If you are a service manager, DigiCert sets up your organization to provide a signing service for software developers and other workgroup members. You can administer the service through a secure web-based portal or through this API.
Use the API to perform the following tasks:
- Manage workgroups
Enroll workgroup members for the service, and view and modify information about workgroup members.
- Assign signing services to workgroups.
A signing service determines the type of software that the workgroup can submit for signing. For example, a signing service for Android allows the workgroup to request signing for .apk files.
DigiCert sets up your signing services during your organization's enrollment process. Typically, services are made available to all your workgroups; however, you can restrict a service to particular workgroups.
- Additional signing service configurations:
You can configure a signing service to use a test CA. Workgroups can use this service for pre-production signing.
You can also configure a signing service to include an approval step. In this service, signing sets are first sent for review and approval. Only after a signing set has been approved is it automatically submitted for signing.
- Create and sign software
You can use the API to create and sign your own software.
This overview illustrates how service managers typically use the SAS API.
- View and modify workgroup information
After the workgroup completes enrollment, you can view the workgroup using the getPublishers and getPublisherDetails calls.
- View available signing services
You use the getSigningServices and getSigningServiceDetails calls to view the signing services that you and DigiCert have made available to the workgroup.
Depending on the service type, you can enable time stamping and require workgroups to submit software for review and approval before production signing.
- View, sign, and reject software signing
To view, sign, or reject signing for software (known as signing sets), you use getSigningSets, getSigningSetDetails, and modifySigningSet.
Your organization determines the process that is required to qualify a signing set for approval.
- Create and submit signing sets
Optionally, you can use requestSigning to create your own signing sets and submit them for signing. modifySigningSet allows you to update the request.
You can configure a signing service so that all the signing sets that use it are forwarded to a test house for review and approval. After an administrator reviews and approves the signing set, it is automatically submitted for signing.
If you are a test house for a service manager, you can provide testing services for workgroups. You can administer the service through a secure web-based portal or through this API.
You can use this API to perform the following tasks:
- View signing sets that a workgroup has submitted for review and approval by a test house.
- Download application files and support files for review and approval.
- Retrieve contact information for the workgroups using your test house.
- Upload files, such as test plan results, and include them in the signing set.
- Approve or reject the signing set.
This overview illustrates how test houses typically use the SAS API.
- Request a test house review
The workgroup uses the requestSigning call to request a test house review. This request includes the test application and any associated test documents (such as a list of supported devices).
- Notification emails
As the test house administrator, you receive a "testing required" email message.
- Signing set retrieval
You use the getSigningSets call with a signingSetStatus of TESTING_REQUESTED to retrieve the signing sets that require testing.
You review the unsigned application based on the testing criteria provided.
- Upload files to include with signing set
When testing is complete, you can use the modifySigningSet call to upload files such as test results and include them in the signing set.
- Approve or reject signing set
If your test house can approve or reject signing sets, use the modifySigningSet call to reject or approve the application.