Overview
IDIAL provides a REST API for managing the inventory of connected OPC UA endpoints and their certificates. In addition, the API enables the configuration of PKI and EST integrations, certificate lifecycle monitoring, and control of the TLS settings of the IDIAL container itself. The API is provided by APIFlask (Python) and automatically publishes an OpenAPI specification at /openapi.json as well as interactive documentation at /docs.
Base URL
The default base URL of the IDIAL REST API is:
http://127.0.0.1:5000
The host can be overridden at container startup. TLS can be enabled via POST /tls. Once TLS is active, the following scheme applies:
https://<host>:5000
Authentication
Most endpoints require an API key passed as an HTTP header:
X-API-Key: <your-api-key>
The API key is configured via the file secrets/idial_api_key.txt inside the IDIAL container. Alternatively, the environment variable IDIAL_API_KEY_FILE can be used to specify a different file path.
Endpoints Without Authentication
The following endpoints are accessible without an API key:
GET /systeminfoGET /tls
Content-Type
All requests and responses use Content-Type: application/json.
Error Format
If an error occurs, the API returns a JSON response in the following format:
{
"error": "string"
}
Endpoint Overview
The following table lists all 35 endpoints of the IDIAL REST API, grouped by category.
The OpenAPI specification is available at /openapi.json. An interactive Swagger UI is available at /docs while IDIAL is running.
| Category | Method | Path | Auth |
|---|---|---|---|
| System | GET | /systeminfo | No |
| System | POST | /systeminfo | Yes |
| System | GET | /gds/systeminfo | Yes |
| System | GET | /crl/systeminfo | Yes |
| System | GET | /supported-devices | Yes |
| TLS Configuration | GET | /tls | No |
| TLS Configuration | POST | /tls | Yes |
| Inventory | GET | /inventory | Yes |
| Inventory | POST | /inventory | Yes |
| Inventory | PATCH | /inventory | Yes |
| Inventory | GET | /gds/inventory | Yes |
| Inventory | POST | /gds/inventory | Yes |
| Inventory | PATCH | /gds/inventory | Yes |
| Inventory | GET | /gds/inventory/{host_or_url} | Yes |
| Inventory | GET | /ssh/inventory | Yes |
| Certificate Monitoring | POST | /gds/monitor/crt | Yes |
| Certificate Monitoring | GET | /gds/monitor/crt/{host_or_url} | Yes |
| Certificate Monitoring | POST | /gds/inventory/crt | Yes |
| Certificate Monitoring | GET | /gds/inventory/crt/{host_or_url} | Yes |
| Certificate Monitoring | GET | /gds/monitor/plc/{host_or_url} | Yes |
| Trust List | POST | /gds/monitor/trustlist | Yes |
| Trust List | GET | /gds/monitor/trustlist/{host_or_url} | Yes |
| Trust List | DELETE | /gds/monitor/trustlist | Yes |
| GDS Push | POST | /gds/push | Yes |
| GDS Push | GET | /gds/push/{host_or_url} | Yes |
| GDS Push | POST | /gds/push/change | Yes |
| GDS Firmware | POST | /gds/firmware | Yes |
| GDS Firmware | GET | /gds/firmware/{host_or_url} | Yes |
| GDS Status | GET | /gds/status/{host_or_url} | Yes |
| GDS Client Certificate | GET | /gds/crt | Yes |
| PKI | GET | /pki | Yes |
| PKI | GET | /pki/ca | Yes |
| PKI | GET | /pki/crl | Yes |
| PKI | POST | /pki/sign-client-csr | Yes |
| PKI | POST | /pki/sign-server-csr | Yes |