API Reference

OpenAPI Spec Guides

Authentication

All requests require an API key in the Authorization: Bearer header. Keys are generated in your dashboard.

Live key (charges credits, hits upstream)

Authorization: Bearer ask_live_xxxxxxxxxxxxxxxxxxxxxxxx

Test key (free, deterministic fixtures)

Authorization: Bearer ask_test_xxxxxxxxxxxxxxxxxxxxxxxx

POST /v1/devices

Register a UDID and issue a certificate. Synchronous — block for up to 120 seconds while the certificate is prepared.

Request

curl -X POST https://enterprise.arcticsign.app/v1/devices \
  -H "Authorization: Bearer ask_live_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: unique-request-uuid" \
  -d '{
    "udid": "00008110-001A2B3C4D5E6F7G",
    "plan": "super0",
    "external_id": "user-123",
    "external_ref": "order-abc",
    "tags": {"env": "production"}
  }'

Response (200)

{
  "id": "dev_abc123",
  "udid": "00008110-001A2B3C4D5E6F7G",
  "plan": "super0",
  "status": "ready",
  "holder_name": "John Doe",
  "external_id": "user-123",
  "expires_at": "2027-04-01T00:00:00Z",
  "issued_at": "2026-04-01T12:00:00Z",
  "certificate": {
    "mobileprovision_url": "https://enterprise.arcticsign.app/v1/certificates/cert_abc/mobileprovision?token=...",
    "p12_url": "https://enterprise.arcticsign.app/v1/certificates/cert_abc/p12?token=...",
    "p12_password": "abc123"
  },
  "request_id": "req_xyz"
}

GET /v1/devices

List your registered devices with cursor-based pagination.

curl "https://enterprise.arcticsign.app/v1/devices?plan=super0&limit=10" \
  -H "Authorization: Bearer ask_live_YOUR_KEY"
plan Filter: super0 | developer_plan
external_id Filter by your external ID
cursor Pagination cursor
limit Max 100 (default 50)

GET /v1/devices/{id}

Get a single device with its certificates and fresh download URLs.

GET /v1/certificates/{id}

Get a certificate with fresh 15-minute signed download URLs. Call this to regenerate expired download links.

GET /v1/certificates/{id}/{type}

Download the raw .mobileprovision or .p12 file. Requires a ?token= query param from the certificate response. Tokens expire after 15 minutes.

GET /v1/account

Get your credit balance, effective pricing, and current rate limit state. No request body required.

Error Codes

CodeHTTPMeaning
unauthorized401Invalid or missing API key
invalid_request400Bad UDID format or missing fields
insufficient_funds402Credit balance too low for requested plan
rate_limited429Too many requests — see Retry-After header
upstream_error502Upstream certificate provider failed
timeout_stuck504Certificate polling exceeded 120s budget
conflict409Duplicate idempotency key with different body
upstream_insufficient_funds503Our upstream balance is depleted

Idempotency

Always include an Idempotency-Key header. If a request times out, re-send with the same key — you'll get the original result without a double charge. Generate a new UUID for each unique request.