Quick integration with CertCentral APIs
DigiCert CertCentral® APIs enables you to seamlessly integrate DigiCert certificate management into your existing systems and workflows. This topic outlines the essential tasks to help developers and IT teams quickly get started with CertCentral APIs. Performing a quick integration with CertCentral APIs enables streamlined certificate management, from ordering to renewal, all through automated API calls.
CertCentral APIs use URL-based entry points and require API keys be sent in the HTTP request header over port 443. However, each API uses a different technology when handling requests. To learn more, see About the APIs.
Note
This documentation assumes you have some experience working with APIs. If you've never worked with an API before, we recommend learning about the basics of APIs before using this service.
To begin interacting with CertCentral APIs, you must first authenticate using a securely generated API key. For information to generate an API key, see Authentication.
Note
Store your API key securely and do not share your API key with anyone.
The API key must be sent in the X-DC-DEVKEY header of each request.
Ordering certificates is a core function of CertCentral APIs. Depending on your requirements, you can submit detailed order requests. Use the POST /order/certificate/{product_id} endpoint to order the certificates. For more information, see Glossary - Product Identifiers.
CertCentral APIs supports a wide range of certificate types, including Basic OV or Code Signing certificates. For more information about ordering a certificate, see Orders.
From the wide range of certificate types, if you want to order a Basic OV certificate, click here; or to order a Code signing certificate, click here.
Also, orders can be placed programmatically as part of your CI/CD pipeline for consistent provisioning and deployment. for more information, see Automation API.
After submitting a certificate order, monitoring its progress and retrieving the issued certificate are essential. CertCentral APIs offers endpoints to track order status and download or retrieve issued certificates.
To check the status of your order, use the GET /order/certificate/{order_id} endpoint. Check the value of the Status response parameter to get the current status of the order. For more information about retrieving order information, see Order info. For more information about types of order status, see Glossary - Order Status.
To download a certificate, use the GET /certificate/{certificate_id}/download/ endpoint after the certificate is issued. You can download certificates for a specific platform, in a supported format or by order ID.
For more information about downloading the certificate for a platform, see Download certificate for a platform.
For more information about downloading the certificate in a specific format, see Download certificate by format.
For more information about downloading the certificate based on the order ID, see Download certificate (order_id).
For more information about downloading the certificate using its order ID in a specific format, see Download certificate by format (order_id).
Domain Control Validation (DCV) is a required step in the certificate issuance process and is used to prove that the certificate requester has administrative control over the domains listed in the certificate. When placing an order for a certificate, you must specify how you intend to validate the domains in the request.
Note
It is recommended to assign the DCV method while ordering the certificate. This ensures the domain is validated correctly before certificate issuance. To assign a DCV method during the certificate ordering process, ensure that you include dcv_method parameter in the API request.
CertCentral supports different DCV methods. For more information, see DCV Methods.
Note
Adding and validating a domain using the email, dns-txt-token, or dns-cname-token DCV methods demonstrates control over any subdomains of that domain. Likewise, adding and validating a domain using only the file-based (http-token) DCV method demonstrates control over the exact FQDN in your request.
Choose a DCV method (email, DNS, or HTTP) and then complete validation by responding to the email, updating DNS records, or updating the host validation file accordingly.
Key DCV related tasks you can perform with CertCentral APIs:
For viewing the available DCV methods for a domain, see List DCV methods.
For checking DCV status, see Validation details.
For generating domain DCV random value, see Generate domain DCV random value.
For completing Http token and Http DNS token DCV, see File-based domain control validation (http-token and http-token-dynamic).
For instructions on completing DCV for a specific certificate type, see OV/EV certificate, DV certificate, and Verified Mark certificate or Common Mark certificate.
For certificate renewals or reissuances, domain revalidation may be necessary if the prior validation period has lapsed. See Submit domain for validation.
Key DCV related tasks you can perform with the CertCentral UI:
For completing DCV through the CertCentral UI, see Domain Control Validation using CertCentral platform documentation.
Managing the full lifecycle of certificates includes not just initial issuance but also timely renewals and reissuances. CertCentral APIs provides endpoints to automate renewal and reissuance.
To ensure uninterrupted security by scheduling renewals ahead of expiration, use POST /order/certificate/{order_id}/renew. For more information about renewing a specific certificate type, see OV/EV certificate, DV certificate, and Verified Mark certificate or Common Mark certificate.
To update details on an existing certificate without placing a brand-new order, use POST /certificate/{certificate_id}/reissue. For more information about reissuing the certificate, see Reissue certificate.
CertCentral allows you manage organizations and domains through the API, helping ensure that the information in your certificate order is accurate, validated, and ready for immediate use during new orders or renewals. When placing a certificate order, you must include both the organization and domain information in your request.
Note
To streamline the issuance process, it is recommended to include the organization and dns_names parameters in your API request. This ensures the organization and domain are validated ahead of time, reducing delays during certificate issuance.
An organization in CertCentral represents the legal entity that owns and is responsible for the requested certificates. By ensuring that your organization is validated, you can reduce the time spent during order processing, especially for large enterprises handling multiple departments. For information about organization management APIs, see Organizations.
A certified domain implies that the web address is verified by DigiCert. Domains undergo validation before they can be included certificates. Proactively managing your domains ensures that they are always ready for immediate use in new orders, renewals, or reissuances, which in turn reduces wait times and validation delays. For information about domain management APIs, see Domains.
If you're unfamiliar with a specific term or want additional information about a parameter or variable, use the Glossary section.
For guides to managing certificate lifecycles and other common workflows, visit the Workflows section.
If you encounter an error, it is probably documented. Check out the Errors section to locate the error and find a solution.