GlobalSign Atlas Certificate Management API documentation version v2.10
https://emea.api.hvca.globalsign.com:8443/v2
The GlobalSign Atlas Certificate Management API provides high volume certificate issuance and lifecycle management capabilities.
Documentation: https://www.globalsign.com/en/repository/globalsign-atlas-certificate-management-api.pdf
/login
Log in to Atlas with your credentials. The response will contain a token, which you must use when making other requests to the API. The token is valid for 10 minutes.
post /login
Log in to Atlas with your credentials. The response will contain a token, which you must use when making other requests to the API. The token is valid for 10 minutes.
Headers
- Content-Type: required(string - pattern: ^application/json;charset=utf-8$)
Request Content-Type
- Content-Length: required(integer - minimum: 1)
Length of the request in bytes
- X-SSL-Client-Serial: (string)
SSL Client Certificate serial number
Body
Media type: application/json;charset=utf-8
Type: object
Properties- api_key: required(string - pattern: ^[A-Fa-f0-9]{16}$)
- api_secret: required(string - pattern: ^[A-Fa-f0-9]{40}$)
Example:
{
"api_key": "e510e289e6cd8947",
"api_secret": "a477a8393d17a55ecb2ba6a61f58feb84770b621"
}
HTTP status code 200
Authentication was successful
Headers
- Authorization: required(string)
The Authorization header
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Body
Media type: application/json;charset=utf-8
Type: object
Properties- access_token: required(string)
Example:
{
"access_token": "eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ"
}
HTTP status code 400
Request could not be parsed
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Request"
}
HTTP status code 401
Authentication was unsuccessful
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 411
Request Content-Length is absent or 0
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Content-Length required"
}
HTTP status code 415
Request content type is not application/json;charset=utf-8
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Content-Type"
}
HTTP status code 422
Malformed authentication request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Invalid credentials"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
/certificates
Submit a request for a new certificate. The fields that must be supplied with this request are listed below.
post /certificates
Submit a request for a new certificate. The fields that must be supplied with this request are listed below.
Headers
- Content-Type: required(string - pattern: ^application/json;charset=utf-8$)
Request Content-Type
- Content-Length: required(integer - minimum: 1)
Length of the request in bytes
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Body
Media type: application/json;charset=utf-8
Type: object
Properties- validity: required(object)
- not_before: required(integer)
UTC UNIX timestamp
- not_after: (integer)
UTC UNIX timestamp If not specified, or set to 0, then the not_after value is automatically set to the maximum value allowed by the validation policy
- not_before: required(integer)
- subject_dn: required(object)
List of Distinguished Name attributes to include in the certificate. See RFC 5280#4.1.2.6
- country: (string - minLength: 2 - maxLength: 2 - pattern: ^[A-Z]{2}$)
Format: PrintableString, ISO 3166-1 alpha-2 two-letter country code
- state: (string - maxLength: 128)
Format: UTF8String or PrintableString
- locality: (string - maxLength: 128)
Format: UTF8String or PrintableString
- street_address: (string - maxLength: 128)
Format: UTF8String or PrintableString
- postal_code: (string - maxLength: 40)
Format: UTF8String or PrintableString
- organization: (string - maxLength: 64)
Format: UTF8String or PrintableString
- organizational_unit: (array of string)
Format: Array of UTF8String or PrintableString (string - maxLength: 64)
- organization_identifier: (string - maxLength: 64)
Format: UTF8String or PrintableString
- common_name: (string - maxLength: 64)
Format: UTF8String or PrintableString
- surname: (string - maxLength: 64)
Format: UTF8String or PrintableString
- given_name: (string - maxLength: 64)
Format: UTF8String or PrintableString
- email: (string - maxLength: 255)
Format: IA5String
- pseudonym: (string - maxLength: 128)
Format: UTF8String or PrintableString
- jurisdiction_of_incorporation_locality_name: (string - maxLength: 128)
Format: UTF8String or PrintableString
- jurisdiction_of_incorporation_state_or_province_name: (string - maxLength: 128)
Format: UTF8String or PrintableString
- jurisdiction_of_incorporation_country_name: (string - minLength: 2 - maxLength: 2 - pattern: ^[A-Z]{2}$)
Format: PrintableString, ISO 3166-1 alpha-2 two-letter country code
- business_category: (one of “Private Organization”, “Government Entity”, “Business Entity”, “Non-Commercial Entity” - maxLength: 128)
Format: UTF8String or PrintableString
- serial_number: (string - maxLength: 64)
Format: PrintableString
- extra_attributes: (array of basic.type_and_value)
Extra subject distinguished name attributes to include by OID and value
Items: type_and_value
- type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
Object Identifier such as 1.3.6.1.4.1.311.20.2
- value: (string)
- type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
Example:
{ "common_name": "John Doe", "surname": "Doe", "given_name": "John", "country": "GB", "state": "London", "locality": "London", "street_address": "1 GlobalSign Road", "postal_code": "E1", "organization": "GMO GlobalSign", "organizational_unit": [ "Operations", "Development" ], "organization_identifier": "PSDFI-FINFSA-29884997", "email": "john.doe@demo.hvca.globalsign.com", "pseudonym": "whatshisname", "jurisdiction_of_incorporation_locality_name": "London", "jurisdiction_of_incorporation_state_or_province_name": "London", "jurisdiction_of_incorporation_country_name": "United Kingdom", "business_category": "Internet security", "serial_number": "AA0448C4AE22702EF2C7A9BD7FA09743", "extra_attributes": [ { "type": "2.5.4.43", "value": "GS" } ] }
- country: (string - minLength: 2 - maxLength: 2 - pattern: ^[A-Z]{2}$)
- san: (object)
List of Subject Alternative Name attributes to include in the certificate. See RFC 5280#4.2.1.6
- dns_names: (array of string)
- emails: (array of string)
- ip_addresses: (array of string)
- uris: (array of string)
- other_names: (array of basic.type_and_value)
Items: type_and_value
- type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
Object Identifier such as 1.3.6.1.4.1.311.20.2
- value: (string)
- type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
Example:
{ "dns_names": [ "test.demo.hvca.globalsign.com", "test2.demo.hvca.globalsign.com" ], "ip_addresses": [ "198.41.214.154" ], "uris": [ "http://test.demo.hvca.globalsign.com/uri" ], "emails": [ "admin@demo.hvca.globalsign.com", "contact@demo.hvca.globalsign.com" ], "other_names": [ { "type": "1.3.6.1.4.1.311.20.2.3", "value": "upn@demo.hvca.globalsign.com" } ] }
- key_usages: (object)
Validation policy for key_usages field. If the field is present at least one of the fields must be set to TRUE
- digital_signature: (boolean)
The digital signature field is asserted when the subject public key is used for verifying digital signatures, other than signatures on certificates and CRLs, such as those used in an entity authentication service, a data origin authentication service, and/or an integrity service.
- content_commitment: (boolean)
The content commitment field is asserted when the subject public key is used to verify digital signatures, other than signatures on certificates and CRLs, used to provide a non-repudiation service that protects against the signing entity falsely denying some action. In the case of later conflict, a reliable third party may determine the authenticity of the signed data. (Note that in older editions of X.509 this field used to be referred to as nonRepudiation.)
- key_encipherment: (boolean)
The key encipherment field is asserted when the subject public key is used for enciphering private or secret keys, i.e., for key transport. For example, this bit shall be set when an RSA public key is to be used for encrypting a symmetric content-decryption key or an asymmetric private key.
- data_encipherment: (boolean)
The data encipherment field is asserted when the subject public key is used for directly enciphering raw user data without the use of an intermediate symmetric cipher. Note that the use of this bit is extremely uncommon; almost all applications use key transport or key agreement to establish a symmetric key.
- key_agreement: (boolean)
The key agreement field is asserted when the subject public key is used for key agreement. For example, when a Diffie-Hellman key is to be used for key management, then this bit is set.
- key_certificate_sign: (boolean)
The key certificate sign field is asserted when the subject public key is used for verifying signatures on public key certificates. If this field is asserted, then the cA field in the basic constraints extension (Section 4.2.1.9 of rfc 5280) MUST also be asserted.
- crl_sign: (boolean)
The crl sign field is asserted when the subject public key is used for verifying signatures on certificate revocation lists (e.g., CRLs, delta CRLs, or ARLs).
- encipher_only: (boolean)
The meaning of the encipher only bit is undefined in the absence of the keyAgreement bit. When the encipherOnly bit is asserted and the keyAgreement bit is also set, the subject public key may be used only for enciphering data while performing key agreement.
- decipher_only: (boolean)
The meaning of the decipher only field is undefined in the absence of the key agreement field. When the decipherOnly bit is asserted and the keyAgreement field is also set, the subject public key may be used only for deciphering data while performing key agreement.
Example:
{ "digital_signature": true, "content_commitment": false, "key_encipherment": true, "data_encipherment": false, "key_agreement": true, "key_certificate_sign": true, "crl_sign": false, "encipher_only": true, "decipher_only": true }
- digital_signature: (boolean)
- extended_key_usages: (array of basic.oid)
List of Extended Key Usages to include in the certificate. See RFC 5280#4.2.1.12
Example:
[ "1.3.6.1.5.5.7.3.1", "1.3.6.1.5.5.7.3.2" ]
- subject_da: (object)
List of Subject Directory Attributes to include in the certificate. See RFC3739
- gender: (string)
- date_of_birth: (date-only)
RFC3339 date. As per RFC3739, the resulting attribute will specify time as GMT 12.00.00 (noon)
- place_of_birth: (string)
- country_of_citizenship: (array of basic.country_code)
List of ISO 3166-1 Alpha-2 country codes
- country_of_residence: (array of basic.country_code)
List of ISO 3166-1 Alpha-2 country codes
- extra_attributes: (array of basic.type_and_value)
Extra subject directory attributes to include by OID and value
Items: type_and_value
- type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
Object Identifier such as 1.3.6.1.4.1.311.20.2
- value: (string)
- type: required(string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
Example:
{ "gender": "m", "date_of_birth": "1979-01-31", "place_of_birth": "London", "country_of_citizenship": [ "GB", "US" ], "country_of_residence": [ "US" ], "extra_attributes": [ { "type": "2.5.29.9.1.1.1" }, { "type": "2.5.29.9.1.1.2", "value": "custom subject da value" } ] }
- qualified_statements: (object)
List of qualified statements to include in the certificate See RFC 3739#3.2.6
- semantics: (object)
If present QC-Statement identifier will be id-qcs-pkixQCSyntax-v2. See RFC 3739#3.2.6.1
- identifier: (string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
SemanticsIdentifier as per RFC 3739#3.2.6.1.
- name_authorities: (array of string)
NameRegistrationAuthorities as per RFC 3739#3.2.6.1. QC-Statement identifier will be id-qcs-pkixQCSyntax-v2 (1.3.6.1.5.5.7.11.2).
- identifier: (string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
- etsi_qc_compliance: (boolean)
This QCstatement claims that the certificate is an EU qualified certificate that is issued according to Directive 1999/93/EC [i.3] or the Annex I, III or IV of the Regulation (EU) No 910/2014 [i.8] whichever is in force at the time of issuance. See ETSI EN 319 412-5 V2.1.1#4.2.1
- etsi_qc_sscd_compliance: (boolean)
This QCstatement declares that the private key related to the certified public key resides in a Qualified Signature/Seal Creation Device (QSCD) according to the Regulation (EU) No 910/2014 [i.8] or a secure signature creation device as defined in the Directive 1999/93/EC [i.3]. See ETSI EN 319 412-5 V2.1.1#4.2.2
- etsi_qc_type: (string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
This QCStatement declares that a EU qualified certificate is issued as one or more specific types according to Annexes I, III or IV of the Regulation (EU) No 910/2014 [i.8] when used in combination with the qcStatement as defined in clause 4.2.1. When used on its own it indicates that it is used for the purposes of electronic signatures, seals or web sites for "non-qualified certificates" within the context of Regulation (EU) No 910/2014 [i.8]. See ETSI EN 319 412-5 V2.1.1#4.2.3
- etsi_qc_retention_period: (integer)
This QCStatement declares a retention period for material information relevant to the use of and reliance on a certificate, expressed as a number of years after the expiry date of the certificate. See ETSI EN 319 412-5 V2.1.1#4.3.3
- etsi_qc_pds: (object)
This QCStatement holds URLs to PKI Disclosure Statements (PDS) in accordance with Annex A of ETSI EN 319 411-1. See ETSI EN 319 412-5 V2.1.1#4.3.4.
- /^[A-Z]{2}/: required(string)
The key indicates the language of the PDS and shall be as defined in ISO 639-1. The value corresponds to the URL at which the PDS can be accessed.
- /^[A-Z]{2}/: required(string)
Example:
{ "semantics": { "identifier": "1.1.1.1.1.1", "name_authorities": [ "contact@ra1.hvsign.globalsign.com" ] }, "etsi_qc_compliance": true, "etsi_qc_type": "0.4.0.1862.1.6.1", "etsi_qc_sscd_compliance": true, "etsi_qc_retention_period": 1, "etsi_qc_pds": { "EN": "https://demo.hvsign.globalsign.com/en/pds" } }
- semantics: (object)
- ms_extension_template: (object)
Values to populate Microsoft template extension (91.3.6.1.4.1.311.21.7) with
- id: (string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
Object Identifier such as 1.3.6.1.4.1.311.20.2
- major_version: (integer)
- minor_version: (integer)
Example:
{ "id": "1.2.3.4.123.4.5.1", "major_version": 1, "minor_version": 2 }
- id: (string - pattern: ^([0-9]{1,9}\.){0,63}[0-9]+$)
- custom_extensions: (object)
List of custom extensions to include in the certificate as X509v3 extensions. See RFC5280#4.2
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(string)
The key indicates the object identifier of the custom extension and the value will be formatted as defined by the corresponding validation policy.
Example:
{ "2.5.29.99.1": "NIL", "2.5.29.99.2": "SOME TEXT" }
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(string)
- signature: (object)
- algorithm: (one of RSA, RSA-PSS, ECDSA)
- hash_algorithm: (one of SHA-256, SHA-384, SHA-512)
- public_key: required(string - pattern: -{5}BEGIN PUBLIC KEY|BEGIN [NEW ]CERTIFICATE REQUEST-{5}.+-{5}END PUBLIC KEY|END [NEW ]CERTIFICATE REQUEST-{5})
Either a PEM-encoded SubjectPublicKeyInfo ASN1 structure (defined in RFC 5280) or a PEM encoded PKCS10 CertificationRequest ASN1 structure (defined in RFC2986). The validation policy, retrievable from /validationpolicy, specifies which key format is allowed under public_key.key_format.
SubjectPublicKeyInfo: RSA public key: subjectPublicKey field is defined in RFC 3447. ECDSA public key: subjectPublicKey field is defined in RFC 5480. Only SECP curves are supported.
PKCS10: Only the SubjectPublicKeyInfo and the Signature values are used. Any values in subject or attributes are discarded.
The PEM encoding format (defined in RFC 1421) requires a line length of 64 characters except for the last line which can be shorter. In JSON newlines are delimited with ASCII newline symbol "\n". Please see the example public_key field.
- public_key_signature: (string)
Base64 encoded signature of the DER representation of the public key sent in the public_key field. Not valid in combination with PKCS10 key_format. Only the SHA256 digest algorithm is supported. For RSA signature use EMSA-PKCS1-v1_5 encoding (defined in RFC 3447). PSS is not supported. For ECDSA signature use DER encoded ECDSA-Sig-Value (defined in RFC 5480 or ANSI X9.62:2005)
Example:
{
"validity": {
"not_before": 1477958400,
"not_after": 1509494400
},
"subject_dn": {
"common_name": "John Doe",
"surname": "Doe",
"given_name": "John",
"country": "GB",
"state": "London",
"locality": "London",
"street_address": "1 GlobalSign Road",
"postal_code": "E1",
"organization": "GMO GlobalSign",
"organizational_unit": [
"Operations",
"Development"
],
"organization_identifier": "PSDFI-FINFSA-29884997",
"email": "john.doe@demo.hvca.globalsign.com",
"pseudonym": "whatshisname",
"jurisdiction_of_incorporation_locality_name": "London",
"jurisdiction_of_incorporation_state_or_province_name": "London",
"jurisdiction_of_incorporation_country_name": "United Kingdom",
"business_category": "Internet security",
"serial_number": "AA0448C4AE22702EF2C7A9BD7FA09743",
"extra_attributes": [
{
"type": "2.5.4.43",
"value": "GS"
}
]
},
"san": {
"dns_names": [
"test.demo.hvca.globalsign.com",
"test2.demo.hvca.globalsign.com"
],
"ip_addresses": [
"198.41.214.154"
],
"uris": [
"http://test.demo.hvca.globalsign.com/uri"
],
"emails": [
"admin@demo.hvca.globalsign.com",
"contact@demo.hvca.globalsign.com"
],
"other_names": [
{
"type": "1.3.6.1.4.1.311.20.2.3",
"value": "upn@demo.hvca.globalsign.com"
}
]
},
"subject_da": {
"gender": "m",
"date_of_birth": "1979-01-31",
"place_of_birth": "London",
"country_of_citizenship": [
"GB",
"US"
],
"country_of_residence": [
"US"
],
"extra_attributes": [
{
"type": "2.5.29.9.1.1.1"
},
{
"type": "2.5.29.9.1.1.2",
"value": "custom subject da value"
}
]
},
"key_usages": {
"digital_signature": true,
"content_commitment": false,
"key_encipherment": true,
"data_encipherment": false,
"key_agreement": true,
"key_certificate_sign": false,
"crl_sign": false,
"encipher_only": true,
"decipher_only": true
},
"extended_key_usages": [
"1.3.6.1.5.5.7.3.1",
"1.3.6.1.5.5.7.3.2"
],
"qualified_statements": {
"semantics": {
"identifier": "1.1.1.1.1.1",
"name_authorities": [
"contact@ra1.globalsign.com"
]
},
"etsi_qc_compliance": true,
"etsi_qc_type": "0.4.0.1862.1.6.1",
"etsi_qc_sscd_compliance": true,
"etsi_qc_retention_period": 1,
"etsi_qc_pds": {
"EN": "https://demo.globalsign.com/en/pds"
}
},
"ms_extension_template": {
"id": "1.2.3.4.123.4.5.1",
"major_version": 1,
"minor_version": 2
},
"custom_extensions": {
"2.5.29.99.1": "NIL",
"2.5.29.99.2": "SOME TEXT"
},
"signature": {
"algorithm": "RSA-PSS",
"hash_algorithm": "SHA-256"
},
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU2imlDf02o8DPveLN73\nwbrQKScch9AnkMuQqBxxq5YBUAvPDXYeeA8tkgk+N2Q5FNL/BXI0m1QTlq8FbdAQ\nKkpi93vimsymHpkBFTxZSqMcI55vyLanjfMOnZ7Xbgq0hhub/K6FZpFCJ2oqoLwr\nY5hBYAGYQco5qw4nbR9Mpeu41QGQzrGjYIKNOVgXh/m41FOGDsQntecaLAluTg+E\n/Qmb8U7XZVBn3/DPyiXrfobuBlnmEbPjQ95LAvRLzcHzWY0YB1dfGzbcK1PaGRLE\nod2C1QCGK+YWzeUWEyHqgNEncQDMFYFKUd1IhR6OSmVB1ukXa0y8eZBVWsoxXr2X\nlQIDAQAB\n-----END PUBLIC KEY-----",
"public_key_signature": "MIGIAkIA6CotF+LAs2MeymHWul2KuatxcqWDpvhgaEJCI+joyj7p9XEUyH5pBTJ2VqvO0hKYEm+dZl8KKD7ISHWz8Vfb9cECQgFwaB7u/5cw4kT5gv9BPTlxCSiZRlRPVbTbYWl/BeaWAwrt3oEqDuHXOwIQscj/887bBEN/SnYGpKkKe/qdKEd0gw=="
}
HTTP status code 201
Issuance request has been accepted
Headers
- Location: required(string)
The URL of the newly created certificate
Example:
{baseUri}/certificates/{certificate}
- Content-Length: required(integer - default: 0)
This response does not contain a body
HTTP status code 400
Request could not be parsed
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Request"
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 402
Quota has been reached
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Quota Reached"
}
HTTP status code 411
Request Content-Length is absent or 0
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Content-Length required"
}
HTTP status code 415
Request content type is not application/json;charset=utf-8
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Content-Type"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 429
Request rate exceeded the set limit
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Rate Limit Reached"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Retrieve a certificate. Place the certificate serial number in the {certificate} object.
Revoke a certificate. Place the certificate serial number in the {certificate} object.
Deprecated
- This endpoint is not recommended for use and is subject to removal in future major releases.
- It is recommended to use the /certificates/{certificate} PATCH endpoint instead.
Revoke a certificate. Place the certificate serial number in the {certificate} object.
get /certificates/{certificate}
Retrieve a certificate. Place the certificate serial number in the {certificate} object.
URI Parameters
- certificate: required(string)
Certificate identifier
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Certificate is available for retrieval
Body
Media type: application/json;charset=utf-8
Type: object
Properties- certificate: required(string - pattern: -{5}BEGIN CERTIFICATE-{5}.+-{5}END CERTIFICATE-{5})
The PEM-encoded certificate. The PEM encoding format (defined in RFC 1421) requires a line length of 64 characters, except for the last line which can be shorter. In JSON newlines are delimited with ASCII newline symbol "\n".
- status: required(one of ISSUED, REVOKED)
- updated_at: required(integer)
- not_after: required(integer)
UTC UNIX timestamp after which the certificate is no longer valid
Example:
1524573739
- revocation_information: (object)
This is returned only if the certificate status is REVOKED.
- reason: required(one of unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise)
Reason for which the certificate was revoked.
- time: required(integer)
UTC UNIX timestamp from which the certificate should be considered as revoked.
- reason: required(one of unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, removeFromCRL, privilegeWithdrawn, aACompromise)
Example:
{
"certificate": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"status": "REVOKED",
"updated_at": 1477958400,
"not_after": 1493510400,
"revocation_information": {
"time": 1477958400,
"reason": "keyCompromise"
}
}
HTTP status code 202
Issuance in progress
Body
Media type: application/json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Operation in progress"
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
Certificate not found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 429
Request rate exceeded the set limit
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Rate Limit Reached"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
delete /certificates/{certificate}
Revoke a certificate. Place the certificate serial number in the {certificate} object.
Deprecated
- This endpoint is not recommended for use and is subject to removal in future major releases.
- It is recommended to use the /certificates/{certificate} PATCH endpoint instead.
URI Parameters
- certificate: required(string)
Certificate identifier
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 204
Certificate successfully revoked
HTTP status code 400
Request could not be parsed
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Request"
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
Certificate not found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 409
Certificate is already revoked or pending issuance
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Cannot revoke a REJECTED certificate"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 429
Request rate exceeded the set limit
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Rate Limit Reached"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
patch /certificates/{certificate}
Revoke a certificate. Place the certificate serial number in the {certificate} object.
URI Parameters
- certificate: required(string)
Certificate identifier
Headers
- Content-Type: required(string - pattern: ^application/json;charset=utf-8$)
Request Content-Type
- Content-Length: required(integer - minimum: 1)
Length of the request in bytes
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Body
Media type: application/json;charset=utf-8
Type: object
Properties- revocation_reason: required(one of unspecified, keyCompromise, affiliationChanged, cessationOfOperation, superseded)
Revocation reason as per RFC 5280 section 5.3.1
- revocation_time: (integer)
UTC UNIX timestamp at which the key was compromised. This property is allowed only when revocation reason is keyCompromise. (Notice that if provided, this value is currently ignored. revocation_time will always be set to the current time.)
- key_compromise_attestation: (string)
PEM-encoded PKCS10 Certificate Signing Request containing the following information: The Subject Public Key Info section of the CSR will contain the key being reported as compromised. The CSR will be signed using the compromised private key associated with the public key in the Subject Public Key Info section. The Subject Common Name in the CSR will exactly contain the following string: "kca=v1 This Key Is Compromised". The CSR will contain an extension request for an RFC7169 No Secrecy Afforded extension. This extension has OID 1.3.6.1.5.5.7.1.23 and must be marked as critical. The extension contains a single Boolean field however the value provided is irrelevant.
Example:
{
"revocation_reason": "keyCompromise",
"revocation_time": 946688461,
"key_compromise_attestation": "-----BEGIN CERTIFICATE REQUEST-----\nMIICkzCCAXsCAQAwKTEnMCUGA1UEAwwea2NhPXYxIFRoaXMgS2V5IElzIENvbXBy\nb21pc2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgbZ3rbOz4As\nQ/M9cAhHWEL/ZukZjhbQtOx/X1VOhQItnGg26cvfGN6M2wqVBxlMcMgeUClNl6JD\nU/cJLXxGlh1hZjmsSZEsTuozMx1kCEK+TXOV6MtHsWHqn8Tm4ky4anphqLMkywdu\n/FLAOdqSUNddddoj+vPHX/3M/5or7TVgfvDbcB+FFL04n1Yw+fuTXW1nNZQ1Z2KF\nXUMa+8p8i2y48IOZ9r2PsXGYuwuKHKkQuVa1uuuQArOlEVn+xF7ZedZ5CkPaV35F\ngu+KrhDCeJQ+E3VwoYCmMYVVxHPSneY0BNdEnjgUQxhXGKPiF/7/N4VEhEvKQsTd\nUNEL30lshQIDAQABoCUwIwYJKoZIhvcNAQkOMRYwFDASBggrBgEFBQcBFwEB/wQD\nAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB6VCXlE4NlAeXs7vdXGcsPc8V2Y1v27JI9\neRtSio0vBj+y0XPzLBo3ScOcbynyb5eHIdIHC1FFf62sBbs35AW/Vp8QyQGskO1Q\nMntvsrDY7SLj4R3dfn+7wbcmv0v9XTos17CzCjj0qNe1/Ho3Y7l+4eURwnnalAlj\nKLkm2I6u6mxkSfK+CpMo6wF5OJo0ghA1Cg6AvXdp/Y0kqKRLuN6HUQ8JOIkh6qqa\nGa3NXSC29EcMd/Pkd7wEWaW+JyYe8oAhpKD1YsxUWfeXZhzTYBe0jESYr2xv4bF6\nSCVlAkO0jeeooZkwPw9mkNwOpIrtBo/0VFTIOO56PA067JnoHMf7\n-----END CERTIFICATE REQUEST-----"
}
HTTP status code 204
Certificate successfully revoked
HTTP status code 400
Request could not be parsed
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Request"
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
Certificate not found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 409
Certificate is already revoked or pending issuance
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Cannot revoke a REJECTED certificate"
}
HTTP status code 411
Request Content-Length is absent or 0
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Content-Length required"
}
HTTP status code 412
Access to the target resource has been denied due to an unfulfilled precondition
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Precondition Failed"
}
HTTP status code 415
Request content type is not application/json;charset=utf-8
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Content-Type"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 429
Request rate exceeded the set limit
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Rate Limit Reached"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Submit a rekey request for an existing ISSUED certificate. The fields that must be supplied with this request are listed below.
post /certificates/{certificate}/rekey
Submit a rekey request for an existing ISSUED certificate. The fields that must be supplied with this request are listed below.
URI Parameters
- certificate: required(string)
Certificate identifier
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
- Content-Type: required(string - pattern: ^application/json;charset=utf-8$)
Request Content-Type
- Content-Length: required(integer - minimum: 1)
Length of the request in bytes
Body
Media type: application/json;charset=utf-8
Type: object
Properties- signature: (object)
- algorithm: (one of RSA, RSA-PSS, ECDSA)
- hash_algorithm: (one of SHA-256, SHA-384, SHA-512)
- public_key: required(string - pattern: -{5}BEGIN PUBLIC KEY|BEGIN [NEW ]CERTIFICATE REQUEST-{5}.+-{5}END PUBLIC KEY|END [NEW ]CERTIFICATE REQUEST-{5})
Either a PEM-encoded SubjectPublicKeyInfo ASN1 structure (defined in RFC 5280) or a PEM encoded PKCS10 CertificationRequest ASN1 structure (defined in RFC2986). The validation policy, retrievable from /validationpolicy, specifies which key format is allowed under public_key.key_format.
SubjectPublicKeyInfo: RSA public key: subjectPublicKey field is defined in RFC 3447. ECDSA public key: subjectPublicKey field is defined in RFC 5480. Only SECP curves are supported.
PKCS10: Only the SubjectPublicKeyInfo and the Signature values are used. Any values in subject or attributes are discarded.
The PEM encoding format (defined in RFC 1421) requires a line length of 64 characters except for the last line which can be shorter. In JSON newlines are delimited with ASCII newline symbol "\n". Please see the example public_key field.
- public_key_signature: (string)
Base64 encoded signature of the DER representation of the public key sent in the public_key field. Not valid in combination with PKCS10 key_format. Only the SHA256 digest algorithm is supported. For RSA signature use EMSA-PKCS1-v1_5 encoding (defined in RFC 3447). PSS is not supported. For ECDSA signature use DER encoded ECDSA-Sig-Value (defined in RFC 5480 or ANSI X9.62:2005)
Example:
{
"signature": {
"algorithm": "RSA-PSS",
"hash_algorithm": "SHA-256"
},
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU2imlDf02o8DPveLN73\nwbrQKScch9AnkMuQqBxxq5YBUAvPDXYeeA8tkgk+N2Q5FNL/BXI0m1QTlq8FbdAQ\nKkpi93vimsymHpkBFTxZSqMcI55vyLanjfMOnZ7Xbgq0hhub/K6FZpFCJ2oqoLwr\nY5hBYAGYQco5qw4nbR9Mpeu41QGQzrGjYIKNOVgXh/m41FOGDsQntecaLAluTg+E\n/Qmb8U7XZVBn3/DPyiXrfobuBlnmEbPjQ95LAvRLzcHzWY0YB1dfGzbcK1PaGRLE\nod2C1QCGK+YWzeUWEyHqgNEncQDMFYFKUd1IhR6OSmVB1ukXa0y8eZBVWsoxXr2X\nlQIDAQAB\n-----END PUBLIC KEY-----",
"public_key_signature": "MIGIAkIA6CotF+LAs2MeymHWul2KuatxcqWDpvhgaEJCI+joyj7p9XEUyH5pBTJ2VqvO0hKYEm+dZl8KKD7ISHWz8Vfb9cECQgFwaB7u/5cw4kT5gv9BPTlxCSiZRlRPVbTbYWl/BeaWAwrt3oEqDuHXOwIQscj/887bBEN/SnYGpKkKe/qdKEd0gw=="
}
HTTP status code 201
Rekey request has been accepted
Headers
- Location: required(string)
The URL of the newly created certificate
Example:
{baseUri}/certificates/{certificate}
- Content-Length: required(integer - default: 0)
This response does not contain a body
HTTP status code 400
Request could not be parsed
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Request"
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
Requested resource is not found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 411
Request Content-Length is absent or 0
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Content-Length required"
}
HTTP status code 415
Request content type is not application/json;charset=utf-8
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Content-Type"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 429
Request rate exceeded the set limit
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Rate Limit Reached"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
/trustchain
Retrieve the chain of trust for the certificates in your account, starting with the issuing CA and ending with the root CA.
get /trustchain
Retrieve the chain of trust for the certificates in your account, starting with the issuing CA and ending with the root CA.
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Returns the chain of trust for certificates issued by your account, starting with the issuing CA and ending with the root CA.
Body
Media type: application/json;charset=utf-8
Type: array of string
Example:
[
"-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----"
]
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
/validationpolicy
Retrieve your account's validation policy. The Account Validation Policy is where certificate subject information is defined. Only one Validation Policy can be linked to a user account.
get /validationpolicy
Retrieve your account's validation policy. The Account Validation Policy is where certificate subject information is defined. Only one Validation Policy can be linked to a user account.
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Returns the validation policy associated with your account
Body
Media type: application/json;charset=utf-8
Type: object
Properties- validity: required(object)
- secondsmin: required(integer)
- secondsmax: required(integer)
- not_before_negative_skew: required(integer)
Maximum deviation of the certificate request not_before field from the current server timestamp in the past
- not_before_positive_skew: required(integer)
Maximum deviation of the certificate request not_before field from the current server timestamp in the future
- issuer_expiry: required(integer)
The Epoch timestamp indicating when the issuer configured for your service will expire. This is the maximum not_after value it is possible to have included in a certificate requested from this service.
- subject_dn: (object)
Validation policy for subject_dn field.
- common_name: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- format: required(string)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- surname: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- given_name: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- organization: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- organizational_unit: required(object)
Validation policy for list fields that are validated by regex matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- organization_identifier: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- country: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- state: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- locality: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- street_address: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- postal_code: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- email: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- pseudonym: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- jurisdiction_of_incorporation_locality_name: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- jurisdiction_of_incorporation_state_or_province_name: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- jurisdiction_of_incorporation_country_name: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- business_category: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- serial_number: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- format: required(string)
- extra_attributes: required(object)
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(object)
Validation policy for type_and_value fields.
- static: required(boolean)
- value_type: required(one of IA5STRING, PRINTABLESTRING, UTF8STRING, INTEGER, DER, NIL)
This field describes what ASN.1 type the value in a type_and_value object should be encoded as. IA5STRING: International ASCII characters (International Alphabet 5). PRINTABLESTRING: a-z, A-Z, 0-9, ' () +,-.?:/= and SPACE. UTF8STRING: any character from a recognized alphabet (including ASCII control characters). INTEGER: values can be positive, negative, or zero, and can have any magnitude. DER: hex string of DER encoded data which will be used as-is. Should include Tag Length and Value. NIL: Indicates no value will be present.
- value_format: (string)
- mincount: required(integer)
- maxcount: required(integer)
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(object)
Example:
{ "common_name": { "presence": "REQUIRED", "format": "^[A-Za-z][A-Za-z -]+$" }, "surname": { "presence": "REQUIRED", "format": "^[A-Za-z][A-Za-z -]+$" }, "given_name": { "presence": "REQUIRED", "format": "^[A-Za-z][A-Za-z -]+$" }, "organization": { "presence": "STATIC", "format": "GMO GlobalSign" }, "organizational_unit": { "static": false, "list": [ "^[A-Za-z][A-Za-z \\-]+$" ], "mincount": 1, "maxcount": 3 }, "organization_identifier": { "presence": "OPTIONAL", "format": "^[A-Za-z][A-Za-z \\-]+$" }, "country": { "presence": "STATIC", "format": "GB" }, "state": { "presence": "OPTIONAL", "format": "^[A-Za-z][A-Za-z \\-]+$" }, "locality": { "presence": "OPTIONAL", "format": "^[A-Za-z][A-Za-z \\-]+$" }, "street_address": { "presence": "OPTIONAL", "format": "^\\w+$" }, "postal_code": { "presence": "OPTIONAL", "format": "^[A-Za-z][A-Za-z \\-]+$" }, "email": { "presence": "REQUIRED", "format": "^\\w[-._\\w]*\\w@\\w[-._\\w]*\\w.\\w{2,3}" }, "pseudonym": { "presence": "OPTIONAL", "format": "^[A-Za-z][A-Za-z]+$" }, "jurisdiction_of_incorporation_locality_name": { "presence": "OPTIONAL", "format": "^[A-Za-z \\-]*$" }, "jurisdiction_of_incorporation_state_or_province_name": { "presence": "OPTIONAL", "format": "^[A-Za-z \\-]*$" }, "jurisdiction_of_incorporation_country_name": { "presence": "FORBIDDEN", "format": "^[A-Za-z \\-]*$" }, "business_category": { "presence": "OPTIONAL", "format": "^[A-Za-z \\-]*$" }, "serial_number": { "presence": "OPTIONAL", "format": "^[A-Za-z \\-]*$" }, "extra_attributes": { "1.3.6.1.5.5.7.48.1.5": { "static": true, "value_type": "PRINTABLESTRING", "value_format": "static attribute", "mincount": 1, "maxcount": 1 }, "1.3.6.1.5.5.7.48.1.6": { "static": false, "value_type": "UTF8STRING", "value_format": "^[A-Za-z \\\\-]*$", "mincount": 0, "maxcount": 3 } } }
- common_name: required(object)
- san: (object)
Validation policy for san field.
- dns_names: required(object)
Validation policy for list fields that are validated by suffix matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- emails: required(object)
Validation policy for list fields that are validated by suffix matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- uris: required(object)
Validation policy for list fields that are validated by regex matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- ip_addresses: required(object)
Validation policy for list fields that are validated by regex matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- other_names: required(object)
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(object)
Validation policy for type_and_value fields.
- static: required(boolean)
- value_type: required(one of IA5STRING, PRINTABLESTRING, UTF8STRING, INTEGER, DER, NIL)
This field describes what ASN.1 type the value in a type_and_value object should be encoded as. IA5STRING: International ASCII characters (International Alphabet 5). PRINTABLESTRING: a-z, A-Z, 0-9, ' () +,-.?:/= and SPACE. UTF8STRING: any character from a recognized alphabet (including ASCII control characters). INTEGER: values can be positive, negative, or zero, and can have any magnitude. DER: hex string of DER encoded data which will be used as-is. Should include Tag Length and Value. NIL: Indicates no value will be present.
- value_format: (string)
- mincount: required(integer)
- maxcount: required(integer)
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(object)
Example:
{ "dns_names": { "static": false, "list": [ ".hvca.demo.globalsign.com" ], "mincount": 0, "maxcount": 1 }, "emails": { "static": false, "list": [ "@hvca.demo.globalsign.com" ], "mincount": 0, "maxcount": 1 }, "ip_addresses": { "static": false, "list": [], "mincount": 0, "maxcount": 0 }, "uris": { "static": false, "list": [ ".*\\.hvca\\.demo\\.globalsign\\.com/[A-Za-z /.]*$" ], "mincount": 0, "maxcount": 1 }, "other_names": { "1.3.6.1.5.5.7.48.1.5": { "static": false, "value_type": "UTF8STRING", "value_format": "^[A-Za-z.-]@demo.globalsign.com", "mincount": 0, "maxcount": 1 } } }
- dns_names: required(object)
- key_usages: (object)
Validation policy for key_usages field.
- digital_signature: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- content_commitment: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- key_encipherment: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- data_encipherment: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- key_agreement: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- key_certificate_sign: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- crl_sign: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- encipher_only: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- decipher_only: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
Example:
{ "digital_signature": "OPTIONAL", "content_commitment": "OPTIONAL", "key_encipherment": "OPTIONAL", "data_encipherment": "OPTIONAL", "key_agreement": "OPTIONAL", "key_certificate_sign": "OPTIONAL", "crl_sign": "OPTIONAL", "encipher_only": "OPTIONAL", "decipher_only": "OPTIONAL" }
- digital_signature: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
- extended_key_usages: (object)
Validation policy for extended_key_usages field.
- ekus: required(object)
Validation policy for list fields that are validated by regex matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- critical: required(boolean)
Example:
{ "ekus": { "static": false, "list": [ "^1.3.6.1.5.5.7.3.[1-3]$" ], "mincount": 1, "maxcount": 3 }, "critical": true }
- ekus: required(object)
- subject_da: (object)
Validation policy for subject_da field.
- gender: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- format: required(string)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- date_of_birth: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- place_of_birth: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- format: required(string)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- country_of_citizenship: required(object)
Validation policy for list fields that are validated by regex matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- country_of_residence: required(object)
Validation policy for list fields that are validated by regex matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- extra_attributes: required(object)
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(object)
Validation policy for type_and_value fields.
- static: required(boolean)
- value_type: required(one of IA5STRING, PRINTABLESTRING, UTF8STRING, INTEGER, DER, NIL)
This field describes what ASN.1 type the value in a type_and_value object should be encoded as. IA5STRING: International ASCII characters (International Alphabet 5). PRINTABLESTRING: a-z, A-Z, 0-9, ' () +,-.?:/= and SPACE. UTF8STRING: any character from a recognized alphabet (including ASCII control characters). INTEGER: values can be positive, negative, or zero, and can have any magnitude. DER: hex string of DER encoded data which will be used as-is. Should include Tag Length and Value. NIL: Indicates no value will be present.
- value_format: (string)
- mincount: required(integer)
- maxcount: required(integer)
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(object)
Example:
{ "gender": { "presence": "OPTIONAL", "format": "^[MmFf]$" }, "date_of_birth": "OPTIONAL", "place_of_birth": { "presence": "OPTIONAL", "format": "^[A-Za-z \\\\-]*$" }, "country_of_citizenship": { "static": true, "list": [ "GB", "US" ], "mincount": 2, "maxcount": 2 }, "country_of_residence": { "static": false, "list": [ "GB", "US" ], "mincount": 0, "maxcount": 2 }, "extra_attributes": { "1.3.6.1.5.5.7.48.1.5": { "static": true, "value_type": "PRINTABLESTRING", "value_format": "static attribute", "mincount": 1, "maxcount": 1 }, "1.3.6.1.5.5.7.48.1.6": { "static": false, "value_type": "UTF8STRING", "value_format": "^[A-Za-z \\\\-]*$", "mincount": 1, "maxcount": 3 } } }
- gender: required(object)
- qualified_statements: (object)
Validation policy for qualified_statements field.
- semantics: required(object)
- identifier: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- format: required(string)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- name_authorities: required(object)
Validation policy for list fields that are validated by regex matching.
- static: required(boolean)
- list: required(array of string)
- mincount: required(integer)
- maxcount: required(integer)
- identifier: required(object)
- etsi_qc_compliance: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- etsi_qc_sscd_compliance: required(one of OPTIONAL, STATIC_TRUE, STATIC_FALSE)
Determines if a boolean field is optional or statically set to true or false.
- etsi_qc_type: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- format: required(string)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- etsi_qc_retention_period: required(object)
Validation policy for integer fields.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- min: required(integer - minimum: 0)
- max: required(integer - minimum: 0)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- etsi_qc_pds: required(object)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- policies: required(object)
- /^[A-Z]{2}/: required(string)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Example:
{ "semantics": { "identifier": { "presence": "STATIC", "format": "1.1.1.1.1.1" }, "name_authorities": { "static": true, "list": [ "contact@ra1.globalsign.com" ], "mincount": 1, "maxcount": 1 } }, "etsi_qc_compliance": "STATIC_TRUE", "etsi_qc_sscd_compliance": "OPTIONAL", "etsi_qc_type": { "presence": "REQUIRED", "format": "^0.4.0.1862.1.6.[1-3]$" }, "etsi_qc_retention_period": { "presence": "OPTIONAL", "min": 1, "max": 3 }, "etsi_qc_pds": { "presence": "STATIC", "policies": { "EN": "https://etsi.pds.demo.globalsign.com/en/pds" } } }
- semantics: required(object)
- ms_extension_template: (object)
Validation policy for ms_extension_template field.
- critical: required(boolean)
- template_id: required(object)
Validation policy for a string field.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- format: required(string)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- major_version: required(object)
Validation policy for integer fields.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- min: required(integer - minimum: 0)
- max: required(integer - minimum: 0)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
- minor_version: required(object)
Validation policy for integer fields.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- min: required(integer - minimum: 0)
- max: required(integer - minimum: 0)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Example:
{ "critical": true, "template_id": { "presence": "REQUIRED", "format": "^1.2.3.4.123.4.5.[1-3]$" }, "major_version": { "presence": "REQUIRED", "min": 1, "max": 10 }, "minor_version": { "presence": "OPTIONAL", "min": 1, "max": 10 } }
- custom_extensions: (object)
Validation policy for custom_extensions field.
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(object)
Validation policy for extension fields.
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Determines if a field is required, optional, forbidden, static, or overwritten by the service.
- REQUIRED presence for a field specifies that the field SHALL be included in certificate requests.
- OPTIONAL presence for a field specifies that the field MAY be included in certificate requests.
- STATIC presence for a field specifies that the field SHALL NOT be included in certificate requests, and instead will be provided automatically.
- FORBIDDEN presence for a field specifies that the field SHALL NOT be included in certificate requests and SHALL NOT be supplied automatically. The field will be empty or absent from the resulting certificate.
- API_OVERRIDE presence for a field specifies that the field SHALL NOT be included in certificate requests. The value will instead be computed dynamically.
- OPTIONAL_API_OVERRIDE presence for a field specifies that the field MAY be included in certificate requests. If a value is not provided in the request, then instead a value will be computed dynamically. If a value is provided in the request, then the value provided will be used as is and will not be overwritten.
- critical: required(boolean)
- value_type: required(one of IA5STRING, PRINTABLESTRING, UTF8STRING, INTEGER, DER, NIL)
This field describes what ASN.1 type the value in a type_and_value object should be encoded as. IA5STRING: International ASCII characters (International Alphabet 5). PRINTABLESTRING: a-z, A-Z, 0-9, ' () +,-.?:/= and SPACE. UTF8STRING: any character from a recognized alphabet (including ASCII control characters). INTEGER: values can be positive, negative, or zero, and can have any magnitude. DER: hex string of DER encoded data which will be used as-is. Should include Tag Length and Value. NIL: Indicates no value will be present.
- value_format: (string)
- presence: required(one of REQUIRED, OPTIONAL, FORBIDDEN, STATIC, API_OVERRIDE, OPTIONAL_API_OVERRIDE)
Example:
{ "1.3.6.1.5.5.7.48.1.5": { "presence": "STATIC", "critical": false, "value_type": "NIL" }, "1.3.6.1.5.5.7.48.1.6": { "presence": "STATIC", "critical": true, "value_type": "DER", "value_format": "^([A-Fa-f0-9]{2})+$" } }
- /^([0-9]{1,9}\.){0,63}[0-9]+$/: required(object)
- signature: required(object)
- algorithm: required(object)
Validation policy for signature algrotihm fields
- list: required(array of validators.algorithm_enum - minItems: 1)
- presence: required(one of REQUIRED, STATIC)
- hash_algorithm: required(object)
Validation policy for signature hash algrotihm fields
- list: required(array of validators.hash_algorithm_enum - minItems: 1)
- presence: required(one of REQUIRED, STATIC)
- algorithm: required(object)
- public_key: required(object)
- key_type: required(one of RSA, ECDSA)
- allowed_lengths: required(array of integer)
- key_format: required(one of PKCS8, PKCS10)
- public_key_signature: required(one of REQUIRED, FORBIDDEN)
Example:
{
"validity": {
"secondsmin": 3600,
"secondsmax": 86400,
"not_before_negative_skew": 120,
"not_before_positive_skew": 3600,
"issuer_expiry": 1735732800
},
"subject_dn": {
"common_name": {
"presence": "REQUIRED",
"format": "^[A-Za-z][A-Za-z -]+$"
},
"surname": {
"presence": "REQUIRED",
"format": "^[A-Za-z][A-Za-z -]+$"
},
"given_name": {
"presence": "REQUIRED",
"format": "^[A-Za-z][A-Za-z -]+$"
},
"organization": {
"presence": "STATIC",
"format": "GMO GlobalSign"
},
"organizational_unit": {
"static": false,
"list": [
"^[A-Za-z][A-Za-z \\-]+$"
],
"mincount": 1,
"maxcount": 3
},
"organization_identifier": {
"presence": "OPTIONAL",
"format": "^[A-Za-z][A-Za-z \\-]+$"
},
"country": {
"presence": "STATIC",
"format": "GB"
},
"state": {
"presence": "OPTIONAL",
"format": "^[A-Za-z][A-Za-z \\-]+$"
},
"locality": {
"presence": "OPTIONAL",
"format": "^[A-Za-z][A-Za-z \\-]+$"
},
"street_address": {
"presence": "OPTIONAL",
"format": "^[A-Za-z0-9][A-Za-z0-9 \\-]+$"
},
"postal_code": {
"presence": "OPTIONAL",
"format": "^[A-Za-z][A-Za-z -]+$"
},
"email": {
"presence": "FORBIDDEN",
"format": "^\\w[-._\\w]*\\w@\\w[-._\\w]*\\w.\\w{2,3}"
},
"pseudonym": {
"presence": "OPTIONAL",
"format": "^[A-Za-z][A-Za-z]+$"
},
"jurisdiction_of_incorporation_locality_name": {
"presence": "OPTIONAL",
"format": "^[A-Za-z \\-]*$"
},
"jurisdiction_of_incorporation_state_or_province_name": {
"presence": "OPTIONAL",
"format": "^[A-Za-z \\-]*$"
},
"jurisdiction_of_incorporation_country_name": {
"presence": "FORBIDDEN",
"format": "^[A-Za-z \\-]*$"
},
"business_category": {
"presence": "FORBIDDEN",
"format": "^[A-Za-z \\-]*$"
},
"serial_number": {
"presence": "OPTIONAL",
"format": "^[A-Za-z \\-]*$"
},
"extra_attributes": {
"1.3.6.1.5.5.7.48.1.5": {
"static": true,
"value_type": "PRINTABLESTRING",
"value_format": "static attribute",
"mincount": 1,
"maxcount": 1
},
"1.3.6.1.5.5.7.48.1.6": {
"static": false,
"value_type": "UTF8STRING",
"value_format": "^[A-Za-z \\\\-]*$",
"mincount": 0,
"maxcount": 3
}
}
},
"san": {
"dns_names": {
"static": false,
"list": [],
"mincount": 0,
"maxcount": 0
},
"emails": {
"static": false,
"list": [
"^\\w[-._\\w]*\\w@\\w[-._\\w]*\\w.\\w{2,3}$"
],
"mincount": 0,
"maxcount": 1
},
"ip_addresses": {
"static": false,
"list": [],
"mincount": 0,
"maxcount": 0
},
"uris": {
"static": false,
"list": [],
"mincount": 0,
"maxcount": 0
},
"other_names": {
"1.3.6.1.5.5.7.48.1.5": {
"static": false,
"value_type": "UTF8STRING",
"value_format": "^[A-Za-z.-]@demo.globalsign.com",
"mincount": 0,
"maxcount": 1
}
}
},
"subject_da": {
"gender": {
"presence": "OPTIONAL",
"format": "^[MmFf]$"
},
"date_of_birth": "OPTIONAL",
"place_of_birth": {
"presence": "OPTIONAL",
"format": "^[A-Za-z \\\\-]*$"
},
"country_of_citizenship": {
"static": true,
"list": [
"GB",
"US"
],
"mincount": 2,
"maxcount": 2
},
"country_of_residence": {
"static": false,
"list": [
"GB",
"US"
],
"mincount": 0,
"maxcount": 2
},
"extra_attributes": {
"1.3.6.1.5.5.7.48.1.5": {
"static": true,
"value_type": "PRINTABLESTRING",
"value_format": "static attribute",
"mincount": 1,
"maxcount": 1
},
"1.3.6.1.5.5.7.48.1.6": {
"static": false,
"value_type": "UTF8STRING",
"value_format": "^[A-Za-z \\\\-]*$",
"mincount": 1,
"maxcount": 3
}
}
},
"signature": {
"algorithm": {
"presence": "STATIC",
"list": [
"RSA-PSS"
]
},
"hash_algorithm": {
"presence": "REQUIRED",
"list": [
"SHA-256",
"SHA-512"
]
}
},
"public_key": {
"key_type": "RSA",
"allowed_lengths": [
2048,
4096
],
"key_format": "PKCS8"
},
"public_key_signature": "REQUIRED"
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
/counters/certificates
Retrieve the number of certificates issued by the calling account
get /counters/certificates/issued
Retrieve the number of certificates issued by the calling account
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Return integer value
Body
Media type: application/json;charset=utf-8
Type: object
Properties- value: required(integer)
Example:
{
"value": 12
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
Requested resource is not found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Retrieve the number of certificates revoked by the calling account
get /counters/certificates/revoked
Retrieve the number of certificates revoked by the calling account
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Return integer value
Body
Media type: application/json;charset=utf-8
Type: object
Properties- value: required(integer)
Example:
{
"value": 12
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
Requested resource is not found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
/stats
Retrieve a list of certificates issued over a specified time interval from the calling account. The response will include the total number of issued certificates, each certificate’s serial number, and notBefore/notAfter dates.
get /stats/issued
Retrieve a list of certificates issued over a specified time interval from the calling account. The response will include the total number of issued certificates, each certificate’s serial number, and notBefore/notAfter dates.
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Query Parameters
- from: (integer)
UTC UNIX timestamp marking the beginning of the search window for certificate creation. Max time window supported is 30 days. Default value is now - 10 minutes.
Example:
1524570139
- to: (integer)
UTC UNIX timestamp marking the end of the search window for certificate creation. Max time window supported is 30 days. Default value is now.
Example:
1524573739
- page: (integer - default: 1)
Page number
Example:
1
- per_page: (integer - default: 100)
Number of elements displayed per page
Example:
10
HTTP status code 200
Returns the certificate metadata
Headers
- Links: required(string)
Links to previous/next/last page if available
Example:
</stats/{status}?page=2>; rel="previous"; </stats/{status}?page=4>; rel="next", </stats/{status}?page=5>; rel="last"
- Total-Count: required(integer)
Total number of elements found
Example:
20
Body
Media type: application/json;charset=utf-8
Type: array of object
Items: certificate_metadata
- serial_number: required(string)
- not_before: required(integer)
- not_after: required(integer)
Example:
[
{
"not_after": 1507906704,
"not_before": 1507820244,
"serial_number": "3436670571841985917699178058350683260"
},
{
"not_after": 1507906704,
"not_before": 1507820244,
"serial_number": "4452086980628212788705863397373867915"
}
]
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Retrieve a list of certificates that have been revoked over a specified time interval from the calling account. The response will include the total number of revoked certificates, and each certificate’s serial number and notBefore/notAfter date.
get /stats/revoked
Retrieve a list of certificates that have been revoked over a specified time interval from the calling account. The response will include the total number of revoked certificates, and each certificate’s serial number and notBefore/notAfter date.
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Query Parameters
- from: (integer)
UTC UNIX timestamp marking the beginning of the search window for certificate creation. Max time window supported is 30 days. Default value is now - 10 minutes.
Example:
1524570139
- to: (integer)
UTC UNIX timestamp marking the end of the search window for certificate creation. Max time window supported is 30 days. Default value is now.
Example:
1524573739
- page: (integer - default: 1)
Page number
Example:
1
- per_page: (integer - default: 100)
Number of elements displayed per page
Example:
10
HTTP status code 200
Returns the certificate metadata
Headers
- Links: required(string)
Links to previous/next/last page if available
Example:
</stats/{status}?page=2>; rel="previous"; </stats/{status}?page=4>; rel="next", </stats/{status}?page=5>; rel="last"
- Total-Count: required(integer)
Total number of elements found
Example:
20
Body
Media type: application/json;charset=utf-8
Type: array of object
Items: certificate_metadata
- serial_number: required(string)
- not_before: required(integer)
- not_after: required(integer)
Example:
[
{
"not_after": 1507906704,
"not_before": 1507820244,
"serial_number": "3436670571841985917699178058350683260"
},
{
"not_after": 1507906704,
"not_before": 1507820244,
"serial_number": "4452086980628212788705863397373867915"
}
]
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Retrieve a list of certificates that are going to expire over a specified time interval from the calling account. The response will include the total number of expiring certificates within the specified time period, and each certificate’s serial number and notBefore/notAfter date.
get /stats/expiring
Retrieve a list of certificates that are going to expire over a specified time interval from the calling account. The response will include the total number of expiring certificates within the specified time period, and each certificate’s serial number and notBefore/notAfter date.
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Query Parameters
- from: (integer)
UTC UNIX timestamp marking the beginning of the search window for certificate expiration. Max time window supported is 30 days. Default value is now - 10 minutes.
Example:
1524570139
- to: (integer)
UTC UNIX timestamp marking the end of the search window for certificate expiration. Max time window supported is 30 days. Default value is now.
Example:
1524573739
- page: (integer - default: 1)
Page number
Example:
1
- per_page: (integer - default: 100)
Number of elements displayed per page
Example:
10
HTTP status code 200
Returns the certificate metadata
Headers
- Links: required(string)
Links to previous/next/last page if available
Example:
</stats/{status}?page=2>; rel="previous"; </stats/{status}?page=4>; rel="next", </stats/{status}?page=5>; rel="last"
- Total-Count: required(integer)
Total number of elements found
Example:
20
Body
Media type: application/json;charset=utf-8
Type: array of object
Items: certificate_metadata
- serial_number: required(string)
- not_before: required(integer)
- not_after: required(integer)
Example:
[
{
"not_after": 1507906704,
"not_before": 1507820244,
"serial_number": "3436670571841985917699178058350683260"
},
{
"not_after": 1507906704,
"not_before": 1507820244,
"serial_number": "4452086980628212788705863397373867915"
}
]
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
/quotas
Retrieve the remaining certificate issuance quota from the calling account. The response will return the total number of certificates remaining that can be issued from the user's account.
get /quotas/issuance
Retrieve the remaining certificate issuance quota from the calling account. The response will return the total number of certificates remaining that can be issued from the user's account.
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Return integer value
Body
Media type: application/json;charset=utf-8
Type: object
Properties- value: required(integer)
Example:
{
"value": 12
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
/claims/domains
This API allows you to execute domain management functions from your Atlas account. Once a domain is verified, it is added to your account, and certificates can then be issued from the domain.
get /claims/domains
This API allows you to execute domain management functions from your Atlas account. Once a domain is verified, it is added to your account, and certificates can then be issued from the domain.
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Query Parameters
- page: (integer - default: 1)
Page number
Example:
1
- per_page: (integer - default: 100)
Number of elements displayed per page
Example:
10
- sort_by: (one of status, last_verification_method, expires_at, assert_by, created_at)
Sort retrieved claims by a particular field, in reverse if the field is prefixed with a '-' character. By default this is ascending numerical or alphabetical order, or the order of the enumerated values for a particular field (For example, when sorting on status PENDING will come first, followed by VERIFIED)
Example:
-status
- status: (one of PENDING, VERIFIED)
Status of claims to retrieve
Example:
VERIFIED
- last_verification_method: (one of DNS, HTTP, HTTP_ACME, Email, EmailConstructed, EmailSOA, EmailTXT, EmailCAA)
Filter out domains that don't use the given validation type
Example:
HTTP
- expire_before: (integer)
UTC UNIX timestamp that retrieved claims expire before
Example:
1597190400
- expire_after: (integer)
UTC UNIX timestamp that retrieved claims expire after
Example:
1597017600
- expire_in_days: (integer)
Retrieve domain claims that expire by a day in the future which is a number of days from the current time on the server. A negative number can be provided for days in the past (e.g. -30 will be 30 days from the current time on the server). This parameter can't be used with expire_before or expire_after.
- assert_before: (integer)
UTC UNIX timestamp that retrieved claims must be asserted by before
Example:
1597190400
- assert_after: (integer)
UTC UNIX timestamp that retrieved claims must be asserted by after
Example:
1597017600
- assert_in_days: (integer)
Retrieve domain claims that need to be asserted by a day in the future which is a number of days from the current time on the server. A negative number can be provided for days in the past (e.g. -30 will be 30 days from the current time on the server). This parameter can't be used with assert_before or assert_after.
- domain: (string)
Domain name of claims to retrieve with pattern matching.
Below wildcards are allowed:
"_" - matches any single character
"%" - matches any sequence of zero or more characters
Examples:
example 1:
another.test.com
example 2:
an%.te%.%om
example 3:
ano_her.te__.com
example 4:
ano__er.te%.com
example 5:
%.test.com
example 6:
another.%
example 7:
%.test.%
HTTP status code 200
Returns the total number and list of all past domain claims
Headers
- Links: required(string)
Links to previous/next/last page if available
Example:
</claims/domains?page=2>; rel="previous"; </claims/domains?page=4>; rel="next", </claims/domains?page=5>; rel="last"
- Total-Count: required(integer)
Total number of elements found
Example:
20
Body
Media type: application/json;charset=utf-8
Type: array of basic.domain_claim
Items: domain_claim_unprefixed_token
- token: required(string)
The token value received is a randomly generated value
Example:
A477A8393D17A55ECB2BA6A61F58FEB8
- id: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
ID of a claim
- status: required(one of PENDING, VERIFIED)
Status of the claim
- domain: required(string)
- created_at: required(integer)
UTC UNIX timestamp marking the time at which the domain claim was created
- expires_at: (integer)
UTC UNIX timestamp marking the time at which the OV domain claim expires
- assert_by: (integer)
UTC UNIX timestamp marking the time by which this claim has to be asserted. Passed this deadline a client will need to reassert the claim to get a fresh token.
- last_verified_at: (integer)
UTC UNIX timestamp marking the time at which the domain claim was last verified or 0 if it has not yet been verified
- last_verification_method: (string)
Indicates the way in which the claim was most recently verified
- "NotSet" indicates the claim is either new or has been reasserted and not yet verified.
- "DNS" indicates the verification method used is DNS.
- "HTTP" indicates the verification method used is HTTP.
- "HTTP_ACME" indicates the verification method used is HTTP and it is an ACME verification request.
- "EmailConstructed" indicates the verification method used is a constructed email.
- "EmailSOA" indicates the verification method used is an email from a DNS SOA record.
- "EmailTXT" indicates the verification method used is an email from a DNS TXT record.
- "EmailCAA" indicates the verification method used is an email from a DNS CAA record.
- log: required(array of basic.log_entry)
List of verification log entries for the domain claim
Items: log_entry
- status: required(one of INFO, SUCCESS, ERROR)
- description: required(string)
- timestamp: required(integer)
Example:
[
{
"id": "A477A8393D17A55ECB2BA6A61F58FEB8",
"status": "PENDING",
"token": "DF259CFE1E5B4F148E603C361DC6FE59",
"domain": "test.example.com.",
"created_at": 1557322403,
"assert_by": 1628429603,
"log": [
{
"status": "ERROR",
"description": "error verifying domain claim",
"timestamp": 1577958400
}
]
},
{
"id": "B477A8393D17A55ECB2BA6A61F58FEB8",
"status": "VERIFIED",
"token": "762D90D2F4DE4B9D91858F4C58F7870B",
"domain": "test2.example.com.",
"created_at": 1524543199,
"expires_at": 1628429603,
"last_verified_at": 1537958400,
"last_verifcation_method": "DNS",
"log": [
{
"status": "SUCCESS",
"description": "claim successfully verified",
"timestamp": 1537958400
}
]
}
]
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Initiate a domain claim (prove ownership of a domain). Enter the fully qualified, IDNA-encoded domain to be validated into the {domain} object.
In the API response, a claimID is returned in the header and the body includes a unique token. When using either the DNS or HTTP validation methods, you load the token into the domain’s DNS TXT record or website, and Atlas uses the claimID to validate the domain against your account.
post /claims/domains/{domain}
Initiate a domain claim (prove ownership of a domain). Enter the fully qualified, IDNA-encoded domain to be validated into the {domain} object.
In the API response, a claimID is returned in the header and the body includes a unique token. When using either the DNS or HTTP validation methods, you load the token into the domain’s DNS TXT record or website, and Atlas uses the claimID to validate the domain against your account.
URI Parameters
- domain: required(string)
The fully qualified, IDNA-encoded domain to be claimed
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 201
Returned after accepting the domain claim
Headers
- Location: required(string)
The URL of the newly created domain claim
Example:
/claims/domains/{claimID}
Body
Media type: application/json;charset=utf-8
Type: object
Properties- token: required(string)
The token value received is composed of the globalsign prefix followed by the random value generated
Example:
globalsign-domain-verification=A477A8393D17A55ECB2BA6A61F58FEB8
- assert_by: required(integer)
Example:
{
"token": "globalsign-domain-verification=A477A8393D17A55ECB2BA6A61F58FEB8",
"assert_by": 1524570139
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 409
A domain claim already exists for this domain
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Claim for domain already exists"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message",
"errors": {
"gsb": "example.com flagged on Google SafeBrowsing list",
"blacklist": "example.com is not allowed by the blacklist"
}
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Retrieve the status of a specific domain claim. Enter your claim ID into the {claimID} object.
Remove the specified claim (based on claimID) and any associated information from Atlas
get /claims/domains/{claimID}
Retrieve the status of a specific domain claim. Enter your claim ID into the {claimID} object.
URI Parameters
- claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Returns requested domain claim
Body
Media type: application/json;charset=utf-8
Type: object
Properties- token: required(string)
The token value received is a randomly generated value
Example:
A477A8393D17A55ECB2BA6A61F58FEB8
- id: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
ID of a claim
- status: required(one of PENDING, VERIFIED)
Status of the claim
- domain: required(string)
- created_at: required(integer)
UTC UNIX timestamp marking the time at which the domain claim was created
- expires_at: (integer)
UTC UNIX timestamp marking the time at which the OV domain claim expires
- assert_by: (integer)
UTC UNIX timestamp marking the time by which this claim has to be asserted. Passed this deadline a client will need to reassert the claim to get a fresh token.
- last_verified_at: (integer)
UTC UNIX timestamp marking the time at which the domain claim was last verified or 0 if it has not yet been verified
- last_verification_method: (string)
Indicates the way in which the claim was most recently verified
- "NotSet" indicates the claim is either new or has been reasserted and not yet verified.
- "DNS" indicates the verification method used is DNS.
- "HTTP" indicates the verification method used is HTTP.
- "HTTP_ACME" indicates the verification method used is HTTP and it is an ACME verification request.
- "EmailConstructed" indicates the verification method used is a constructed email.
- "EmailSOA" indicates the verification method used is an email from a DNS SOA record.
- "EmailTXT" indicates the verification method used is an email from a DNS TXT record.
- "EmailCAA" indicates the verification method used is an email from a DNS CAA record.
- log: required(array of basic.log_entry)
List of verification log entries for the domain claim
Items: log_entry
- status: required(one of INFO, SUCCESS, ERROR)
- description: required(string)
- timestamp: required(integer)
Example:
{
"id": "A477A8393D17A55ECB2BA6A61F58FEB8",
"status": "PENDING",
"token": "A477A8393D17A55ECB2BA6A61F58FEB8",
"domain": "test.example.com.",
"created_at": 1557322403,
"assert_by": 1628429603,
"log": [
{
"status": "ERROR",
"description": "error verifying domain claim",
"timestamp": 1577958400
}
]
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
Domain claim cannot be found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
delete /claims/domains/{claimID}
Remove the specified claim (based on claimID) and any associated information from Atlas
URI Parameters
- claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 202
A previous claim verification check is in progress
Body
Media type: application/json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Operation in progress"
}
HTTP status code 204
Claim successfully deleted
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
A domain claim for this domain cannot be found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Retrieves a list of Authorization Domain Names (ADNs) for a given claim that can be used to perform DNS Domain Validation
Prove ownership of a domain using the DNS validation method
get /claims/domains/{claimID}/dns
Retrieves a list of Authorization Domain Names (ADNs) for a given claim that can be used to perform DNS Domain Validation
URI Parameters
- claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Returns the list of Authorization Domain Names (ADNs)
Body
Media type: application/json;charset=utf-8
Type: array of string
Example:
For the given domain "subdomain.domain.test.com." the Authorization Domain Names are
["test.com", "domain.test.com", "subdomain.domain.test.com"]
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 404
Requested resource is not found
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Not found"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
post /claims/domains/{claimID}/dns
Prove ownership of a domain using the DNS validation method
URI Parameters
- claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Body
Media type: application/json;charset=utf-8
Type: object
Properties- authorization_domain: required(string)
DNS lookup will take place against {authorization_domain}.
An Authorization Domain Name (ADN) for a Domain Name is the Domain Name with zero or more labels pruned from the left to the right until encountering a Base Domain. The Base Domain is also a valid ADN. Valid values of {authorization_domain} are either an ADN, or an ADN prefixed with a label that begins with an underscore. Up to one CNAME record on {authorization_domain} will be followed.
- acme_thumbprint: (string)
Base64 url encoded SHA-256 hash code computed from JWK. It must be set for ACME assertion requests.
Example:
{
"authorization_domain": "test.demo.ra.globalsign.com",
"acme_thumbprint": "Qjk0RjZGMTI1Qzc5RTNBNUZGQUE4MjZGNTg0QzEwRDU"
}
HTTP status code 201
DNS domain control assertion request for the domain was created
Headers
- Content-Length: required(integer - default: 0)
This response does not return a body
HTTP status code 202
A previous domain control assertion request is pending
Body
Media type: application/json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Operation in progress"
}
HTTP status code 204
Domain control assertion request verified
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 424
Claim has expired and needs to be reasserted before scheduling domain control assertion
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Claim expired. Reassert first"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
Prove ownership of a domain using the HTTP validation method
post /claims/domains/{claimID}/http
Prove ownership of a domain using the HTTP validation method
URI Parameters
- claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
- Content-Type: required(string - pattern: ^application/json;charset=utf-8$)
Request Content-Type
- Content-Length: required(integer - minimum: 1)
Length of the request in bytes
Body
Media type: application/json;charset=utf-8
Type: object
Properties- authorization_domain: required(string)
Control assertion will take place at {authorization_domain}/.well-known/pki-validation/gsdv.txt.
An Authorization Domain Name (ADN) must match the Domain Name
The gsdv.txt file may contain multiple validation tokens. The total size of the gsdv.txt may not exceed 1024 bytes.
- scheme: required(one of HTTP, HTTPS)
Protocol used to connect and retrieve the file from {authorization_domain}/.well-known/pki-validation/gsdv.txt.
- acme_thumbprint: (string)
Base64 url encoded SHA-256 hash code computed from JWK. It must be set for ACME assertion requests.
Example:
{
"authorization_domain": "test.example.com",
"scheme": "HTTP",
"acme_thumbprint": "Qjk0RjZGMTI1Qzc5RTNBNUZGQUE4MjZGNTg0QzEwRDU"
}
HTTP status code 201
HTTP domain control assertion request for the domain was created
Headers
- Content-Length: required(integer - default: 0)
This response does not return a body
HTTP status code 202
A previous domain control assertion request is pending
Body
Media type: application/json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Operation in progress"
}
HTTP status code 204
Domain control assertion request verified
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 411
Request Content-Length is absent or 0
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Content-Length required"
}
HTTP status code 415
Request content type is not application/json;charset=utf-8
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Content-Type"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 424
Claim has expired and needs to be reasserted before scheduling domain control assertion
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Claim expired. Reassert first"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
View a list of email addresses authorized to perform the Email validation method
Prove ownership of a domain using the Email validation method
get /claims/domains/{claimID}/email
View a list of email addresses authorized to perform the Email validation method
URI Parameters
- claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Return the list of authorised email addresses
Body
Media type: application/json;charset=utf-8
Type: object
Properties- constructed: required(array of string)
- dns: required(object)
DNS section of the response for domain control assertion over email. It contains the DNS results for all queried record types. Record types will be the keys of the map (currently only SOA supported).
- /^.+$/: required(object)
Contains the emails and errors found for the DNS record type queried for a given domain and all its ADNs.
- emails: required(array of string)
- errors: (array of string)
Example:
{ "emails": [ "test@example.com" ], "errors": [ "error retrieving SOA record for \"my.example.com\"" ] }
Example:
{ "SOA": { "emails": [ "test@example.com" ] } }
- /^.+$/: required(object)
Example:
{
"constructed": [
"admin@test.com",
"administrator@test.com",
"webmaster@test.com",
"hostmaster@test.com",
"postmaster@test.com"
],
"dns": {
"SOA": {
"emails": [
"example@test.com"
]
}
}
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
post /claims/domains/{claimID}/email
Prove ownership of a domain using the Email validation method
URI Parameters
- claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
Headers
- Content-Length: required(integer - minimum: 1)
Length of the request in bytes
- Content-Type: required(string - pattern: ^application/json;charset=utf-8$)
Request Content-Type
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
Body
Media type: application/json;charset=utf-8
Type: object
Properties- email_address: required(string)
Control assertion will be done by sending an email to {email_address}. That email will contain a link to verify the domain over which to assert control.
HTTP status code 201
Email domain control assertion request for the domain was created
Headers
- Content-Length: required(integer - default: 0)
This response does not return a body
HTTP status code 202
A previous domain control assertion request is pending
Body
Media type: application/json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Operation in progress"
}
HTTP status code 204
Domain control assertion request verified
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 411
Request Content-Length is absent or 0
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Content-Length required"
}
HTTP status code 415
Request content type is not application/json;charset=utf-8
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Bad Content-Type"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 424
Claim has expired and needs to be reasserted before scheduling domain control assertion
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Claim expired. Reassert first"
}
HTTP status code 429
Request rate exceeded the set limit
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Rate Limit Reached"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}
This endpoint is used when you want to revalidate an existing domain claim in your account. The claim will keep its status until validation is successfully completed (for instance, if /reassert is used before a domain claim expires, it remains valid until it naturally expires). Enter the original claim ID into the {claimID} URI of this endpoint. The response will return a new token to validate the claim. Then use one of the domain verification methods to validate the domain. Tokens are valid for 30 days.
post /claims/domains/{claimID}/reassert
This endpoint is used when you want to revalidate an existing domain claim in your account. The claim will keep its status until validation is successfully completed (for instance, if /reassert is used before a domain claim expires, it remains valid until it naturally expires). Enter the original claim ID into the {claimID} URI of this endpoint. The response will return a new token to validate the claim. Then use one of the domain verification methods to validate the domain. Tokens are valid for 30 days.
URI Parameters
- claimID: required(string - minLength: 32 - maxLength: 32 - pattern: ^[A-Fa-f0-9]{32}$)
Headers
- Authorization: required(string)
The Authorization header. Only "Bearer" is supported
Example:
Bearer eyJhbGciOiAiSFMyNTYiLCAidHlwIjogIkpXVCJ9.eyJ1c2VyX2lkIjogMX0.BSf1w1blYKcbxVlyOtUogUsozH2clY34xxYPd8lQIlQ
HTTP status code 200
Reassert request successful, returns the new token and the assert_by timestamp associated to the claim
Headers
- Location: required(string)
The URL of the existing domain claim
Example:
/claims/domains/{claimID}
Body
Media type: application/json;charset=utf-8
Type: object
Properties- token: required(string)
The token value received is composed of the globalsign prefix followed by the random value generated
Example:
globalsign-domain-verification=A477A8393D17A55ECB2BA6A61F58FEB8
- assert_by: required(integer)
Example:
{
"token": "globalsign-domain-verification=A477A8393D17A55ECB2BA6A61F58FEB8",
"assert_by": 1524570139
}
HTTP status code 202
A previous DNS domain control assertion request is pending for this claim
Body
Media type: application/json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Operation in progress"
}
HTTP status code 401
Request is unauthorized
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Unauthorized"
}
HTTP status code 422
Invalid request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Validation error message"
}
HTTP status code 503
System temporarily cannot process the request
Body
Media type: application/problem+json;charset=utf-8
Type: object
Properties- description: required(string)
- id: (string)
- errors: (object)
key value error type
- /^.+$/: required(string)
key is the error type, and value contains error details
- /^.+$/: required(string)
Example:
{
"description": "Service busy, please retry later",
"id": "0vqe8FWeDe4DQ7rU7wbzzGmPc4B"
}