Skip to main content

Best practices

DigiCert APIs offer developers a lot of freedom and customization. As such, it's important to understand how to make the most of your API integration. By following these best practices, you'll reduce your total number of API calls and ensure you receive the fastest response times.

API keys

Use the right key

To generate an API key, you're required to link it to an existing user. This provides both authentication and authorization for the API key. When building API integrations, make sure you use an API key with the necessary permissions to complete the required tasks.


Avoid concurrent requests

We recommend you don't send concurrent requests as this may increase response times and can cause unexpected behavior. Concurrent requests also greatly increases the risk of reaching your request rate limit, temporarily blocking your API access.

Send multiple requests sequentially

When working with multiple requests, send requests sequentially (one at a time), and always wait for a response code before sending the next request in the queue. This produces the best data throughput performance and greatly reduces the chance of anomalous behaviors and errors.


Always include skip_approval parameter

By default, SSL/TLS certificate order requests include an approval step that must be completed before DigiCert can process the order.

You can skip this approval step by including the skip_approval parameter with a value of true in the request body of your orders. This speeds up order response times considerably and allows you to take advantage of Immediate certificate issuance.

Use ID for existing organizations

When you want to associate an order with an existing organization, we recommend always using the ID of the organization instead of the organization's details in the body of your request. To get the ID values for organizations in your account, use the List organizations endpoint.

We also recommend deactivating unused organizations to ensure they are never accidentally assigned to a new order request. To deactivate an organization, use the Deactivate organization endpoint.

Use Status change endpoint for order status

After submitting an order, you'll want to know when the order status changes and the certificate is ready to download. Instead of making multiple calls to check that status of each order, use the Status change list endpoint.

The Status change list endpoint returns a list of orders that changed status in a specified time period (up to 7 days in the past). When an order's status changes from pending to issued, you can use the returned order_id to get specific order details or to download the certificate.

Get both versions of a domain for free

When requesting, reissuing, and duplicating single domain certificates, you can choose whether to include a specific additional SAN for free.

To secure both versions of your domain ([your-domain].com and www.[your-domain].com), in your request, use the common_name parameter to add the domain ([your-domain].com) and the dns_names[] array to add the other version of the domain (www.[your-domain].com). If you want to secure only the common name (FQDN), simply omit the dns_names[] parameter from your request.


For the Order SSL (type_hint) endpoint, you must add the base domain (non www version) to the common_name parameter and the additional SAN (www version) to the dns_names array.

Example request body:

    "certificate": {
        "common_name": "",
        "dns_names": [