Authentication
DigiCert CertCentral APIs use API keys for both authentication and authorization. Authenticating to the service should be relatively straightforward if you've ever worked with header-based authentication before.
Header-based authentication
Each request to the service must include an API key. This is done using the custom HTTP header X‑DC‑DEVKEY
. Here's a simple API request to the Services API List users endpoint using cURL.
Notice
Be sure to replace {{api_key}}
with your actual API key.
curl -X GET \ 'https://www.digicert.com/services/v2/user' \ -H 'Content-Type: application/xml' \ -H 'X-DC-DEVKEY: {{api_key}}'
Generate an API key
Warning
After a key is generated, we display it only once. There is no way to retrieve a lost API key. If you ever lose a key, you'll need to revoke the lost key and generate a new one.
API keys are generated and managed in your CertCentral account. To generate a new key, sign in to your CertCentral account.
In your CertCentral account, in the sidebar menu, click Automation > API Keys.
On the API Keys page, click Add API Key.
In the Add API Key window, enter a Description for the new key.
For example, enter the name of the app or user you are linking the key to.
In the User dropdown, select the user you want to link the key to.
Notice
Keep in mind that when linking a key to a user, you're linking that user's permissions to the key. This means the key will be authorized to perform any actions the user can.
(Optional) To restrict the API keys permissions to a specified set of actions, in the API key restrictions (optional) dropdown, select one of these options:
Orders
Limits key to these actions: Orders, Requests, and Certificates.
Orders, Domains, Organizations
Limits key to these actions: Orders, Requests, Certificates, Organizations, and Domains.
View Only
Limits key to GET requests only. POST, PUT, or DELETE requests are disabled.
Click Add API Key.
In the New API Key window, click the generated key to copy it.
Save the key in a secure location. (Remember, the key is only displayed this one time.)
After you save the key, click I understand I will not see this again.
What's next
You're now ready to start using DigiCert CertCentral APIs. Your new API key is added to the list of keys on the Account Access page. Return to this page to track (active and revoked) or revoke API keys.
Edit an API key
As needed, you can edit an API key to update the description or to modify the keys permissions.
In your CertCentral account, in the sidebar menu, click Automation > API Keys.
On the API Keys page, click the API Key Name link.
In the Update API Key window, modify the Description or update the API Key permissions.
To remove API keys restrictions, in the API key restrictions (optional) field, click the X at the end of the entry. The field will now read None.
To update the API keys permissions, in the API key restrictions (optional) dropdown, select one of these options:
Orders
Limits key to these actions: Orders, Requests, and Certificates.
Orders, Domains, Organizations
Limits key to these actions: Orders, Requests, Certificates, Organizations, and Domains.
View Only
Limits key to GET requests only. POST, PUT, or DELETE requests are disabled.
Warning
Keep in mind that when adding permission restrictions to an active API key, you’ll break any integrations using that key if expanded permissions are required. To fix these broken integrations, you’ll need to edit the key and remove the restrictions.
Click update Add API Key.