Order AATL Organization eseal Certificate
12 minute read
https://certcentral.digicert.eu/services/v2/order/certificate/aatl_org
Use this endpoint to order an Adobe Approved Trust List (AATL) organization eSeal certificate. This certificate is issued to an organization and is used to apply legally recognized electronic seals to documents. It assures recipients that the document originates from a verified organization and that its integrity has not been compromised or altered. Unlike natural person certificates, organization eSeal certificates represent the legal entity itself rather than an individual acting on its behalf.
AATL is a program that enables users worldwide to create trusted digital signatures in Adobe® Acrobat® or Reader®. DigiCert® is a vetted AATL member, and its certificates are automatically trusted because they chain to an approved root.
Example requests and responses
curl -X POST \
'https://certcentral.digicert.eu/services/v2/order/certificate/aatl_org' \
-H 'Content-Type: application/json' \
-H 'X-DC-DEVKEY: {{api_key}}' \
-d '{
"certificate": {
"csr": "<csr>",
"signature_hash": "sha256",
"usage_designation": {
"primary_usage": "signing",
"additional_usages": [
"document_signing",
"ms_document_signing"
]
}
},
"cs_provisioning_method": "ship_token",
"ship_info": {
"name": "John Doe",
"addr1": "360 Taylor Street",
"addr2": "Floor 74",
"city": "Amsterdam",
"state": "Amsterdam",
"zip": "1013 AA",
"country": "NL",
"method": "STANDARD"
},
"organization": {
"name": "Example organization",
"country": "NL",
"address": "577 Tanglewood Drive",
"address2": "Suite 21",
"city": "Amsterdam",
"state": "Amsterdam",
"zip": "1013 AA",
"telephone": "+31202547999",
"contacts": [
{
"contact_type": "organization_contact",
"first_name": "John",
"last_name": "Doe OC",
"job_title": "Sec Analyst II",
"telephone": "+31202547999",
"email": "john.doeoc@example.com",
"type": "new_contact"
},
{
"contact_type": "technical_contact",
"first_name": "John",
"last_name": "Doe TC",
"job_title": "Sec Analyst I",
"telephone": "+31202547999",
"email": "john.doetc@example.com",
"type": "new_contact"
},
{
"contact_type": "verified_contact",
"first_name": "John",
"last_name": "Doe AR",
"job_title": "Authorized Representative for Certificate Coordination",
"telephone": "+31202547999",
"email": "john.doear@example.com",
"type": "new_contact"
}
]
},
"custom_renewal_message": "Intimate me atleast 30 days before renewal is due",
"additional_emails": [
"admin@example.com"
],
"csa_agreed_to": true,
"requester": {
"first_name": "John",
"last_name": "Doe Req",
"email": "john.doereq@example.com",
"telephone": "111-222-0663",
"job_title": "Security Analyst",
"type": "new_contact"
},
"order_validity": {
"years": 1
},
"skip_approval": true,
"payment_method": "balance"
}curl -X POST \
'https://certcentral.digicert.eu/services/v2/order/certificate/aatl_org' \
-H 'Content-Type: application/json' \
-H 'X-DC-DEVKEY: {{api_key}}' \
-d '{
"certificate": {
"csr": "<csr>",
"signature_hash": "sha256",
"usage_designation": {
"primary_usage": "signing",
"additional_usages": [
"document_signing",
"ms_document_signing"
]
}
},
"cs_provisioning_method": "email",
"organization": {
"name": "Example organization",
"country": "NL",
"address": "577 Tanglewood Drive",
"address2": "Suite 21",
"city": "Amsterdam",
"state": "Amsterdam",
"zip": "1013 AA",
"telephone": "+31202547999",
"contacts": [
{
"contact_type": "organization_contact",
"first_name": "John",
"last_name": "Doe OC",
"job_title": "Sec Analyst II",
"telephone": "+31202547999",
"email": "john.doeoc@example.com",
"type": "new_contact"
},
{
"contact_type": "technical_contact",
"first_name": "John",
"last_name": "Doe TC",
"job_title": "Sec Analyst I",
"telephone": "+31202547999",
"email": "john.doetc@example.com",
"type": "new_contact"
},
{
"contact_type": "verified_contact",
"first_name": "John",
"last_name": "Doe AR",
"job_title": "Authorized Representative for Certificate Coordination",
"telephone": "+31202547999",
"email": "john.doear@example.com",
"type": "new_contact"
}
]
},
"custom_renewal_message": "Intimate me atleast 30 days before renewal is due",
"additional_emails": [
"admin@example.com"
],
"csa_agreed_to": true,
"requester": {
"first_name": "John",
"last_name": "Doe Req",
"email": "john.doereq@example.com",
"telephone": "111-222-0663",
"job_title": "Security Analyst",
"type": "new_contact"
},
"order_validity": {
"years": 1
},
"skip_approval": true,
"payment_method": "balance"
}curl -X POST \
'https://certcentral.digicert.eu/services/v2/order/certificate/aatl_org' \
-H 'Content-Type: application/json' \
-H 'X-DC-DEVKEY: {{api_key}}' \
-d '{
"certificate": {
"csr": "<csr>",
"signature_hash": "sha256",
"usage_designation": {
"primary_usage": "signing",
"additional_usages": [
"document_signing",
"ms_document_signing"
]
}
},
"cs_provisioning_method": "client_app",
"organization": {
"id": 3007572,
"contacts": [
{
"contact_type": "verified_contact",
"first_name": "John",
"last_name": "Doe AR",
"job_title": "Authorized Representative for Certificate Coordination",
"telephone": "+31202547999",
"email": "john.doear@example.com",
"type": "new_contact"
}
]
},
"custom_renewal_message": "Intimate me atleast 30 days before renewal is due",
"additional_emails": [
"admin@example.com"
],
"csa_agreed_to": true,
"requester": {
"first_name": "John",
"last_name": "Doe Req",
"email": "john.doereq@example.com",
"telephone": "111-222-0663",
"job_title": "Security Analyst",
"type": "new_contact"
},
"order_validity": {
"years": 1
},
"skip_approval": true,
"payment_method": "balance"
}{
"id": 112233,
"requests": [
{
"id": 113,
"status": "pending"
}
]
}{
"id": 112233,
"requests": [
{
"id": 113,
"status": "submitted"
}
]
}{
"id": 112233,
"requests": [
{
"id": 113,
"status": "approved"
}
],
"certificate_id": 113
}{
"id": 112233,
"certificate_id": 113
}Request parameters
| Name | Req/Opt | Type | Description |
|---|---|---|---|
| certificate | required | object | Certificate details. |
| .. usage_designation | required | object | Object that determines the primary use (KU) and additional uses (EKU) for the certificate. |
| .. .. primary_usage | required | string | Primary use for the certificate. Allowed values: signing |
| .. .. additional_usages | optional | array | List of additional certificate uses. Default: document_signing Allowed values: ms_document_signing or document_signing. |
| cs_provisioning_method | required | string | Specify how you want to receive the token. Default: email Allowed values: email, ship_token, or client_app.For more information about the provisioning methods, see Glossary – Provisioning methods |
| ship_info | optional | object | For orders with the cs_provisioning_method of ship_token, specify the shipping address for the hardware token. |
| .. name | required | string | First and last name of the recipient of the order. |
| .. addr1 | required | string | Shipping address for the token. |
| .. addr2 | required | string | Continuation of street address. |
| .. city | required | string | Shipping city. |
| .. state | required | string | Shipping state. |
| .. zip | required | string | Shipping postal code. |
| .. country | required | string | Shipping country. |
| .. method | required | string | Shipping priority for the token. Allowed values: STANDARD or EXPEDITED (incurs additional cost). |
| .. csr | conditional | string | Certificate signing request (CSR) or public key in PEM format. Format the CSR/public key as a base64-encoded string without line breaks or escape characters. Include the PEM headers and footers (such as -----BEGIN CERTIFICATE REQUEST-----... and ...-----END CERTIFICATE REQUEST-----). For more information about generating a CSR, see Create a CSR.Required if the cs_provisioning_method is email.After placing the order, if the status of the order is pending, you can use the Update CSR endpoint to update the CSR. To check the status of the order, use the [Order validation status](https://dev.digicert.com/certcentral-apis/services-api/orders/validation-status.html) endpoint.Note: The Services API does not extract information from the CSR to fill in the details of a certificate request. |
| .. key_size | optional | int | Number of bits used in the key. Default: 2048 Allowed values for RSA key type: 2048, 3072, or 4096. Allowed values for ECC key type: p-256 or p-354. |
| .. csr_key_type | optional | string | Key type for the CSR. Default: RSA Allowed values: rsa or ecc. |
| .. signature_hash | optional | string | Hash algorithm used for signing the certificate. Default: sha-256Allowed values:: sha256, sha384, sha512. |
| comments | optional | string | Comments about the order for the administrator or approver reviewing the order request. The comments value is stored on the order request. If the order skips the approval step (skip_approval is set to true), any provided comments value is ignored since CertCentral creates the order directly without creating a corresponding request. |
| additional_emails | optional | array | Additional email addresses to receive certificate notification emails (for example, certificate issuance, duplicate certificate, and certificate renewals). |
| csa_agreed_to | required | boolean | Specify if the Certificate Subscriber Agreement (CSA) has been agreed to. Set this parameter to true to indicate agreement and false for disagreement.Default: true Allowed values: true or false. |
| promo_code | optional | string | Promotional code for the order. |
| order_validity | required | object | Defines the validity period of the order. |
| .. years | required* | int | Number of years the order is valid. *Can be replaced by order_validity.days or order_validity.custom_expiration_date. Range: 1 |
| .. days | optional | int | Number of days the order is valid. Overrides order_validity.years. Max value: 397 |
| .. custom_expiration_date | optional | string | Custom expiration date for the order. Overrides order_validity.days and order_validity.years. Format: dd MMM YYYY (for example, "09 JUN 2025") Range: Must be within 397 days of the date you request the order. |
| requester | required | object | Information about the requestor who submitted the certificate order. |
| .. first_name | required | string | Requestor's first name (given name). |
| .. last_name | required | string | Requestor's last name (surname). |
| required | string | Requestor's email address. | |
| .. telephone | required | string | Requestor’s phone number with the country code (for example, +1-555-555-5555). |
| .. .. job_title | required | string | Job title of the requestor. |
| .. .. type | required | string | Contact type. Allowed values: existing_contact or new_contact. |
| organization | required | object | Object with information about the organization to associate with the request. You can associate the request with an existing organization, or you can create a new organization when you submit the order request. To associate the request with an existing organization, pass the ID of the organization as the value of organization.id in the body of your request. To create a new organization, include the details of the organization in the organization object. For more information about the structure and required parameters of the organization object, see the Create organization documentation.Note: When you submit an order with organization details instead of providing an organization ID, we check the organizations that already exist in your account to avoid creating a duplicate.
To override this behavior and force the request to create a new organization, set the organization.skip_duplicate_org_check parameter to true in the body of your request.Important: When you want to associate an order with an existing organization, we recommend always using the ID of the organization instead of the organization's details in the body of your request. To get the ID values for organizations in your account, use the List organizations endpoint. Additionally, we recommend deactivating unused organizations to ensure they are never accidentally assigned to a new order request. To deactivate an organization, use the Deactivate organization endpoint. |
| .. id | required | integer | The ID of an existing organization to associate with the order. To get the ID of organizations in your account, use the List organizations endpoint. Note: Not required if you are creating a new organization with your request. For details on how to create a new organization, see Create organization. |
| .. contacts | required | array | List of contacts for the organization. When creating a new organization:
When using an existing organization ID:
organization on the request. To create the order with a different organization or technical contact than those assigned to the organization, include the organization_contact or technical_contact object at the root of the request payload. |
| .. .. id | required | integer | Unique ID of the contact (organization_contact or technical_contact) within the organization.Note: Not required if you are creating a new contact with your request. Providing the details for a verified_contact (authorized representative) is required. For details on how to create a new contact, see Contact details object. |
| .. .. contact_type | required | string | Contact type. Allowed values: organization_contact, technical_contact, or verified_contact. Note: This parameter is required when creating a new contact, when creating a new authorized representative, or when using an existing verified contact as an authorized representative. |
| container | optional | object | If needed, specify the container the order should be placed under. |
| .. id | required | int | Container ID. |
| skip_approval | optional | bool | Specify if the order should skip the approval step and be immediately submitted for validation and issued when complete. Default: false |
| auto_renew | optional | int | Specify if the certificate should automatically renew. Allowed values:0 (disabled) or 1 (enabled) Default:0 |
| custom_renewal_message | optional | string | Custom message to be included in renewal notifications. |
| payment_method | required | string | Payment method for the order. Allowed values:
|
| credit_card | required (if payment_method is card) | object | Object with information about the credit card charged for the order. Required if payment_method is card. |
| .. number | required | string | Credit card number. |
| .. expiration_month | required | string | Credit card expiration month. Format as a two-digit number between 01 (Jan) and 12 (Dec). |
| .. expiration_year | required | string | Credit card expiration year. Format as a four-digit number. For example: 2026 |
| .. cvv | required | string | Card verification value (CVV). Format as a three- or four-digit number. For example: 333 or 4444 |
| .. cardholder_name | required | string | Cardholder’s first and last name. |
| .. save_credit_card | optional | null | Specify whether to save the credit card details. true for saving the details, false for not saving the details, and null for not indicating the preference.Allowed Values: true, false, or null. |
| .. set_as_default | required | string | Set the card as the default payment option or method. To set this card as your default payment method, use 1. To keep your default payment method, use 0.Allowed Values: 1 or 0. |
| billing_address | conditional | object | Object with information about the billing address. Required if payment_method is card. |
| .. address | required | string | Billing street address. |
| .. address2 | optional | string | Continuation of street address. |
| .. city | required | string | Billing city. |
| .. state | conditional | string | Billing state or province. Optional for some countries. |
| .. country | required | string | Billing country. |
| .. zip | conditional | string | Billing zip or postal code. Optional for some countries. |
Response parameters
| Name | Type | Description |
|---|---|---|
| id | int | Order ID. |
| organization | object | Container for new organization details. Only returned if a new organization was created with the order. |
| .. id | int | Organization ID for the new organization. |
| requests | array | Contains information about the request. |
| .. id | int | Request ID. |
| .. status | string | Request status. Possible values:pending, submitted, approved, rejected |
| certificate_id | int | Certificate ID. Returned if request status is approved. |