diff --git a/authority/authorize.go b/authority/authorize.go
index 1a7e45d3..72bfff8b 100644
--- a/authority/authorize.go
+++ b/authority/authorize.go
@@ -82,7 +82,7 @@ func (a *Authority) Authorize(ott string) ([]provisioner.SignOption, error) {
 // AuthorizeSign authorizes a signature request by validating and authenticating
 // a OTT that must be sent w/ the request.
 func (a *Authority) AuthorizeSign(ott string) ([]provisioner.SignOption, error) {
-	var errContext = context{"ott": ott}
+	var errContext = apiCtx{"ott": ott}
 
 	p, err := a.authorizeToken(ott)
 	if err != nil {
diff --git a/authority/error.go b/authority/error.go
index 056d3147..85293f20 100644
--- a/authority/error.go
+++ b/authority/error.go
@@ -4,13 +4,13 @@ import (
 	"net/http"
 )
 
-type context map[string]interface{}
+type apiCtx map[string]interface{}
 
 // Error implements the api.Error interface and adds context to error messages.
 type apiError struct {
 	err     error
 	code    int
-	context context
+	context apiCtx
 }
 
 // Cause implements the errors.Causer interface and returns the original error.
diff --git a/authority/provisioners.go b/authority/provisioners.go
index 289b52a4..5328eb4d 100644
--- a/authority/provisioners.go
+++ b/authority/provisioners.go
@@ -13,7 +13,7 @@ func (a *Authority) GetEncryptedKey(kid string) (string, error) {
 	key, ok := a.provisioners.LoadEncryptedKey(kid)
 	if !ok {
 		return "", &apiError{errors.Errorf("encrypted key with kid %s was not found", kid),
-			http.StatusNotFound, context{}}
+			http.StatusNotFound, apiCtx{}}
 	}
 	return key, nil
 }
@@ -31,7 +31,7 @@ func (a *Authority) LoadProvisionerByCertificate(crt *x509.Certificate) (provisi
 	p, ok := a.provisioners.LoadByCertificate(crt)
 	if !ok {
 		return nil, &apiError{errors.Errorf("provisioner not found"),
-			http.StatusNotFound, context{}}
+			http.StatusNotFound, apiCtx{}}
 	}
 	return p, nil
 }
diff --git a/authority/root.go b/authority/root.go
index 51ed6ac5..3794a6c8 100644
--- a/authority/root.go
+++ b/authority/root.go
@@ -12,13 +12,13 @@ func (a *Authority) Root(sum string) (*x509.Certificate, error) {
 	val, ok := a.certificates.Load(sum)
 	if !ok {
 		return nil, &apiError{errors.Errorf("certificate with fingerprint %s was not found", sum),
-			http.StatusNotFound, context{}}
+			http.StatusNotFound, apiCtx{}}
 	}
 
 	crt, ok := val.(*x509.Certificate)
 	if !ok {
 		return nil, &apiError{errors.Errorf("stored value is not a *x509.Certificate"),
-			http.StatusInternalServerError, context{}}
+			http.StatusInternalServerError, apiCtx{}}
 	}
 	return crt, nil
 }
@@ -53,7 +53,7 @@ func (a *Authority) GetFederation() (federation []*x509.Certificate, err error)
 		if !ok {
 			federation = nil
 			err = &apiError{errors.Errorf("stored value is not a *x509.Certificate"),
-				http.StatusInternalServerError, context{}}
+				http.StatusInternalServerError, apiCtx{}}
 			return false
 		}
 		federation = append(federation, crt)
diff --git a/authority/tls.go b/authority/tls.go
index fdaba130..d54e4373 100644
--- a/authority/tls.go
+++ b/authority/tls.go
@@ -58,7 +58,7 @@ func withDefaultASN1DN(def *x509util.ASN1DN) x509util.WithOption {
 // Sign creates a signed certificate from a certificate signing request.
 func (a *Authority) Sign(csr *x509.CertificateRequest, signOpts provisioner.Options, extraOpts ...provisioner.SignOption) (*x509.Certificate, *x509.Certificate, error) {
 	var (
-		errContext     = context{"csr": csr, "signOptions": signOpts}
+		errContext     = apiCtx{"csr": csr, "signOptions": signOpts}
 		mods           = []x509util.WithOption{withDefaultASN1DN(a.config.AuthorityConfig.Template)}
 		certValidators = []provisioner.CertificateValidator{}
 		issIdentity    = a.intermediateIdentity
@@ -181,23 +181,23 @@ func (a *Authority) Renew(oldCert *x509.Certificate) (*x509.Certificate, *x509.C
 	leaf, err := x509util.NewLeafProfileWithTemplate(newCert,
 		issIdentity.Crt, issIdentity.Key)
 	if err != nil {
-		return nil, nil, &apiError{err, http.StatusInternalServerError, context{}}
+		return nil, nil, &apiError{err, http.StatusInternalServerError, apiCtx{}}
 	}
 	crtBytes, err := leaf.CreateCertificate()
 	if err != nil {
 		return nil, nil, &apiError{errors.Wrap(err, "error renewing certificate from existing server certificate"),
-			http.StatusInternalServerError, context{}}
+			http.StatusInternalServerError, apiCtx{}}
 	}
 
 	serverCert, err := x509.ParseCertificate(crtBytes)
 	if err != nil {
 		return nil, nil, &apiError{errors.Wrap(err, "error parsing new server certificate"),
-			http.StatusInternalServerError, context{}}
+			http.StatusInternalServerError, apiCtx{}}
 	}
 	caCert, err := x509.ParseCertificate(issIdentity.Crt.Raw)
 	if err != nil {
 		return nil, nil, &apiError{errors.Wrap(err, "error parsing intermediate certificate"),
-			http.StatusInternalServerError, context{}}
+			http.StatusInternalServerError, apiCtx{}}
 	}
 
 	return serverCert, caCert, nil
@@ -222,7 +222,7 @@ type RevokeOptions struct {
 //
 // TODO: Add OCSP and CRL support.
 func (a *Authority) Revoke(opts *RevokeOptions) error {
-	errContext := context{
+	errContext := apiCtx{
 		"serialNumber": opts.Serial,
 		"reasonCode":   opts.ReasonCode,
 		"reason":       opts.Reason,