SSLmarket’s API for ordering certificates
SSLmarket supports API for ordering TLS certificates. The API makes it easy to place orders for almost all certificates in our offer. You can also easily download them after release. Below you will find documentation to help you start ordering certificates via API and saving time!
API will especially help you if you order a larger number of certificates. It will help speed up the ordering process and you can focus on what is really important for your business.
Important functions of SSLmarket’s API
Through SSLmarket’s API (Application Programming Interface), you can order almost all the certificate types in our offer (the only exception are products which cannot be automated). Just submit all the information to the same extent required by the order form on SSLmarket, and the order will be placed in your account. API supports all certificate parameters including SANs (other domains in the certificate).
- Ordering all types of certificates (except for a few exceptions)
- Easy to download the certificate after issue
- Definition of all order parameters
- One-click ordering (using the tool)
- Speed up processes and save your time
- Ability to set default data for your business
How to use SSLmarket’s API
The API can be used in two ways. The recommended way is to implement it into your system or your own interface for ordering certificates. To do this, you need the information below. The second method is suitable for customers who cannot program or do not have a programmer. Using the simple user interface that we are currently preparing, you can easily place an order using the API, but without implementation on the customer's side. As a result, you will also speed up your work with certificates and their management.
Starting with SSLmarket’s API
SSLmarket's API can be used by all our customers. There is no need to conclude any contracts or worry about formalities. All you have to do is log in to your account in customer administration and activate "Account access via API" in the account settings. This will generate an individual API key to access SSLmarket's API (the key is tied to the given legal account). Then give the documentation to your programmer.
To call API, use this URL: https://www.sslmarket.co.uk/api
Authentication of requests
All API queries must have an access authentication token (X-Auth-Token) specified in the HTTP query header. You can find it in the account settings after activating 'Account access via API'.
GET /api/order/list HTTP/1.1
Host: sslmarket.co.uk
X-Auth-Token: {{AUTH_TOKEN}}
Return values
After a successful endpoint call, the API returns a status HTTP response code of 2XX. If the call fails, the API returns a 4XX response status code; in the body of the answer you will find the type of error (string) and its description.
Available functions of SSLmarket’s API
Below you will find a list of functional APIs that you will use to order and download all digital certificates from our offer.
Each function is accessible via its own endpoint, to which you send a request containing the parameters needed to call the function. The input parameters are divided into mandatory, which you must send in the request, and optional. For each function, its use, endpoint address, description of input and output parameters, and response format are listed.
List of products
The function returns a list of products that are available in the API.
GET /product/list
- HTTP response status code: 200
- Response data format: application/json
Return parameters
| Name | Type | Description |
|---|---|---|
| products | array | |
| .. product_type | string | Product type. The parameter has a value ssl_certificate or client_certificate |
| .. product_code | string | Product code |
| .. title | string | Product name |
| .. type | string | Certification authority |
| .. validate_type | string | Certificate authentication type. The parameter has a value dv, ov or ev |
| .. csr_required | string | Mandatory CSR. The parameter has a value true or false |
| .. max_years | string | Maximum certificate validity |
| .. min_san_values | int | Minimum number of SANs |
| .. max_san_values | int | Maximum number of SANs |
{
"products": [
{
"product_type": "ssl_certificate",
"product_code": "digicert-standard-ssl",
"type": "DigiCert",
"title": "Standard SSL",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "digicert-wildcard",
"type": "DigiCert",
"title": "WildCard",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "digicert-ev-ssl",
"type": "DigiCert",
"title": "EV SSL",
"validate_type": "ev",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "geotrust-geotrust-standard-dv-ssl",
"type": "GeoTrust",
"title": "DV SSL",
"validate_type": "dv",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "geotrust-geotrust-wildcard-dv",
"type": "GeoTrust",
"title": "DV SSL Wildcard",
"validate_type": "dv",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "rapidssl-rapidssl-dv",
"type": "RapidSSL",
"title": "RapidSSL DV",
"validate_type": "dv",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "client_certificate",
"product_code": "digicert-client-premium-class-1",
"type": "DigiCert",
"title": "Client Premium Class 1",
"validate_type": "ov",
"csr_required": "true",
"max_years": "3",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "ssl_certificate",
"product_code": "symantec-secure-site-ssl",
"type": "DigiCert",
"title": "Secure Site SSL",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "thawte-ssl-123-dv",
"type": "Thawte",
"title": "SSL 123 DV",
"validate_type": "dv",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "client_certificate",
"product_code": "digicert-client-premium-class-2",
"type": "DigiCert",
"title": "Client Premium Class 2",
"validate_type": "ov",
"csr_required": "true",
"max_years": "3",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "ssl_certificate",
"product_code": "rapidssl-rapidssl-wildcard-dv",
"type": "RapidSSL",
"title": "RapidSSL Wildcard DV",
"validate_type": "dv",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "ssl_certificate",
"product_code": "geotrust-truebusiness-id-ov",
"type": "GeoTrust",
"title": "TrueBusiness ID OV",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "thawte-ssl-webserver-ov",
"type": "Thawte",
"title": "SSL Webserver OV",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "symantec-secure-site-pro-ssl",
"type": "DigiCert",
"title": "Secure Site Pro SSL",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "thawte-ssl-webserver-ov-wildcard",
"type": "Thawte",
"title": "SSL Webserver OV Wildcard",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "geotrust-truebusiness-id-ov-wildcard",
"type": "GeoTrust",
"title": "TrueBusiness ID OV Wildcard",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "client_certificate",
"product_code": "digicert-document-signing-individual-500",
"type": "DigiCert",
"title": "Document Signing - Individual (500)",
"validate_type": "ev",
"csr_required": "false",
"max_years": "3",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "ssl_certificate",
"product_code": "symantec-secure-site-ev-ssl",
"type": "DigiCert",
"title": "Secure Site EV SSL",
"validate_type": "ev",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "geotrust-truebusiness-id-ev",
"type": "GeoTrust",
"title": "TrueBusiness ID EV",
"validate_type": "ev",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "ssl_certificate",
"product_code": "thawte-ssl-webserver-ev",
"type": "Thawte",
"title": "SSL Webserver EV",
"validate_type": "ev",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "client_certificate",
"product_code": "digicert-document-signing-individual-2000",
"type": "DigiCert",
"title": "Document Signing - Individual (2000)",
"validate_type": "ev",
"csr_required": "false",
"max_years": "3",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "ssl_certificate",
"product_code": "symantec-secure-site-pro-ev-ssl",
"type": "DigiCert",
"title": "Secure Site Pro EV SSL",
"validate_type": "ev",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "client_certificate",
"product_code": "digicert-document-signing-organization-2000",
"type": "DigiCert",
"title": "Document Signing Organization (2000)",
"validate_type": "ev",
"csr_required": "false",
"max_years": "3",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "client_certificate",
"product_code": "quovadis-rsassa-pss-smime",
"type": "QuoVadis",
"title": "RSASSA-PSS S/MIME",
"validate_type": "qv",
"csr_required": "false",
"max_years": "3",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "ssl_certificate",
"product_code": "symantec-secure-site-wildcard-ssl",
"type": "DigiCert",
"title": "Secure Site Wildcard SSL",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
},
{
"product_type": "client_certificate",
"product_code": "digicert-document-signing-organization-5000",
"type": "DigiCert",
"title": "Document Signing Organization (5000)",
"validate_type": "ev",
"csr_required": "false",
"max_years": "3",
"min_san_values": "0",
"max_san_values": "0"
},
{
"product_type": "ssl_certificate",
"product_code": "symantec-secure-site-pro-ssl-wildcard",
"type": "Digicert",
"title": "Secure Site Pro Wildcard",
"validate_type": "ov",
"csr_required": "true",
"max_years": "6",
"min_san_values": "0",
"max_san_values": "250"
}
]
}
DCV email forwarding
The function is used to forward a DCV email that verifies the domain specified in the order. Without domain verification, the certificate is not issued. CA email is automatically sent to the set of admin, administrator, hostmaster, postmaster and webmaster addresses on the affected domain.
PUT /certificate/order_id/{{ORDER_ID}}/resend
- {{ORDER_ID}} - Order Number
- Request data format: application/json
- HTTP response status code: 202
- The response is empty
Input parameters
Without input parameters
Inserting a new order
The function is used to place an order on a given customer account.
POST /order/certificate/{{PRODUCT_CODE}}
- {{PRODUCT_CODE}} - Product code
- HTTP response status code: 201
- Request data format: application/json
- Response data format: application/json
Input parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| domain | string | yes | the name of the domain for which the certificate is to be issued |
| dns_names | array | no | An array of domains included as SANs |
| years | int | yes | Certificate validity |
| csr | string | yes* | CSR request for the certificate |
| voucher | string | no | Discount coupon |
| dv_auth_method | string | no | How to verify the domain owner. Acceptable values are Email, FILE or DNS. The default value is Email |
| owner_name | string | yes | Certificate owner’s name |
| owner_street | string | yes | Certificate owner’s street |
| owner_city | string | yes | Certificate owner’s city |
| owner_zip | string | yes | Certificate owner‘s zip code |
| owner_country | string | yes | The certificate owner’s two-letter country code (ISO 3166-1 alpha-2) |
| owner_tel | string | yes | Certificate owner's phone number (+44.123456789) |
| auth_title | string | yes | |
| auth_firstname | string | yes | Certificate owner’s first name |
| auth_lastname | string | yes | Certificate owner’s last name |
| auth_tel | string | yes | Certificate owner's phone number (+44.123456789) |
| auth_email | string | yes | Certificate owner's email |
| tech_title | string | yes | |
| tech_firstname | string | yes | Technical person's first name |
| tech_lastname | string | yes | Technical person's last name |
| tech_email | string | yes | Technical person's email |
| tech_tel | string | yes | Technical person's phone +44.123456789 |
| invoice_name | string | yes | Invoice subject's name |
| invoice_street | string | yes | Invoice subject's street |
| invoice_city | string | yes | Invoice subject’s city |
| invoice_zip | string | yes | Invoice subject’s ZIP code |
| invoice_country | string | yes | Invoiced subject’s two-letter country code (ISO 3166-1 alpha-2) |
| invoice_email | string | yes | Invoice email |
| invoice_ic | string | no | Business ID number for invoice |
| invoice_dic | string | no | VAT number for invoice |
** Depends on the type of certificate
Output parameters
The order number is an internally designated and used by SSLmarket administration; you can use it to search.
| Name | Type | Description |
|---|---|---|
| order_id | int | Order Number |
List of orders
The function lists the orders in the given customer account.
GET /order/list
- HTTP response status code: 200
- Response data format: application/json
Output parameters
| Name | Type | Description |
|---|---|---|
| orders | array | Orders array |
| .. order_id | int | Order Number |
| .. product_type | string | Product type |
| .. product_code | string | Product code |
| .. domain | string | Domain name the certificate is to be issued for |
| .. dns_names | array | An array of domains embedded as an SAN |
| .. sans_order_count | int | The number of SANs included on the order |
| .. years | int | Certificate validity |
| .. inserted | datetime | Date and time of placing the order |
| .. published | datetime | Date and time the certificate was issued |
| .. expired | date | Expiration date |
| .. state | string | Certificate state |
Order details
The function lists the details of a specific certificate order, which you can also find in customer administration.
GET /order/order_id/{{ORDER_ID}}
- {{ORDER_ID}} - číslo objednávky
- HTTP response status code: 200
- Datový formát odpovědi: application/json
Output parameters
| Name | Type | Description |
|---|---|---|
| product_type | string | Product type |
| product_code | string | Product code |
| domain | string | Domain name the certificate is to be issued for |
| dns_names | array | An array of domains included as SANs |
| sans_order_count | int | The number of SANs included on the order |
| years | int | Certificate validity |
| csr | string | CSR request for the certificate |
| certificate_serial_number | string | Serial number of the certificate |
| owner_name | string | Certificate owner’s name |
| owner_street | string | Certificate holder’s street |
| owner_city | string | Certificate holder’s city |
| owner_zip | string | Certificate holder’s ZIP code |
| owner_country | string | The two-letter country code of the certificate owner (ISO 3166-1 alpha-2) |
| owner_tel | string | Certificate owner's phone number +44.123456789 |
| auth_title | string | |
| auth_firstname | string | Organization contact's first name |
| auth_lastname | string | Organization contact's last name |
| auth_tel | string | Organization contact's phone number (+44.123456789) |
| auth_email | string | Organization contact's email |
| tech_title | string | |
| tech_firstname | string | Tech contact's first name |
| tech_lastname | string | Tech contact's last name |
| tech_email | string | Tech contact's email |
| tech_tel | string | Tech contact's phone number (+44.123456789) |
| inserted | datetime | Date and time of placing the order |
| published | datetime | Date and time the certificate was issued |
| expired | date | Certificate expiration date |
| dv_auth_method | string | How to verify the domain owner. The parameter is included in the answer only if product_type=ssl_certificate |
| dv_auth_content | string | Unique value to verify the domain owner. The parameter is included in the answer only if product_type=ssl_certificate and dv_auth_method=DNS or dv_auth_method=FILE |
| state | string | Certificate state |
| days_remaining | int | Remaining validity of the certificate (in days). The parameter is in the response only if the certificate is in the "issued" state. (state=published) |
| auto_reissue | bool | Indicates whether the reisue of the certificate will be launched automatically. The parameter is in the answer only if the certificate is a Multi-year one. |
Editing an order
This endpoint is used to edit selected order parameters. Orders can only be edited before requesting the issuance of a certificate.
PUT /order/order_id/{{ORDER_ID}}
- {{ORDER_ID}} - Order Number
- HTTP response status code: 200
- Request data format: application/json
Input parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| csr | string | no | CSR request for the certificate |
| dv_auth_method | string | no | How to verify the domain owner. Acceptable values are Email, FILE or DNS. The default value is Email |
| owner_name | string | no | Certificate owner’s name |
| owner_street | string | no | Certificate owner’s street |
| owner_city | string | no | Certificate owner’s city |
| owner_zip | string | no | Certificate owner‘s zip code |
| owner_country | string | no | The certificate owner’s two-letter country code (ISO 3166-1 alpha-2) |
| owner_tel | string | no | Certificate owner's phone number (+44.123456789) |
| auth_title | string | no | |
| auth_firstname | string | no | Certificate owner’s first name |
| auth_lastname | string | no | Certificate owner’s last name |
| auth_tel | string | no | Certificate owner's phone number (+44.123456789) |
| auth_email | string | no | Certificate owner's email |
| tech_title | string | no | |
| tech_firstname | string | no | Technical person's first name |
| tech_lastname | string | no | Technical person's last name |
| tech_email | string | no | Technical person's email |
| tech_tel | string | no | Technical person's phone +44.123456789 |
| invoice_name | string | no | Invoice subject's name |
| invoice_street | string | no | Invoice subject's street |
| invoice_city | string | no | Invoice subject’s city |
| invoice_zip | string | no | Invoice subject’s ZIP code |
| invoice_country | string | no | Invoiced subject’s two-letter country code (ISO 3166-1 alpha-2) |
| invoice_email | string | no | Invoice email |
| invoice_ic | string | no | Business ID number for invoice |
| invoice_dic | string | no | VAT number for invoice |
Certificate reissue
The function is used to regenerate the certificate and to reissue it. It is typically used when the private key is lost and for the reissue if it is free. The certificate issued after reissue has the same parameters and expiration date as the original.
POST /certificate/order_id/{{ORDER_ID}}/reissue
- {{ORDER_ID}} - order number
- Request data format: application/json
- HTTP response status code: 202
Input parameters
| Name | Mandatory | Type | Description |
|---|---|---|---|
| csr | yes | string | CSR request for the certificate |
Cancellation of certificate reissue
The function is used to cancel the running reissue of the certificate. Canceling the reissue before completion puts the certificate back in the Issued state and a new one is not issued.
PUT /certificate/order_id/{{ORDER_ID}}/cancel-reissue
- {{ORDER_ID}} - Order Number
- Request data format: application/json
- HTTP response status code: 202
- The response is empty
Input parameters
Without input parameters
Certificate revocation
The certificate revocation function will permanently revoke the certificate and you will no longer be able to use it. Revocation means the certificate is lost without compensation and serves in cases where the certificate’s private key is misused (compromised).
PUT /certificate/order_id/{{ORDER_ID}}/revoke
- The revocation is available for DigiCert Client Premium Class 1 and Client Premium Class 2 only.
- {{ORDER_ID}} - order number
- HTTP response status code: 202
Certificate download
The function is used to download the issued certificate in the selected format specified in the input parameter {{FORMAT}}. PEM is the certificate’s text format in Base64, whereas P7B is the binary format.
GET /certificate/order_id/{{ORDER_ID}}/format/{{FORMAT}}
- {{ORDER_ID}} - Order Number
-
{{FORMAT}} - Certificate format
- pem_server - returns the issued (server, leaf) certificate in Base64 text format.
- pem_intermediate - returns together with the final certificate, including the intermediate certificate, which is its issuer. Needed to install the certificate. This format is suitable for Apache, nginx and generally for Linux servers.
- p7b - returns the final (server) certificate together with its chain (intermediate + root certificate) in binary format P7B (PKCS # 7).
- HTTP response status code: 200
- Response data format: text/plain
CSR Decoder
The CSR Decoder serves to display information contained in the CSR request in the format Base 64. Using the decoder, you may check if all information is filled out properly. The query results in a listing of the information contained in both the CSR and the public key.
POST /tool/decoder/csr
- HTTP response status code: 200
- Request data format: application/json
- Response data format: application/json
Input parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| csr | string | yes | CSR |
Output parameters
| Name | Type | Description |
|---|---|---|
| csr | array | Array of values |
| .. subject | array | |
| .. .. CN | string | |
| .. .. O | string | |
| .. .. L | string | |
| .. .. ST | string | |
| .. .. C | string | |
| .. .. OU | string | |
| .. pkey | array | |
| .. .. length | string | |
| .. .. alghoritm | string | |
| .. .. pkey | string | |
| .. sans | array |
Certificate decoder
The Certificate decoder works similarly to the CSR decoder. It displays the information contained in the certificate together with the public key. So, you can easily find out for which domain (or organisation) the certificate was issued. The decoder displays extended information as well, like the serial number, which is unique for each certificate and identifies it clearly.
POST /tool/decoder/certificate
- HTTP response status code: 200
- Request data format: application/json
- Response data format: application/json
Input parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| certificate | string | yes | Certificate in Base64 |
Output parameters
| Name | Type | Description |
|---|---|---|
| certificate | array | array of values |
| .. owner | array | |
| .. .. domain | string | |
| .. .. organization | string | |
| .. .. city | string | |
| .. .. locality | string | |
| .. .. country | string | |
| .. length | string | |
| .. alghoritm | int | |
| .. pkey | array | |
| .. sans | array | |
| .. valid_from | string | |
| .. valid_to | string | |
| .. serial_number | string | |
| .. serial_number_hex | string |
OCSP check
This tool is used for checking the status of a specific certificate. The status is checked via OCSP (Online Certificate Status Protocol) and the outcome is either the status Good (meaning a valid certificate), or Revoked (meaning a revoked certificate).
POST /tool/ocsp
- HTTP response status code: 200
- Request data format: application/json
- Response data format: application/json
Input parameters
| Name | Type | Mandatory | Description |
|---|---|---|---|
| certificate | string | yes | Certificate to check in Base64 |
Output parameters
| Name | Type | Description |
|---|---|---|
| status | string | Outcome: good or revoked |
| this_update | string | Last update |
| next_update | string | Next update |
Is it too much for you?
We will be happy to advise you on the use of the API or hear your feedback. Feel free to let us know.
We are sorry that you did not find the required information here.
Please help us to improve this article. Write us what you have expected and not found out.