Skip to main content

Overview

IDIAL provides a REST API for managing connected OPC UA endpoints and their certificates. The API also covers PKI and EST integration configuration, certificate lifecycle monitoring, license management, maintenance scheduling, and TLS settings for the IDIAL container itself. The API is built with APIFlask (Python) and automatically publishes an OpenAPI specification at /openapi.json and interactive documentation at /docs.

Base URL

The default base URL of the IDIAL REST API is:

http://127.0.0.1:5000

The host can be overridden at container start. TLS can be enabled via POST /tls. Once TLS is active:

https://<host>:5000

Authentication

Most endpoints require an API key passed as an HTTP header:

X-API-Key: <your-api-key>

Alternatively, Bearer token format is accepted:

Authorization: Bearer <your-api-key>

The API key is configured via secrets/idial_api_key.txt inside the IDIAL container. The environment variable IDIAL_API_KEY_FILE can be used to specify a different path.

Endpoints without authentication

The following endpoints are accessible without an API key:

  • GET /docs
  • GET /openapi.json
  • GET /pki/ca/{pki_id}
  • GET /pki/crl/{pki_id}

Content-Type

All requests and responses use Content-Type: application/json, except certificate/CRL download endpoints which return binary data.

Error Format

When an error occurs, the API returns a JSON response in the following format:

{
"error": "string"
}

Interactive Documentation

note

The OpenAPI specification is available at /openapi.json. An interactive Swagger UI is available at /docs while IDIAL is running. The aliases /swagger, /swagger-ui, and /api/docs also redirect to /docs.

Endpoint Overview

The following table lists all 74 endpoints of the IDIAL REST API, grouped by category.

CategoryMethodPathAuth
SystemGET/systeminfoNo
SystemPOST/systeminfoYes
SystemGET/gds/systeminfoYes
SystemGET/crl/systeminfoYes
SystemGET/supported-devicesYes
SystemGET/Yes
SystemGET/opcua_gds_dashboard.htmlNo
TLSGET/tlsYes
TLSPOST/tlsYes
LicensePOST/systeminfo/licYes
LicenseGET/systeminfo/licYes
LicenseDELETE/systeminfo/licYes
InventoryGET/inventoryYes
InventoryPOST/inventoryYes
InventoryPATCH/inventoryYes
InventoryGET/gds/inventoryYes
InventoryPOST/gds/inventoryYes
InventoryPATCH/gds/inventoryYes
InventoryGET/gds/inventory/{host_or_url}Yes
InventoryDELETE/gds/inventory/{host_or_url}Yes
InventoryPOST/gds/inventory/userYes
InventoryPATCH/gds/inventory/userYes
InventoryGET/gds/inventory/trustlistYes
InventoryGET/ssh/inventoryYes
Certificate MonitoringPOST/gds/monitor/crtYes
Certificate MonitoringGET/gds/monitor/crt/{host_or_url}Yes
Certificate MonitoringPOST/gds/inventory/crtYes
Certificate MonitoringGET/gds/inventory/crt/{host_or_url}Yes
Certificate MonitoringGET/gds/monitor/plc/{host_or_url}Yes
Certificate MonitoringGET/gds/monitor/firmware/{host_or_url}Yes
Certificate MonitoringGET/gds/monitor/status/{host_or_url}Yes
Trust ListPOST/gds/monitor/trustlistYes
Trust ListGET/gds/monitor/trustlist/{host_or_url}Yes
Trust ListDELETE/gds/monitor/trustlistYes
Trust ListDELETE/gds/monitor/trustlist/{host_or_url}Yes
GDS PushPOST/gds/pushYes
GDS PushGET/gds/push/{host_or_url}Yes
GDS PushPOST/gds/push/onboardingYes
GDS PushGET/gds/push/onboarding/{host_or_url}Yes
GDS PushPOST/gds/push/changeYes
GDS FirmwarePOST/gds/firmwareYes
GDS FirmwareGET/gds/monitor/firmware/{host_or_url}Yes
GDS Client CertificateGET/gds/crtYes
PKIGET/pkiYes
PKIGET/pki/inventoryYes
PKIGET/pki/inventory/{pki_id}Yes
PKIGET/pki/inventory/creator/{creator_id}Yes
PKIPOST/pki/inventoryYes
PKIPATCH/pki/inventory/{pki_id}Yes
PKIDELETE/pki/inventory/{pki_id}Yes
PKIGET/pki/exec/validate/{pki_id}Yes
PKIGET/pki/exec/validate-strict/{pki_id}Yes
PKIGET/pki/ca/{pki_id}No
PKIGET/pki/crl/{pki_id}No
PKIGET/pki/crt/{pki_id}Yes
PKIPOST/pki/sign-client-csrYes
PKIPOST/pki/sign-server-csrYes
MaintenanceGET/maintenance/inventoryYes
MaintenanceGET/maintenance/inventory/{window_id}Yes
MaintenancePOST/maintenance/inventoryYes
MaintenancePATCH/maintenance/inventory/{window_id}Yes
MaintenanceDELETE/maintenance/inventory/{window_id}Yes
MaintenanceGET/maintenance/ruleYes
MaintenancePOST/maintenance/ruleYes
MaintenancePATCH/maintenance/rule/{rule_id}Yes
MaintenanceDELETE/maintenance/rule/{rule_id}Yes
MaintenancePOST/maintenance/test/{window_id}Yes
DatabasePOST/create/dummy-dbYes
DatabaseDELETE/sql/{totp_code}Yes

License & Feature Gating

Most endpoints require the core license feature. Endpoints are checked against the installed license on every request. If no valid license is installed, the API returns 403.

The /systeminfo/lic endpoint is exempt from feature gating and only requires the API key.