Documentation

Mistake on this page? Email us

Third-party CA management API

API for managing third-party device certificate issuers.

See Troubleshooting the APIs for information on status and error codes.

Version: v3
Host: https://api.us-east-1.mbedcloud.com

Endpoints

SecurityAndIdentityCertificateIssuerConfigurations

post /v3/certificate-issuer-configurations
Create certificate issuer configuration. Show more Show less

Configure the certificate issuer to use when creating device custom certificates.
Example:

curl -X POST https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations \
-H 'Authorization: Bearer <valid_access_token>' \
-H 'content-type: application/json;charset=UTF-8' \
-d '{
  "reference": "customer.dlms",
  "certificate_issuer_id": "01621a36719d507b9d48a91b00000000"
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CreateCertificateIssuerConfig CreateCertificateIssuerConfig (required)
Body Parameter — Certificate issuer configuration request.
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
201 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
409 A certificate issuer configuration with this reference already exists. ErrorObjectResponse
delete /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Delete certificate issuer configuration. Show more Show less
Delete certificate issuer configuration. You can only delete custom certificate configurations.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — Certificate issuer ID configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
204 No content.
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuer-configurations/lwm2m
Get certificate issuer configuration. Show more Show less
Provides the configured certificate issuer used when creating device certificates for LwM2M.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
get /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Get certificate issuer configuration. Show more Show less
Provides the configured certificate issuer.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — Certificate issuer ID configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuer-configurations
Get certificate issuer configurations. Show more Show less

Get certificate issuer configurations, optionally filtered by reference.
Example:

curl -X GET https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations \
-H 'Authorization: Bearer <valid_access_token>' \
-H 'content-type: application/json;charset=UTF-8' \

``` curl -X GET https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations?reference__eq=dlms \ -H 'Authorization: Bearer ' \ -H 'content-type: application/json;charset=UTF-8' \ ``` **Note:** This endpoint does not implement pagination, and therefore ignores list control parameters such as `limit` or `after`.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Query parameters
limit (optional)
Query Parameter — The number of results to return (2-1000). Values outside of this range are set to the closest limit.
minimum: 2
maximum: 1000
order (optional)
Query Parameter — Record order. Acceptable values: ASC, DESC. Default: ASC.
after (optional)
Query Parameter — The ID of the item after which to retrieve the next page.
include (optional)
Query Parameter — Comma-separated list of data fields to return. Currently supported: total_count.
reference__eq (optional)
Query Parameter — The certificate name to which the certificate issuer configuration applies.
Return type
Example data
Content-Type: application/json
{
  "data" : [ {
    "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
    "reference" : "customer.dlms",
    "updated_at" : "2017-02-01T00:00:00Z",
    "is_custom" : true,
    "created_at" : "2017-01-01T00:00:00Z",
    "etag" : "1",
    "id" : "01648415a2a30242ac18000500000000",
    "object" : "certificate-issuer-configuration"
  } ],
  "total_count" : 1,
  "limit" : 50,
  "has_more" : false,
  "after" : "01631667477600000000000100100374",
  "order" : "DESC",
  "object" : "list"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigListResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
put /v3/certificate-issuer-configurations/lwm2m
Update certificate issuer configuration. Show more Show less

Configure the certificate issuer used when creating device certificates for LwM2M.
Example:

curl -X PUT https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations/lwm2m \
-H 'Authorization: Bearer <valid_access_token>' \
-H 'content-type: application/json;charset=UTF-8' \
-d '{
  "certificate_issuer_id": "01621a36719d507b9d48a91b00000000"
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerConfigRequest CertificateIssuerConfigRequest (required)
Body Parameter — Certificate Issuer Configuration Request
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
put /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Update certificate issuer configuration. Show more Show less
Update certificate issuer configuration.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — Certificate issuer ID configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerConfigRequest CertificateIssuerConfigRequest (required)
Body Parameter — Certificate issuer configuration request.
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse

SecurityAndIdentityCertificateIssuers

post /v3/certificate-issuers
Create certificate issuer. Show more Show less

Create a certificate issuer.
The maximum number of issuers is limited to 20 per account.
You can create multiple certificate issuers of the same type, provided they have different names. This allows verification of the certificate issuer configuration before activation.
Example:


curl -X POST https://api.us-east-1.mbedcloud.com/v3/certificate-issuers \
-H 'Authorization: Bearer <valid_access_token>' \
-H 'content-type: application/json;charset=UTF-8' \
-d '{
  "issuer_type": "GLOBAL_SIGN",
  "name": "GS Issuer",
  "description": "Sample GlobalSign certificate issuer",
  "issuer_attributes": null,
  "issuer_credentials": {
      "api_key": "e510e289e6cd8947",
      "api_secret": "a477a8393d17a55ecb2ba6a61f58feb84770b621",
      "client_certificate": "-----BEGIN CERTIFICATE-----MIIC7zCCAdegAwIBAgIJANTlU4x5S74VMA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNVBAoMA0FybTAeFw0xODAzMTExMzE5MTFaFw0xOTAzMTExMzE5MTFaMA4xDDAKBgNVBAoMA0FybTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWLStsVMJULZtxdieK9qocM4ymDXMaAusmd9TZLzBgznKQe/CW2yxyA8C8K5e6MmvMYGeKDd4Lkw/ezOj2OsUj2xzNIltUxpGi/GhsNYiN/khNJa/Y1SllLoihJAPm/xbMywOBRu/dM88PiJsNZccOk0I8DYvvyAs9wCTkbKLnfHygl98DCRqXw7nBCplU6F03qpUd/4BUtMtugyqt7yboGH+4YewnUh4Yh4QNOJIvE93Ob++eKjO3pIOYEhQmUxzOLaLNuWXlv2l1WuN281hUP4XBcV8mCzRQfTBBDYTWt+5BEWoLOUkXjW0Um6EAaN3usph1IKDEH6Ia5VHP4Pj0CAwEAAaNQME4wHQYDVR0OBBYEFLsfYZxFcQTjPJKYMjHI2In316fmMB8GA1UdIwQYMBaAFLsfYZxFcQTjPJKYMjHI2In316fmMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFl08GFsIkkUs6M7QgCWmsnwP6PtD8V87wM1GAqQQlOOeztaeRR2TEOeYiKRZQugYszJ/FVfVp4ggqzepJMn6UZ42j5nmSJs+6t79i23QAzX1zNQ354lr/t7kt3fMdhuL3AP0oZGzdy+EnXXiWeAD22UwzvVmLt38ypJIl+pmTsx9jJy4PN7yoRgtP9k+50m3X6oDxVruehC/JPSeTvEhqyLW3fLcG6IoJMX3vIwfO9uXbFJumTowQeViNJJ9duWvD2KBXn/muOOBe97TPuvAms1gOtMmmPT9/jpo9b4+NsfFiAN6bMici81aIKZzLC+lLGOUmR2fFJyM5OsVLxKsko=-----END CERTIFICATE-----",
        "private_key":"-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,CCAC26A4133947CB\n\np3KJ4FI3wcz3I0MtiLkrznkjWFvprVmoNywySUGb5IqZViJZqCMEsyU9a9iDsSfP\nZ07cg9GviV21WYIPSxZOQrpy1g1VWILzFnH+J6z8dSH4mxXh0PwdOzYgAeqkrIVM\nJ7KRm6t222dZFjjXK3eEcLmBLGo29XwVJxKHx+l4++gU1LZmeHZR5M8fJ4jejUly\n7sqzPlmRF0N3I4lwKVj+PfQTVz43QoCnpxOjuSEL4liBrc2agY2xH1O0PFyHimz9\n3XM9HR/iuPHW0N2D+NPjXlWKacerupH9d4i9IYIagzB+HTgej8limdo03GmmxcZ6\nYNa58n5yQSaqu0TPRU9DsrKeGjadHTlZQGdzfq1SWsROCnHLrXFKE2ozIG3+hxA5\nujBF/QWpX5+inXUwDJhBxp8isHbPEnBEUUd6ZRzCTjvN0jaUti5B9yFhO2G6mbE8\nCvhyzQK8oJqsjZXnlcpPf95LP+9XbcCDjLSIaWJstzXO9tPiv6+x1MVWmivtRHcC\nSTzpx8jAGCiG6ejLqWB87ZXiZm7ujlCBheHSf5RHwNHhUvoP2JEYalDDRxjcDMSx\n4uV42Np4yJlIQEDlGHcBlXoL7vEukFpuWgkYdpcZy/Ou9qz8mXrpLcu8C8MhLmSC\nixGoR5iRhV7cxoHLyuCzj87eYEA73Xu238DQorSEEuiVFnLzQ2+PJMs4qoI14q/L\notlBDz+Ko6DrU/EZROYmiqMkLKXR2sx9zNAJwPYRs6nSH08tZ3dwqzZbgtP3Wazi\nhLWHt5/En7wQRA5a+/dDEHXSoLvvSQ9jvhclhWf+eCYuq2eH+g54oyJGRSY+8GV7\nujhLxkzl/3OZdhZPWoz4U13KpbSTcNWu5Y7oGDoabw19UbvqmLf1PJkpDH/tQgzB\nxYtsLBRUcofpYoeIiIxfAA4do5WilJc8xqrGhkE4WcHfY24HXAiOvsjbxV+BRprX\n1jtgJpV/9nJESMap+8PxipGUFRGjB83/uwJaa6mLftEKflX8i4MZ+HnqraXERsqA\nWRUcDHIWmFfpzIB3iNuxawVvPH8NdCSPmQ9qTb8Cozl0AuOK2E9S+ke8oiYQScWR\nLdu+zhej7GjuQ9R+Ub+wPWqvOA5qLXejqnCexVScDUuN+z9JWM3N2FG1MwxhAzhP\ndEfoQHoBn6uyOmrVGP6fosV3chqhPoec42KeOAm1xDvx692isaIy1jPgIyPxeqhm\n2Tw4E+02R7dlP8Ljf7JzfLm4oKpWHWlcHeqg24x6lY/wXU1RBcWaTa0AQUwoGm2m\nIQCPfIqOEv/QC2HpO7SVCYkl65KwR0oTd1AzYxdxEq3xHQbh69EL0FGZPVxVCPI+\nhEAyifKy1/tm3l91Rf/kGpHY7nIQKCXH49tmFwix8gke2nZJmRgX7/zAdMOAKeKH\nAaIl4nQtv14EbaasMgnn9qgaDYnWzaReEob2QlQ/WYlTor61+KFpGtcf9jAkgudT\n2op+4CF7wT2+aTXdtkVWfmv++iB8GnlqZdxLvyG1cTYjjYHVFbMSWQnxzQqiE2ms\nQgp+byjWCumpsWTMdTO+d9NkDOo80vDpaRxEgebmhJ0MbX+eFjBgVg==\n-----END RSA PRIVATE KEY-----",
      "passphrase": "helloworld"
  }
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerRequest CertificateIssuerRequest (required)
Body Parameter — Certificate issuer request.
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
201 Created. CertificateIssuerInfo
400 Validation error: The data used to create the certificate issuer failed validation. ErrorObjectResponse
401 You are not authorized to view the resource. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
409 Conflict. A certificate issuer with this name already exists. ErrorObjectResponse
424 The request failed due to customer configured external service. ErrorObjectResponse
delete /v3/certificate-issuers/{certificate-issuer-id}
Delete certificate issuer. Show more Show less

Delete a certificate issuer by ID.
Example:

curl -X DELETE https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/0162155dc77d507b9d48a91b00000000 \
-H 'Authorization: Bearer <valid_access_token>' \
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID. An active certificate issuer cannot be deleted.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
204 Certificate issuer deleted.
400 Validation error: An active certificate issuer cannot be deleted. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuers/{certificate-issuer-id}
Get certificate issuer by ID. Show more Show less
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfo
400 Validation error: The data used to get the certificate issuer failed validation. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuers
Get certificate issuers list. Show more Show less
Note: This endpoint does not use pagination, and therefore ignores list control parameters such as limit or after.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Query parameters
limit (optional)
Query Parameter — The number of results to return (2-1000). Values outside of this range are set to the closest limit.
minimum: 2
maximum: 1000
order (optional)
Query Parameter — Record order. Acceptable values: ASC, DESC. Default: ASC.
after (optional)
Query Parameter — The ID of the item after which to retrieve the next page.
include (optional)
Query Parameter — Comma-separated list of data fields to return. Currently supported: total_count.
Return type
Example data
Content-Type: application/json
{
  "data" : [ {
    "issuer_type" : "GLOBAL_SIGN",
    "issuer_attributes" : { },
    "name" : "GS Issuer",
    "created_at" : "2017-01-01T00:00:00Z",
    "description" : "GlobalSign sample issuer",
    "etag" : "1",
    "id" : "01234567890ABCDEF01234567890ABCDEF",
    "object" : "certificate-issuer"
  } ],
  "total_count" : 1,
  "limit" : 50,
  "after" : "01631667477600000000000100100374",
  "has_more" : false,
  "object" : "list",
  "order" : "DESC"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfoListResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
put /v3/certificate-issuers/{certificate-issuer-id}
Update certificate issuer. Show more Show less

Update a certificate issuer.
Example:

curl -X PUT https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/01621560be51507b9d48a91b00000000 \
-H 'Authorization: Bearer <valid_access_token>' \
-H 'content-type: application/json;charset=UTF-8' \
-d '{
  "description": "Sample GlobalSign certificate issuer - updated.",
  "name": "GlobalSign Issuer"
}'
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerUpdateRequest CertificateIssuerUpdateRequest (required)
Body Parameter — Certificate issuer update request.
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfo
400 Validation error: The data used to update the certificate issuer failed validation. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
409 Conflict. A certificate issuer with this name already exists. ErrorObjectResponse
424 The request failed due to customer-configured external service. ErrorObjectResponse
post /v3/certificate-issuers/{certificate-issuer-id}/verify
Verify certificate issuer. Show more Show less

Validates the certificate issuer by sending a signing request for a test certificate. This should be done before the configuration is made active.
Note: The API requests the 3rd party CA to sign a test certificate. For some 3rd party CAs, this operation may use the account quota.
Example:

curl -X POST https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/01621a36719d507b9d48a91b00000000/verify \
-H 'Authorization: Bearer <valid_access_token>' \
-H 'content-type: application/json;charset=UTF-8' \
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "message" : "Message describing the verification failure",
  "successful" : false
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerVerifyResponse
400 Validation error ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
424 The request failed due to customer configured external service. ErrorObjectResponse

Models

CertificateIssuerConfigListResponse

data (optional)
array[CertificateIssuerConfigResponse]

List of certificate issuers.

total_count (optional)
Integer ($integer)

order (optional)
String

Record order based on creation time.

object (optional)
String

The type of this API object is list.

limit (optional)
Integer

The number of results to return (2-1000). Values outside of this range are set to the closest limit.

has_more (optional)
Boolean

More results are available.

after (optional)
String

An offset token for current page.

CertificateIssuerConfigRequest

certificate_issuer_id (optional)
String

Certificate issuer ID. For LwM2M, may be null if Device Management internal certificate issuer is used.

CertificateIssuerConfigResponse

id (optional)
String

Certificate issuer ID. configuration.

certificate_issuer_id (optional)
String

Certificate issuer ID. Null if Device Management internal HSM is used.

object (optional)
Enum:
certificate-issuer-configuration
reference (optional)
String

The certificate name to which the certificate issuer configuration applies.

is_custom (optional)
created_at (optional)
Date ($date-time)

Created UTC time RFC3339.

updated_at (optional)
Date ($date-time)

Updated UTC time RFC3339.

etag (optional)
String

Entity instance signature.

CertificateIssuerInfo

created_at (optional)
Date ($date-time)

Creation UTC time RFC3339.

etag (optional)
String

Entity instance signature.

id (optional)
String

Certificate issuer ID.

issuer_type
String

Certificate issuer type.

  • GLOBAL_SIGN: Certificates are issued by GlobalSign service. You must provide your own GlobalSign account credentials.
  • CFSSL_AUTH: Certificates are issued by CFSSL authenticated signing service. You must provide your own CFSSL host_url and credentials.

Enum:
GLOBAL_SIGN
CFSSL_AUTH
name (optional)
String

maxLength: 50

Certificate issuer name, unique per account.

description (optional)
String

maxLength: 100

General description for the certificate issuer.

issuer_attributes (optional)
map[String, String]

General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value is empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.

object (optional)
Enum:
certificate-issuer

CertificateIssuerInfoListResponse

data (optional)
array[CertificateIssuerInfo]

List of certificate issuers.

after (optional)
String

An offset token for current page.

has_more (optional)
Boolean

More results are available.

limit (optional)
Integer

The number of results to return (2-1000). Values outside of this range are set to the closest limit.

object (optional)
String

The type of this API object is list.

order (optional)
String

Record order based on creation time.

total_count (optional)
Integer ($integer)

CertificateIssuerRequest

issuer_type
String

Certificate issuer type.

  • GLOBAL_SIGN: Certificates are issued by GlobalSign service. You must provide your own GlobalSign account credentials.
  • CFSSL_AUTH: Certificates are issued by CFSSL authenticated signing service. You must provide your own CFSSL host_url and credentials.

Enum:
GLOBAL_SIGN
CFSSL_AUTH
name
String

maxLength: 50

Certificate issuer name, unique per account.

description (optional)
String

maxLength: 100

General description of the certificate issuer.

issuer_attributes (optional)
map[String, String]

General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value is empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.

issuer_credentials
map[String, String]

The credentials required to connect to the certificate issuer. When the issuer_type is GLOBAL_SIGN, see definition of GlobalSignCredentials. When the issuer_type is CFSSL_AUTH, see definition of CfsslAuthCredentials.

CertificateIssuerUpdateRequest

name (optional)
String

maxLength: 50

Certificate issuer name.

description (optional)
String

maxLength: 100

General description of the certificate issuer.

issuer_attributes (optional)
map[String, String]

General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value is empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.

issuer_credentials (optional)
map[String, String]

The credentials required to connect to the certificate issuer. When the issuer_type is GLOBAL_SIGN, see definition of GlobalSignCredentials. When the issuer_type is CFSSL_AUTH, see definition of CfsslAuthCredentials.

CertificateIssuerVerifyResponse

successful (optional)
Boolean

Indicates whether the certificate issuer was verified successfully.

message (optional)
String

Provides details in case of failure.

CfsslAttributes

Describes the attributes required to connect to the CFSSL server.
host_url
String

The URL to connect to the CFSSL server.

cfssl_profile (optional)
String

The profile that is configured on the CFSSL server and used by CFSSL when creating the certificate.

cfssl_label (optional)
String

The label that is used by CFSSL when creating the certificate.

CfsslAuthCredentials

Describes the credentials required when using CFSSL authenticated signing.
hmac_hex_key
String

maxLength: 64

The key that is used to compute the HMAC of the request using the HMAC-SHA-256 algorithm. Must contain an even number of hexadecimal characters.

pattern: /^([a-fA-F0-9][a-fA-F0-9]){1,32}$/

CreateCertificateIssuerConfig

reference
String

maxLength: 100

The certificate name, as created in the factory, to which the certificate issuer configuration applies. The following names are reserved and cannot be configured: LwM2M, BOOTSTRAP.

pattern: /(?!mbed.)[\w-_.]{1,100}/

certificate_issuer_id
String

maxLength: 32

Certificate issuer ID.

ErrorObjectResponse

code
Integer ($int32)

Error code. Correlates with response status code.

fields (optional)
array[FieldMessageEntry]

A list of request fields that failed validation.

message
String

Error message.

object
String

Entity name: always error.

Enum:
error
request_id
String

Request ID from JWT.

type
String

Error type.

FieldMessageEntry

field (optional)
String

Field name.

message (optional)
String

Error message related to the field.

GlobalSignCredentials

The credentials required to connect to the GlobalSign account. The values should be taken from GlobalSign support upon account creation.
api_key
String

maxLength: 1000

Unique ID for API client (provided by GlobalSign).

api_secret
String ($password)

maxLength: 250

API secret matching the API key (provided by GlobalSign).

client_certificate
String

maxLength: 3000

The client certificate provided by GlobalSign to allow HTTPS connection over TLS/SSL. The certificate wraps a public key that matches a private key provided by the customer. The certificate must be in PEM format.

private_key
String

maxLength: 3000

The private key that matches the client certificate to allow HTTPS connection over TLS/SSL. The private key may be encrypted using a symmetric encryption key derived from a passphrase. The private key must be in PEM format.

passphrase (optional)
String ($password)

maxLength: 1000

The passphrase to decrypt the private key in case it is encrypted. Empty if the private key is not encrypted.