GlobalSign Atlas Certificate Management API documentation version v2.10

https://emea.api.hvca.globalsign.com:8443/v2

The GlobalSign Atlas Certificate Management API provides high volume certificate issuance and lifecycle management capabilities.

Documentation: https://www.globalsign.com/en/repository/globalsign-atlas-certificate-management-api.pdf

/login

post

post

Log in to Atlas with your credentials. The response will contain a token, which you must use when making other requests to the API. The token is valid for 10 minutes.

Log in to Atlas with your credentials. The response will contain a token, which you must use when making other requests to the API. The token is valid for 10 minutes.

Headers

  • Content-Type: required(string - pattern: ^application/json;charset=utf-8$)

    Request Content-Type

  • Content-Length: required(integer - minimum: 1)

    Length of the request in bytes

  • X-SSL-Client-Serial: (string)

    SSL Client Certificate serial number

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • api_key: required(string - pattern: ^[A-Fa-f0-9]{16}$)
  • api_secret: required(string - pattern: ^[A-Fa-f0-9]{40}$)

Example:

{
  "api_key": "e510e289e6cd8947",
  "api_secret": "a477a8393d17a55ecb2ba6a61f58feb84770b621"
}

HTTP status code 200

Authentication was successful

Headers

  • Authorization: required(string)

    The Authorization header

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • access_token: required(string)

Example:

{
  "access_token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ"
}

HTTP status code 400

Request could not be parsed

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Request"
}

HTTP status code 401

Authentication was unsuccessful

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 411

Request Content-Length is absent or 0

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Content-Length required"
}

HTTP status code 415

Request content type is not application/json;charset=utf-8

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Content-Type"
}

HTTP status code 422

Malformed authentication request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Invalid credentials"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

/certificates

post

post

Submit a request for a new certificate. The fields that must be supplied with this request are listed below.

Submit a request for a new certificate. The fields that must be supplied with this request are listed below.

Headers

  • Content-Type: required(string - pattern: ^application/json;charset=utf-8$)

    Request Content-Type

  • Content-Length: required(integer - minimum: 1)

    Length of the request in bytes

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • validity: required(object)
    • not_before: required(integer)

      UTC UNIX timestamp

    • not_after: (integer)

      UTC UNIX timestamp If not specified, or set to 0, then the not_after value is automatically set to the maximum value allowed by the validation policy

  • subject_dn: required(object)

    List of Distinguished Name attributes to include in the certificate. See RFC 5280#4.1.2.6

    • country: (string - minLength: 2 - maxLength: 2 - pattern: ^[A-Z]{2}$)

      Format: PrintableString, ISO 3166-1 alpha-2 two-letter country code

    • state: (string - maxLength: 128)

      Format: UTF8String or PrintableString

    • locality: (string - maxLength: 128)

      Format: UTF8String or PrintableString

    • street_address: (string - maxLength: 128)

      Format: UTF8String or PrintableString

    • postal_code: (string - maxLength: 40)

      Format: UTF8String or PrintableString

    • organization: (string - maxLength: 64)

      Format: UTF8String or PrintableString

    • organizational_unit: (array of string)

      Format: Array of UTF8String or PrintableString (string - maxLength: 64)

    • organization_identifier: (string - maxLength: 64)

      Format: UTF8String or PrintableString

    • common_name: (string - maxLength: 64)

      Format: UTF8String or PrintableString

    • surname: (string - maxLength: 64)

      Format: UTF8String or PrintableString

    • given_name: (string - maxLength: 64)

      Format: UTF8String or PrintableString

    • email: (string - maxLength: 255)

      Format: IA5String

    • pseudonym: (string - maxLength: 128)

      Format: UTF8String or PrintableString

    • jurisdiction_of_incorporation_locality_name: (string - maxLength: 128)

      Format: UTF8String or PrintableString

    • jurisdiction_of_incorporation_state_or_province_name: (string - maxLength: 128)

      Format: UTF8String or PrintableString

    • jurisdiction_of_incorporation_country_name: (string - minLength: 2 - maxLength: 2 - pattern: ^[A-Z]{2}$)

      Format: PrintableString, ISO 3166-1 alpha-2 two-letter country code

    • business_category: (one of “Private Organization”, “Government Entity”, “Business Entity”, “Non-Commercial Entity” - maxLength: 128)

      Format: UTF8String or PrintableString

    • serial_number: (string - maxLength: 64)

      Format: PrintableString

    • extra_attributes: (array of basic.type_and_value)

      Extra subject distinguished name attributes to include by OID and value

      Items: type_and_value

      • type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)

        Object Identifier such as 1.3.6.1.4.1.311.20.2

      • value: (string)

    Example:

    {
  "common_name": "John Doe",
  "surname": "Doe",
  "given_name": "John",
  "country": "GB",
  "state": "London",
  "locality": "London",
  "street_address": "1 GlobalSign Road",
  "postal_code": "E1",
  "organization": "GMO GlobalSign",
  "organizational_unit": [
    "Operations",
    "Development"
  ],
  "organization_identifier": "PSDFI-FINFSA-29884997",
  "email": "john.doe@demo.hvca.globalsign.com",
  "pseudonym": "whatshisname",
  "jurisdiction_of_incorporation_locality_name": "London",
  "jurisdiction_of_incorporation_state_or_province_name": "London",
  "jurisdiction_of_incorporation_country_name": "United Kingdom",
  "business_category": "Internet security",
  "serial_number": "AA0448C4AE22702EF2C7A9BD7FA09743",
  "extra_attributes": [
    {
      "type": "2.5.4.43",
      "value": "GS"
    }
  ]
}
  • san: (object)

    List of Subject Alternative Name attributes to include in the certificate. See RFC 5280#4.2.1.6

    • dns_names: (array of string)
    • emails: (array of string)
    • ip_addresses: (array of string)
    • uris: (array of string)
    • other_names: (array of basic.type_and_value)

      Items: type_and_value

      • type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)

        Object Identifier such as 1.3.6.1.4.1.311.20.2

      • value: (string)

    Example:

    {
  "dns_names": [
    "test.demo.hvca.globalsign.com",
    "test2.demo.hvca.globalsign.com"
  ],
  "ip_addresses": [
    "198.41.214.154"
  ],
  "uris": [
    "http://test.demo.hvca.globalsign.com/uri"
  ],
  "emails": [
    "admin@demo.hvca.globalsign.com",
    "contact@demo.hvca.globalsign.com"
  ],
  "other_names": [
    {
      "type": "1.3.6.1.4.1.311.20.2.3",
      "value": "upn@demo.hvca.globalsign.com"
    }
  ]
}
  • key_usages: (object)

    Validation policy for key_usages field. If the field is present at least one of the fields must be set to TRUE

    • digital_signature: (boolean)

      The digital signature field is asserted when the subject public key is used for verifying digital signatures, other than signatures on certificates and CRLs, such as those used in an entity authentication service, a data origin authentication service, and/or an integrity service.

    • content_commitment: (boolean)

      The content commitment field is asserted when the subject public key is used to verify digital signatures, other than signatures on certificates and CRLs, used to provide a non-repudiation service that protects against the signing entity falsely denying some action. In the case of later conflict, a reliable third party may determine the authenticity of the signed data. (Note that in older editions of X.509 this field used to be referred to as nonRepudiation.)

    • key_encipherment: (boolean)

      The key encipherment field is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport. For example, this bit shall be set when an RSA public key is to be used for encrypting a symmetric content-decryption key or an asymmetric private key.

    • data_encipherment: (boolean)

      The data encipherment field is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher. Note that the use of this bit is extremely uncommon; almost all applications use key transport or key agreement to establish a symmetric key.

    • key_agreement: (boolean)

      The key agreement field is asserted when the subject public key is used for key agreement. For example, when a Diffie-Hellman key is to be used for key management, then this bit is set.

    • key_certificate_sign: (boolean)

      The key certificate sign field is asserted when the subject public key is used for verifying signatures on public key certificates. If this field is asserted, then the cA field in the basic constraints extension (Section 4.2.1.9 of rfc 5280) MUST also be asserted.

    • crl_sign: (boolean)

      The crl sign field is asserted when the subject public key is used for verifying signatures on certificate revocation lists (e.g., CRLs, delta CRLs, or ARLs).

    • encipher_only: (boolean)

      The meaning of the encipher only bit is undefined in the absence of the keyAgreement bit. When the encipherOnly bit is asserted and the keyAgreement bit is also set, the subject public key may be used only for enciphering data while performing key agreement.

    • decipher_only: (boolean)

      The meaning of the decipher only field is undefined in the absence of the key agreement field. When the decipherOnly bit is asserted and the keyAgreement field is also set, the subject public key may be used only for deciphering data while performing key agreement.

    Example:

    {
  "digital_signature": true,
  "content_commitment": false,
  "key_encipherment": true,
  "data_encipherment": false,
  "key_agreement": true,
  "key_certificate_sign": true,
  "crl_sign": false,
  "encipher_only": true,
  "decipher_only": true
}
  • extended_key_usages: (array of basic.oid)

    List of Extended Key Usages to include in the certificate. See RFC 5280#4.2.1.12

    Example:

    [
  "1.3.6.1.5.5.7.3.1",
  "1.3.6.1.5.5.7.3.2"
]
  • subject_da: (object)

    List of Subject Directory Attributes to include in the certificate. See RFC3739

    • gender: (string)
    • date_of_birth: (date-only)

      RFC3339 date. As per RFC3739, the resulting attribute will specify time as GMT 12.00.00 (noon)

    • place_of_birth: (string)
    • country_of_citizenship: (array of basic.country_code)

      List of ISO 3166-1 Alpha-2 country codes

    • country_of_residence: (array of basic.country_code)

      List of ISO 3166-1 Alpha-2 country codes

    • extra_attributes: (array of basic.type_and_value)

      Extra subject directory attributes to include by OID and value

      Items: type_and_value

      • type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)

        Object Identifier such as 1.3.6.1.4.1.311.20.2

      • value: (string)

    Example:

    {
  "gender": "m",
  "date_of_birth": "1979-01-31",
  "place_of_birth": "London",
  "country_of_citizenship": [
    "GB",
    "US"
  ],
  "country_of_residence": [
    "US"
  ],
  "extra_attributes": [
    {
      "type": "2.5.29.9.1.1.1"
    },
    {
      "type": "2.5.29.9.1.1.2",
      "value": "custom subject da value"
    }
  ]
}
  • qualified_statements: (object)

    List of qualified statements to include in the certificate See RFC 3739#3.2.6

    • semantics: (object)

      If present QC-Statement identifier will be id-qcs-pkixQCSyntax-v2. See RFC 3739#3.2.6.1

      • identifier: (string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)

        SemanticsIdentifier as per RFC 3739#3.2.6.1.

      • name_authorities: (array of string)

        NameRegistrationAuthorities as per RFC 3739#3.2.6.1. QC-Statement identifier will be id-qcs-pkixQCSyntax-v2 (1.3.6.1.5.5.7.11.2).

    • etsi_qc_compliance: (boolean)

      This QCstatement claims that the certificate is an EU qualified certificate that is issued according to Directive 1999/93/EC [i.3] or the Annex I, III or IV of the Regulation (EU) No 910/2014 [i.8] whichever is in force at the time of issuance. See ETSI EN 319 412-5 V2.1.1#4.2.1

    • etsi_qc_sscd_compliance: (boolean)

      This QCstatement declares that the private key related to the certified public key resides in a Qualified Signature/Seal Creation Device (QSCD) according to the Regulation (EU) No 910/2014 [i.8] or a secure signature creation device as defined in the Directive 1999/93/EC [i.3]. See ETSI EN 319 412-5 V2.1.1#4.2.2

    • etsi_qc_type: (string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)

      This QCStatement declares that a EU qualified certificate is issued as one or more specific types according to Annexes I, III or IV of the Regulation (EU) No 910/2014 [i.8] when used in combination with the qcStatement as defined in clause 4.2.1. When used on its own it indicates that it is used for the purposes of electronic signatures, seals or web sites for "non-qualified certificates" within the context of Regulation (EU) No 910/2014 [i.8]. See ETSI EN 319 412-5 V2.1.1#4.2.3

    • etsi_qc_retention_period: (integer)

      This QCStatement declares a retention period for material information relevant to the use of and reliance on a certificate, expressed as a number of years after the expiry date of the certificate. See ETSI EN 319 412-5 V2.1.1#4.3.3

    • etsi_qc_pds: (object)

      This QCStatement holds URLs to PKI Disclosure Statements (PDS) in accordance with Annex A of ETSI EN 319 411-1. See ETSI EN 319 412-5 V2.1.1#4.3.4.

      • /^[A-Z]{2}/: required(string)

        The key indicates the language of the PDS and shall be as defined in ISO 639-1. The value corresponds to the URL at which the PDS can be accessed.

    Example:

    {
  "semantics": {
    "identifier": "1.1.1.1.1.1",
    "name_authorities": [
      "contact@ra1.hvsign.globalsign.com"
    ]
  },
  "etsi_qc_compliance": true,
  "etsi_qc_type": "0.4.0.1862.1.6.1",
  "etsi_qc_sscd_compliance": true,
  "etsi_qc_retention_period": 1,
  "etsi_qc_pds": {
    "EN": "https://demo.hvsign.globalsign.com/en/pds"
  }
}
  • ms_extension_template: (object)

    Values to populate Microsoft template extension (91.3.6.1.4.1.311.21.7) with

    • id: (string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)

      Object Identifier such as 1.3.6.1.4.1.311.20.2

    • major_version: (integer)
    • minor_version: (integer)

    Example:

    {
  "id": "1.2.3.4.123.4.5.1",
  "major_version": 1,
  "minor_version": 2
}
  • custom_extensions: (object)

    List of custom extensions to include in the certificate as X509v3 extensions. See RFC5280#4.2

    • /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(string)

      The key indicates the object identifier of the custom extension and the value will be formatted as defined by the corresponding validation policy.

    Example:

    {
  "2.5.29.99.1": "NIL",
  "2.5.29.99.2": "SOME TEXT"
}
  • signature: (object)
    • algorithm: (one of RSA, RSA-PSS, ECDSA)
    • hash_algorithm: (one of SHA-256, SHA-384, SHA-512)
  • public_key: required(string - pattern: -{5}BEGIN PUBLIC KEY|BEGIN [NEW ]CERTIFICATE REQUEST-{5}.+-{5}END PUBLIC KEY|END [NEW ]CERTIFICATE REQUEST-{5})

    Either a PEM-encoded SubjectPublicKeyInfo ASN1 structure (defined in RFC 5280) or a PEM encoded PKCS10 CertificationRequest ASN1 structure (defined in RFC2986). The validation policy, retrievable from /validationpolicy, specifies which key format is allowed under public_key.key_format.

    SubjectPublicKeyInfo: RSA public key: subjectPublicKey field is defined in RFC 3447. ECDSA public key: subjectPublicKey field is defined in RFC 5480. Only SECP curves are supported.

    PKCS10: Only the SubjectPublicKeyInfo and the Signature values are used. Any values in subject or attributes are discarded.

    The PEM encoding format (defined in RFC 1421) requires a line length of 64 characters except for the last line which can be shorter. In JSON newlines are delimited with ASCII newline symbol "\n". Please see the example public_key field.

  • public_key_signature: (string)

    Base64 encoded signature of the DER representation of the public key sent in the public_key field. Not valid in combination with PKCS10 key_format. Only the SHA256 digest algorithm is supported. For RSA signature use EMSA-PKCS1-v1_5 encoding (defined in RFC 3447). PSS is not supported. For ECDSA signature use DER encoded ECDSA-Sig-Value (defined in RFC 5480 or ANSI X9.62:2005)

Example:

{
  "validity": {
    "not_before": 1477958400,
    "not_after": 1509494400
  },
  "subject_dn": {
    "common_name": "John Doe",
    "surname": "Doe",
    "given_name": "John",
    "country": "GB",
    "state": "London",
    "locality": "London",
    "street_address": "1 GlobalSign Road",
    "postal_code": "E1",
    "organization": "GMO GlobalSign",
    "organizational_unit": [
      "Operations",
      "Development"
    ],
    "organization_identifier": "PSDFI-FINFSA-29884997",
    "email": "john.doe@demo.hvca.globalsign.com",
    "pseudonym": "whatshisname",
    "jurisdiction_of_incorporation_locality_name": "London",
    "jurisdiction_of_incorporation_state_or_province_name": "London",
    "jurisdiction_of_incorporation_country_name": "United Kingdom",
    "business_category": "Internet security",
    "serial_number": "AA0448C4AE22702EF2C7A9BD7FA09743",
    "extra_attributes": [
      {
        "type": "2.5.4.43",
        "value": "GS"
      }
    ]
  },
  "san": {
    "dns_names": [
      "test.demo.hvca.globalsign.com",
      "test2.demo.hvca.globalsign.com"
    ],
    "ip_addresses": [
      "198.41.214.154"
    ],
    "uris": [
      "http://test.demo.hvca.globalsign.com/uri"
    ],
    "emails": [
      "admin@demo.hvca.globalsign.com",
      "contact@demo.hvca.globalsign.com"
    ],
    "other_names": [
      {
        "type": "1.3.6.1.4.1.311.20.2.3",
        "value": "upn@demo.hvca.globalsign.com"
      }
    ]
  },
  "subject_da": {
    "gender": "m",
    "date_of_birth": "1979-01-31",
    "place_of_birth": "London",
    "country_of_citizenship": [
      "GB",
      "US"
    ],
    "country_of_residence": [
      "US"
    ],
    "extra_attributes": [
      {
        "type": "2.5.29.9.1.1.1"
      },
      {
        "type": "2.5.29.9.1.1.2",
        "value": "custom subject da value"
      }
    ]
  },
  "key_usages": {
    "digital_signature": true,
    "content_commitment": false,
    "key_encipherment": true,
    "data_encipherment": false,
    "key_agreement": true,
    "key_certificate_sign": false,
    "crl_sign": false,
    "encipher_only": true,
    "decipher_only": true
  },
  "extended_key_usages": [
    "1.3.6.1.5.5.7.3.1",
    "1.3.6.1.5.5.7.3.2"
  ],
  "qualified_statements": {
    "semantics": {
      "identifier": "1.1.1.1.1.1",
      "name_authorities": [
        "contact@ra1.globalsign.com"
      ]
    },
    "etsi_qc_compliance": true,
    "etsi_qc_type": "0.4.0.1862.1.6.1",
    "etsi_qc_sscd_compliance": true,
    "etsi_qc_retention_period": 1,
    "etsi_qc_pds": {
      "EN": "https://demo.globalsign.com/en/pds"
    }
  },
  "ms_extension_template": {
    "id": "1.2.3.4.123.4.5.1",
    "major_version": 1,
    "minor_version": 2
  },
  "custom_extensions": {
    "2.5.29.99.1": "NIL",
    "2.5.29.99.2": "SOME TEXT"
  },
  "signature": {
    "algorithm": "RSA-PSS",
    "hash_algorithm": "SHA-256"
  },
  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU2imlDf02o8DPveLN73\nwbrQKScch9AnkMuQqBxxq5YBUAvPDXYeeA8tkgk+N2Q5FNL/BXI0m1QTlq8FbdAQ\nKkpi93vimsymHpkBFTxZSqMcI55vyLanjfMOnZ7Xbgq0hhub/K6FZpFCJ2oqoLwr\nY5hBYAGYQco5qw4nbR9Mpeu41QGQzrGjYIKNOVgXh/m41FOGDsQntecaLAluTg+E\n/Qmb8U7XZVBn3/DPyiXrfobuBlnmEbPjQ95LAvRLzcHzWY0YB1dfGzbcK1PaGRLE\nod2C1QCGK+YWzeUWEyHqgNEncQDMFYFKUd1IhR6OSmVB1ukXa0y8eZBVWsoxXr2X\nlQIDAQAB\n-----END PUBLIC KEY-----",
  "public_key_signature": "MIGIAkIA6CotF+LAs2MeymHWul2KuatxcqWDpvhgaEJCI+joyj7p9XEUyH5pBTJ2VqvO0hKYEm+dZl8KKD7ISHWz8Vfb9cECQgFwaB7u/5cw4kT5gv9BPTlxCSiZRlRPVbTbYWl/BeaWAwrt3oEqDuHXOwIQscj/887bBEN/SnYGpKkKe/qdKEd0gw=="
}

HTTP status code 201

Issuance request has been accepted

Headers

  • Location: required(string)

    The URL of the newly created certificate

    Example:

    {baseUri}/certificates/{certificate}
  • Content-Length: required(integer - default: 0)

    This response does not contain a body

HTTP status code 400

Request could not be parsed

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Request"
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 402

Quota has been reached

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Quota Reached"
}

HTTP status code 411

Request Content-Length is absent or 0

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Content-Length required"
}

HTTP status code 415

Request content type is not application/json;charset=utf-8

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Content-Type"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 429

Request rate exceeded the set limit

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Rate Limit Reached"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

get delete patch

get

Retrieve a certificate. Place the certificate serial number in the {certificate} object.

delete

Revoke a certificate. Place the certificate serial number in the {certificate} object.

Deprecated

  • This endpoint is not recommended for use and is subject to removal in future major releases.
  • It is recommended to use the /certificates/{certificate} PATCH endpoint instead.
patch

Revoke a certificate. Place the certificate serial number in the {certificate} object.

Retrieve a certificate. Place the certificate serial number in the {certificate} object.

URI Parameters

  • certificate: required(string)

    Certificate identifier

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

HTTP status code 200

Certificate is available for retrieval

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • certificate: required(string - pattern: -{5}BEGIN CERTIFICATE-{5}.+-{5}END CERTIFICATE-{5})

    The PEM-encoded certificate. The PEM encoding format (defined in RFC 1421) requires a line length of 64 characters, except for the last line which can be shorter. In JSON newlines are delimited with ASCII newline symbol "\n".

  • status: required(one of ISSUED, REVOKED)
  • updated_at: required(integer)
  • not_after: required(integer)

    UTC UNIX timestamp after which the certificate is no longer valid

    Example:

    1524573739
  • revocation_information: (object)

    This is returned only if the certificate status is REVOKED.

    • reason: required(one of unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise)

      Reason for which the certificate was revoked.

    • time: required(integer)

      UTC UNIX timestamp from which the certificate should be considered as revoked.

Example:

{
  "certificate": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
  "status": "REVOKED",
  "updated_at": 1477958400,
  "not_after": 1493510400,
  "revocation_information": {
    "time": 1477958400,
    "reason": "keyCompromise"
  }
}

HTTP status code 202

Issuance in progress

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Operation in progress"
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 404

Certificate not found

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Not found"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 429

Request rate exceeded the set limit

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Rate Limit Reached"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

Revoke a certificate. Place the certificate serial number in the {certificate} object.

Deprecated

  • This endpoint is not recommended for use and is subject to removal in future major releases.
  • It is recommended to use the /certificates/{certificate} PATCH endpoint instead.

URI Parameters

  • certificate: required(string)

    Certificate identifier

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

HTTP status code 204

Certificate successfully revoked

HTTP status code 400

Request could not be parsed

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Request"
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 404

Certificate not found

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Not found"
}

HTTP status code 409

Certificate is already revoked or pending issuance

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Cannot revoke a REJECTED certificate"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 429

Request rate exceeded the set limit

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Rate Limit Reached"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

Revoke a certificate. Place the certificate serial number in the {certificate} object.

URI Parameters

  • certificate: required(string)

    Certificate identifier

Headers

  • Content-Type: required(string - pattern: ^application/json;charset=utf-8$)

    Request Content-Type

  • Content-Length: required(integer - minimum: 1)

    Length of the request in bytes

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • revocation_reason: required(one of unspecified, keyCompromise, affiliationChanged, cessationOfOperation, superseded)

    Revocation reason as per RFC 5280 section 5.3.1

  • revocation_time: (integer)

    UTC UNIX timestamp at which the key was compromised. This property is allowed only when revocation reason is keyCompromise. (Notice that if provided, this value is currently ignored. revocation_time will always be set to the current time.)

  • key_compromise_attestation: (string)

    PEM-encoded PKCS10 Certificate Signing Request containing the following information: The Subject Public Key Info section of the CSR will contain the key being reported as compromised. The CSR will be signed using the compromised private key associated with the public key in the Subject Public Key Info section. The Subject Common Name in the CSR will exactly contain the following string: "kca=v1 This Key Is Compromised". The CSR will contain an extension request for an RFC7169 No Secrecy Afforded extension. This extension has OID 1.3.6.1.5.5.7.1.23 and must be marked as critical. The extension contains a single Boolean field however the value provided is irrelevant.

Example:

{
  "revocation_reason": "keyCompromise",
  "revocation_time": 946688461,
  "key_compromise_attestation": "-----BEGIN CERTIFICATE REQUEST-----\nMIICkzCCAXsCAQAwKTEnMCUGA1UEAwwea2NhPXYxIFRoaXMgS2V5IElzIENvbXBy\nb21pc2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgbZ3rbOz4As\nQ/M9cAhHWEL/ZukZjhbQtOx/X1VOhQItnGg26cvfGN6M2wqVBxlMcMgeUClNl6JD\nU/cJLXxGlh1hZjmsSZEsTuozMx1kCEK+TXOV6MtHsWHqn8Tm4ky4anphqLMkywdu\n/FLAOdqSUNddddoj+vPHX/3M/5or7TVgfvDbcB+FFL04n1Yw+fuTXW1nNZQ1Z2KF\nXUMa+8p8i2y48IOZ9r2PsXGYuwuKHKkQuVa1uuuQArOlEVn+xF7ZedZ5CkPaV35F\ngu+KrhDCeJQ+E3VwoYCmMYVVxHPSneY0BNdEnjgUQxhXGKPiF/7/N4VEhEvKQsTd\nUNEL30lshQIDAQABoCUwIwYJKoZIhvcNAQkOMRYwFDASBggrBgEFBQcBFwEB/wQD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB6VCXlE4NlAeXs7vdXGcsPc8V2Y1v27JI9\neRtSio0vBj+y0XPzLBo3ScOcbynyb5eHIdIHC1FFf62sBbs35AW/Vp8QyQGskO1Q\nMntvsrDY7SLj4R3dfn+7wbcmv0v9XTos17CzCjj0qNe1/Ho3Y7l+4eURwnnalAlj\nKLkm2I6u6mxkSfK+CpMo6wF5OJo0ghA1Cg6AvXdp/Y0kqKRLuN6HUQ8JOIkh6qqa\nGa3NXSC29EcMd/Pkd7wEWaW+JyYe8oAhpKD1YsxUWfeXZhzTYBe0jESYr2xv4bF6\nSCVlAkO0jeeooZkwPw9mkNwOpIrtBo/0VFTIOO56PA067JnoHMf7\n-----END CERTIFICATE REQUEST-----"
}

HTTP status code 204

Certificate successfully revoked

HTTP status code 400

Request could not be parsed

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Request"
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 404

Certificate not found

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Not found"
}

HTTP status code 409

Certificate is already revoked or pending issuance

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Cannot revoke a REJECTED certificate"
}

HTTP status code 411

Request Content-Length is absent or 0

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Content-Length required"
}

HTTP status code 412

Access to the target resource has been denied due to an unfulfilled precondition

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Precondition Failed"
}

HTTP status code 415

Request content type is not application/json;charset=utf-8

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Content-Type"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 429

Request rate exceeded the set limit

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Rate Limit Reached"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

post

post

Submit a rekey request for an existing ISSUED certificate. The fields that must be supplied with this request are listed below.

Submit a rekey request for an existing ISSUED certificate. The fields that must be supplied with this request are listed below.

URI Parameters

  • certificate: required(string)

    Certificate identifier

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
  • Content-Type: required(string - pattern: ^application/json;charset=utf-8$)

    Request Content-Type

  • Content-Length: required(integer - minimum: 1)

    Length of the request in bytes

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • signature: (object)
    • algorithm: (one of RSA, RSA-PSS, ECDSA)
    • hash_algorithm: (one of SHA-256, SHA-384, SHA-512)
  • public_key: required(string - pattern: -{5}BEGIN PUBLIC KEY|BEGIN [NEW ]CERTIFICATE REQUEST-{5}.+-{5}END PUBLIC KEY|END [NEW ]CERTIFICATE REQUEST-{5})

    Either a PEM-encoded SubjectPublicKeyInfo ASN1 structure (defined in RFC 5280) or a PEM encoded PKCS10 CertificationRequest ASN1 structure (defined in RFC2986). The validation policy, retrievable from /validationpolicy, specifies which key format is allowed under public_key.key_format.

    SubjectPublicKeyInfo: RSA public key: subjectPublicKey field is defined in RFC 3447. ECDSA public key: subjectPublicKey field is defined in RFC 5480. Only SECP curves are supported.

    PKCS10: Only the SubjectPublicKeyInfo and the Signature values are used. Any values in subject or attributes are discarded.

    The PEM encoding format (defined in RFC 1421) requires a line length of 64 characters except for the last line which can be shorter. In JSON newlines are delimited with ASCII newline symbol "\n". Please see the example public_key field.

  • public_key_signature: (string)

    Base64 encoded signature of the DER representation of the public key sent in the public_key field. Not valid in combination with PKCS10 key_format. Only the SHA256 digest algorithm is supported. For RSA signature use EMSA-PKCS1-v1_5 encoding (defined in RFC 3447). PSS is not supported. For ECDSA signature use DER encoded ECDSA-Sig-Value (defined in RFC 5480 or ANSI X9.62:2005)

Example:

{
  "signature": {
    "algorithm": "RSA-PSS",
    "hash_algorithm": "SHA-256"
  },
  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU2imlDf02o8DPveLN73\nwbrQKScch9AnkMuQqBxxq5YBUAvPDXYeeA8tkgk+N2Q5FNL/BXI0m1QTlq8FbdAQ\nKkpi93vimsymHpkBFTxZSqMcI55vyLanjfMOnZ7Xbgq0hhub/K6FZpFCJ2oqoLwr\nY5hBYAGYQco5qw4nbR9Mpeu41QGQzrGjYIKNOVgXh/m41FOGDsQntecaLAluTg+E\n/Qmb8U7XZVBn3/DPyiXrfobuBlnmEbPjQ95LAvRLzcHzWY0YB1dfGzbcK1PaGRLE\nod2C1QCGK+YWzeUWEyHqgNEncQDMFYFKUd1IhR6OSmVB1ukXa0y8eZBVWsoxXr2X\nlQIDAQAB\n-----END PUBLIC KEY-----",
  "public_key_signature": "MIGIAkIA6CotF+LAs2MeymHWul2KuatxcqWDpvhgaEJCI+joyj7p9XEUyH5pBTJ2VqvO0hKYEm+dZl8KKD7ISHWz8Vfb9cECQgFwaB7u/5cw4kT5gv9BPTlxCSiZRlRPVbTbYWl/BeaWAwrt3oEqDuHXOwIQscj/887bBEN/SnYGpKkKe/qdKEd0gw=="
}

HTTP status code 201

Rekey request has been accepted

Headers

  • Location: required(string)

    The URL of the newly created certificate

    Example:

    {baseUri}/certificates/{certificate}
  • Content-Length: required(integer - default: 0)

    This response does not contain a body

HTTP status code 400

Request could not be parsed

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Request"
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 404

Requested resource is not found

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Not found"
}

HTTP status code 411

Request Content-Length is absent or 0

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Content-Length required"
}

HTTP status code 415

Request content type is not application/json;charset=utf-8

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Content-Type"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 429

Request rate exceeded the set limit

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Rate Limit Reached"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

/trustchain

get

get

Retrieve the chain of trust for the certificates in your account, starting with the issuing CA and ending with the root CA.

/validationpolicy

get

get

Retrieve your account's validation policy. The Account Validation Policy is where certificate subject information is defined. Only one Validation Policy can be linked to a user account.

/counters/certificates

get

get

Retrieve the number of certificates issued by the calling account

get

get

Retrieve the number of certificates revoked by the calling account

/stats

get

get

Retrieve a list of certificates issued over a specified time interval from the calling account. The response will include the total number of issued certificates, each certificate’s serial number, and notBefore/notAfter dates.

get

get

Retrieve a list of certificates that have been revoked over a specified time interval from the calling account. The response will include the total number of revoked certificates, and each certificate’s serial number and notBefore/notAfter date.

get

get

Retrieve a list of certificates that are going to expire over a specified time interval from the calling account. The response will include the total number of expiring certificates within the specified time period, and each certificate’s serial number and notBefore/notAfter date.

/quotas

get

get

Retrieve the remaining certificate issuance quota from the calling account. The response will return the total number of certificates remaining that can be issued from the user's account.

/claims/domains

get

get

This API allows you to execute domain management functions from your Atlas account. Once a domain is verified, it is added to your account, and certificates can then be issued from the domain.

post

post

Initiate a domain claim (prove ownership of a domain). Enter the fully qualified, IDNA-encoded domain to be validated into the {domain} object.

In the API response, a claimID is returned in the header and the body includes a unique token. When using either the DNS or HTTP validation methods, you load the token into the domain’s DNS TXT record or website, and Atlas uses the claimID to validate the domain against your account.

Initiate a domain claim (prove ownership of a domain). Enter the fully qualified, IDNA-encoded domain to be validated into the {domain} object.

In the API response, a claimID is returned in the header and the body includes a unique token. When using either the DNS or HTTP validation methods, you load the token into the domain’s DNS TXT record or website, and Atlas uses the claimID to validate the domain against your account.

URI Parameters

  • domain: required(string)

    The fully qualified, IDNA-encoded domain to be claimed

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

HTTP status code 201

Returned after accepting the domain claim

Headers

  • Location: required(string)

    The URL of the newly created domain claim

    Example:

    /claims/domains/{claimID}

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • token: required(string)

    The token value received is composed of the globalsign prefix followed by the random value generated

    Example:

    globalsign-domain-verification=A477A8393D17A55ECB2BA6A61F58FEB8
  • assert_by: required(integer)

Example:

{
  "token": "globalsign-domain-verification=A477A8393D17A55ECB2BA6A61F58FEB8",
  "assert_by": 1524570139
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 409

A domain claim already exists for this domain

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Claim for domain already exists"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message",
  "errors": {
    "gsb": "example.com flagged on Google SafeBrowsing list",
    "blacklist": "example.com is not allowed by the blacklist"
  }
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

get delete

get

Retrieve the status of a specific domain claim. Enter your claim ID into the {claimID} object.

delete

Remove the specified claim (based on claimID) and any associated information from Atlas

Retrieve the status of a specific domain claim. Enter your claim ID into the {claimID} object.

URI Parameters

  • claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

HTTP status code 200

Returns requested domain claim

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • token: required(string)

    The token value received is a randomly generated value

    Example:

    A477A8393D17A55ECB2BA6A61F58FEB8
  • id: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

    ID of a claim

  • status: required(one of PENDING, VERIFIED)

    Status of the claim

  • domain: required(string)
  • created_at: required(integer)

    UTC UNIX timestamp marking the time at which the domain claim was created

  • expires_at: (integer)

    UTC UNIX timestamp marking the time at which the OV domain claim expires

  • assert_by: (integer)

    UTC UNIX timestamp marking the time by which this claim has to be asserted. Passed this deadline a client will need to reassert the claim to get a fresh token.

  • last_verified_at: (integer)

    UTC UNIX timestamp marking the time at which the domain claim was last verified or 0 if it has not yet been verified

  • last_verification_method: (string)

    Indicates the way in which the claim was most recently verified

    • "NotSet" indicates the claim is either new or has been reasserted and not yet verified.
    • "DNS" indicates the verification method used is DNS.
    • "HTTP" indicates the verification method used is HTTP.
    • "HTTP_ACME" indicates the verification method used is HTTP and it is an ACME verification request.
    • "EmailConstructed" indicates the verification method used is a constructed email.
    • "EmailSOA" indicates the verification method used is an email from a DNS SOA record.
    • "EmailTXT" indicates the verification method used is an email from a DNS TXT record.
    • "EmailCAA" indicates the verification method used is an email from a DNS CAA record.
  • log: required(array of basic.log_entry)

    List of verification log entries for the domain claim

    Items: log_entry

    • status: required(one of INFO, SUCCESS, ERROR)
    • description: required(string)
    • timestamp: required(integer)

Example:

{
  "id": "A477A8393D17A55ECB2BA6A61F58FEB8",
  "status": "PENDING",
  "token": "A477A8393D17A55ECB2BA6A61F58FEB8",
  "domain": "test.example.com.",
  "created_at": 1557322403,
  "assert_by": 1628429603,
  "log": [
    {
      "status": "ERROR",
      "description": "error verifying domain claim",
      "timestamp": 1577958400
    }
  ]
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 404

Domain claim cannot be found

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Not found"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

Remove the specified claim (based on claimID) and any associated information from Atlas

URI Parameters

  • claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

HTTP status code 202

A previous claim verification check is in progress

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Operation in progress"
}

HTTP status code 204

Claim successfully deleted

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 404

A domain claim for this domain cannot be found

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Not found"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

get post

get

Retrieves a list of Authorization Domain Names (ADNs) for a given claim that can be used to perform DNS Domain Validation

post

Prove ownership of a domain using the DNS validation method

Retrieves a list of Authorization Domain Names (ADNs) for a given claim that can be used to perform DNS Domain Validation

URI Parameters

  • claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

HTTP status code 200

Returns the list of Authorization Domain Names (ADNs)

Body

Media type: application/json;charset=utf-8

Type: array of string

Example:

For the given domain "subdomain.domain.test.com." the Authorization Domain Names are

["test.com", "domain.test.com", "subdomain.domain.test.com"]

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 404

Requested resource is not found

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Not found"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

Prove ownership of a domain using the DNS validation method

URI Parameters

  • claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • authorization_domain: required(string)

    DNS lookup will take place against {authorization_domain}.

    An Authorization Domain Name (ADN) for a Domain Name is the Domain Name with zero or more labels pruned from the left to the right until encountering a Base Domain. The Base Domain is also a valid ADN. Valid values of {authorization_domain} are either an ADN, or an ADN prefixed with a label that begins with an underscore. Up to one CNAME record on {authorization_domain} will be followed.

  • acme_thumbprint: (string)

    Base64 url encoded SHA-256 hash code computed from JWK. It must be set for ACME assertion requests.

Example:

{
  "authorization_domain": "test.demo.ra.globalsign.com",
  "acme_thumbprint": "Qjk0RjZGMTI1Qzc5RTNBNUZGQUE4MjZGNTg0QzEwRDU"
}

HTTP status code 201

DNS domain control assertion request for the domain was created

Headers

  • Content-Length: required(integer - default: 0)

    This response does not return a body

HTTP status code 202

A previous domain control assertion request is pending

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Operation in progress"
}

HTTP status code 204

Domain control assertion request verified

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 424

Claim has expired and needs to be reasserted before scheduling domain control assertion

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Claim expired. Reassert first"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

post

post

Prove ownership of a domain using the HTTP validation method

Prove ownership of a domain using the HTTP validation method

URI Parameters

  • claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
  • Content-Type: required(string - pattern: ^application/json;charset=utf-8$)

    Request Content-Type

  • Content-Length: required(integer - minimum: 1)

    Length of the request in bytes

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • authorization_domain: required(string)

    Control assertion will take place at {authorization_domain}/.well-known/pki-validation/gsdv.txt.

    An Authorization Domain Name (ADN) must match the Domain Name

    The gsdv.txt file may contain multiple validation tokens. The total size of the gsdv.txt may not exceed 1024 bytes.

  • scheme: required(one of HTTP, HTTPS)

    Protocol used to connect and retrieve the file from {authorization_domain}/.well-known/pki-validation/gsdv.txt.

  • acme_thumbprint: (string)

    Base64 url encoded SHA-256 hash code computed from JWK. It must be set for ACME assertion requests.

Example:

{
  "authorization_domain": "test.example.com",
  "scheme": "HTTP",
  "acme_thumbprint": "Qjk0RjZGMTI1Qzc5RTNBNUZGQUE4MjZGNTg0QzEwRDU"
}

HTTP status code 201

HTTP domain control assertion request for the domain was created

Headers

  • Content-Length: required(integer - default: 0)

    This response does not return a body

HTTP status code 202

A previous domain control assertion request is pending

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Operation in progress"
}

HTTP status code 204

Domain control assertion request verified

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 411

Request Content-Length is absent or 0

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Content-Length required"
}

HTTP status code 415

Request content type is not application/json;charset=utf-8

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Content-Type"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 424

Claim has expired and needs to be reasserted before scheduling domain control assertion

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Claim expired. Reassert first"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

get post

get

View a list of email addresses authorized to perform the Email validation method

post

Prove ownership of a domain using the Email validation method

View a list of email addresses authorized to perform the Email validation method

URI Parameters

  • claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

HTTP status code 200

Return the list of authorised email addresses

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • constructed: required(array of string)
  • dns: required(object)

    DNS section of the response for domain control assertion over email. It contains the DNS results for all queried record types. Record types will be the keys of the map (currently only SOA supported).

    • /^.+$/: required(object)

      Contains the emails and errors found for the DNS record type queried for a given domain and all its ADNs.

      • emails: required(array of string)
      • errors: (array of string)

      Example:

      {
  "emails": [
    "test@example.com"
  ],
  "errors": [
    "error retrieving SOA record for \"my.example.com\""
  ]
}

    Example:

    {
  "SOA": {
    "emails": [
      "test@example.com"
    ]
  }
}

Example:

{
  "constructed": [
    "admin@test.com",
    "administrator@test.com",
    "webmaster@test.com",
    "hostmaster@test.com",
    "postmaster@test.com"
  ],
  "dns": {
    "SOA": {
      "emails": [
        "example@test.com"
      ]
    }
  }
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

Prove ownership of a domain using the Email validation method

URI Parameters

  • claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

Headers

  • Content-Length: required(integer - minimum: 1)

    Length of the request in bytes

  • Content-Type: required(string - pattern: ^application/json;charset=utf-8$)

    Request Content-Type

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • email_address: required(string)

    Control assertion will be done by sending an email to {email_address}. That email will contain a link to verify the domain over which to assert control.

HTTP status code 201

Email domain control assertion request for the domain was created

Headers

  • Content-Length: required(integer - default: 0)

    This response does not return a body

HTTP status code 202

A previous domain control assertion request is pending

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Operation in progress"
}

HTTP status code 204

Domain control assertion request verified

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 411

Request Content-Length is absent or 0

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Content-Length required"
}

HTTP status code 415

Request content type is not application/json;charset=utf-8

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Bad Content-Type"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 424

Claim has expired and needs to be reasserted before scheduling domain control assertion

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Claim expired. Reassert first"
}

HTTP status code 429

Request rate exceeded the set limit

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Rate Limit Reached"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}

post

post

This endpoint is used when you want to revalidate an existing domain claim in your account. The claim will keep its status until validation is successfully completed (for instance, if /reassert is used before a domain claim expires, it remains valid until it naturally expires). Enter the original claim ID into the {claimID} URI of this endpoint. The response will return a new token to validate the claim. Then use one of the domain verification methods to validate the domain. Tokens are valid for 30 days.

This endpoint is used when you want to revalidate an existing domain claim in your account. The claim will keep its status until validation is successfully completed (for instance, if /reassert is used before a domain claim expires, it remains valid until it naturally expires). Enter the original claim ID into the {claimID} URI of this endpoint. The response will return a new token to validate the claim. Then use one of the domain verification methods to validate the domain. Tokens are valid for 30 days.

URI Parameters

  • claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)

Headers

  • Authorization: required(string)

    The Authorization header. Only "Bearer" is supported

    Example:

    Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ

HTTP status code 200

Reassert request successful, returns the new token and the assert_by timestamp associated to the claim

Headers

  • Location: required(string)

    The URL of the existing domain claim

    Example:

    /claims/domains/{claimID}

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • token: required(string)

    The token value received is composed of the globalsign prefix followed by the random value generated

    Example:

    globalsign-domain-verification=A477A8393D17A55ECB2BA6A61F58FEB8
  • assert_by: required(integer)

Example:

{
  "token": "globalsign-domain-verification=A477A8393D17A55ECB2BA6A61F58FEB8",
  "assert_by": 1524570139
}

HTTP status code 202

A previous DNS domain control assertion request is pending for this claim

Body

Media type: application/json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Operation in progress"
}

HTTP status code 401

Request is unauthorized

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Unauthorized"
}

HTTP status code 422

Invalid request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Validation error message"
}

HTTP status code 503

System temporarily cannot process the request

Body

Media type: application/problem+json;charset=utf-8

Type: object

Properties
  • description: required(string)
  • id: (string)
  • errors: (object)

    key value error type

    • /^.+$/: required(string)

      key is the error type, and value contains error details

Example:

{
  "description": "Service busy, please retry later",
  "id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}