Skip to main content

Account Manager API

Developer documentation

DigiCert® Account Manager API lets you automate user management, control access, manage credentials, and monitor activity for your DigiCert​​®​​ account.

What you can do

  • Manage users: Create and manage administrators and service users.

  • Control access: Assign roles to grant permissions.

  • Manage credentials: Generate API tokens and client authentication certificates.

  • Monitor activity: Query audit logs to track changes and user actions.

  • View resources: Access account, organization, and locale information.

Tip

See Get started for complete details on making your first API call to DigiCert® ONE APIs.

Authentication

Base URL and endpoints

DigiCert​​®​​ provides both production and demo environments across four geographic regions. Each API call starts with a region-specific hostname (base URL), followed by a predictable versioned path.

User types: Standard vs. service users

Make sure you understand the difference between a standard user (your primary user account) and service users.

Table 4. Standard user vs. service user comparison

Standard user

Service user

Purpose

UI access via web browser and user administration

API integration and automation

Authentication

Username/password; API token; client authentication certificate

API token; client authentication certificate

Can create API tokens?

Yes, with inherited permissions (assumes exact roles as the user creating the token)

No, service users are the token (roles are explicitly assigned at creation)

Can manage users?

Yes, depending on assigned roles

Yes, depending on assigned roles

Best for

Manual administration; one-off tasks

CI/CD pipelines; integrations


Roles and permissions

Assigned roles determine a user's permissions. Roles are manager-specific and provide a granular permission structure.

Use the /account/api/v1/role endpoint to see available roles for Account Manager:

curl -X GET https://demo.one.digicert.com/account/api/v1/role?application_code=account_manager \
  -H "x-api-key: USER_API_TOKEN" \
  -H "Content-Type: application/json" | jq '.'

Important considerations

  • Service users are the token. Service users cannot create additional API tokens. If lost, delete the service user and create a new one.

  • User deletion is permanent. Deleting a user immediately invalidates all their credentials. This cannot be reversed.

  • Assign roles, not permissions. When creating or updating users, assign roles (such as AM_ACCOUNT_ADMIN). Roles contain sets of permissions.

Common operations

Table 5. Common Account Manager API operations

Method

Endpoint

Description

GET

/account/api/v1/user

List all users; use query parameters to view specific user types ?user_type=service

GET

/account/api/v1/user/{user_id}

Get details for the specified user

GET

/account/api/v1/user/me

Get details about the currently authenticated user

PUT

/account/api/v1/user/{user_id}

Update the specified user; add or remove assigned roles/accounts, change email address, friendly name

GET

/account/api/v1/audit-log

View audit logs; use query parameters to target dates or actions ?from=2024-01-01&action=CREATE

GET

/account/api/v1/role

List all available roles; use query parameters to filter by manager ?application_code=account_manager


What's next?

In this section: