Supplier Certifications API — ConformaESG Integration Service

Endpoints

Method	Path	Description
`GET`	`/api/v1/supplier-certifications?supplierId={id}`	List certifications for a supplier
`GET`	`/api/v1/supplier-certifications/{id}`	Get a certification by ID
`POST`	`/api/v1/supplier-certifications?supplierId={id}`	Create a certification
`PATCH`	`/api/v1/supplier-certifications/{id}`	Update a certification
`DELETE`	`/api/v1/supplier-certifications/{id}`	Delete a certification

Warning

The supplierId query parameter is required on POST and GET (list) requests.

GET /api/v1/supplier-certifications

Lists all certifications for a given supplier.

Query Parameters

Parameter	Type	Required	Description
`supplierId`	integer	✅	Filter by supplier ID

Shell

curl "http://localhost:8080/api/v1/supplier-certifications?supplierId=1"

Response `200 OK`

JSON
1[
{
  "id": 1,
  "supplier_id": 1,
  "certification_type": "GOTS",
  "certificate_number": "GOTS-2025-IT-00123",
  "certificate_expiry": "2026-12-31",
  "document_id": 42,
  "is_digitally_signed": true,
  "signature_verified": true,
  "verification_status": "VERIFIED",
  "verification_details": "Signature validated via API",
  "verified_at": "2025-09-15T10:00:00",
  "created_at": "2025-09-01T10:00:00",
  "updated_at": "2025-09-15T10:00:00"
}
17]

POST /api/v1/supplier-certifications

Request Body

Field	Type	Required	Description
`certification_type`	string	✅	Type of certification (e.g. `GOTS`, `GRS`, `OEKO_TEX`, `ISO_14001`)
`certificate_number`	string	❌	Certificate reference number
`certificate_expiry`	string (date)	❌	Expiry date in `YYYY-MM-DD` format
`document_id`	integer	❌	FK to an uploaded document
`is_digitally_signed`	boolean	❌	Whether the certificate is digitally signed
`signature_verified`	boolean	❌	Whether the signature has been verified
`verification_status`	string	❌	e.g. `PENDING`, `VERIFIED`, `REJECTED`
`verification_details`	string	❌	Details about the verification

Shell
1curl -X POST "http://localhost:8080/api/v1/supplier-certifications?supplierId=1" \
-H "Content-Type: application/json" \
-d '{
  "certification_type": "GOTS",
  "certificate_number": "GOTS-2025-IT-00123",
  "certificate_expiry": "2026-12-31",
  "is_digitally_signed": true,
  "verification_status": "PENDING"
}'

JavaScript
1const resp = await fetch('/api/v1/supplier-certifications?supplierId=1', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
  certification_type: 'GOTS',
  certificate_number: 'GOTS-2025-IT-00123',
  certificate_expiry: '2026-12-31',
  is_digitally_signed: true,
  verification_status: 'PENDING'
})
11});

Response `201 Created`

JSON
1{
"id": 5,
"supplier_id": 1,
"certification_type": "GOTS",
"certificate_number": "GOTS-2025-IT-00123",
"certificate_expiry": "2026-12-31",
"document_id": null,
"is_digitally_signed": true,
"signature_verified": null,
"verification_status": "PENDING",
"verification_details": null,
"verified_at": null,
"created_at": "2025-09-15T10:00:00",
"updated_at": "2025-09-15T10:00:00"
15}

PATCH /api/v1/supplier-certifications/{id}

Partially updates a certification. Only the fields present in the request body are updated.

Shell
1curl -X PATCH http://localhost:8080/api/v1/supplier-certifications/5 \
-H "Content-Type: application/json" \
-d '{
  "signature_verified": true,
  "verification_status": "VERIFIED",
  "verification_details": "Signature validated via third-party API"
}'

DELETE /api/v1/supplier-certifications/{id}

Deletes a certification record.

Shell

curl -X DELETE http://localhost:8080/api/v1/supplier-certifications/5

Response: 204 No Content

Endpoints

GET /api/v1/supplier-certifications

Query Parameters

Response 200 OK

POST /api/v1/supplier-certifications

Request Body

Response 201 Created

PATCH /api/v1/supplier-certifications/{id}

DELETE /api/v1/supplier-certifications/{id}

Response `200 OK`

Response `201 Created`