /pki/inventory/{pki_id} | Yes |
| PKI | GET | /pki/exec/validate/{pki_id} | Yes |
| PKI | GET | /pki/exec/validate-strict/{pki_id} | Yes |
| PKI | GET | /pki/ca/{pki_id} | No |
| PKI | GET | /pki/crl/{pki_id} | No |
| PKI | GET | /pki/crt/{pki_id} | Yes |
| PKI | POST | /pki/sign-client-csr | Yes |
| PKI | POST | /pki/sign-server-csr | Yes |
| Maintenance | GET | /maintenance/inventory | Yes |
| Maintenance | GET | /maintenance/inventory/{window_id} | Yes |
| Maintenance | POST | /maintenance/inventory | Yes |
| Maintenance | PATCH | /maintenance/inventory/{window_id} | Yes |
| Maintenance | DELETE | /maintenance/inventory/{window_id} | Yes |
| Maintenance | GET | /maintenance/rule | Yes |
| Maintenance | POST | /maintenance/rule | Yes |
| Maintenance | PATCH | /maintenance/rule/{rule_id} | Yes |
| Maintenance | DELETE | /maintenance/rule/{rule_id} | Yes |
| Maintenance | POST | /maintenance/test/{window_id} | Yes |
| Database | POST | /create/dummy-db | Yes |
| Database | DELETE | /sql/{totp_code} | Yes |
License & Feature Gating
Most endpoints require the core license feature. Endpoints are checked against the installed license on every request. If no valid license is installed, the API returns 403.
The /systeminfo/lic endpoint is exempt from feature gating and only requires the API key.