Framework-agnostic REST API routes for tiny-ca — supports FastAPI, Flask, aiohttp and Django Ninja
Project description
tiny-ca-gateway
tiny-ca-gateway provides ready-to-use REST API routes for tiny-ca — a lightweight Python Certificate Authority library. Mount a full-featured CA HTTP API into any of your existing applications in minutes.
Built on top of tiny-ca. This package only provides the HTTP layer. For CA internals, certificate issuance logic, and database models, see the tiny-ca documentation.
Features
- 22 REST endpoints — issue, revoke, renew, rotate, verify, download certificates and more
- 4 framework adapters — drop into an existing app without rewriting anything
- Shared core — identical behaviour across all frameworks; integration tests run against all of them
- Bearer token auth — optional, zero-config when
CA_API_TOKENis empty - OpenAPI / Swagger UI — built-in for FastAPI & Django Ninja; CDN-based for Flask & aiohttp
- Async-native — FastAPI, aiohttp and Django (ASGI) run fully async; Flask uses an asyncio bridge
Supported frameworks
| Framework | Adapter | Integration guide |
|---|---|---|
| FastAPI | tiny_ca_gateway.fastapi |
docs/fastapi.md |
| Flask | tiny_ca_gateway.flask |
docs/flask.md |
| aiohttp | tiny_ca_gateway.aiohttp |
docs/aiohttp.md |
| Django Ninja | tiny_ca_gateway.django |
docs/django.md |
Quick install
Install only what you need:
# FastAPI
pip install "tiny-ca-gateway[fastapi]"
# Flask
pip install "tiny-ca-gateway[flask]"
# aiohttp
pip install "tiny-ca-gateway[aiohttp]"
# Django + Django Ninja
pip install "tiny-ca-gateway[django]"
# Everything
pip install "tiny-ca-gateway[all]"
60-second example
FastAPI
from fastapi import FastAPI
from contextlib import asynccontextmanager
from tiny_ca_gateway.fastapi.lifespan.manager import FastAPILifespanManager
from tiny_ca_gateway.fastapi.api.v1.ca_routes import router
@asynccontextmanager
async def lifespan(app: FastAPI):
await FastAPILifespanManager(common_name="My CA").on_startup()
yield
app = FastAPI(lifespan=lifespan)
app.include_router(router, prefix="/api/v1")
Flask
from flask import Flask
from tiny_ca_gateway.flask.lifespan.manager import FlaskCAManager
from tiny_ca_gateway.flask.api.v1.ca_blueprint import ca_bp
def create_app():
app = Flask(__name__)
FlaskCAManager(common_name="My CA").init_sync()
app.register_blueprint(ca_bp, url_prefix="/api/v1/ca")
return app
aiohttp
from aiohttp import web
from tiny_ca_gateway.aiohttp.lifespan.manager import AiohttpCAManager
from tiny_ca_gateway.aiohttp.api.v1.ca_routes import routes
async def lifespan(app):
await AiohttpCAManager(common_name="My CA").on_startup()
yield
app = web.Application()
app.cleanup_ctx.append(lifespan)
app.add_subapp("/api/v1/ca", web.Application())
app.router.add_routes(routes)
Django Ninja
# urls.py
from ninja import NinjaAPI
from tiny_ca_gateway.django.api.v1.ca_router import ca_router
api = NinjaAPI()
api.add_router("/ca", ca_router)
urlpatterns = [path("api/v1/", api.urls)]
Environment variables
| Variable | Default | Description |
|---|---|---|
CA_CERT_PATH |
certs/ca.pem |
Path to the CA certificate |
CA_KEY_PATH |
certs/ca.key |
Path to the CA private key |
CA_CRL_PATH |
certs/crl.pem |
Path to the CRL file |
CA_CERTS_DIR |
certs/ |
Directory for issued certificates |
CA_DB_URL |
sqlite+aiosqlite:///ca.db |
SQLAlchemy async database URL |
CA_API_TOKEN |
"" |
Bearer token — empty = open access |
API reference
All adapters expose the same 22 endpoints under the configured prefix:
| Method | Path | Auth | Description |
|---|---|---|---|
GET |
/cert |
✗ | Download CA public certificate |
GET |
/crl |
✗ | Download CRL (DER or ?pem=true) |
GET |
/ |
✓ | List certificates |
GET |
/expiring |
✓ | Certificates expiring soon |
POST |
/root |
✓ | Bootstrap / replace root CA |
POST |
/intermediate |
✓ | Issue intermediate CA |
POST |
/issue |
✓ | Issue leaf certificate |
POST |
/maintenance/expire |
✓ | Mark expired certificates |
POST |
/crl/refresh |
✓ | Regenerate CRL |
POST |
/crl/verify |
✓ | Verify a CRL |
POST |
/verify |
✓ | Verify a certificate |
POST |
/cosign |
✓ | Co-sign an external certificate |
POST |
/export-p12/{serial} |
✓ | Export PKCS#12 bundle |
PATCH |
/revoke |
✓ | Revoke a certificate |
POST |
/rotate/{serial} |
✓ | Rotate (new key) |
POST |
/renew/{serial} |
✓ | Renew (same key, new validity) |
DELETE |
/{serial} |
✓ | Hard-delete certificate |
GET |
/status/{serial} |
✓ | Lifecycle status |
GET |
/inspect/{serial} |
✓ | Structured details |
GET |
/chain/{serial} |
✓ | Full PEM chain |
GET |
/stream/{uuid} |
✓ | Stream artefact (pem / key / csr) |
GET |
/{uuid} |
✓ | Download artefact |
Running the integration tests
# Start any backend first, then:
python tests/ca_integration_test.py --base-url http://localhost:8000
# Run against all frameworks automatically:
task run-all-tests TOKEN=mysecret
License
MIT — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
tiny_ca_gateway-0.1.0.tar.gz
(33.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tiny_ca_gateway-0.1.0.tar.gz.
File metadata
- Download URL: tiny_ca_gateway-0.1.0.tar.gz
- Upload date:
- Size: 33.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.6 {"installer":{"name":"uv","version":"0.11.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"25.10","id":"questing","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cf24afe679dc7b77e700da45df4ff997c3e507e4325cefe66c56e1a4b4f11dc8
|
|
| MD5 |
a67ba435de34c6ed31299f3c9d2208fa
|
|
| BLAKE2b-256 |
618afea0c3ac03a9e4fc84491a7b17f1c56bc4e08305e6dc8e0fedf1c7280887
|
File details
Details for the file tiny_ca_gateway-0.1.0-py3-none-any.whl.
File metadata
- Download URL: tiny_ca_gateway-0.1.0-py3-none-any.whl
- Upload date:
- Size: 38.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.6 {"installer":{"name":"uv","version":"0.11.6","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"25.10","id":"questing","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
46dc530d724bbbc634c4e22e7515fea7e29ca53081cfd219354ce4ec00bfd115
|
|
| MD5 |
781f19ebcabdb242c2f7fd8325e13995
|
|
| BLAKE2b-256 |
f361510459788d69f81b772f200d8a0eba3f25b62bbee288840a3f84e4ece286
|
