Skip to main content

Discovery API

The CertCentral Discovery API is a powerful REST API that allows you to scan your network using sensors and find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA).

Discovery cloud-scan is a free cloud service so there is nothing to install or manage. You can start scanning immediately to find your public SSL/TLS certificates. There is no limit to the number of cloud-based scans you can run. To learn more, see Discovery cloud scan service.

Before initiating calls to the Discovery API, ensure that you correctly authenticate your API calls, verify that your account has the necessary permissions to execute specific API requests, and view the subscription limits for a specific scan type to avoid exceeding service usage. For more information, see Authentication, List permissions, Check permission, or Get scan subscription limits.

Why use it?

  • Access most of the features available in CertCentral without needing to log in to the platform.

  • Customize and automate virtually any workflow within the certificate management platform.

  • Create your own version of the platform with your organization's branding.

  • Seamlessly integrate with your existing tools.

Base URL

Use this base URL when constructing API requests:

https://daas.digicert.com/apicontroller/v1

Requests

All API requests are submitted via RESTful URLs using REST features, including header-based authentication and JSON/XML request types.

The data character set encoding for requests is UTF-8. A well-formed request uses port 443 and has the user-agent and content-length headers specified.

Method

DigiCert Discovery API uses these standard HTTP methods:

  • GET

  • POST

Body

Most requests require passing either JSON or XML formatted data. If an endpoint supports or requires a different format, it will be noted for that endpoint.

Supported content-type values include:

  • application/json

  • application/xml

  • image/jpeg

  • image/png

Responses

Responses consist of headers and a body. The body is formatted based on the content-type specified in the request.

See Glossary – Headers for information about HTTP header response codes.

To view the errors returned by the DigiCert CertCentral® API and their descriptions, see Errors.

High-Level certificate discovery workflow

The following flow outlines how to manage certificate discovery, from initial setup to result analysis:

Action

What you need to do

Relevant resources

Deploy a Sensor

Install and activate a sensor on your network to begin scanning.

Install and activate a sensor

Check Sensor Status

Retrieve a list of deployed sensors to verify their operational status.

Sensor list

Initiate a Scan

Start different types of discovery scans (cloud or sensor-based).

Note: Scanning is a resource-intensive operation and the rate limits implementation helps manage the load on the scanning infrastructure. Rate limits directly define how many requests (and thus how much data or how many scans) they can process within a given timeframe. For more information, see Rate limits.

Create scan or Set up and run a scan

Review Scan Results

Analyze the certificate data and discovery findings retrieved by the scan.

List certificates

In this section: