API Reference
Last Updated:2020-07-20
1. Introduction
The certificate management module is mainly used to manage users' SSL certificates, which is convenient for users to enter and view SSL certificates.
This document is suitable for developers. It mainly provides interfaces for creating certificates and viewing certificate lists.
1.1 Terminology
| Noun | Description |
|---|---|
| certId | Certificate ID, globally unique |
| certName | Certificate custom name |
| certServerData | Server certificate |
| certPrivateData | Certificate private key |
| certLinkData | Certificate chain data |
| certCommonName | Certificate Common Name |
| certDNSNames | Domain name included in the certificate |
| certStartTime | Certificate effective time |
| certStopTime | Certificate expiration time |
| uploadPublicKey | Upload the certificate public key to encrypt the data. Need to use the corresponding private key for confidential data later |
| status | Certificate use status, UNUSED means not used, IN_USE means in use |
| expired | Whether the certificate has expired, true indicates that it has expired |
| certType | Certificate type, 1 means server certificate, private key is required; 2 means client certificate, private key is not required |
1.2 Format Specifications
| Parameter | Description |
|---|---|
| certId | Format: "Cert-xxxxxxxxxxxx" (12-bit random string), example: “cert-5atue8m3sxsv”。 |
2. Call Method
The Certificate Services API is provided as a Restful API.
2.1 Request Structure
2.1.1 Communication Potocol
HTTP is currently supported, but HTTPS is not currently supported.
2.1.2 Request Method
Different types of APIs use different request methods, as shown below:
| API type | Request method |
|---|---|
| Read resource | GET |
| Modify resources | PUT |
| Batch query/create resource | POST |
| Deletion of resources | DELETE |
| Get resource status | HEAD |
2.1.3 Character Encoding
Both request and return results are encoded in UTF-8.
2.2 Common Parameters
2.2.1 Public Request Header
| Header | Required or not | Description |
|---|---|---|
| Authorization | Required | See Authentication Mechanism |
| Content-Type | Required | Always application/json; charset=utf-8 |
| x-bce-date | Required | For request time format, see [Time Format](#6.2 Time Format). The server will compare this time with the current server time. If the difference is more than 30 minutes, it will return RequestExpired Error |
2.2.2 Common Response Header
| Header | Description |
|---|---|
| Content-Type | Always application/json; charset=utf-8 |
| x-bce-request-id | [RequestId](#6.3 RequestId) corresponding to the request |
2.2.3 Authentication Mechanism
See Public Cloud API Specification - Authentication Mechanism
3.api list
3.1 Create Certificate
| Method | API | Description |
|---|---|---|
| POST | /v1/certificate | Create the certificate |
Request parameter
| Parameter name | Parameter Type | Required or not | Description |
|---|---|---|---|
| certName | String | Required | Name of the certificate. The length is limited to 1-65 characters. It starts with a letter and only contains letters, numbers, ‘-’, ‘/’, ‘.’, ‘’, Java regular expression`^ [a-zA-Z]a-zA-Z0-9 \-/ \.]{2,64} $` |
| certServerData | String | Required | Data content of the server certificate (Base64 encoded) |
| certPrivateData | String | Required | Certificate private key data content (Base64 encoded) |
| certLinkData | String | Optional | Certificate chain data content (Base64 encoded) |
| certType | Integer | Optional | Certificate type, not required, default is 1 |
Return parameter
The return value is a certificate object (contains only certId and certName).
Possible exception
| Exception code | Description |
|---|---|
| CertExceedLimit (409) | Exceed the maximum number of users |
| UnmatchedPairParameterInvalidException (400) | Certificate validity time does not include current time |
| PrivateKeyParameterInvalid (400) | Private key parsing exception |
| CertificateParameterInvalid (400) | Certificate parsing exception |
| CertChainParameterInvalid (400) | Certificate chain parsing exception |
| UnmatchedPairParameterInvalid (400) | Public key and private key do not match |
Request example
POST /v1/certificate HTTP/1.1
HOST: certificate.baidubce.com
Authorization: {authorization}
Content-Type: application/json; charset=utf-8
x-bce-date: 2014-06-01T23:00:10Z
{
"certName": "TestCert",
"certServerData": "-----BEGIN CERTIFICATE-----\ngBs4mWchJjzl0IM3B+TrAD...\n-----END CERTIFICATE-----",
"certPrivateData": "-----BEGIN RSA PRIVATE KEY-----\n6JCfAxrrh7AoCg0jhqjgN/by0U2jwG/xFe...\n-----END RSA PRIVATE KEY-----"
}Return example
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
{
"certId": "cert-5atue8m3sxsv",
"certName": "TestCert"
}3.2 Modify the Certificate Name
| Method | API | Description |
|---|---|---|
| PUT | / v1/certificate/{certId}? certName | Modify the certificate name |
Possible exception
| Exception code | Description |
|---|---|
| AccessDeniedException | No access |
| ResourceNotFoundException | Certificate does not exist |
Request parameter
| Parameter name | Parameter Type | Required or not | Description |
|---|---|---|---|
| certName | String | Required | Certificate name |
Request example
PUT /v1/certificate/cert-5atue8m3sxsv?certName HTTP/1.1
HOST: certificate.baidubce.com
Authorization: {authorization}
Content-Type: application/json; charset=utf-8
x-bce-date: 2014-06-01T23:00:10Z
{
"certName": "TestCert"
}Return example
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b43.3 Query the Certificate Based on the Certificate Name
| Method | API | Description |
|---|---|---|
| GET | / v1/certificate/certName={certName} | Query user's certificate by certificate |
Request parameter
| Parameter name | Parameter Type | Required or not | Description |
|---|---|---|---|
| certName | String | Required | Certificate name |
Return parameter
| Parameter name | Parameter Type | Description |
|---|---|---|
| certs | List<certificate> | Array composed of certificates |
Request example
GET /v1/certificate?certName=TestCert HTTP/1.1
HOST: certificate.baidubce.com
Authorization: {authorization}
Content-Type: application/json; charset=utf-8
x-bce-date: 2014-06-01T23:00:10ZReturn example
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
{
"certs": [
{
"certId": "cert-5atue8m3sxsv",
"certName": "TestCert",
"certCommonName": "httpstest.baidu.com",
"certStartTime": "2014-06-01T23:00:10Z",
"certStopTime": "2015-06-01T23:00:10Z",
"certCreateTime": "2014-06-01T23:00:10Z",
"certUpdateTime": "2014-06-01T23:00:10Z"
}
]
}3.4 View Certificate List
| Method | API | Description |
|---|---|---|
| GET | /v1/certificate | View a list of users' certificates |
Return parameter
| Parameter name | Parameter Type | Description |
|---|---|---|
| certs | List<certificate> | Array composed of certificates |
Request example
GET /v1/certificate HTTP/1.1
HOST: certificate.baidubce.com
Authorization: {authorization}
Content-Type: application/json; charset=utf-8
x-bce-date: 2014-06-01T23:00:10ZReturn example
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
{
"certs": [
{
"certId": "cert-5atue8m3sxsv",
"certName": "TestCert",
"certCommonName": "httpstest.baidu.com",
"certStartTime": "2014-06-01T23:00:10Z",
"certStopTime": "2015-06-01T23:00:10Z",
"certCreateTime": "2014-06-01T23:00:10Z",
"certUpdateTime": "2014-06-01T23:00:10Z"
},
{
"certId": "cert-xsdfwerdty67",
"certName": "TestCertFail",
"certCommonName": "httpstestfail.baidu.com",
"certStartTime": "2014-06-01T23:00:10Z",
"certStopTime": "2015-06-01T23:00:10Z",
"certCreateTime": "2014-06-01T23:00:10Z",
"certUpdateTime": "2014-06-01T23:00:10Z"
}
]
}3.5 View Certificate List Details
| Method | API | Description |
|---|---|---|
| GET | /v1/certificate/detail | View the details of the user's certificate list. Compared with the general query certificate list, the certificate includes the domain name and status information of the certificate. |
Return parameter
| Parameter name | Parameter Type | Description |
|---|---|---|
| certs | List<certificateDetail> | Array composed of certificateDetail |
certificateDetail parameter list
| Parameter name | Parameter Type | Description |
|---|---|---|
| certId | String | Certificate ID |
| certName | String | Certificate name |
| certCommonName | String | Certificate Common Name |
| certStartTime | DateTime | Certificate effective time |
| certStopTime | DateTime | Certificate expiration time |
| certCreateTime | DateTime | Certificate creation time |
| certUpdateTime | DateTime | Certificate renewal time |
| certType | Integer | Certificate type |
| certDNSNames | String | A list of domain names included in the certificate, separated by commas |
| status | String | Certificate use status, UNUSED means not used, IN_USE means in use |
| expired | boolean | Whether the certificate has expired |
Request example
GET /v1/certificate/detail HTTP/1.1
HOST: certificate.baidubce.com
Authorization: {authorization}
Content-Type: application/json; charset=utf-8
x-bce-date: 2014-06-01T23:00:10ZReturn example
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
{
"certs": [
{
"certId": "cert-5atue8m3sxsv",
"certName": "TestCert",
"certCommonName": "httpstest.baidu.com",
"certStartTime": "2014-06-01T23:00:10Z",
"certStopTime": "2015-06-01T23:00:10Z",
"certCreateTime": "2014-06-01T23:00:10Z",
"certUpdateTime": "2014-06-01T23:00:10Z",
"certDNSNames": "baidu.com",
"status": "IN_USE",
"expired": false
},
{
"certId": "cert-xsdfwerdty67",
"certName": "TestCertFail",
"certCommonName": "httpstestfail.baidu.com",
"certStartTime": "2014-06-01T23:00:10Z",
"certStopTime": "2015-06-01T23:00:10Z",
"certCreateTime": "2014-06-01T23:00:10Z",
"certUpdateTime": "2014-06-01T23:00:10Z",
"certDNSNames": "baidu.com",
"status": "UNUSED",
"expired": true
}
]
}3.6 Obtain Certificate Information
| Method | API | Description |
|---|---|---|
| GET | / v1/certificate/{certId} | Get application information with certificate ID {certId} |
Return parameter
The return value is a certificate object
| Parameter name | Parameter Type | Description |
|---|---|---|
| certId | String | Certificate ID |
| certName | String | Certificate name |
| certCommonName | String | Certificate Common Name |
| certStartTime | DateTime | Certificate effective time |
| certStopTime | DateTime | Certificate expiration time |
| certCreateTime | DateTime | Certificate creation time |
| certUpdateTime | DateTime | Certificate renewal time |
| certType | Integer | Certificate type |
Possible exception
| Exception code | Description |
|---|---|
| AccessDeniedException | No access |
| ResourceNotFoundException | Certificate does not exist |
Request example
GET /v1/certificate/cert-5atue8m3sxsv HTTP/1.1
HOST: certificate.baidubce.com
Authorization: {authorization}
Content-Type: application/json; charset=utf-8
x-bce-date: 2014-06-01T23:00:10ZReturn example
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4
{
"certId": "cert-5atue8m3sxsv",
"certName": "TestCert",
"certCommonName": "httpstest.baidu.com",
"certStartTime": "2014-06-01T23:00:10Z",
"certStopTime": "2015-06-01T23:00:10Z",
"certCreateTime": "2014-06-01T23:00:10Z",
"certUpdateTime": "2014-06-01T23:00:10Z",
"certType": 1
}3.7 Delete Certificate
| Method | API | Description |
|---|---|---|
| DELETE | / v1/certificate/{certId} | Delete the certificate |
Possible exception
| Exception code | Description |
|---|---|
| OperationNotAllowedException | Certificate in use |
| AccessDeniedException | No access |
| ResourceNotFoundException | Certificate does not exist |
Request example
DELETE /v1/certificate/cert-5atue8m3sxsv HTTP/1.1
HOST: certificate.baidubce.com
Authorization: {authorization}
Content-Type: application/json; charset=utf-8
x-bce-date: 2014-06-01T23:00:10ZReturn example
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b43.8 Replace Certificate
| Method | API | Description |
|---|---|---|
| PUT | / v1/certificate/{certId}? certData | Replace expired and unused certificates |
Request parameter
| Parameter name | Parameter Type | Required or not | Description |
|---|---|---|---|
| certName | String | Required | Name of the certificate. The length is limited to 1-65 characters. It starts with a letter and only contains letters, numbers, ‘-’, ‘/’, ‘.’, ‘’, Java regular expression`^ [a-zA-Z]a-zA-Z0-9 \-/ \.]{2,64} $` |
| certServerData | String | Required | Data content of the server certificate (Base64 encoded) |
| certPrivateData | String | Required | Certificate private key data content (Base64 encoded) |
| certLinkData | String | Optional | Certificate chain data content (Base64 encoded) |
| certType | Integer | Optional | Certificate type, not required, default is 1 |
Possible exception
| Exception code | Description |
|---|
| OperationNotAllowedException(409)
| AccessDeniedException (403)
| ResourceNotFoundException (404)
| CertExceedLimit (409)
| UnmatchedPairParameterInvalidException (400)
| PrivateKeyParameterInvalid (400)
| CertificateParameterInvalid (400)
| CertChainParameterInvalid (400)
| UnmatchedPairParameterInvalid (400)
Request example
PUT /v1/certificate/cert-5atue8m3sxsv?certData HTTP/1.1
HOST: certificate.baidubce.com
Authorization: {authorization}
Content-Type: application/json; charset=utf-8
x-bce-date: 2014-06-01T23:00:10Z
{
"certName": "TestCert",
"certServerData": "-----BEGIN CERTIFICATE-----\ngBs4mWchJjzl0IM3B+TrAD...\n-----END CERTIFICATE-----",
"certPrivateData": "-----BEGIN RSA PRIVATE KEY-----\n6JCfAxrrh7AoCg0jhqjgN/by0U2jwG/xFe...\n-----END RSA PRIVATE KEY-----",
} Return example
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
x-bce-request-id: 9ebc57ed-1ff5-480f-b5b1-6847ff54f2b4 6 Schedule
6.1 Error Status Code
| CODE | MESSAGE | HTTP Status Code | Description |
|---|---|---|---|
| OperationNotAllowed | Resource status conflict. | 409 CONFLICT | Resource status conflict, and the requested operation can not be performed |
| ResourceNotFound | Resource not found. | 404 NOT_FOUND | The requested resource does not exist |
| ParametersNotChanged | Parameters not changed. | 403 FORBIDDEN | Request parameters have not changed |
| ResourceNameDuplicated | Resource name duplicated. | 409 CONFLICT | Resource name duplicated. |
| ParametersInvalid | Parameters invalid. | 400 BAD REQUEST | Request parameter is invalid |
| AccessDenied | Access denied. | 403 FORBIDDEN | No access |
6.2 Time Format
There are various methods to express date and time. For the sake of uniformity, unless it is a convention or a corresponding specification, wherever the date and time is required, UTC time shall be used, ISO 8601 shall be followed, and the following constraints shall be met:
- Fields expressing the date all utilize the
YYYY-MM-DDformat, e.g.2014-06-01which means June 1, 2014. - Fields expressing time all utilize the hh:mm:ss format, with the capital letter Z added at the end, which means UTC time. E.g.
23:00:10Zmeans UTC time: 23:00:10. - When the date and time is combined, the capital letter T is added between the two items, e.g. 2014-06-01T23:00:10Z means UTC time: 23:00:10 on June 1, 2014.
6.3 RequestId
All requests should uniquely correspond to an ID to identify the request. requestId can be used in many scenarios such as problem location, performance analysis, and so on. All logs should have a requestId for subsequent analysis.