Documentation

Mistake on this page? Email us

Third party CA management API

API for managing third party CA for creating certificates on Pelion Device Management
Version: v3
Host: https://api.us-east-1.mbedcloud.com

Endpoints

CertificateIssuers

post /v3/certificate-issuers
Create certificate issuer. Show more Show less

Create a certificate issuer. The maximum number of issuers is limited to 20 per account. Multiple certificate issuers of the same issuer type can be created, provided they have a different name. This allows verification of the certificate issuer configuration before activating it.
Example usage:

curl -X POST \
-H 'authorization: Bearer <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuers \
-d '{
  "issuer_type": "GLOBAL_SIGN",
  "name": "GS Issuer",
  "description": "Sample GlobalSign certificate issuer",
  "issuer_attributes": null,
  "issuer_credentials": {
      "api_key": "e510e289e6cd8947",
      "api_secret": "a477a8393d17a55ecb2ba6a61f58feb84770b621",
      "client_certificate": "-----BEGIN CERTIFICATE-----MIIC7zCCAdegAwIBAgIJANTlU4x5S74VMA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNVBAoMA0FybTAeFw0xODAzMTExMzE5MTFaFw0xOTAzMTExMzE5MTFaMA4xDDAKBgNVBAoMA0FybTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJWLStsVMJULZtxdieK9qocM4ymDXMaAusmd9TZLzBgznKQe/CW2yxyA8C8K5e6MmvMYGeKDd4Lkw/ezOj2OsUj2xzNIltUxpGi/GhsNYiN/khNJa/Y1SllLoihJAPm/xbMywOBRu/dM88PiJsNZccOk0I8DYvvyAs9wCTkbKLnfHygl98DCRqXw7nBCplU6F03qpUd/4BUtMtugyqt7yboGH+4YewnUh4Yh4QNOJIvE93Ob++eKjO3pIOYEhQmUxzOLaLNuWXlv2l1WuN281hUP4XBcV8mCzRQfTBBDYTWt+5BEWoLOUkXjW0Um6EAaN3usph1IKDEH6Ia5VHP4Pj0CAwEAAaNQME4wHQYDVR0OBBYEFLsfYZxFcQTjPJKYMjHI2In316fmMB8GA1UdIwQYMBaAFLsfYZxFcQTjPJKYMjHI2In316fmMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFl08GFsIkkUs6M7QgCWmsnwP6PtD8V87wM1GAqQQlOOeztaeRR2TEOeYiKRZQugYszJ/FVfVp4ggqzepJMn6UZ42j5nmSJs+6t79i23QAzX1zNQ354lr/t7kt3fMdhuL3AP0oZGzdy+EnXXiWeAD22UwzvVmLt38ypJIl+pmTsx9jJy4PN7yoRgtP9k+50m3X6oDxVruehC/JPSeTvEhqyLW3fLcG6IoJMX3vIwfO9uXbFJumTowQeViNJJ9duWvD2KBXn/muOOBe97TPuvAms1gOtMmmPT9/jpo9b4+NsfFiAN6bMici81aIKZzLC+lLGOUmR2fFJyM5OsVLxKsko=-----END CERTIFICATE-----",
        "private_key":"-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,CCAC26A4133947CB\n\np3KJ4FI3wcz3I0MtiLkrznkjWFvprVmoNywySUGb5IqZViJZqCMEsyU9a9iDsSfP\nZ07cg9GviV21WYIPSxZOQrpy1g1VWILzFnH+J6z8dSH4mxXh0PwdOzYgAeqkrIVM\nJ7KRm6t222dZFjjXK3eEcLmBLGo29XwVJxKHx+l4++gU1LZmeHZR5M8fJ4jejUly\n7sqzPlmRF0N3I4lwKVj+PfQTVz43QoCnpxOjuSEL4liBrc2agY2xH1O0PFyHimz9\n3XM9HR/iuPHW0N2D+NPjXlWKacerupH9d4i9IYIagzB+HTgej8limdo03GmmxcZ6\nYNa58n5yQSaqu0TPRU9DsrKeGjadHTlZQGdzfq1SWsROCnHLrXFKE2ozIG3+hxA5\nujBF/QWpX5+inXUwDJhBxp8isHbPEnBEUUd6ZRzCTjvN0jaUti5B9yFhO2G6mbE8\nCvhyzQK8oJqsjZXnlcpPf95LP+9XbcCDjLSIaWJstzXO9tPiv6+x1MVWmivtRHcC\nSTzpx8jAGCiG6ejLqWB87ZXiZm7ujlCBheHSf5RHwNHhUvoP2JEYalDDRxjcDMSx\n4uV42Np4yJlIQEDlGHcBlXoL7vEukFpuWgkYdpcZy/Ou9qz8mXrpLcu8C8MhLmSC\nixGoR5iRhV7cxoHLyuCzj87eYEA73Xu238DQorSEEuiVFnLzQ2+PJMs4qoI14q/L\notlBDz+Ko6DrU/EZROYmiqMkLKXR2sx9zNAJwPYRs6nSH08tZ3dwqzZbgtP3Wazi\nhLWHt5/En7wQRA5a+/dDEHXSoLvvSQ9jvhclhWf+eCYuq2eH+g54oyJGRSY+8GV7\nujhLxkzl/3OZdhZPWoz4U13KpbSTcNWu5Y7oGDoabw19UbvqmLf1PJkpDH/tQgzB\nxYtsLBRUcofpYoeIiIxfAA4do5WilJc8xqrGhkE4WcHfY24HXAiOvsjbxV+BRprX\n1jtgJpV/9nJESMap+8PxipGUFRGjB83/uwJaa6mLftEKflX8i4MZ+HnqraXERsqA\nWRUcDHIWmFfpzIB3iNuxawVvPH8NdCSPmQ9qTb8Cozl0AuOK2E9S+ke8oiYQScWR\nLdu+zhej7GjuQ9R+Ub+wPWqvOA5qLXejqnCexVScDUuN+z9JWM3N2FG1MwxhAzhP\ndEfoQHoBn6uyOmrVGP6fosV3chqhPoec42KeOAm1xDvx692isaIy1jPgIyPxeqhm\n2Tw4E+02R7dlP8Ljf7JzfLm4oKpWHWlcHeqg24x6lY/wXU1RBcWaTa0AQUwoGm2m\nIQCPfIqOEv/QC2HpO7SVCYkl65KwR0oTd1AzYxdxEq3xHQbh69EL0FGZPVxVCPI+\nhEAyifKy1/tm3l91Rf/kGpHY7nIQKCXH49tmFwix8gke2nZJmRgX7/zAdMOAKeKH\nAaIl4nQtv14EbaasMgnn9qgaDYnWzaReEob2QlQ/WYlTor61+KFpGtcf9jAkgudT\n2op+4CF7wT2+aTXdtkVWfmv++iB8GnlqZdxLvyG1cTYjjYHVFbMSWQnxzQqiE2ms\nQgp+byjWCumpsWTMdTO+d9NkDOo80vDpaRxEgebmhJ0MbX+eFjBgVg==\n-----END RSA PRIVATE KEY-----",
      "passphrase": "helloworld"
  }
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerRequest CertificateIssuerRequest (required)
Body Parameter — Certificate issuer request.
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
201 Created. CertificateIssuerInfo
400 Validation error: The data used to create the certificate issuer failed validation. ErrorObjectResponse
401 You are not authorized to view the resource. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
409 Conflict. A certificate issuer with this name already exists. ErrorObjectResponse
424 The request failed due to customer configured external service. ErrorObjectResponse
delete /v3/certificate-issuers/{certificate-issuer-id}
Delete certificate issuer. Show more Show less

Delete a certificate issuer by ID.
Example usage:

curl -X DELETE \
-H 'authorization: <valid access token>' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/0162155dc77d507b9d48a91b00000000
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
The ID of the certificate issuer. An active certificate issuer may not be deleted.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
204 Certificate issuer deleted.
400 Validation error: An active certificate issuer cannot be deleted. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuers/{certificate-issuer-id}
Get certificate issuer by ID. Show more Show less
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID. The ID of the certificate issuer.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfo
400 Validation error: The data used to get the certificate issuer failed validation. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuers
Get certificate issuers list. Show more Show less
Note: This endpoint does not implement pagination and therefore, list control parameters such as limit or after will be ignored by the system.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Query parameters
limit (optional)
Query Parameter — How many objects to retrieve in the page. The minimum limit is 2 and the maximum is 1000. Limit values outside of this range are set to the closest limit.
minimum: 2
maximum: 1000
order (optional)
Query Parameter — The order of the records based on creation time, ASC or DESC; by default ASC.
after (optional)
Query Parameter — The ID of The item after which to retrieve the next page.
include (optional)
Query Parameter — Comma-separated list of data fields to return. Currently supported: total_count
Return type
Example data
Content-Type: application/json
{
  "data" : [ {
    "issuer_type" : "GLOBAL_SIGN",
    "issuer_attributes" : { },
    "name" : "GS Issuer",
    "created_at" : "2017-01-01T00:00:00Z",
    "description" : "GlobalSign sample issuer",
    "etag" : "1",
    "id" : "01234567890ABCDEF01234567890ABCDEF",
    "object" : "certificate-issuer"
  } ],
  "total_count" : 1,
  "limit" : 50,
  "after" : "01631667477600000000000100100374",
  "has_more" : false,
  "object" : "list",
  "order" : "DESC"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfoListResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
put /v3/certificate-issuers/{certificate-issuer-id}
Update certificate issuer. Show more Show less

Update a certificate issuer.
Example usage:

curl -X PUT \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/01621560be51507b9d48a91b00000000 \
-d '{
  "description": "Sample GlobalSign certificate issuer - updated.",
  "name": "GlobalSign Issuer"
}'
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
The ID of the certificate issuer.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerUpdateRequest CertificateIssuerUpdateRequest (required)
Body Parameter — Certificate issuer update request.
Return type
Example data
Content-Type: application/json
{
  "issuer_type" : "GLOBAL_SIGN",
  "issuer_attributes" : { },
  "name" : "GS Issuer",
  "created_at" : "2017-01-01T00:00:00Z",
  "description" : "GlobalSign sample issuer",
  "etag" : "1",
  "id" : "01234567890ABCDEF01234567890ABCDEF",
  "object" : "certificate-issuer"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerInfo
400 Validation error: The data used to update the certificate issuer failed validation. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
409 Conflict. A certificate issuer with this name already exists. ErrorObjectResponse
424 The request failed due to customer configured external service. ErrorObjectResponse
post /v3/certificate-issuers/{certificate-issuer-id}/verify
Verify certificate issuer. Show more Show less

A utility API that can be used to validate the user configuration before activating a certificate issuer. Verifies that the certificate issuer is accessible and can be used to generate certificates by Device Management.
Note: The API requests the 3rd party CA to sign a test certificate. For some 3rd party CAs, this operation may make use of the account quota.
Example usage:

curl -X POST \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuers/01621a36719d507b9d48a91b00000000/verify
Path parameters
certificate-issuer-id (required)
Path Parameter — Certificate issuer ID.
The ID of the certificate issuer.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "message" : "message describing the verification failure",
  "successful" : false
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerVerifyResponse
400 Validation error ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
424 The request failed due to customer configured external service. ErrorObjectResponse

CertificateIssuersActivation

post /v3/certificate-issuer-configurations
Create certificate issuer configuration. Show more Show less

Configure the certificate issuer to be used when creating the device custom certificates.
Example usage:

curl -X POST \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations \
-d '{
  "reference": "customer.dlms",
  "certificate_issuer_id": "01621a36719d507b9d48a91b00000000"
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CreateCertificateIssuerConfig CreateCertificateIssuerConfig (required)
Body Parameter — Certificate issuer configuration request
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
201 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
409 A certificate issuer configuration with this reference already exists. ErrorObjectResponse
delete /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Delete certificate issuer configuration. Show more Show less
Delete the configured certificate issuer configuration. You can only delete the configurations of custom certificates.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — The ID of the certificate issuer configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
204 No content.
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuer-configurations/lwm2m
Get certificate issuer configuration. Show more Show less
Provides the configured certificate issuer to be used when creating device certificates for LwM2M communication.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
get /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Get certificate issuer configuration. Show more Show less
Provides the configured certificate issuer.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — The ID of the certificate issuer configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
get /v3/certificate-issuer-configurations
Get certificate issuer configurations. Show more Show less

Get certificate issuer configurations, optionally filtered by reference.
Example usage:

curl \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations \
curl \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations?reference__eq=dlms \

Note: This endpoint does not implement pagination and therefore, list control parameters such as limit or after will be ignored by the system.

Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Query parameters
limit (optional)
Query Parameter — How many objects to retrieve in the page. The minimum limit is 2 and the maximum is 1000. Limit values outside of this range are set to the closest limit.
minimum: 2
maximum: 1000
order (optional)
Query Parameter — The order of the records based on creation time, ASC or DESC; by default ASC.
after (optional)
Query Parameter — The ID of The item after which to retrieve the next page.
include (optional)
Query Parameter — Comma-separated list of data fields to return. Currently supported: total_count
reference__eq (optional)
Query Parameter — The certificate name to which the certificate issuer configuration applies.
Return type
Example data
Content-Type: application/json
{
  "data" : [ {
    "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
    "reference" : "customer.dlms",
    "updated_at" : "2017-02-01T00:00:00Z",
    "is_custom" : true,
    "created_at" : "2017-01-01T00:00:00Z",
    "etag" : "1",
    "id" : "01648415a2a30242ac18000500000000",
    "object" : "certificate-issuer-configuration"
  } ],
  "total_count" : 1,
  "limit" : 50,
  "has_more" : false,
  "after" : "01631667477600000000000100100374",
  "order" : "DESC",
  "object" : "list"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigListResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
put /v3/certificate-issuer-configurations/lwm2m
Update certificate issuer configuration. Show more Show less

Configure the certificate issuer to be used when creating device certificates for LwM2M communication.
Example usage:

curl -X PUT \
-H 'authorization: <valid access token>' \
-H 'content-type: application/json;charset=UTF-8' \
https://api.us-east-1.mbedcloud.com/v3/certificate-issuer-configurations/lwm2m \
-d '{
  "certificate_issuer_id": "01621a36719d507b9d48a91b00000000"
}'
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerConfigRequest CertificateIssuerConfigRequest (required)
Body Parameter — Certificate Issuer Configuration Request
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse
put /v3/certificate-issuer-configurations/{certificate-issuer-configuration-id}
Update certificate issuer configuration. Show more Show less
Update the configured certificate issuer configuration.
Path parameters
certificate-issuer-configuration-id (required)
Path Parameter — The ID of the certificate issuer configuration.
Consumes
This API call consumes the following media types via the Content-Type request header:
  • application/json; charset=utf-8
Request body
CertificateIssuerConfigRequest CertificateIssuerConfigRequest (required)
Body Parameter — Certificate issuer configuration request
Return type
Example data
Content-Type: application/json
{
  "certificate_issuer_id" : "01648415a2a30242ac18000500000000",
  "reference" : "customer.dlms",
  "updated_at" : "2017-02-01T00:00:00Z",
  "is_custom" : true,
  "created_at" : "2017-01-01T00:00:00Z",
  "etag" : "1",
  "id" : "01648415a2a30242ac18000500000000",
  "object" : "certificate-issuer-configuration"
}
Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed by the Content-Type response header.
  • application/json; charset=utf-8
Responses
status description schema
200 OK. CertificateIssuerConfigResponse
400 Validation error. ErrorObjectResponse
401 Unauthorized. ErrorObjectResponse
403 Forbidden. ErrorObjectResponse
404 Not found. ErrorObjectResponse

Models

CertificateIssuerConfigListResponse

data (optional)
array[CertificateIssuerConfigResponse]

List of certificate issuers.

total_count (optional)
Integer ($integer)

order (optional)
String

The creation time based order of the entries.

object (optional)
String

The type of this API object is a list.

limit (optional)
Integer

How many objects to retrieve in the page. The minimum limit is 2 and the maximum is 1000. Limit values outside of this range are set to the closest limit.

has_more (optional)
Boolean

Are there more results available.

after (optional)
String

An offset token for current page.

CertificateIssuerConfigRequest

certificate_issuer_id (optional)
String

Certificate issuer ID. For LwM2M, may be null if Device Management internal certificate issuer is used.

CertificateIssuerConfigResponse

id (optional)
String

The ID of the certificate issuer configuration.

certificate_issuer_id (optional)
String

The ID of the certificate issuer. Null if Device Management internal HSM is used.

object (optional)
Enum:
certificate-issuer-configuration
reference (optional)
String

The certificate name to which the certificate issuer configuration applies.

is_custom (optional)
created_at (optional)
Date ($date-time)

Created UTC time RFC3339.

updated_at (optional)
Date ($date-time)

Updated UTC time RFC3339.

etag (optional)
String

Entity instance signature.

CertificateIssuerInfo

created_at (optional)
Date ($date-time)

Creation UTC time RFC3339.

etag (optional)
String

Entity instance signature.

id (optional)
String

The ID of the certificate issuer.

issuer_type
String

The type of the certificate issuer.

  • GLOBAL_SIGN: Certificates are issued by GlobalSign service. The users must provide their own GlobalSign account credentials.
  • CFSSL_AUTH: Certificates are issued by CFSSL authenticated signing service. The users must provide their own CFSSL host_url and credentials.

Enum:
GLOBAL_SIGN
CFSSL_AUTH
name (optional)
String

maxLength: 50

Certificate issuer name, unique per account.

description (optional)
String

maxLength: 100

General description for the certificate issuer.

issuer_attributes (optional)
map[String, String]

General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value shall be empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.

object (optional)
Enum:
certificate-issuer

CertificateIssuerInfoListResponse

data (optional)
array[CertificateIssuerInfo]

List of certificate issuers.

after (optional)
String

An offset token for current page.

has_more (optional)
Boolean

Are there more results available.

limit (optional)
Integer

How many objects to retrieve in the page. The minimum limit is 2 and the maximum is 1000. Limit values outside of this range are set to the closest limit.

object (optional)
String

The type of this API object is a list.

order (optional)
String

The creation time based order of the entries.

total_count (optional)
Integer ($integer)

CertificateIssuerRequest

issuer_type
String

The type of the certificate issuer.

  • GLOBAL_SIGN: Certificates are issued by GlobalSign service. The users must provide their own GlobalSign account credentials.
  • CFSSL_AUTH: Certificates are issued by CFSSL authenticated signing service. The users must provide their own CFSSL host_url and credentials.

Enum:
GLOBAL_SIGN
CFSSL_AUTH
name
String

maxLength: 50

Certificate issuer name, unique per account.

description (optional)
String

maxLength: 100

General description of the certificate issuer.

issuer_attributes (optional)
map[String, String]

General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value shall be empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.

issuer_credentials
map[String, String]

The credentials required for connecting to the certificate issuer. When the issuer_type is GLOBAL_SIGN, see definition of GlobalSignCredentials. When the issuer_type is CFSSL_AUTH, see definition of CfsslAuthCredentials.

CertificateIssuerUpdateRequest

name (optional)
String

maxLength: 50

Certificate issuer name.

description (optional)
String

maxLength: 100

General description of the certificate issuer.

issuer_attributes (optional)
map[String, String]

General attributes for connecting the certificate issuer. When the issuer_type is GLOBAL_SIGN, the value shall be empty. When the issuer_type is CFSSL_AUTH, see definition of CfsslAttributes.

issuer_credentials (optional)
map[String, String]

The credentials required for connecting to the certificate issuer. When the issuer_type is GLOBAL_SIGN, see definition of GlobalSignCredentials. When the issuer_type is CFSSL_AUTH, see definition of CfsslAuthCredentials.

CertificateIssuerVerifyResponse

successful (optional)
Boolean

Indicates whether the certificate issuer was verified successfully.

message (optional)
String

Provides details in case of failure.

CfsslAttributes

Describes the attributes required to connect to the CFSSL server.
host_url
String

The URL to connect to the CFSSL server.

cfssl_profile (optional)
String

The profile that is configured on the CFSSL server and is used by CFSSL when creating the certificate.

cfssl_label (optional)
String

The label that is used by CFSSL when creating the certificate.

CfsslAuthCredentials

Describes the credentials required when using CFSSL authenticated signing.
hmac_hex_key
String

maxLength: 64

The key that is used to compute the HMAC of the request using the HMAC-SHA-256 algorithm. Must contain an even number of hexadecimal characters.

CreateCertificateIssuerConfig

reference
String

maxLength: 100

The certificate name, as created in the factory, to which the certificate issuer configuration applies. The following names are reserved and cannot be configured: LwM2M, BOOTSTRAP.

certificate_issuer_id
String

maxLength: 32

The ID of the certificate issuer.

ErrorObjectResponse

code
Integer ($int32)

Error code. Correlates with response status code.

fields
array[FieldMessageEntry]

A list of request fields that failed the validation.

message
String

Error message.

object
String

entity name: 'error'

request_id
String

Request ID from JWT.

type
String

Error type.

FieldMessageEntry

field (optional)
String

Field name.

message (optional)
String

Error message related to the field.

GlobalSignCredentials

Describes the credentials required to connect to the GlobalSign account. The values should be taken from GlobalSign support upon account creation.
api_key
String

maxLength: 1000

Unique ID for API client (provided by GlobalSign).

api_secret
String ($password)

maxLength: 250

API Secret matching the API key (provided by GlobalSign).

client_certificate
String

maxLength: 3000

The client certificate provided by GlobalSign to allow HTTPS connection over TLS/SSL. The certificate wraps a public key that matches a private key provided by the customer. The certificate must be in PEM format.

private_key
String

maxLength: 3000

The private key that matches the client certificate to allow HTTPS connection over TLS/SSL. The private key may be encrypted using a symmetric encryption key derived from a passphrase. The private key must be in PEM format.

passphrase (optional)
String ($password)

maxLength: 1000

The passphrase to decrypt the private key in case it is encrypted. Empty if the private key is not encrypted.