Automation API

The DigiCert Automation API is a powerful API that allows you to automate certificate enrollment and installation on your devices. The Automation API gives you complete control to configure automation profiles and manage automation activities. Use it to access all of the features of automation that are available in CertCentral, without needing to log in to the platform.

Depending on the host where your certificate is installed, you can use the Automation API to set up agent-based or sensor-based (agentless) automation. To learn more about the automation products available in CertCentral, see Certificate lifecycle automation guides.

Why use it

The Automation API helps organizations simplify and scale their TLS/SSL certificate lifecycle management. Instead of manually ordering, configuring, and installing certificates across servers and devices, the Automation API integrates with your systems to:

Reduce manual errors and avoid certificate outages
Issue and install certificates on devices by using predefined automation profiles
Embed certificate provisioning into your CI/CD workflows or configuration management systems
Manage many certificates across hybrid and multi-cloud environments through a consistent API interface
-Ensure all devices are protected with valid, up-to-date certificates that follow organizational policies and best practices

Authentication

Each request to the Automation API must include an API key. This is done using the custom HTTP header X‑DC‑DEVKEY. The value for this header is the same API key used to authenticate requests to the other CertCentral APIs.

To learn more about generating an API key and authenticating to CertCentral APIs, see Authentication.

Also, verify that your account has the necessary permissions to execute specific API request. For more information, see List permissions and Check permission.

Base URL

Use this base URL when constructing Automation API requests:

https://caas.digicert.com/automationws/v1

Requests

All API requests are submitted via RESTful URLs using REST features, including header-based authentication and JSON/XML request types.

The data character set encoding for requests is UTF-8. A well-formed request uses port 443 and has the user-agent and content-length headers specified.

Method

The Automation API uses these standard HTTP methods:

GET
POST

Body

Most requests require passing JSON formatted data. If an endpoint supports or requires a different format, it will be noted for that endpoint.

Supported content-type values include:

application/json
application/xml

Response

Responses consist of headers and a body. The body is formatted based on the content-type specified in the request.

See Glossary – Headers for information about HTTP header response codes.

To view the errors returned by the DigiCert CertCentral® API and their descriptions, see Errors.

Filtering and sorting results

Some requests that return many results support filtering, sorting, and pagination. In the Automation API, the syntax for filtering and sorting data requires that you include the searchCriteriaList and sorting parameters in the request body.

The searchCriteriaList array is a list of objects. Each object defines a conditional statement. The response only includes results that meet all of the criteria defined in the searchCriteriaList array.
The sorting object contains a single key/value pair. The key is the name of a field to use for sorting. The value defines whether to sort in ascending or descending order by the specified field.

To see which properties an endpoint supports for filtering and sorting, check the reference documentation for the endpoint. For general information and examples of the syntax to use when applying filters and sorting results, see the parameter descriptions and examples below.

Name	Type	Description
searchCriteriaList	array	List of objects that define the search criteria for the request. Each object defines a conditional statement that a result must meet to be included in the response. To filter by more than one property, include multiple objects in the `searchCriteriaList` array. Use each object to define an additional filter condition.
.. key	string	The name of the property to use for filtering.
.. operation	string	The operation for the conditional statement. Allowed values:`EQUALS`
.. value	array	One or more values to filter against.
sorting	object	Object with a key/value pair that defines how to sort the results.
.. `{{key}}`	string	Sorting rule for the specified `{{key}}`. Replace `{{key}}` with the name of a field to use for sorting. Allowed values: `ASC`: Sorts in ascending (0-9, A-Z) order `DESC`: Sorts in descending (9-0, Z-A) order.
startIndex	integer	Index of the first result to return.
pageSize	integer	Number of results per page.

Filtering and sorting examples

In the sample request body for the Get agent list endpoint below, we use the searchCriteriaList array to limit the response to results where the AGENTSTATUS property has a value of Not Configured. Results are sorted in descending order by the value of the agentName property.

{
    "accountId": 5153184,
    "searchCriteriaList": [
        {
            "key": "AGENTSTATUS",
            "operation": "EQUALS",
            "value": [
                "Not Configured"
            ]
        }
    ],
    "divisionIds": [],
    "startIndex": 1,
    "pageSize": 50,
    "sorting": {
        "agentName": "DESC"
    }
}

In this next sample request body for the Get automation IPs list endpoint, we use the searchCriteriaList array to limit the response to results that meet the following criteria:

The value of the AUTOMATION_STATUS property has a value of SUCCESSFULLY_RENEWED.
The value of the LB_APP_NAME property has a value of Tomcat.

Results are sorted in ascending order by the value of the commonName property.

{
    "accountId": 5153184,
    "searchCriteriaList": [
        {
            "key": "AUTOMATION_STATUS",
            "operation": "EQUALS",
            "value": [
                "SUCCESSFULLY_RENEWED"
            ]
        },
        {
            "key": "LB_APP_NAME",
            "operation": "LIKE",
            "value": [
                "Tomcat"
            ]
        }
    ],
    "divisionIds": [],
    "pageSize": 50,
    "startIndex": 1,
    "sorting": {
        "commonName": "ASC"
    }
}

High-Level certificate lifecycle automation workflow

The DigiCert CertCentral® managed automation solution uses the Automation API to provide an end-to-end workflow for automating certificate lifecycle management for your VMs and servers. A typical workflow can include the following actions:

Action	What you need to do	Relevant resources
Deploy clients	Install and activate the required automation clients (ACME agents or sensors) on your hosts.	For standard hosts such as web servers, see Install and activate an ACME automation agent. For network appliances such as load balancers, see Install and activate a sensor.
Configure automation	Configure the clients to set up agent or sensor-based automation on single or multiple hosts.	For setting up automation on a single host, see Create automation. For setting up automation on multiple hosts, see Create bulk automation.
Create automation profile	Create one or more automation profiles. Automation profiles facilitate certificate automation requests and maintain uniformity across your environment.	Create profile
Validate configuration	Validate the agent or sensor configuration and ensure reachability before scheduling events.	For getting sensor details, see Get sensor details. For getting agent details, see Get agent details.
Schedule Events	Schedule the certificate lifecycle automation events.	Schedule automation events
Monitor Status	Monitor the status of automated certificate requests, identify automation and agent errors, and track certificates expiring within 90 days. This allows you to proactively schedule renewals and reissues.	Get automation IPs list

In this section: