Authentication

DigiCert CertCentral APIs use API keys for both authentication and authorization. Authenticating to the service should be relatively straightforward if you've ever worked with header-based authentication before.

Header-based authentication

Each request to the service must include an API key. This is done using the custom HTTP header X‑DC‑DEVKEY. Here's a simple API request to the Services API List users endpoint using cURL.

Be sure to replace {{api_key}} with your actual API key.

bash
curl -X GET \
  'https://www.digicert.com/services/v2/user' \
  -H 'Content-Type: application/xml' \
  -H 'X-DC-DEVKEY: {{api_key}}'

Generate an API key

After a key is generated, we display it only once. There is no way to retrieve a lost API key. If you ever lose a key, you'll need to revoke the lost key and generate a new one.

API keys are generated and managed in your CertCentral account. To generate a new key, sign in to your CertCentral account.

  1. In your CertCentral account, in the sidebar menu, click Automation > API Keys.

  2. On the API Keys page, click Add API Key.

  3. In the Add API Key window, enter a Description for the new key.

    For example, enter the name of the app or user you are linking the key to.

  4. In the User dropdown, select the user you want to link the key to.

Keep in mind that when linking a key to a user, you're linking that user's permissions to the key. This means the key will be authorized to perform any actions the user can.

  1. (Optional) To restrict the API keys permissions to a specified set of actions, in the API key restrictions (optional) dropdown, select one of these options:

  2. Click Add API Key.

  3. In the New API Key window, click the generated key to copy it.

  4. Save the key in a secure location. (Remember, the key is only displayed this one time.)

  5. After you've saved the key, click I understand I will not see this again.

What's next

You're now ready to start using DigiCert CertCentral APIs. Your new API key is added to the list of keys on the Account Access page. Return to this page to track (active and revoked) or revoke API keys.

Edit an API key

As needed, you can edit an API key to update the description or to modify the keys permissions.

  1. In your CertCentral account, in the sidebar menu, click Automation > API Keys.

  2. On the API Keys page, click the API Key Name link.

  3. In the Update API Key window, modify the Description or update the API Key permissions.

  4. To remove API keys restrictions, in the API key restrictions (optional) field, click the X at the end of the entry. The field will now read None.

  5. To update the API keys permissions, in the API key restrictions (optional) dropdown, select one of these options:

Keep in mind that when adding permission restrictions to an active API key, you’ll break any integrations using that key if expanded permissions are required. To fix these broken integrations, you’ll need to edit the key and remove the restrictions.

  1. Click update Add API Key.