OV/EV SSL: Generate DCV token

3 minute read

POST https://www.digicert.com/services/v2/domain/{{domain_id}}/dcv/token

Use this endpoint to generate a new domain control validation (DCV) random value for the domain. Use this random value to validate the domain using the DCV method set for the domain.

To use this endpoint, the DCV method for the domain must be set to dns-txt-token, dns-cname-token, or http-token. To change the domain’s DCV method, use the Change domain DCV method API endpoint

To get the existing domain random value instead of generating a new one, use the Domain info endpoint.

DCV random values for domains vs. orders

This endpoint generates a new random value for the domain. This is the domain random value. You can only use the domain random value to complete the DCV check for the given domain.

Warning

Generating a new domain random value invalidates the domain random value previously generated for the given domain.

When you place an OV or EV TLS order using a DCV method that requires a random value, DigiCert generates a single random value for the entire order. This is the order random value. You can use the order random value to complete the DCV check for any domain submitted with the order.

Tip

Order random values remain valid even when you generate a new domain random value.

When requesting a DCV check, you can use either check DCV endpoint: Check order DCV or Check domain DCV. If DigiCert finds a valid random value on the domain, the DCV check is completed, regardless of whether the random value is for the domain or the order.

Example requests and responses

curl --request POST 'https://www.digicert.com/services/v2/domain/{{domain_id}}/dcv/token' \
--header 'X-DC-DEVKEY: {{api_key}}'

import requests
import json

url = "https://www.digicert.com/services/v2/domain/{{domain_id}}/dcv/token"

payload={}
headers = {
  'X-DC-DEVKEY': {{api_key}}
}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

package main

import (
		"fmt"
		"net/http"
		"io/ioutil"
)

func main() {

		url := "https://www.digicert.com/services/v2/domain/{{domain_id}}/dcv/token"
		method := "POST"

		client := &http.Client {
		}
		req, err := http.NewRequest(method, url, nil)

		if err != nil {
				fmt.Println(err)
				return
		}
		req.Header.Add("X-DC-DEVKEY", {{api_key}})

		res, err := client.Do(req)
		if err != nil {
				fmt.Println(err)
				return
		}
		defer res.Body.Close()

		body, err := ioutil.ReadAll(res.Body)
		if err != nil {
				fmt.Println(err)
				return
		}
		fmt.Println(string(body))
}

var request = require('request');
var options = {
  'method': 'POST',
  'url': 'https://www.digicert.com/services/v2/domain/{{domain_id}}/dcv/token',
  'headers': {
    'X-DC-DEVKEY': {{api_key}}
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});

{
    "token": "fdy6m0wy5lq063sz4h0r6qmdt722gyfc",
    "expiration_date": "2020-08-22T20:21:10+00:00"
}

{
    "token": "47xj51xh3776thgjgtgq99qw7gy6sx8d",
    "expiration_date": "2020-08-22T19:48:22+00:00",
    "http_token_url": "http://example.com/.well-known/pki-validation/fileauth.txt",
    "verification_value": "http://example.com/.well-known/pki-validation/fileauth.txt"
}

{
    "token": "vq4k16kwn69rjxgfw4hf2xn8b36ht119",
    "expiration_date": "2020-08-22T20:22:26+00:00",
    "verification_value": "dcv.digicert.com"
}

{
  "errors": [
    {
      "code": "invalid_dcv_method",
      "message": "This domain's DCV method is set incorrectly for this action."
    }
  ]
}

Request parameters

Name	Opt/Req	Type	Description
validations Deprecated^*	ignored	array	List of validation types for the domain. ^*Note: DigiCert has deprecated the `validations` request parameter.
.. type	ignored	string	Validation type identifier. See Glossary – Validation types.

Response parameters

Name	Type	Description
token	string	Random value used to validate domain control for domains using the `dns-txt-token`, `http-token`, or `dns-cname-token` DCV methods.
expiration_date	string	Date and time when the random value expires. Format: UTC timezone and ISO 8601 date
http_token_url	string	For domains using the `http-token` DCV method, the URL path where the fileauth.txt file should be placed on the web server. Not returned for domains using other DCV methods.
verification_value	string	For domains using the `dns-cname-token` DCV method, the domain to use in your CNAME record. For more information, see Use the DNS CNAME validation method to verify domain control. For domains using the `http-token` DCV method, the URL path where the fileauth.txt file should be placed on the web server. Not returned for domains using the dns-txt-token DCV method.