Authentication
DigiCert CertCentral APIs use API keys for both authentication and authorization. Authenticating to the service should be relatively straightforward if you've ever worked with header-based authentication before.
Header-based authentication
Each request to the service must include an API key. This is done using the custom HTTP header X‑DC‑DEVKEY. Here's a simple API request to the Services API List users endpoint using cURL.
Notice
Be sure to replace {{api_key}} with your actual API key.
curl -X GET \
'https://www.digicert.com/services/v2/user' \
-H 'Content-Type: application/xml' \
-H 'X-DC-DEVKEY: {{api_key}}'Generate an API key
API keys are generated and managed in your CertCentral account. To generate a new key, sign in to your CertCentral account.
Danger
After you generate a key, we display it only once. There is no way to retrieve a lost API key. If you lose a key, you should revoke it and generate a new one.
In your CertCentral account, in the left main menu, go to Automation > API Keys.
On the API Keys page, select Add API Key.
In the Add API Key window, enter a Description for the new key.
For example, enter the name of the app or user you are linking the key to.
IIn the User menu, do one of the following:
Select the user you want to link the key to.
When linking a key to a user, you link the user's permissions to the key. The key is authorized to perform any actions the user can.
Select Create new service user.
A service user has API-only access to your CertCentral account. Only administrators can create servicer users.
Important
Service user creation is tracked in your CertCentral audit logs: Date & Time, User, Activity, Source, IP Address, Division, and Country.
When creating a service user, you link the administrator's permissions to the key. By default, the service user is authorized to perform any actions the administrator can.
Email address
Add the email address you want to link to this service user. Some of our processes require the user associated with the API key to have an email address.
Division restrictions (optional)
Select the divisions to which you want to restrict the service user. This option only appears if you are using divisions in your CertCentral account.
If you leave this field empty, the services user has the same division access as the administrator creating the service user.
(Optional) To restrict the API keys permissions to a specified set of actions, in the API key restrictions (optional) menu, select one of these options:
Orders
Limits key to these actions: Orders, Requests, and Certificates.
Orders, Domains, Organizations
Limits key to these actions: Orders, Requests, Certificates, Organizations, and Domains.
View Only
Limits key to GET requests only. POST, PUT, or DELETE requests are disabled.
User Management
Limits key to these actions: Users.
Select Add API Key.
In the New API Key window, select the generated key to copy it.
Save the key in a secure location.
Remember: The API key is only displayed this one time.
After saving the key, select I understand I will not see this again.
What's next
You're ready to use DigiCert CertCentral APIs. Your new API key is added to the list of keys on the API Keys page. Return to this page to track or revoke API keys.
Edit an API key
As needed, you can edit an API key to update the description or to modify the keys permissions.
In your CertCentral account, in the left main menu, go to Automation > API Keys.
On the API Keys page, click the API Key Name link.
In the Update API Key window, modify the Description or update the API Key permissions.
To remove API keys restrictions, in the API key restrictions (optional) field, select the X at the end of the entry. The field will now read None.
To update the API keys permissions, in the API key restrictions (optional) menu, select one of these options:
Orders
Limits key to these actions: Orders, Requests, and Certificates.
Orders, Domains, Organizations
Limits key to these actions: Orders, Requests, Certificates, Organizations, and Domains.
View Only
Limits key to GET requests only. POST, PUT, or DELETE requests are disabled.
User Management
Limits key to these actions: Users.
Warning
When adding permission restrictions to an active API key, you’ll break any integrations using that key if expanded permissions are required. To fix these broken integrations, you’ll need to edit the key and remove the restrictions.
When ready, select Update API Key.
Edit a service user
As needed, you can edit a service user and update the email address and division restrictions.
In your CertCentral account, in the left main menu, go to Account > Service Users.
On the Services Users page, select the service user you want to update.
On the Service User's details page, update the following information as needed:
Email address
Update the email address you want to link to this service user. Some of our processes require an email address.
Division restrictions
Update the divisions to which you want to restrict the service user. This option only appears if you are using divisions in your CertCentral account.
Warning
Removing division access affects the service user's active API key. If division permissions are required, any integrations using that key will be broken. To fix these broken integrations, you'll need to edit the service user and restore the division access.
When ready, select Update user.