API Documentation

This page provides information on how to use the The Cert Graveyard API.

The recommended method of reporting certificates is to use the webform, certReport, or certReportCentral, but some advanced users may desire additional capabilities offered through using the API.

Authentication

For some most queries, an API key is required. Your API key is accessible through your profile page. The API key should be included as follows:


        X-API-KEY: your_api_key_here

Current API capabilities are limited.

What information can be collected by the API is still in development.
This page will be updated as more features are built out and made available.
To request functionality, email squiblydoo at pm.me

Endpoints

Query database

Query the database using a search parameter and a search term. This is very similar to the webform.

Required headers:

X-API-KEY: your_api_key_here
Content-Type: application/json

Required parameters:

search_parameter

sha256
malware
signer
issuer-short
issuer
serial
thumbprint
valid-from
valid-to
country
state
locality
email

search_term

(String to search for)

Example with Python:


        import requests
        import json

        url = "https://certgraveyard.org/api/query_database"
        data = {"search_parameter": "sha256", "search_term": "c36338fbc2b1913fd79443706dedbc9f58adcfaf5af1dab06a592446e8f6dec6"}
        headers = {
            "X-API-KEY": "your_api_key_here",
            "Content-Type": "application/json"
        }

        response = requests.post(url, headers=headers, data=json.dumps(data))

        print(response.text)

Download CSV

Download a CSV of the The Cert Graveyard database. This endpoint is unauthenticated to allow for easy use.

Example with python:


        import requests

        url = "https://certgraveyard.org/api/download_csv"

        response = requests.get(url)

        with open("certgraveyard_data.csv", "wb") as file:
            file.write(response.content)