Skip to main content
PUT
/
organizations
/
{id}
/
certificates
Upload Certificates
curl --request PUT \
  --url https://api.example.com/organizations/{id}/certificates \
  --header 'Authorization: <authorization>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "password": "<string>"
}
'
{
  "200": {},
  "400": {},
  "401": {},
  "403": {},
  "404": {},
  "certificateSerialNumber": "<string>",
  "certificateExpiresAt": "<string>",
  "certificateUpdatedAt": "<string>",
  "rfc": "<string>"
}

Description

Uploads CSD (Certificado de Sello Digital) certificate and private key files for electronic invoice signing. Files are encrypted with AWS KMS and stored securely in S3. Only the organization owner can perform this action.

Authorization

Authorization
string
required
Bearer token for authentication

Path Parameters

id
string
required
The unique ID of the organization

Body Parameters (multipart/form-data)

certificate
file
required
CSD certificate file (.cer extension, max 10MB)
privateKey
file
required
Private key file (.key extension, max 10MB)
password
string
required
Password to decrypt the private key

Response

certificateSerialNumber
string
Serial number extracted from the certificate
certificateExpiresAt
string
Certificate expiration date (ISO 8601 format)
certificateUpdatedAt
string
Timestamp when the certificate was uploaded
rfc
string
RFC (tax ID) extracted from the certificate, if available

Example Request

curl -X PUT "https://api.timbrix.com/organizations/123e4567-e89b-12d3-a456-426614174000/certificates" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "certificate=@/path/to/certificate.cer" \
  -F "privateKey=@/path/to/private.key" \
  -F "password=your_certificate_password"

Example Response

{
  "certificateSerialNumber": "30001000000400002463",
  "certificateExpiresAt": "2028-05-15T00:00:00.000Z",
  "certificateUpdatedAt": "2024-01-15T10:30:00.000Z",
  "rfc": "XAXX010101000"
}

Response Codes

200
OK
Certificate uploaded successfully
400
Bad Request
Invalid certificate files, wrong password, or expired certificate
401
Unauthorized
Authentication required
403
Forbidden
Access denied. Only organization owners can upload certificates
404
Not Found
Organization not found

Security

⚠️ OWNER ONLY: Only the organization OWNER can upload CSD certificates. Admins and members cannot perform this action. 🔐 Encryption: All certificate files are encrypted with AWS KMS (Server-Side Encryption) before being stored in S3. The certificate password is also encrypted with KMS before being stored in the database.

Notes

  • Certificate file must have .cer extension
  • Private key file must have .key extension
  • Maximum file size is 10MB per file
  • Expired certificates will be rejected
  • Certificate metadata (serial number, expiration date, RFC) is automatically extracted
  • Previous certificates are automatically replaced when uploading new ones